angd-dev/keychain-kit
1
0
Fork 0
Code Pull Requests Releases Activity

Compare commits

base: angd-dev:1.1.3
Branches Tags
angd-dev:main angd-dev:develop
angd-dev:3.0.0 angd-dev:2.2.0 angd-dev:2.1.0 angd-dev:2.0.0 angd-dev:1.1.3 angd-dev:1.1.2 angd-dev:1.1.1 angd-dev:1.1.0 angd-dev:1.0.0
..
compare: angd-dev:develop
Branches Tags
angd-dev:main angd-dev:develop
angd-dev:3.0.0 angd-dev:2.2.0 angd-dev:2.1.0 angd-dev:2.0.0 angd-dev:1.1.3 angd-dev:1.1.2 angd-dev:1.1.1 angd-dev:1.1.0 angd-dev:1.0.0

14 Commits
1.1.3 ... develop

Author SHA1 Message Date
Oleksii Zghurskyi
2d94ae0555 Merge branch 'feature/v3.0.0' into develop 2025-11-12 19:41:51 +02:00
Oleksii Zghurskyi
daec0db688 Fix resources 2025-11-12 19:40:08 +02:00
Oleksii Zghurskyi
e0af36f9a6 Version 3 2025-11-12 19:40:08 +02:00
Oleksii Zghurskyi
55ec6cedb4 Merge branch 'feature/equotable-error' into develop 2025-07-27 15:49:10 +03:00
Oleksii Zghurskyi
e1a610b19f Add Equatable protocol for KeychainError 2025-07-27 15:48:52 +03:00
Oleksii Zghurskyi
b2e368a18c Merge branch 'feature/readme' into develop 2025-07-22 21:44:21 +03:00
Oleksii Zghurskyi
e8bb90bbb9 Update readme 2025-07-22 21:44:17 +03:00
Oleksii Zghurskyi
a4ed142506 Merge branch 'feature/update-api' into develop 2025-07-22 21:42:22 +03:00
Oleksii Zghurskyi
bd4d2133a2 Move default implementations of keychain get/set methods into protocol extension 2025-07-22 21:42:13 +03:00
Oleksii Zghurskyi
ad2a031fc4 Merge branch 'feature/docc-plugin' into develop 2025-07-08 21:24:51 +03:00
Oleksii Zghurskyi
d9eaa9df3f Add docc plugin 2025-07-08 21:24:45 +03:00
Oleksii Zghurskyi
776f67ec89 Merge branch 'feature/v2.0.0' into develop 2025-07-08 21:21:13 +03:00
Oleksii Zghurskyi
bb3d349993 Improved type safety, local auth support, and better error handling 2025-07-08 21:21:00 +03:00
Aleksey Zgurskiy
cea23bb06e Finish 1.1.3 2020-08-07 16:48:54 +03:00
18 changed files with 673 additions and 576 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -4,6 +4,7 @@
.build/
## Various settings
Package.resolved
*.pbxuser
!default.pbxuser
*.mode1v3

15
.swift-format Normal file
View File

@@ -0,0 +1,15 @@
{
"fileScopedDeclarationPrivacy": {
"accessLevel": "private"
},
"indentBlankLines": true,
"indentation": {
"spaces": 4
},
"lineLength": 9999,
"maximumBlankLines": 1,
"multiElementCollectionTrailingCommas": false,
"rules": {
"FileScopedDeclarationPrivacy": true
}
}

25
KeychainKit.xcodeproj/KeychainKit_Info.plist
View File

@@ -1,25 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<plist version="1.0">
<dict>
<key>CFBundleDevelopmentRegion</key>
<string>en</string>
<key>CFBundleExecutable</key>
<string>$(EXECUTABLE_NAME)</string>
<key>CFBundleIdentifier</key>
<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
<key>CFBundleInfoDictionaryVersion</key>
<string>6.0</string>
<key>CFBundleName</key>
<string>$(PRODUCT_NAME)</string>
<key>CFBundlePackageType</key>
<string>FMWK</string>
<key>CFBundleShortVersionString</key>
<string>1.0</string>
<key>CFBundleSignature</key>
<string>????</string>
<key>CFBundleVersion</key>
<string>$(CURRENT_PROJECT_VERSION)</string>
<key>NSPrincipalClass</key>
<string></string>
</dict>
</plist>

383
KeychainKit.xcodeproj/project.pbxproj
View File

@@ -1,383 +0,0 @@
// !$*UTF8*$!
{
archiveVersion = "1";
objectVersion = "46";
objects = {
"KeychainKit::KeychainKit" = {
isa = "PBXNativeTarget";
buildConfigurationList = "OBJ_16";
buildPhases = (
"OBJ_19",
"OBJ_21"
);
dependencies = (
);
name = "KeychainKit";
productName = "KeychainKit";
productReference = "KeychainKit::KeychainKit::Product";
productType = "com.apple.product-type.framework";
};
"KeychainKit::KeychainKit::Product" = {
isa = "PBXFileReference";
path = "KeychainKit.framework";
sourceTree = "BUILT_PRODUCTS_DIR";
};
"KeychainKit::SwiftPMPackageDescription" = {
isa = "PBXNativeTarget";
buildConfigurationList = "OBJ_23";
buildPhases = (
"OBJ_26"
);
dependencies = (
);
name = "KeychainKitPackageDescription";
productName = "KeychainKitPackageDescription";
productType = "com.apple.product-type.framework";
};
"OBJ_1" = {
isa = "PBXProject";
attributes = {
LastSwiftMigration = "9999";
LastUpgradeCheck = "9999";
};
buildConfigurationList = "OBJ_2";
compatibilityVersion = "Xcode 3.2";
developmentRegion = "en";
hasScannedForEncodings = "0";
knownRegions = (
"en"
);
mainGroup = "OBJ_5";
productRefGroup = "OBJ_11";
projectDirPath = ".";
targets = (
"KeychainKit::KeychainKit",
"KeychainKit::SwiftPMPackageDescription"
);
};
"OBJ_10" = {
isa = "PBXGroup";
children = (
);
name = "Tests";
path = "";
sourceTree = "SOURCE_ROOT";
};
"OBJ_11" = {
isa = "PBXGroup";
children = (
"KeychainKit::KeychainKit::Product"
);
name = "Products";
path = "";
sourceTree = "BUILT_PRODUCTS_DIR";
};
"OBJ_13" = {
isa = "PBXFileReference";
path = "LICENSE";
sourceTree = "<group>";
};
"OBJ_14" = {
isa = "PBXFileReference";
path = "README.md";
sourceTree = "<group>";
};
"OBJ_16" = {
isa = "XCConfigurationList";
buildConfigurations = (
"OBJ_17",
"OBJ_18"
);
defaultConfigurationIsVisible = "0";
defaultConfigurationName = "Release";
};
"OBJ_17" = {
isa = "XCBuildConfiguration";
buildSettings = {
ENABLE_TESTABILITY = "YES";
FRAMEWORK_SEARCH_PATHS = (
"$(inherited)",
"$(PLATFORM_DIR)/Developer/Library/Frameworks"
);
HEADER_SEARCH_PATHS = (
"$(inherited)"
);
INFOPLIST_FILE = "KeychainKit.xcodeproj/KeychainKit_Info.plist";
IPHONEOS_DEPLOYMENT_TARGET = "8.0";
LD_RUNPATH_SEARCH_PATHS = (
"$(inherited)",
"$(TOOLCHAIN_DIR)/usr/lib/swift/macosx"
);
MACOSX_DEPLOYMENT_TARGET = "10.10";
OTHER_CFLAGS = (
"$(inherited)"
);
OTHER_LDFLAGS = (
"$(inherited)"
);
OTHER_SWIFT_FLAGS = (
"$(inherited)"
);
PRODUCT_BUNDLE_IDENTIFIER = "KeychainKit";
PRODUCT_MODULE_NAME = "$(TARGET_NAME:c99extidentifier)";
PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)";
SKIP_INSTALL = "YES";
SWIFT_ACTIVE_COMPILATION_CONDITIONS = (
"$(inherited)"
);
SWIFT_VERSION = "5.0";
TARGET_NAME = "KeychainKit";
TVOS_DEPLOYMENT_TARGET = "9.0";
WATCHOS_DEPLOYMENT_TARGET = "2.0";
};
name = "Debug";
};
"OBJ_18" = {
isa = "XCBuildConfiguration";
buildSettings = {
ENABLE_TESTABILITY = "YES";
FRAMEWORK_SEARCH_PATHS = (
"$(inherited)",
"$(PLATFORM_DIR)/Developer/Library/Frameworks"
);
HEADER_SEARCH_PATHS = (
"$(inherited)"
);
INFOPLIST_FILE = "KeychainKit.xcodeproj/KeychainKit_Info.plist";
IPHONEOS_DEPLOYMENT_TARGET = "8.0";
LD_RUNPATH_SEARCH_PATHS = (
"$(inherited)",
"$(TOOLCHAIN_DIR)/usr/lib/swift/macosx"
);
MACOSX_DEPLOYMENT_TARGET = "10.10";
OTHER_CFLAGS = (
"$(inherited)"
);
OTHER_LDFLAGS = (
"$(inherited)"
);
OTHER_SWIFT_FLAGS = (
"$(inherited)"
);
PRODUCT_BUNDLE_IDENTIFIER = "KeychainKit";
PRODUCT_MODULE_NAME = "$(TARGET_NAME:c99extidentifier)";
PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)";
SKIP_INSTALL = "YES";
SWIFT_ACTIVE_COMPILATION_CONDITIONS = (
"$(inherited)"
);
SWIFT_VERSION = "5.0";
TARGET_NAME = "KeychainKit";
TVOS_DEPLOYMENT_TARGET = "9.0";
WATCHOS_DEPLOYMENT_TARGET = "2.0";
};
name = "Release";
};
"OBJ_19" = {
isa = "PBXSourcesBuildPhase";
files = (
"OBJ_20"
);
};
"OBJ_2" = {
isa = "XCConfigurationList";
buildConfigurations = (
"OBJ_3",
"OBJ_4"
);
defaultConfigurationIsVisible = "0";
defaultConfigurationName = "Release";
};
"OBJ_20" = {
isa = "PBXBuildFile";
fileRef = "OBJ_9";
};
"OBJ_21" = {
isa = "PBXFrameworksBuildPhase";
files = (
);
};
"OBJ_23" = {
isa = "XCConfigurationList";
buildConfigurations = (
"OBJ_24",
"OBJ_25"
);
defaultConfigurationIsVisible = "0";
defaultConfigurationName = "Release";
};
"OBJ_24" = {
isa = "XCBuildConfiguration";
buildSettings = {
LD = "/usr/bin/true";
OTHER_SWIFT_FLAGS = (
"-swift-version",
"5",
"-I",
"$(TOOLCHAIN_DIR)/usr/lib/swift/pm/4_2",
"-target",
"x86_64-apple-macosx10.10",
"-sdk",
"/Users/mr.noone/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk",
"-package-description-version",
"5.2.0"
);
SWIFT_VERSION = "5.0";
};
name = "Debug";
};
"OBJ_25" = {
isa = "XCBuildConfiguration";
buildSettings = {
LD = "/usr/bin/true";
OTHER_SWIFT_FLAGS = (
"-swift-version",
"5",
"-I",
"$(TOOLCHAIN_DIR)/usr/lib/swift/pm/4_2",
"-target",
"x86_64-apple-macosx10.10",
"-sdk",
"/Users/mr.noone/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk",
"-package-description-version",
"5.2.0"
);
SWIFT_VERSION = "5.0";
};
name = "Release";
};
"OBJ_26" = {
isa = "PBXSourcesBuildPhase";
files = (
"OBJ_27"
);
};
"OBJ_27" = {
isa = "PBXBuildFile";
fileRef = "OBJ_6";
};
"OBJ_3" = {
isa = "XCBuildConfiguration";
buildSettings = {
CLANG_ENABLE_OBJC_ARC = "YES";
COMBINE_HIDPI_IMAGES = "YES";
COPY_PHASE_STRIP = "NO";
DEBUG_INFORMATION_FORMAT = "dwarf";
DYLIB_INSTALL_NAME_BASE = "@rpath";
ENABLE_NS_ASSERTIONS = "YES";
GCC_OPTIMIZATION_LEVEL = "0";
GCC_PREPROCESSOR_DEFINITIONS = (
"$(inherited)",
"SWIFT_PACKAGE=1",
"DEBUG=1"
);
MACOSX_DEPLOYMENT_TARGET = "10.10";
ONLY_ACTIVE_ARCH = "YES";
OTHER_SWIFT_FLAGS = (
"$(inherited)",
"-DXcode"
);
PRODUCT_NAME = "$(TARGET_NAME)";
SDKROOT = "macosx";
SUPPORTED_PLATFORMS = (
"macosx",
"iphoneos",
"iphonesimulator",
"appletvos",
"appletvsimulator",
"watchos",
"watchsimulator"
);
SWIFT_ACTIVE_COMPILATION_CONDITIONS = (
"$(inherited)",
"SWIFT_PACKAGE",
"DEBUG"
);
SWIFT_OPTIMIZATION_LEVEL = "-Onone";
USE_HEADERMAP = "NO";
};
name = "Debug";
};
"OBJ_4" = {
isa = "XCBuildConfiguration";
buildSettings = {
CLANG_ENABLE_OBJC_ARC = "YES";
COMBINE_HIDPI_IMAGES = "YES";
COPY_PHASE_STRIP = "YES";
DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym";
DYLIB_INSTALL_NAME_BASE = "@rpath";
GCC_OPTIMIZATION_LEVEL = "s";
GCC_PREPROCESSOR_DEFINITIONS = (
"$(inherited)",
"SWIFT_PACKAGE=1"
);
MACOSX_DEPLOYMENT_TARGET = "10.10";
OTHER_SWIFT_FLAGS = (
"$(inherited)",
"-DXcode"
);
PRODUCT_NAME = "$(TARGET_NAME)";
SDKROOT = "macosx";
SUPPORTED_PLATFORMS = (
"macosx",
"iphoneos",
"iphonesimulator",
"appletvos",
"appletvsimulator",
"watchos",
"watchsimulator"
);
SWIFT_ACTIVE_COMPILATION_CONDITIONS = (
"$(inherited)",
"SWIFT_PACKAGE"
);
SWIFT_OPTIMIZATION_LEVEL = "-Owholemodule";
USE_HEADERMAP = "NO";
};
name = "Release";
};
"OBJ_5" = {
isa = "PBXGroup";
children = (
"OBJ_6",
"OBJ_7",
"OBJ_10",
"OBJ_11",
"OBJ_13",
"OBJ_14"
);
path = "";
sourceTree = "<group>";
};
"OBJ_6" = {
isa = "PBXFileReference";
explicitFileType = "sourcecode.swift";
path = "Package.swift";
sourceTree = "<group>";
};
"OBJ_7" = {
isa = "PBXGroup";
children = (
"OBJ_8"
);
name = "Sources";
path = "";
sourceTree = "SOURCE_ROOT";
};
"OBJ_8" = {
isa = "PBXGroup";
children = (
"OBJ_9"
);
name = "KeychainKit";
path = "Sources/KeychainKit";
sourceTree = "SOURCE_ROOT";
};
"OBJ_9" = {
isa = "PBXFileReference";
path = "Keychain.swift";
sourceTree = "<group>";
};
};
rootObject = "OBJ_1";
}

7
KeychainKit.xcodeproj/project.xcworkspace/contents.xcworkspacedata generated
View File

@@ -1,7 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<Workspace
version = "1.0">
<FileRef
location = "self:">
</FileRef>
</Workspace>

8
KeychainKit.xcodeproj/project.xcworkspace/xcshareddata/WorkspaceSettings.xcsettings
View File

@@ -1,8 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>IDEWorkspaceSharedSettings_AutocreateContextsIfNeeded</key>
<false/>
</dict>
</plist>

24
KeychainKit.xcodeproj/xcshareddata/xcschemes/KeychainKit-Package.xcscheme
View File

@@ -1,24 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<Scheme LastUpgradeVersion = "9999" version = "1.3">
<BuildAction parallelizeBuildables = "YES" buildImplicitDependencies = "YES">
<BuildActionEntries>
<BuildActionEntry buildForTesting = "YES" buildForRunning = "YES" buildForProfiling = "YES" buildForArchiving = "YES" buildForAnalyzing = "YES">
<BuildableReference
BuildableIdentifier = "primary"
BuildableName = "'lib$(TARGET_NAME)'"
BlueprintName = "KeychainKit"
ReferencedContainer = "container:KeychainKit.xcodeproj">
</BuildableReference>
</BuildActionEntry>
</BuildActionEntries>
</BuildAction>
<TestAction
buildConfiguration = "Debug"
selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
shouldUseLaunchSchemeArgsEnv = "YES"
codeCoverageEnabled = "NO">
<Testables>
</Testables>
</TestAction>
</Scheme>

2
LICENSE
View File

@@ -1,6 +1,6 @@
MIT License
Copyright (c) 2020 Aleksey Zgurskiy
Copyright (c) 2025 ANGD Dev
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

32
Package.swift
View File

@@ -1,16 +1,28 @@
// swift-tools-version:5.2
// swift-tools-version: 6.0
// The swift-tools-version declares the minimum version of Swift required to build this package.
import PackageDescription
let package = Package(
name: "KeychainKit",
platforms: [.iOS(.v8)],
products: [
.library(name: "KeychainKit", targets: ["KeychainKit"]),
],
dependencies: [],
targets: [
.target(name: "KeychainKit", dependencies: [])
]
name: "KeychainKit",
defaultLocalization: "en",
platforms: [.macOS(.v12), .iOS(.v15)],
products: [
.library(name: "KeychainKit", targets: ["KeychainKit"])
],
dependencies: [
.package(url: "https://github.com/angd-dev/localizable.git", from: "1.0.0"),
.package(url: "https://github.com/apple/swift-docc-plugin", from: "1.0.0")
],
targets: [
.target(
name: "KeychainKit",
dependencies: [
.product(name: "Localizable", package: "localizable")
],
resources: [
.process("Resources/Localizable.xcstrings")
]
)
]
)

56
README.md
View File

@@ -1 +1,55 @@
# keychain-kit
# KeychainKit
KeychainKit is a type-safe, easy-to-use wrapper around Apples Keychain service that supports storing, retrieving, and deleting data with optional local authentication.
## Overview
This library enables working with Keychain without losing control over security settings while simplifying type-safe access to data types like `Data`, `String`, `UUID`, and any `Codable` types.
It supports optional authentication via `LAContext`, allowing integration with Face ID, Touch ID, or device passcode.
KeychainKit does not hide the complexity of Keychain operations but provides a clean API and convenient error handling via a custom `KeychainError` type.
## Installation
To add KeychainKit to your project, use Swift Package Manager (SPM).
### Adding to an Xcode Project
1. Open your project in Xcode.
2. Navigate to the `File` menu and select `Add Package Dependencies`.
3. Enter the repository URL: `https://github.com/angd-dev/keychain-kit.git`
4. Choose the version to install (e.g., `3.0.0`).
5. Add the library to your target module.
### Adding to Package.swift
If you are using Swift Package Manager with a `Package.swift` file, add the dependency like this:
```swift
// swift-tools-version: 5.10
import PackageDescription
let package = Package(
name: "YourProject",
dependencies: [
.package(url: "https://github.com/angd-dev/keychain-kit.git", from: "3.0.0")
],
targets: [
.target(
name: "YourTarget",
dependencies: [
.product(name: "KeychainKit", package: "keychain-kit")
]
)
]
)
```
## Additional Resources
For more information and usage examples, see the [documentation](https://docs.angd.dev/?package=keychain-kit&version=3.0.0).
## License
This project is licensed under the MIT License. See the `LICENSE` file for details.

193
Sources/KeychainKit/Classes/KeychainStorage.swift Normal file
View File

@@ -0,0 +1,193 @@
import Foundation
import LocalAuthentication
import Security
/// A service that provides access and management for keychain items.
///
/// This type provides direct access to the system keychain using `Security` and
/// `LocalAuthentication` frameworks. It supports querying, inserting, deleting, and checking item
/// existence, while handling authentication contexts and access controls automatically.
///
/// ## Topics
///
/// ### Initializers
///
/// - ``init(service:context:)``
///
/// ### Instance Properties
///
/// - ``service``
/// - ``context``
///
/// ### Instance Methods
///
/// - ``get(by:)->Data?``
/// - ``insert(_:by:)-(Data,_)``
/// - ``delete(by:)``
/// - ``exists(by:)``
public final class KeychainStorage<
Account: KeychainAccountProtocol,
Service: KeychainServiceProtocol
>: KeychainStorageProtocol, @unchecked Sendable {
// MARK: - Properties
/// The service descriptor associated with this keychain storage.
public let service: Service?
/// The authentication context used for keychain operations.
public let context: LAContext?
// MARK: - Initialization
/// Creates a new keychain storage instance.
///
/// - Parameters:
/// - service: The service descriptor that defines the keychain group and access settings.
/// - context: The authentication context used for secure access, or `nil` to use a default one.
public init(service: Service?, context: LAContext?) {
self.service = service
self.context = context
}
// MARK: - Methods
/// Retrieves raw data for the given account.
///
/// - Parameter account: The account descriptor identifying the stored item.
/// - Returns: The stored data, or `nil` if no item exists.
/// - Throws: ``KeychainError/invalidData`` if the retrieved value cannot be cast to `Data`.
/// - Throws: ``KeychainError/authenticationFailed`` if user authentication fails.
/// - Throws: ``KeychainError/osStatus(_:)`` for unexpected system errors.
public func get(by account: Account) throws(KeychainError) -> Data? {
var query: [CFString: Any] = [
kSecClass: kSecClassGenericPassword,
kSecAttrAccount: account.identifier,
kSecAttrSynchronizable: account.synchronizable,
kSecUseDataProtectionKeychain: true,
kSecMatchLimit: kSecMatchLimitOne,
kSecReturnData: true
]
query[kSecAttrService] = service?.identifier
query[kSecAttrAccessGroup] = service?.accessGroup
query[kSecUseAuthenticationContext] = context
var result: AnyObject?
switch SecItemCopyMatching(query as CFDictionary, &result) {
case errSecSuccess:
if let data = result as? Data {
return data
} else {
throw .invalidData
}
case errSecItemNotFound:
return nil
case errSecAuthFailed, errSecInteractionNotAllowed, errSecUserCanceled:
throw .authenticationFailed
case let status:
throw .osStatus(status)
}
}
/// Inserts raw data for the given account.
///
/// - Parameters:
/// - value: The data to store.
/// - account: The account descriptor identifying the target item.
/// - Throws: ``KeychainError/underlying(_:)`` if access control creation fails.
/// - Throws: ``KeychainError/duplicateItem`` if an item with the same key already exists.
/// - Throws: ``KeychainError/osStatus(_:)`` for unexpected system errors.
public func insert(_ value: Data, by account: Account) throws(KeychainError) {
var error: Unmanaged<CFError>?
let access = SecAccessControlCreateWithFlags(
nil, account.protection, account.accessFlags, &error
)
guard let access else {
let error = error?.takeRetainedValue()
throw .underlying(error as? NSError)
}
var query: [CFString: Any] = [
kSecClass: kSecClassGenericPassword,
kSecAttrAccount: account.identifier,
kSecAttrSynchronizable: account.synchronizable,
kSecUseDataProtectionKeychain: true,
kSecAttrAccessControl: access,
kSecValueData: value
]
query[kSecAttrService] = service?.identifier
query[kSecAttrAccessGroup] = service?.accessGroup
query[kSecUseAuthenticationContext] = context
switch SecItemAdd(query as CFDictionary, nil) {
case errSecSuccess:
return
case errSecDuplicateItem:
throw .duplicateItem
case let status:
throw .osStatus(status)
}
}
/// Deletes the item for the given account.
///
/// - Parameter account: The account descriptor identifying the item to remove.
/// - Throws: ``KeychainError/authenticationFailed`` if user authentication fails.
/// - Throws: ``KeychainError/osStatus(_:)`` for unexpected system errors.
public func delete(by account: Account) throws(KeychainError) {
var query: [CFString: Any] = [
kSecClass: kSecClassGenericPassword,
kSecAttrAccount: account.identifier,
kSecAttrSynchronizable: account.synchronizable,
kSecUseDataProtectionKeychain: true
]
query[kSecAttrService] = service?.identifier
query[kSecAttrAccessGroup] = service?.accessGroup
query[kSecUseAuthenticationContext] = context
switch SecItemDelete(query as CFDictionary) {
case errSecSuccess, errSecItemNotFound:
return
case errSecAuthFailed, errSecInteractionNotAllowed, errSecUserCanceled:
throw .authenticationFailed
case let status:
throw .osStatus(status)
}
}
/// Checks whether an item exists for the given account.
///
/// - Parameter account: The account descriptor identifying the stored item.
/// - Returns: `true` if the item exists; otherwise, `false`.
/// - Throws: ``KeychainError/osStatus(_:)`` for unexpected system errors.
public func exists(by account: Account) throws(KeychainError) -> Bool {
var query: [CFString: Any] = [
kSecClass: kSecClassGenericPassword,
kSecAttrAccount: account.identifier,
kSecAttrSynchronizable: account.synchronizable,
kSecUseDataProtectionKeychain: true,
kSecMatchLimit: kSecMatchLimitOne,
kSecReturnData: false
]
let context = LAContext()
context.interactionNotAllowed = true
query[kSecAttrService] = service?.identifier
query[kSecAttrAccessGroup] = service?.accessGroup
query[kSecUseAuthenticationContext] = context
switch SecItemCopyMatching(query as CFDictionary, nil) {
case errSecSuccess, errSecAuthFailed, errSecInteractionNotAllowed:
return true
case errSecItemNotFound:
return false
case let status:
throw .osStatus(status)
}
}
}

44
Sources/KeychainKit/Enums/KeychainError.swift Normal file
View File

@@ -0,0 +1,44 @@
import Foundation
/// An error that represents a keychain operation failure.
///
/// Each case corresponds to a specific system or data error encountered while performing keychain
/// operations.
public enum KeychainError: Error, Equatable {
/// Authentication was required but failed or was canceled.
case authenticationFailed
/// An item with the same key already exists in the keychain.
case duplicateItem
/// The stored or retrieved data has an invalid format.
case invalidData
/// An unexpected system status code was returned.
///
/// - Parameter status: The underlying `OSStatus` value.
case osStatus(OSStatus)
/// A lower-level error occurred during encoding, decoding, or other processing.
///
/// - Parameter error: The underlying Foundation error, if available.
case underlying(NSError?)
/// A localized, human-readable description of the error.
public var localizedDescription: String {
switch self {
case .authenticationFailed:
return .Error.authenticationFailed
case .duplicateItem:
return .Error.duplicateItem
case .invalidData:
return .Error.invalidData
case .osStatus(let status):
let message = SecCopyErrorMessageString(status, nil)
return .Error.osStatus(message as? String ?? "")
case .underlying(let error):
let message = error?.localizedDescription
return .Error.underlying(message ?? "")
}
}
}

15
Sources/KeychainKit/Extensions/String+Error.swift Normal file
View File

@@ -0,0 +1,15 @@
import Foundation
import Localizable
extension String {
@Localizable(bundle: .module)
enum Error {
private enum Strings {
case authenticationFailed
case duplicateItem
case invalidData
case osStatus(String)
case underlying(String)
}
}
}

117
Sources/KeychainKit/Keychain.swift
View File

@@ -1,117 +0,0 @@
//
// Keychain.swift
// keychain-kit
//
// Created by Aleksey Zgurskiy on 02.02.2020.
// Copyright © 2020 mr.noone. All rights reserved.
//
import Foundation
public protocol KeychainProtocol {
func get(_ key: String) throws -> Data
func get(_ key: String) throws -> String
func get(_ key: String) throws -> UUID
func get<T>(_ key: String, decoder: JSONDecoder) throws -> T where T: Decodable
func set(_ data: Data, for key: String) throws
func set(_ value: String, for key: String) throws
func set(_ uuid: UUID, for key: String) throws
func set<T>(_ value: T, for key: String, encoder: JSONEncoder) throws where T: Encodable
func delete(_ key: String) throws
}
public struct Keychain: KeychainProtocol {
public enum Error: Swift.Error {
case noData
case unexpectedData
case unexpected(code: OSStatus)
}
// MARK: - Inits
public init() {}
// MARK: - Public methods
public func get(_ key: String) throws -> Data {
let query: [CFString : AnyObject] = [
kSecClass : kSecClassGenericPassword,
kSecAttrAccount : key as AnyObject,
kSecMatchLimit : kSecMatchLimitOne,
kSecReturnAttributes : kCFBooleanTrue,
kSecReturnData : kCFBooleanTrue
]
var queryResult: AnyObject?
let status = withUnsafeMutablePointer(to: &queryResult) {
SecItemCopyMatching(query as CFDictionary, UnsafeMutablePointer($0))
}
guard status != errSecItemNotFound else { throw Error.noData }
guard status == noErr else { throw Error.unexpected(code: status) }
guard
let item = queryResult as? [CFString : AnyObject],
let data = item[kSecValueData] as? Data
else { throw Error.noData }
return data
}
public func get(_ key: String) throws -> String {
guard let value = String(data: try get(key), encoding: .utf8) else {
throw Error.unexpectedData
}
return value
}
public func get(_ key: String) throws -> UUID {
guard let value = UUID(uuidString: try get(key)) else {
throw Error.unexpectedData
}
return value
}
public func get<T>(_ key: String, decoder: JSONDecoder = JSONDecoder()) throws -> T where T: Decodable {
return try decoder.decode(T.self, from: get(key))
}
public func set(_ data: Data, for key: String) throws {
try delete(key)
let query: [CFString : AnyObject] = [
kSecClass : kSecClassGenericPassword,
kSecAttrAccount : key as AnyObject,
kSecValueData : data as AnyObject
]
let status = SecItemAdd(query as CFDictionary, nil)
guard status == noErr else { throw Error.unexpected(code: status) }
}
public func set(_ value: String, for key: String) throws {
try set(value.data(using: .utf8)!, for: key)
}
public func set(_ uuid: UUID, for key: String) throws {
try set(uuid.uuidString, for: key)
}
public func set<T>(_ value: T, for key: String, encoder: JSONEncoder = JSONEncoder()) throws where T: Encodable {
try set(encoder.encode(value), for: key)
}
public func delete(_ key: String) throws {
let query: [CFString : AnyObject] = [
kSecClass : kSecClassGenericPassword,
kSecAttrAccount : key as AnyObject
]
let status = SecItemDelete(query as CFDictionary)
guard status == noErr || status == errSecItemNotFound else {
throw Error.unexpected(code: status)
}
}
}

53
Sources/KeychainKit/Protocols/KeychainAccountProtocol.swift Normal file
View File

@@ -0,0 +1,53 @@
import Foundation
/// A type that describes a keychain account configuration for secure item storage and access.
///
/// Conforming types define metadata that determines how the keychain protects, authenticates, and
/// optionally synchronizes specific items.
///
/// ## Topics
///
/// ### Properties
///
/// - ``identifier``
/// - ``protection``
/// - ``accessFlags``
/// - ``synchronizable``
public protocol KeychainAccountProtocol: Sendable {
/// A unique string that identifies the keychain account.
var identifier: String { get }
/// The keychain data protection level assigned to the account.
///
/// Defaults to `kSecAttrAccessibleAfterFirstUnlock`. You can override this to use another
/// accessibility option, such as `kSecAttrAccessibleWhenUnlocked` or
/// `kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly`.
var protection: CFString { get }
/// The access control flags defining additional authentication requirements.
///
/// Defaults to an empty set (`[]`). Override this to enforce constraints like `.userPresence`,
/// `.biometryAny`, or `.devicePasscode`.
var accessFlags: SecAccessControlCreateFlags { get }
/// Indicates whether the item is synchronized through iCloud Keychain.
///
/// Defaults to `false`. Set this to `true` if the item should be available across all devices
/// associated with the same iCloud account.
var synchronizable: Bool { get }
}
public extension KeychainAccountProtocol {
var protection: CFString { kSecAttrAccessibleAfterFirstUnlock }
var accessFlags: SecAccessControlCreateFlags { [] }
var synchronizable: Bool { false }
}
public extension KeychainAccountProtocol where Self: RawRepresentable, Self.RawValue == String {
/// A unique string that identifies the keychain account.
///
/// Derived from the instances raw string value.
var identifier: String { rawValue }
}

33
Sources/KeychainKit/Protocols/KeychainServiceProtocol.swift Normal file
View File

@@ -0,0 +1,33 @@
import Foundation
/// A type that describes a keychain service used to group and identify stored items.
///
/// Conforming types define a unique service identifier and may optionally specify an access group
/// for sharing keychain data between multiple apps or extensions.
///
/// ## Topics
///
/// ### Properties
///
/// - ``identifier``
/// - ``accessGroup``
public protocol KeychainServiceProtocol: Sendable {
/// A unique string that identifies the keychain service.
var identifier: String { get }
/// An optional keychain access group identifier that enables shared access between apps.
///
/// Defaults to `nil`, meaning no access group is specified.
var accessGroup: String? { get }
}
public extension KeychainServiceProtocol {
var accessGroup: String? { nil }
}
public extension KeychainServiceProtocol where Self: RawRepresentable, Self.RawValue == String {
/// A unique string that identifies the keychain service.
///
/// Derived from the instances raw string value.
var identifier: String { rawValue }
}

185
Sources/KeychainKit/Protocols/KeychainStorageProtocol.swift Normal file
View File

@@ -0,0 +1,185 @@
import Foundation
/// A type that provides access to data stored in the keychain.
///
/// Conforming types define how items are encoded, saved, and accessed securely, using account and
/// service descriptors to identify individual entries.
///
/// ## Topics
///
/// ### Associated Types
///
/// - ``Account``
/// - ``Service``
///
/// ### Instance Properties
///
/// - ``service``
///
/// ### Retrieving Items
///
/// - ``get(by:)->Data?``
/// - ``get(by:)->String?``
/// - ``get(by:)->UUID?``
/// - ``get(by:decoder:)``
///
/// ### Inserting Items
///
/// - ``insert(_:by:)-(Data,_)``
/// - ``insert(_:by:)-(String,_)``
/// - ``insert(_:by:)-(UUID,_)``
/// - ``insert(_:by:encoder:)``
///
/// ### Deleting Items
///
/// - ``delete(by:)``
///
/// ### Checking Existence
///
/// - ``exists(by:)``
public protocol KeychainStorageProtocol: Sendable {
// MARK: - Types
/// A type that describes a keychain account used to identify stored items.
associatedtype Account: KeychainAccountProtocol
/// A type that describes a keychain service used to group stored items.
associatedtype Service: KeychainServiceProtocol
// MARK: - Properties
/// The keychain service associated with this storage instance.
var service: Service? { get }
// MARK: - Methods
/// Retrieves raw data for the given account.
///
/// - Parameter account: The account descriptor identifying the stored item.
/// - Returns: The stored data, or `nil` if no item exists.
/// - Throws: ``KeychainError`` if the operation fails.
func get(by account: Account) throws(KeychainError) -> Data?
/// Inserts raw data for the given account.
///
/// - Parameters:
/// - value: The data to store.
/// - account: The account descriptor identifying the target item.
/// - Throws: ``KeychainError`` if the operation fails.
func insert(_ value: Data, by account: Account) throws(KeychainError)
/// Deletes the item for the given account.
///
/// - Parameter account: The account descriptor identifying the item to remove.
/// - Throws: ``KeychainError`` if the operation fails.
func delete(by account: Account) throws(KeychainError)
/// Checks whether an item exists for the given account.
///
/// - Parameter account: The account descriptor identifying the stored item.
/// - Returns: `true` if the item exists; otherwise, `false`.
/// - Throws: ``KeychainError`` if the check fails.
func exists(by account: Account) throws(KeychainError) -> Bool
}
// MARK: - Get Extension
public extension KeychainStorageProtocol {
/// Retrieves a UTF-8 string for the given account.
///
/// - Parameter account: The account descriptor identifying the stored item.
/// - Returns: The decoded string, or `nil` if no item exists.
/// - Throws: ``KeychainError`` if retrieval fails.
/// - Throws: ``KeychainError/invalidData`` if the stored data cannot be decoded as UTF-8.
func get(by account: Account) throws(KeychainError) -> String? {
guard let data = try get(by: account) else { return nil }
guard let string = String(data: data, encoding: .utf8) else {
throw .invalidData
}
return string
}
/// Retrieves a UUID for the given account.
///
/// - Parameter account: The account descriptor identifying the stored item.
/// - Returns: The decoded UUID, or `nil` if no item exists.
/// - Throws: ``KeychainError`` if retrieval fails.
/// - Throws: ``KeychainError/invalidData`` if the stored value is not a valid UUID string.
func get(by account: Account) throws(KeychainError) -> UUID? {
guard let string: String = try get(by: account) else { return nil }
guard let uuid = UUID(uuidString: string) else {
throw .invalidData
}
return uuid
}
/// Retrieves and decodes a `Decodable` value for the given account.
///
/// - Parameters:
/// - account: The account descriptor identifying the stored item.
/// - decoder: The JSON decoder used to decode the stored data.
/// - Returns: The decoded value, or `nil` if no item exists.
/// - Throws: ``KeychainError`` if retrieval fails.
/// - Throws: ``KeychainError/underlying(_:)`` if JSON decoding fails.
func get<T: Decodable>(
by account: Account,
decoder: JSONDecoder = .init()
) throws(KeychainError) -> T? {
guard let data = try get(by: account) else { return nil }
do {
return try decoder.decode(T.self, from: data)
} catch {
throw .underlying(error as NSError)
}
}
}
// MARK: - Set Extension
public extension KeychainStorageProtocol {
/// Inserts a UTF-8 string for the given account.
///
/// - Parameters:
/// - value: The string to store.
/// - account: The account descriptor identifying the target item.
/// - Throws: ``KeychainError`` if the operation fails.
/// - Throws: ``KeychainError/invalidData`` if the string cannot be encoded as UTF-8.
func insert(_ value: String, by account: Account) throws(KeychainError) {
guard let data = value.data(using: .utf8) else {
throw .invalidData
}
try insert(data, by: account)
}
/// Inserts a UUID for the given account.
///
/// - Parameters:
/// - value: The UUID to store.
/// - account: The account descriptor identifying the target item.
/// - Throws: ``KeychainError`` if the operation fails.
func insert(_ value: UUID, by account: Account) throws(KeychainError) {
try insert(value.uuidString, by: account)
}
/// Encodes and inserts an `Encodable` value for the given account.
///
/// - Parameters:
/// - value: The value to encode and store.
/// - account: The account descriptor identifying the target item.
/// - encoder: The JSON encoder used to encode the value.
/// - Throws: ``KeychainError`` if the operation fails.
/// - Throws: ``KeychainError/underlying(_:)`` if JSON encoding fails.
func insert<T: Encodable>(
_ value: T,
by account: Account,
encoder: JSONEncoder = .init()
) throws(KeychainError) {
let data: Data
do {
data = try encoder.encode(value)
} catch {
throw .underlying(error as NSError)
}
try insert(data, by: account)
}
}

56
Sources/KeychainKit/Resources/Localizable.xcstrings Normal file
View File

@@ -0,0 +1,56 @@
{
"sourceLanguage" : "en",
"strings" : {
"Error.authenticationFailed" : {
"localizations" : {
"en" : {
"stringUnit" : {
"state" : "translated",
"value" : "Authentication failed"
}
}
}
},
"Error.duplicateItem" : {
"localizations" : {
"en" : {
"stringUnit" : {
"state" : "translated",
"value" : "Item already exists"
}
}
}
},
"Error.invalidData" : {
"localizations" : {
"en" : {
"stringUnit" : {
"state" : "translated",
"value" : "Stored item contains invalid or unexpected data"
}
}
}
},
"Error.osStatus %@" : {
"localizations" : {
"en" : {
"stringUnit" : {
"state" : "translated",
"value" : "Unexpected Keychain status: %@"
}
}
}
},
"Error.underlying %@" : {
"localizations" : {
"en" : {
"stringUnit" : {
"state" : "translated",
"value" : "Unexpected error while working with Keychain: %@"
}
}
}
}
},
"version" : "1.0"
}