UI Building Blocks/CredentialImportController.m

/*
    File:       CredentialImportController.m
 
    Contains:   View to import a credential.
 
    Written by: DTS
 
    Copyright:  Copyright (c) 2011 Apple Inc. All Rights Reserved.
 
    Disclaimer: IMPORTANT: This Apple software is supplied to you by Apple Inc.
                ("Apple") in consideration of your agreement to the following
                terms, and your use, installation, modification or
                redistribution of this Apple software constitutes acceptance of
                these terms.  If you do not agree with these terms, please do
                not use, install, modify or redistribute this Apple software.
 
                In consideration of your agreement to abide by the following
                terms, and subject to these terms, Apple grants you a personal,
                non-exclusive license, under Apple's copyrights in this
                original Apple software (the "Apple Software"), to use,
                reproduce, modify and redistribute the Apple Software, with or
                without modifications, in source and/or binary forms; provided
                that if you redistribute the Apple Software in its entirety and
                without modifications, you must retain this notice and the
                following text and disclaimers in all such redistributions of
                the Apple Software. Neither the name, trademarks, service marks
                or logos of Apple Inc. may be used to endorse or promote
                products derived from the Apple Software without specific prior
                written permission from Apple.  Except as expressly stated in
                this notice, no other rights or licenses, express or implied,
                are granted by Apple herein, including but not limited to any
                patent rights that may be infringed by your derivative works or
                by other works in which the Apple Software may be incorporated.
 
                The Apple Software is provided by Apple on an "AS IS" basis. 
                APPLE MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
                WITHOUT LIMITATION THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
                MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, REGARDING
                THE APPLE SOFTWARE OR ITS USE AND OPERATION ALONE OR IN
                COMBINATION WITH YOUR PRODUCTS.
 
                IN NO EVENT SHALL APPLE BE LIABLE FOR ANY SPECIAL, INDIRECT,
                INCIDENTAL OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
                TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
                DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ARISING IN ANY WAY
                OUT OF THE USE, REPRODUCTION, MODIFICATION AND/OR DISTRIBUTION
                OF THE APPLE SOFTWARE, HOWEVER CAUSED AND WHETHER UNDER THEORY
                OF CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR
                OTHERWISE, EVEN IF APPLE HAS BEEN ADVISED OF THE POSSIBILITY OF
                SUCH DAMAGE.
 
*/
 
#import "CredentialImportController.h"
 
@interface CredentialImportController () <UITextFieldDelegate>
 
@property (nonatomic, assign, readonly) BOOL isPKCS12;
 
@end
 
@implementation CredentialImportController
 
+ (NSSet *)supportedMIMETypes
{
    static NSSet *  sSupportedCredentialTypes;
 
    if (sSupportedCredentialTypes == nil) {
        sSupportedCredentialTypes = [[NSSet alloc] initWithObjects:@"application/x-pkcs12", @"application/x-x509-ca-cert", @"application/pkix-cert", nil];
        assert(sSupportedCredentialTypes != nil);
    }
    return sSupportedCredentialTypes;
}
 
- (id)initWithCredentialData:(NSData *)data type:(NSString *)type
{
    assert(data != nil);
    assert(type != nil);
    assert([[[self class] supportedMIMETypes] containsObject:type]);
    
    self = [super initWithNibName:@"CredentialImportController" bundle:[NSBundle bundleForClass:[self class]]];
    if (self != nil) {
        self->_data = [data copy];
        self->_type = [[type lowercaseString] copy];
    }
    return self;
}
 
@synthesize data     = _data;
@synthesize type     = _type;
@synthesize origin   = _origin;
@synthesize delegate = _delegate;
 
- (BOOL)isPKCS12
{
    return [self.type isEqual:@"application/x-pkcs12"];
}
 
#pragma mark * Text field delegate callbacks
 
// The passwordIncorrectLabel tells the user that their password was incorrect 
// (obviously this is only used for PKCS#12).  We show the label when the user 
// tries to import the PKCS#12 and that fails with an error.  We hide the label 
// when the user changes (or clears) the text in the password field.
 
- (BOOL)textFieldShouldClear:(UITextField *)textField
{
    #pragma unused(textField)
    assert(textField == self.passwordField);
    self.passwordIncorrectLabel.hidden = YES;
    return YES;
}
 
- (BOOL)textField:(UITextField *)textField shouldChangeCharactersInRange:(NSRange)range replacementString:(NSString *)string
{
    #pragma unused(textField)
    #pragma unused(range)
    #pragma unused(string)
    assert(textField == self.passwordField);
    self.passwordIncorrectLabel.hidden = YES;
    return YES;
}
 
- (BOOL)textFieldShouldReturn:(UITextField *)textField
{
    #pragma unused(textField)
    assert(textField == self.passwordField);
    
    // We don't check for the password being non-empty because it seems that a 
    // PKCS#12 with an empty password is legal.
    
    [self importAction:self];
    return NO;
}
 
#pragma mark * Action code
 
- (CredentialImportStatus)_importPKCS12
    // Attempts to import the identities in a PKCS#12 data blob.
{
    OSStatus                err;
    CredentialImportStatus  status;
    CFArrayRef              importedItems;
 
    status = kCredentialImportStatusFailed;
 
    importedItems = NULL;
    
    err = SecPKCS12Import( 
        (CFDataRef) self.data, 
        (CFDictionaryRef) [NSDictionary dictionaryWithObjectsAndKeys:
            self.passwordField.text,        kSecImportExportPassphrase, 
            nil
        ],
        &importedItems
    );
    if (err == noErr) {
        // +++ If there are multiple identities in the PKCS#12, and adding a non-first 
        // one fails, we end up with partial results.  Right now that's not an issue 
        // in practice, but I might want to revisit this.
        
        for (NSDictionary * itemDict in (id) importedItems) {
            SecIdentityRef  identity;
            
            assert([itemDict isKindOfClass:[NSDictionary class]]);
 
            identity = (SecIdentityRef) [itemDict objectForKey:(NSString *) kSecImportItemIdentity];
            assert(identity != NULL);
            assert( CFGetTypeID(identity) == SecIdentityGetTypeID() );
            
            err = SecItemAdd(
                (CFDictionaryRef) [NSDictionary dictionaryWithObjectsAndKeys:
                    (id) identity,              kSecValueRef,
                    nil
                ], 
                NULL
            );
            if (err == errSecDuplicateItem) {
                err = noErr;
            }
            if (err != noErr) {
                break;
            }
        }
        if (err == noErr) {
            status = kCredentialImportStatusSucceeded;
        }
    } else if (err == errSecAuthFailed) {
        self.passwordIncorrectLabel.hidden = NO;
        status = kCredentialImportStatusCancelled;
    }
    
    if (importedItems != NULL) {
        CFRelease(importedItems);
    }
    return status;
}
 
- (CredentialImportStatus)_importCertificate
    // Attempts to import the data as a certificate.
{
    OSStatus                err;
    CredentialImportStatus  status;
    SecCertificateRef       cert;
 
    status = kCredentialImportStatusFailed;
 
    cert = SecCertificateCreateWithData(NULL, (CFDataRef) self.data);
    if (cert != NULL) {
        err = SecItemAdd(
            (CFDictionaryRef) [NSDictionary dictionaryWithObjectsAndKeys:
                (id) kSecClassCertificate,  kSecClass, 
                (id) cert,                  kSecValueRef,
                nil
            ], 
            NULL
        );
        if ( (err == errSecSuccess) || (err == errSecDuplicateItem) ) {
            status = kCredentialImportStatusSucceeded;
        }
    }
    return status;
}
 
- (IBAction)importAction:(id)sender
    // Called when the user taps on the Import button.
{
    #pragma unused(sender)
    CredentialImportStatus  status;
        
    if (self.isPKCS12) {
        status = [self _importPKCS12];
    } else {
        status = [self _importCertificate];
    }
    
    // We use kCredentialImportStatusCancelled as a special token (in this context 
    // only) to indicate that the user should retry their password.
    
    if ( (self.delegate != nil) && (status != kCredentialImportStatusCancelled) ) {
        [self.delegate credentialImport:self didImportWithStatus:status];
    }
}
 
- (IBAction)cancelAction:(id)sender
    // Called when the user taps on the Cancel button.
{
    #pragma unused(sender)
    if (self.delegate != nil) {
        [self.delegate credentialImport:self didImportWithStatus:kCredentialImportStatusCancelled];
    }
}
 
#pragma mark * View controller boilerplate
 
@synthesize descriptionLabel       = _descriptionLabel;
@synthesize typeLabel              = _typeLabel;
@synthesize originLabel            = _originLabel;
@synthesize passwordField          = _passwordField;
@synthesize passwordIncorrectLabel = _passwordIncorrectLabel;
 
- (void)viewDidLoad
{
    [super viewDidLoad];
    
    assert(self.descriptionLabel != nil);
    assert(self.typeLabel != nil);
    assert(self.originLabel != nil);
    assert(self.passwordField != nil);
    assert(self.passwordField.delegate == self);
    assert(self.passwordIncorrectLabel != nil);
 
    self.view.backgroundColor = [UIColor groupTableViewBackgroundColor];
    
    // Set up the UI to reflect what the user is trying to import.  This includes, 
    // for example, setting the the various text fields and hiding the password 
    // field if we're importing a certificate.
    
    if (self.isPKCS12) {
        self.descriptionLabel.text = [NSString stringWithFormat:@"not available prior to import"];
        self.typeLabel.text = @"identity";
 
        // Debug builds get a default password of "test".
        
        #if ! defined(NDEBUG)
            self.passwordField.text = @"test";
        #endif
    } else {
        SecCertificateRef   cert;
        CFStringRef         summary;
        
        summary = NULL;
        cert = SecCertificateCreateWithData(NULL, (CFDataRef) self.data);
        if (cert != NULL) {
            summary = SecCertificateCopySubjectSummary(cert);
        }
        if (summary == NULL) {
            summary = CFSTR("unknown");
        }
        
        if (self.origin != nil) {
            self.descriptionLabel.text = (NSString *) summary;
        } else {
            self.descriptionLabel.text = @"n/a";
        }
        
        if (summary != NULL) {
            CFRelease(summary);
        }
        if (cert != NULL) {
            CFRelease(cert);
        }
 
        self.typeLabel.text = @"certificate";
        self.passwordField.hidden = YES;
    }
 
    if (self.origin != nil) {
        self.originLabel.text = [self.origin absoluteString];
    } else {
        self.originLabel.text = @"n/a";
    }
}
 
- (void)viewWillAppear:(BOOL)animated
{
    assert(self.delegate != nil);           // c'mon folks!
 
    [super viewWillAppear:animated];
    
    if (self.isPKCS12) {
        [self.passwordField becomeFirstResponder];
    }
    self.passwordIncorrectLabel.hidden = YES;
}
 
- (void)viewDidUnload
{
    [super viewDidUnload];
 
    self.descriptionLabel = nil;
    self.typeLabel = nil;
    self.originLabel = nil;
    self.passwordField = nil;
    self.passwordIncorrectLabel = nil;
}
 
- (void)dealloc
{
    [self->_data release];
    [self->_type release];
    [self->_origin release];
 
    [self->_descriptionLabel release];
    [self->_typeLabel release];
    [self->_originLabel release];
    [self->_passwordField release];
    [self->_passwordIncorrectLabel release];
 
    [super dealloc];
}
 
@end