I'm working on Xcode version 7.1 (7B91b), I'm using Swift and building an OSX application (10.11.2). I'm trying to generate and store RSA key pairs to be used for data encryption / decryption. Here's the implementation that has been taken from: 'AsymmetricCrypto Github
// Constants
private let kAsymmetricCryptoManagerApplicationTag = "com.AsymmetricCrypto.keypair"
private let kAsymmetricCryptoManagerKeyType = kSecAttrKeyTypeRSA
private let kAsymmetricCryptoManagerKeySize = 2048
private let kAsymmetricCryptoManagerCypheredBufferSize = 1024
private let kAsymmetricCryptoManagerSecPadding: SecPadding = .PKCS1
func createSecureKeyPair(completion: ((success: Bool, error: AsymmetricCryptoException?) -> Void)? = nil) {
// private key parameters
let privateKeyParams: [String: AnyObject] = [
kSecAttrIsPermanent as String: false,
kSecAttrApplicationTag as String: kAsymmetricCryptoManagerApplicationTag
]
// private key parameters
let publicKeyParams: [String: AnyObject] = [
kSecAttrIsPermanent as String: false,
kSecAttrApplicationTag as String: kAsymmetricCryptoManagerApplicationTag
]
// global parameters for our key generation
let parameters: [String: AnyObject] = [
kSecAttrKeyType as String: kAsymmetricCryptoManagerKeyType,
kSecAttrKeySizeInBits as String: kAsymmetricCryptoManagerKeySize,
kSecPublicKeyAttrs as String: publicKeyParams,
kSecPrivateKeyAttrs as String: privateKeyParams,
]
// asynchronously generate the key pair and call the completion block
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0)) { () -> Void in
var pubKey, privKey: SecKeyRef?
let status = SecKeyGeneratePair(parameters, &pubKey, &privKey)
if status == errSecSuccess {
dispatch_async(dispatch_get_main_queue(), { completion?(success: true, error: nil) })
} else {
var error = AsymmetricCryptoException.UnknownError
switch (status) {
case errSecDuplicateItem: error = .DuplicateFoundWhileTryingToCreateKey
case errSecItemNotFound: error = .KeyNotFound
case errSecAuthFailed: error = .AuthFailed
default: break
}
dispatch_async(dispatch_get_main_queue(), { completion?(success: false, error: error) })
}
}
}
Upon calling the createSecureKeyPair(), as follows:
AsymmetricCryptoManager.sharedInstance.createSecureKeyPair({
(success, error) -> Void in
if (success) {
print("keys created")
} else {
print("error: \(error)")
}
})
I get this error:
2015-12-26 03:55:46.113 sectest[17165:20928431] -[Swift._NSContiguousString bytes]: unrecognized selector sent to instance 0x610000045880
and of course, the exception AsymmetricCryptoException.UnknownError is returned (meaning that the error is of an unknown nature), plus if it helps, SecKeyGeneratePair() returns the value -2070
The weird part is that the keys (public and private) are actually created in the Keychain as such:
What is this error and how can get the expected behavior out of the code above?
I got the answer to the problem from the Apple Developer Forums. The problem is with:
private let kAsymmetricCryptoManagerApplicationTag = "com.AsymmetricCrypto.keypair"
The values for key kSecAttrApplicationTag of params dictionaries need to be a CFDataRef, not String. The below line, resolves the problem.
private let kAsymmetricCryptoManagerApplicationTag = "com.sectest.keypair".dataUsingEncoding(NSUTF8StringEncoding)!
Related
I have the following structure that is used to pass JSON data to a REST endpoint. Originally the object contained only one level of key-value pairs. In that scenario, serializing to a JSON object worked properly.
Now I need to add a dictionary as a parameter, which should create a nested dictionary in the resulting JSON. However, adding the nested dictionary causes JSONSerialization to return nil.
Code:
struct ServicePayload:Codable {
private var name:String
private var type:String
private var deviceId:String
private var clientType:String
private var appInstanceId:String
private var version:String
private var addParams:[String:String] // causes failure
init(name:String, type:String, version:String, params:[String:String]) {
self.name = name
self.type = type
self.deviceId = Constants.Device.identifier!
self.version = version
self.clientType = "1"
self.appInstanceId = Bundle.main.object(forInfoDictionaryKey: "CFBundleShortVersionString") as! String
self.addParams = params
}
// json mapper
private enum CodingKeys:String, CodingKey {
case name = "name"
case type = "contentTypes"
case deviceId = "x-DeviceId"
case clientType = "x-ClientType"
case appInstanceId = "x-InstanceId"
case version = "version"
case addParams = "optionalParams"
}
func getJsonObject() -> [String:String]? {
do {
let encoded = try JSONEncoder().encode(self)
if let json = try JSONSerialization.jsonObject(with: encoded, options: []) as? [String : String] {
return json
}
} catch (let error) {
print("Error building JSON: \(error.localizedDescription)")
}
return nil
}
}
Without the the addParams field, the JSONSerialization works as expected. When I add the addParams field, which adds a nested dictionary to the object, the JSONSerialization fails and returns nil.
Can anyone give me a clue as to why I can't add a nested dictionary in this scenario?
Thanks!
It fails as one key (here it's the added addParams ) 's value isn't a String so the cast
as? [String : String] // causes failure
Won't occur , hence a nil json , so Replace
if let json = try JSONSerialization.jsonObject(with: encoded, options: [])
as? [String : String] {
with
if let json = try JSONSerialization.jsonObject(with: encoded, options: [])
as? [String : Any] {
Any encapsulates String and [String:String]
I have an array of appointments and I'm trying to grab all of the photos for these appointments from our windows azure blob storage. First, I want to get the list of blobs with the associated appointmentId so I can download and store them properly afterwards.
I'm using PromiseKit but I'm not at all sure about how to use PromiseKit in a loop:
for appointment in appointments {
// Get blobs
}
Here's my code so far. Any help is greatly appreciated!
func getBlobsPromise(appointmentId: Int32) -> Promise<[BlobDownload]> {
return Promise { seal in
var error: NSError?
var blobDownloads = [BlobDownload]()
container = AZSCloudBlobContainer(url: URL(string: containerURL)!, error: &error)
if ((error) != nil) {
print("Error in creating blob container object. Error code = %ld, error domain = %#, error userinfo = %#", error!.code, error!.domain, error!.userInfo)
seal.reject(error!)
}
let prefix: String = "AppointmentFiles/\(appointmentId)"
container?.listBlobsSegmented(with: nil, prefix: prefix, useFlatBlobListing: true, blobListingDetails: AZSBlobListingDetails(), maxResults: 150) { (error : Error?, results : AZSBlobResultSegment?) -> Void in
if error != nil {
seal.reject(error!)
}
for blob in results!.blobs!
{
let blobInfo = blob as! AZSCloudBlob
if blobInfo.blobName.lowercased().contains("jpg") || blobInfo.blobName.lowercased().contains("jpeg") {
let blobDownload: BlobDownload = BlobDownload(appointmentId: Int(jobId), blob: blobInfo)
blobDownloads.append(blobDownload)
}
}
seal.fulfill(blobDownloads)
}
}
}
That returns the blobs as expected but I want to get all of the blobs for all of the appointments before proceeding. Here's what I tried (among other things):
func getBlobsForAllJobs(appointmentIds: [Int32]) -> Promise<[BlobDownload]> {
return Promise { seal in
let count = appointmentIds.count - 1
let promises = (0..<count).map { index -> Promise<[BlobDownload]> in
return getBlobsPromise(agencyCode: agencyCode, appointmentId: appointmentIds[index])
}
when(fulfilled: promises).then({ blobDownloads in
seal.fulfill(blobDownloads)
})
}
}
EDIT 1
I solved this using a DispatchGroup and completion handler. Here's the code in case someone is interested. If there are alternate (better) ways of doing this I'd love to hear them. I'm a c# guy just getting into Swift.
func getBlobsToDownload(appointmentIds: [Int32], completion: #escaping ([BlobDownload]) -> Void) {
var myBlobsToDownload = [BlobDownload]()
let myGroup = DispatchGroup()
for apptId in appointmentIds {
myGroup.enter()
getBlobs(appointmentId: apptId) { (blobDownloads) in
print("Finished request \(apptId)")
print("Blobs fetched from apptId \(apptId) is \(blobDownloads.count)")
for blobDownload in blobDownloads {
myBlobsToDownload.append(blobDownload)
}
myGroup.leave()
}
}
myGroup.notify(queue: .main) {
print("Finished all requests.")
completion(myBlobsToDownload)
}
}
I'm using Gloss for my JSON instantiation. Here is a sample class:
public class MyObj: Decodable
{
let id_user : String
let contact_addr1 : String
let contact_addr2 : String?
let contact_city : String
let contact_state : String
let contact_zip : String
let points : Int
// Deserialization
required public init?(json: JSON)
{
guard let id_user : String = "somekey" <~~ json else {
assertionFailure("MyObj - invalid JSON. Missing key: wouldbenicetonotwritethisforeachmember")
return nil
}
guard let contact_addr1 : String = "somekey" <~~ json else {
assertionFailure("MyObj - invalid JSON. Missing key: wouldbenicetonotwritethisforeachmember")
return nil
}
guard let contact_city : String = "somekey" <~~ json else {
assertionFailure("MyObj - invalid JSON. Missing key: wouldbenicetonotwritethisforeachmember")
return nil
}
guard let contact_state : String = "somekey" <~~ json else {
assertionFailure("MyObj - invalid JSON. Missing key: wouldbenicetonotwritethisforeachmember")
return nil
}
guard let contact_zip : String = "somekey" <~~ json else {
assertionFailure("MyObj - invalid JSON. Missing key: wouldbenicetonotwritethisforeachmember")
return nil
}
guard let points : Int = "somekey" <~~ json else {
assertionFailure("MyObj - invalid JSON. Missing key: wouldbenicetonotwritethisforeachmember")
return nil
}
self.id_user = id_user
self.contact_addr1 = contact_addr1
self.contact_addr2 = "somekey" <~~ json
self.contact_city = contact_city
self.contact_state = contact_state
self.contact_zip = contact_zip
self.contact_points = points
}
}
I have a lot of model classes. Hundreds of members between them. Writing a multi-line guard statement for each one really junks up my code. Is there any way I can encapsulate the guard functionality into something more concise? Maybe a function or something like:
shortGuard("memberName", "jsonKey")
Maybe there is a way to guard against an array of string keys?
There are a huge variety of ways to accomplish this. They all boil down to writing a wrapper function to map your keys to values. Here are a couple quick examples I thought of, but as I say there are many ways to do this depending on what you're after:
enum JSONError: Error {
case keyNotFound(String)
}
extension JSON {
func values<T>(for keys: [String]) throws -> [T] {
var values = [T]()
for key in keys {
guard let value: T = key <~~ self else {
throw JSONError.keyNotFound(key)
}
values.append(value)
}
return values
}
func values<T>(for keys: [String], closure: ((_ key: String, _ value: T) -> Void)) throws {
for key in keys {
guard let value: T = key <~~ self else {
throw JSONError.keyNotFound(key)
}
closure(key, value)
}
}
}
The first validates all keys before you can use any of them and will throw if one isn't present. You'd use it like so:
do {
let keys = ["foo", "bar"]
// The type of the values constant is important.
// In this example we're saying look for values of type Int.
let values: [Int] = try json.values(for: keys)
for (index, key) in keys.enumerated() {
print("value for \(key): \(values[index])")
}
} catch JSONError.keyNotFound(let key) {
assertionFailure("key not found \(key)")
}
The second one will pass back key, value pairs to a closure as they appear in your keys array and will throw at the first one it finds that doesn't exist.
do {
let keys = ["foo", "bar"]
// The type of the closure's value argument is important.
// In this example we're saying look for values of type String.
try json.values(for: keys) { (key, value: String) in
print("value for key \(key) is \(value)")
}
} catch JSONError.keyNotFound(let key) {
assertionFailure("key not found \(key)")
}
Using the first version in an init?() function for your class, we have something like this:
public struct MyObj: Decodable {
public let id_user : String
public let contact_addr1 : String
public let contact_addr2 : String?
public let points : Int
public init?(json: S) {
do {
let stringKeys = ["id_user", "contact_addr1"]
let stringValues: [String] = try json.values(for: stringKeys)
id_user = stringValues[0]
contact_addr1 = stringValues[1]
// this isn't required, so just extract with no error if it fails
contact_addr2 = "contact_addr2" <~~ json
let intKeys = ["points"]
let intValues: [Int] = try json.values(for: intKeys)
points = intValues[0]
} catch JSONError.keyNotFound(let key) {
assertionFailure("key \(key) not found in JSON")
return nil
} catch {
return nil
}
}
}
I have not used Gloss, and it mostly seems to be unnecessary considering that it is simple enough to parse JSON safely without needing an extra library, or using unfamiliar syntax.
Option 1:
You can group the optional unwrapping in a single guard statement.
Example:
public struct MyObj {
let id_user : String
let contact_addr1 : String
let contact_addr2 : String?
let points : Int
public init?(json: Any) {
guard
let entities = json as? [String : Any],
let id_user = entities["some key"] as? String,
let contact_addr1 = entities["some key"] as? String,
let points = entities["some key"] as? Int
else {
assertionFailure("...")
return nil
}
self.id_user = id_user
self.contact_addr1 = contact_addr1
self.contact_addr2 = entities["some key"] as? String
self.contact_points = points
}
}
Option 2:
Another approach would be to eliminate the guard statements altogether, and let the parser throw an error during parsing, and use an optional try to convert the result to nil.
Example:
// Helper object for parsing values from a dictionary.
// A similar pattern could be used for arrays. i.e. array.stringAt(10)
struct JSONDictionary {
let values: [String : Any]
init(_ json: Any) throws {
guard let values = json as? [String : Any] else {
throw MyError.expectedDictionary
}
self.values = values
}
func string(_ key: String) throws -> String {
guard let value = values[key] as? String else {
throw MyError.expectedString(key)
}
return value
}
func integer(_ key: String) throws -> Int {
guard let value = values[key] as? Int else {
throw MyError.expectedInteger(key)
}
return value
}
}
Parser:
public struct MyObj {
let id_user : String
let contact_addr1 : String
let contact_addr2 : String?
let points : Int
public init(json: Any) throws {
// Instantiate the helper object.
// Ideally the JSONDictionary would be passed by the caller.
let dictionary = try JSONDictionary(json),
self.id_user = try dictionary.string("some key"),
self.contact_addr1 = try dictionary.string("some key"),
self.points = try dictionary.integer("some key")
// Results in an optional if the string call throws an exception
self.contact_addr2 = try? dictionary.string("some key")
}
}
Usage:
// Instantiate MyObj from myJSON.
// myObject will be nil if parsing fails.
let myObject = try? MyObj(json: myJSON)
I am working on an iOS application that needs to generate a key pair on the device, store the private key in the Secure Enclave, and then access it later to use for signing (does not need to be exported, ever). When I sign, I always hash the data using SHA256, following a couple of stack Overflow answers, and it seems to be working when I print the results. However, after obtaining a valid private key reference from the KeyChain, hashing the data to be signed, and specifying that it is a SHA256 hash, SecKeyRawSign still returns -1. This is just listed as a 'generic error', and my setup seems like it should be valid. Some insight on what's going wrong would be greatly appreciated. Here are my methods to generate and sign:
private func genKeyPair() -> (privateAlias: String, publicKey: NSData)? {
// Generate a keyhandle, which will be returned as an alias for the private key
let numBytes = Int(keyHandleLength)
var randomBytes = [UInt8](count: numBytes, repeatedValue: 0)
SecRandomCopyBytes(kSecRandomDefault, numBytes, &randomBytes)
let data = NSData(bytes: &randomBytes, length: numBytes)
let alias = data.base64EncodedStringWithOptions(NSDataBase64EncodingOptions(rawValue: 0))
let access = SecAccessControlCreateWithFlags(nil, kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly, .TouchIDCurrentSet, nil)!
// Key pair parameters
var keyParams: [String:AnyObject] = [
kSecAttrKeyType as String: kSecAttrKeyTypeEC,
kSecAttrKeySizeInBits as String: 256
]
// Private key parameters
keyParams[kSecPrivateKeyAttrs as String] = [
kSecAttrIsPermanent as String: true,
kSecAttrLabel as String: alias,
kSecAttrApplicationTag as String: applicationTag,
kSecAttrAccessControl as String: access
]
// Public key parameters
keyParams[kSecPublicKeyAttrs as String] = [
kSecAttrIsPermanent as String: true,
kSecAttrLabel as String: alias + "-pub",
kSecAttrApplicationTag as String: applicationTag
]
var pubKeyRef, privKeyRef: SecKey?
var err = SecKeyGeneratePair(keyParams, &pubKeyRef, &privKeyRef)
guard let _ = pubKeyRef where err == errSecSuccess else {
print("Error while generating key pair: \(err).")
return nil
}
// Export the public key for application use
let query = [
kSecClass as String: kSecClassKey,
kSecAttrLabel as String: alias + "-pub",
kSecAttrKeyType as String: kSecAttrKeyTypeEC,
kSecReturnData as String: true
]
var pubKeyOpt: AnyObject?
err = SecItemCopyMatching(query, &pubKeyOpt)
if let pubKey = pubKeyOpt as? NSData where err == errSecSuccess {
print("Successfully retrieved public key!")
return (alias, pubKey)
} else {
print("Error retrieving public key: \(err).")
return nil
}
}
private func sign(bytes data: NSData, usingKeyWithAlias alias: String) -> NSData? {
let query = [
kSecClass as String: kSecClassKey,
kSecAttrLabel as String: alias,
kSecAttrApplicationTag as String: applicationTag,
kSecAttrKeyType as String: kSecAttrKeyTypeEC,
kSecReturnRef as String: true
]
var privateKey: AnyObject?
var error = SecItemCopyMatching(query, &privateKey)
guard error == errSecSuccess else {
print("Could not obtain reference to private key with alias \"\(alias)\", error: \(error).")
return nil
}
print("\nData: \(data)")
print("Length: \(data.length)")
let hashedData = NSMutableData(length: Int(CC_SHA256_DIGEST_LENGTH))!
CC_SHA256(data.bytes, CC_LONG(data.length), UnsafeMutablePointer(hashedData.mutableBytes))
print("\nHashed data: \(hashedData)")
print("Length: \(hashedData.length)")
var signedHashLength = SecKeyGetBlockSize(privateKey as! SecKeyRef)
let signedHash = NSMutableData(length: signedHashLength)!
error = SecKeyRawSign(privateKey as! SecKeyRef, .PKCS1SHA256, UnsafePointer<UInt8>(hashedData.mutableBytes), hashedData.length, UnsafeMutablePointer<UInt8>(signedHash.mutableBytes), &signedHashLength)
print("\nSigned hash: \(signedHash)")
print("Length: \(signedHashLength)\n")
guard error == errSecSuccess else {
print("Failed to sign data, error: \(error).")
return nil
}
return signedHash
}
This is the line that is failing, with error message "Cannot convert value of type [AnyObject] to expected argument type [PFObject]"
self.customObtainAllHandlerWithObjects(objects, success: success, failure: failure)
import UIKit
import Parse
class AbstractService: BaseService {
private let _cache = AbstractCache<T>()
private let _parser = AbstractParser<T>()
/// Store all completionHandlers for convertFromParseObject operations here. Need this to avoid a concurrent conversions of the same object.
var conversions = Dictionary<String, [(entity: T) -> Void]>()
/// Contains ids of objects, which need their videos to be downloaded.
var queue: [(entityId: String, file: PFFile)] = []
var isQueueDownloading = false
var className: String {
get {
fatalError("This property must be overridden")
}
}
// MARK: - Create
func createEntity() -> T {
let entity = T()
cache().appendEntity(entity)
return entity
}
// MARK: - Obtain all
/// Base method, which obtains entities from Parse database.
///
/// - parameter skip: Number of records, which will be skipped.
/// - parameter limit: Max number of entities returned.
/// - parameter constraints: A block, which applies constraints to PFQuery. E.g. query.includeKey("author") or query.whereKey("user", equalTo: PFUser.currentUser()).
/// - parameter success: Success block. Executes when operation successfully finished.
/// - parameter failure: Failure block. Executes when operation fails.
func obtain(skip skip: Int?, limit: Int?, constraints applyConstraints: ((query: PFQuery) -> PFQuery)?, success: (entities: [T]) -> Void, failure: FailureCompletionHandler) {
var query = PFQuery(className: className)
if let skip = skip {
query.skip = skip
}
query.limit = limit ?? 1000
if let applyConstraints = applyConstraints {
query = applyConstraints(query: query)
}
query.findObjectsInBackgroundWithBlock { (objects, error) -> Void in
if let error = error {
self.callFailureCompletionHandler(failure, error: error)
}
else {
if let objects = objects {
self.customObtainAllHandlerWithObjects(objects, success: success, failure: failure)
}
else {
failure(allowRetry: false, errorMessage: "Cannot load \(self.className)")
}
}
}
}
You're getting this error because object is of type [AnyObject] but the function you're calling--customObtainHandler--is expecting PFObject so you're going to have to convert your object to a PFObject.
You can convert between types with the as keyword.
so you do something like this:
if let myVar as? PFObject {
// now myVar is a PFObject
}
I don't recommend this but you can also force convert it using:
myVar as! PFObject