Core OS层 LocalAuthentication框架 (iOS8.0)
一、概述
1. LocalAuthentication 框架提供了用于向具有指定安全策略的用户请求身份验证的工具。例如,要求用户使用Touch ID进行身份验证。
2. LAContext 认证上下文对象,提供了一个评估认证策略和访问控制等。
3. 授权策略图(图来源: http://www.cnblogs.com/theDesertIslandOutOfTheWorld/p/5357946.html)
二、应用
// 指纹识别
- (IBAction)clickTouchIDButton:(UIButton *)sender {
{
LAContext *context = [[LAContext alloc] init];
NSError *error = nil;
if ([context canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:&error]) { //1.检查Touch ID 是否可用
//Touch ID可用
// NSLocalizedString 您向用户呈现的本地化字符串应该提供一个明确的原因,为什么您要求他们对自己进行身份验证,以及基于该身份验证将采取的操作。
[context evaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics localizedReason:NSLocalizedString(@"需要验证您的指纹来确认您的身份信息", @"") reply:^(BOOL success, NSError *error) {
if (success) {
//指纹验证通过
NSLog(@"---- 通过了Touch ID指纹验证 -----");
} else {
switch (error.code) { //认证策略,error
case -1:
NSLog(@"---- kLAErrorAuthenticationFailed (超出app重试限制(连续3次))");
//错误信息:error = Error Domain=com.apple.LocalAuthentication Code=-1 "Application retry limit exceeded." UserInfo={NSLocalizedDescription=Application retry limit exceeded.}
break;
case -2:
NSLog(@"---- kLAErrorUserCancel (点击了取消按钮)");
//错误信息:error = Error Domain=com.apple.LocalAuthentication Code=-2 "Canceled by user." UserInfo={NSLocalizedDescription=Canceled by user.}
break;
case -3:
NSLog(@"---- kLAErrorUserFallback (点击输入密码按钮)");
//错误信息:error = Error Domain=com.apple.LocalAuthentication Code=-3 "Fallback authentication mechanism selected." UserInfo={NSLocalizedDescription=Fallback authentication mechanism selected.}
break;
case -4:
NSLog(@"---- kLAErrorSystemCancel (应用进入后台,如按下电源键或来电等切换到其他应用)");
//错误信息:error = Error Domain=com.apple.LocalAuthentication Code=-4 "UI canceled by system." UserInfo={NSLocalizedDescription=UI canceled by system.}
break;
case -7:
NSLog(@"---- kLAErrorTouchIDNotEnrolled (身份验证无法启动,因为Touch ID没有注册的手指。)");
break;
case -8:
NSLog(@"---- kLAErrorTouchIDLockout (Touch ID 功能被锁定,下一次需要输入系统密码)");
//错误信息:error = Error Domain=com.apple.LocalAuthentication Code=-8 "Biometry is locked out." UserInfo={NSLocalizedDescription=Biometry is locked out.}
// 超过app重试限制,再次尝试Touch ID则被锁定,
break;
case -9:
NSLog(@"---- kLAErrorAppCancel (认证被取消的应用)");
break;
case -10:
NSLog(@"---- kLAErrorInvalidContext ");
break;
default:
break;
}
NSLog(@"---- Touch ID指纹验证失败 ----- \n 错误信息:error = %@", error);
}
}];
} else {
//Touch ID不可用情况, 可调输入密码界面(1.设备不支持,2.Touch ID被锁定 )
switch (error.code) {
case -5:
NSLog(@"---- kLAErrorPasscodeNotSet (未设置密码)");
break;
case -6:
NSLog(@"---- kLAErrorTouchIDNotAvailable (设备不支持)");
break;
case -7:
NSLog(@"---- kLAErrorTouchIDNotEnrolled (Touch ID没有注册的手指。)");
// error = Error Domain=com.apple.LocalAuthentication Code=-7 "No fingers are enrolled with Touch ID." UserInfo={NSLocalizedDescription=No fingers are enrolled with Touch ID.}------- (模拟器测试 或 真机设备未设置手指)
break;
case -8:
NSLog(@"---- kLAErrorTouchIDLockout (Touch ID 功能被锁定)");
//错误信息:error = Error Domain=com.apple.LocalAuthentication Code=-8 "Biometry is locked out." UserInfo={NSLocalizedDescription=Biometry is locked out.}------- (Touch ID 被锁)
break;
default:
break;
}
NSLog(@"------ Touch ID不可用 error = %@-------", error);
}
}
}
———————————————————————————————————————————————————————————————————————————————————————————————————
———————————————————————————————————————————————————————————————————————————————————————————————————
typedef NS_ENUM(NSInteger, LAPolicy)
{
/// Device owner was authenticated using a biometric method (Touch ID).
///
/// @discussion Touch ID authentication is required. If Touch ID is not available or not enrolled,
/// policy evaluation will fail. If Touch ID is locked out, passcode is required as
/// the first step to unlock the Touch ID. 基于Touch ID的授权, Touch ID 不可用,则授权失败.
///
/// Touch ID authentication dialog contains a cancel button with default title "Cancel"
/// which can be customized using localizedCancelTitle property and a fallback button with
/// default title "Enter Password" which can be customized using localizedFallbackTitle
/// property. Fallback button is initially hidden and shows up after first unsuccessful
/// Touch ID attempt. Tapping cancel button or fallback button causes evaluatePolicy call
/// to fail, returning a distinct error code.
///
/// Biometric authentication will get locked after 5 unsuccessful attempts. After that,
/// users have to unlock it by entering passcode. 指纹认证失败5次后将会锁定,之后,用户可通过输入密码解锁。
LAPolicyDeviceOwnerAuthenticationWithBiometrics NS_ENUM_AVAILABLE(NA, 8_0) __WATCHOS_AVAILABLE(3.0) __TVOS_AVAILABLE(10.0) = kLAPolicyDeviceOwnerAuthenticationWithBiometrics,
/// Device owner was authenticated by Touch ID or device passcode.
///
/// @discussion Touch ID or passcode authentication is required. If Touch ID is available, enrolled and
/// not locked out, user is asked for it first, otherwise they are asked to enter device
/// passcode. If passcode is not enabled, policy evaluation will fail. 支持两种授权:Touch ID 和 输入密码。 优先已Touch ID进行授权,两者皆不用, 则授权失败。
///
/// Touch ID authentication dialog behaves similarly as the one used by
/// LAPolicyDeviceOwnerAuthenticationWithBiometrics. However, instead of "Enter Password"
/// button there is "Enter Passcode" button which, when tapped, switches the authentication
/// method and allows users to enter device passcode.
///
/// Passcode authentication will get locked after 6 unsuccessful attempts with progressively
/// increased backoff delay. 输入密码授权,错误输入6次后将被锁定。
LAPolicyDeviceOwnerAuthentication NS_ENUM_AVAILABLE(10_11, 9_0) = kLAPolicyDeviceOwnerAuthentication
} NS_ENUM_AVAILABLE(10_10, 8_0) __WATCHOS_AVAILABLE(3.0) __TVOS_AVAILABLE(10.0);