From 581243f2456a8d1d2b2214e31ce2bfc926c35ec9 Mon Sep 17 00:00:00 2001 From: Valeriy Van Date: Wed, 6 Dec 2017 12:49:18 +0100 Subject: [PATCH 1/3] Adds JWTUnexpectedError --- Core/Supplement/JWTErrorDescription.h | 3 ++- Core/Supplement/JWTErrorDescription.m | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/Core/Supplement/JWTErrorDescription.h b/Core/Supplement/JWTErrorDescription.h index f46c0068..5e135e1d 100644 --- a/Core/Supplement/JWTErrorDescription.h +++ b/Core/Supplement/JWTErrorDescription.h @@ -26,7 +26,8 @@ typedef NS_ENUM(NSInteger, JWTError) { JWTBlacklistedAlgorithmError, JWTDecodingHeaderError, JWTDecodingPayloadError, - JWTDecodingHoldersChainEmptyError + JWTDecodingHoldersChainEmptyError, + JWTUnexpectedError }; @interface JWTErrorDescription : NSObject diff --git a/Core/Supplement/JWTErrorDescription.m b/Core/Supplement/JWTErrorDescription.m index 4aad559d..2f049506 100644 --- a/Core/Supplement/JWTErrorDescription.m +++ b/Core/Supplement/JWTErrorDescription.m @@ -27,7 +27,8 @@ + (NSDictionary *)userDescriptionsAndCodes { @(JWTBlacklistedAlgorithmError): @"Algorithm in blacklist? Try to check whitelist parameter", @(JWTDecodingHeaderError): @"Error decoding the JWT Header segment.", @(JWTDecodingPayloadError): @"Error decoding the JWT Payload segment.", - @(JWTDecodingHoldersChainEmptyError) : @"Error decoding the JWT algorithm and data holdersĀ chain is empty!" + @(JWTDecodingHoldersChainEmptyError): @"Error decoding the JWT algorithm and data holdersĀ chain is empty!", + @(JWTUnexpectedError): @"Unexpected Error" }); } @@ -49,7 +50,8 @@ + (NSDictionary *)errorDescriptionsAndCodes { @(JWTBlacklistedAlgorithmError): @"JWTBlacklistedAlgorithmError", @(JWTDecodingHeaderError): @"JWTDecodingHeaderError", @(JWTDecodingPayloadError): @"JWTDecodingPayloadError", - @(JWTDecodingHoldersChainEmptyError) :@"JWTDecodingHoldersChainEmptyError" + @(JWTDecodingHoldersChainEmptyError): @"JWTDecodingHoldersChainEmptyError", + @(JWTUnexpectedError): @"JWTUnexpectedError" }); } From 35251f8c5fae35ed8fdb8466b3b77c3b07a4ac8b Mon Sep 17 00:00:00 2001 From: Valeriy Van Date: Wed, 6 Dec 2017 12:52:33 +0100 Subject: [PATCH 2/3] Makes +[JWTMemoryLayout removeKeyByTag:error:] returning boolean By Apple convention method accepting NSError** should have a non-void return value to indicate whether or not an error occurred Solves static analyser issue --- .../RSFamily/RSKeys/JWTCryptoSecurity.h | 2 +- .../RSFamily/RSKeys/JWTCryptoSecurity.m | 22 ++++++++++++++----- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/Core/Algorithms/RSFamily/RSKeys/JWTCryptoSecurity.h b/Core/Algorithms/RSFamily/RSKeys/JWTCryptoSecurity.h index 47d631f5..6cc55ccc 100644 --- a/Core/Algorithms/RSFamily/RSKeys/JWTCryptoSecurity.h +++ b/Core/Algorithms/RSFamily/RSKeys/JWTCryptoSecurity.h @@ -15,7 +15,7 @@ + (SecKeyRef)addKeyWithData:(NSData *)data asPublic:(BOOL)public tag:(NSString *)tag type:(NSString *)type error:(NSError *__autoreleasing*)error; + (SecKeyRef)addKeyWithData:(NSData *)data asPublic:(BOOL)public tag:(NSString *)tag error:(NSError *__autoreleasing*)error; + (SecKeyRef)keyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error; -+ (void)removeKeyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error; ++ (BOOL)removeKeyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error; @end @interface JWTCryptoSecurity (Certificates) diff --git a/Core/Algorithms/RSFamily/RSKeys/JWTCryptoSecurity.m b/Core/Algorithms/RSFamily/RSKeys/JWTCryptoSecurity.m index e65384dc..e95ea62c 100644 --- a/Core/Algorithms/RSFamily/RSKeys/JWTCryptoSecurity.m +++ b/Core/Algorithms/RSFamily/RSKeys/JWTCryptoSecurity.m @@ -7,6 +7,8 @@ // #import "JWTCryptoSecurity.h" +#import "JWTErrorDescription.h" + @interface JWTMemoryLayout : NSObject + (NSString *)typeUInt8; + (NSString *)typeCUnsignedChar; @@ -127,18 +129,28 @@ + (SecKeyRef)keyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error; { return NULL; } -+ (void)removeKeyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error; { ++ (BOOL)removeKeyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error; { NSData *tagData = [tag dataUsingEncoding:NSUTF8StringEncoding]; if (tagData == nil) { - // tell that nothing to remove. - return; + // tell that nothing to remove. + if (error) { + *error = [JWTErrorDescription errorWithCode:JWTUnexpectedError]; + } + return NO; } NSDictionary *removeAttributes = @{ (__bridge NSString*)kSecClass: (__bridge NSString*)kSecClassKey, (__bridge NSString*)kSecAttrKeyType: (__bridge NSString*)kSecAttrKeyTypeRSA, - (__bridge NSString*)kSecAttrApplicationTag: tagData, + (__bridge NSString*)kSecAttrApplicationTag: tagData }; - SecItemDelete((__bridge CFDictionaryRef)removeAttributes); + OSStatus status = SecItemDelete((__bridge CFDictionaryRef)removeAttributes); + if (status != errSecSuccess) { + if (error) { + *error = [JWTErrorDescription errorWithCode:status]; + } + return NO; + } + return YES; } @end From b9a845074ee8dc437dac9417401fd3bbe1afed6a Mon Sep 17 00:00:00 2001 From: Valeriy Van Date: Sun, 10 Dec 2017 18:46:46 +0200 Subject: [PATCH 3/3] Changes way how NSError object is created --- Core/Algorithms/RSFamily/RSKeys/JWTCryptoSecurity.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/Algorithms/RSFamily/RSKeys/JWTCryptoSecurity.m b/Core/Algorithms/RSFamily/RSKeys/JWTCryptoSecurity.m index e95ea62c..418af600 100644 --- a/Core/Algorithms/RSFamily/RSKeys/JWTCryptoSecurity.m +++ b/Core/Algorithms/RSFamily/RSKeys/JWTCryptoSecurity.m @@ -146,7 +146,7 @@ + (BOOL)removeKeyByTag:(NSString *)tag error:(NSError *__autoreleasing*)error; { OSStatus status = SecItemDelete((__bridge CFDictionaryRef)removeAttributes); if (status != errSecSuccess) { if (error) { - *error = [JWTErrorDescription errorWithCode:status]; + *error = [NSError errorWithDomain:NSOSStatusErrorDomain code:status userInfo:nil]; } return NO; }