相比NSUserdefault存储用户名密码, 使用keychain更安全
#import <Foundation/Foundation.h>
#import <Security/Security.h>
/**
* 使用keychain存储用户名密码
*/
@interface LgKeychain : NSObject
/**
* 写入方法
*
* @param service key值, 相当于key-value中的key
* @param data key-value中的value, 即要存储的数据
*/
+ (void)save:(NSString *)service data:(id)data;
/**
* 读取方法
*
* @param service key值
*
* @return 读取到的数据
*/
+ (id)load:(NSString *)service;
/**
* 删除方法
*
* @param service key值
*/
+ (void)delete:(NSString *)service;
@end
#import "LgKeychain.h"
@implementation LgKeychain
+ (NSMutableDictionary *)getKeychainQuery:(NSString *)service {
return [NSMutableDictionary dictionaryWithObjectsAndKeys:
(id)kSecClassGenericPassword, (id)kSecClass,
service, (id)kSecAttrService,
service, (id)kSecAttrAccount,
(id)kSecAttrAccessibleAfterFirstUnlock, (id)kSecAttrAccessible, nil];
}
+ (void)save:(NSString *)service data:(id)data {
// Get search dictionary
NSMutableDictionary *keychainQuery = [self getKeychainQuery:service];
// Delete old item before add new item
SecItemDelete((CFDictionaryRef)keychainQuery);
// Add new object to search dictionary(Attention:the data format);
[keychainQuery setObject:[NSKeyedArchiver archivedDataWithRootObject:data] forKey:(id)kSecValueData];
// Add item to keychain with the search dictionary
SecItemAdd((CFDictionaryRef)keychainQuery, NULL);
}
+ (id)load:(NSString *)service {
id ret = nil;
NSMutableDictionary *keychainQuery = [self getKeychainQuery:service];
// Configure the searcch setting
// Since in our simple case we are expecting only a single attribute to be returned
// (the password) we can set the attribute kSecReturnData to KCFBooleanTrue
[keychainQuery setObject:(id)kCFBooleanTrue forKey:(id)kSecReturnData];
[keychainQuery setObject:(id)kSecMatchLimitOne forKey:(id)kSecMatchLimit];
CFDataRef keyData = NULL;
if (SecItemCopyMatching((CFDictionaryRef)keychainQuery, (CFTypeRef *)&keyData) == noErr) {
@try {
ret = [NSKeyedUnarchiver unarchiveObjectWithData:(__bridge NSData *)keyData];
} @catch (NSException *exception) {
NSLog(@"unarchive of %@ failed: %@", service, exception);
} @finally {
NSLog(@"Code that gets executed whether or not an exception is thrown");
}
}
if (keyData) {
CFRelease(keyData);
return ret;
}
}
+ (void)delete:(NSString *)service {
NSMutableDictionary *keychainQuery = [self getKeychainQuery:service];
SecItemDelete((CFDictionaryRef)keychainQuery);
}
@end
调用:
NSString * const KEY_USERNAME_PASSWORD = @"com.ligen.app.usernamepassword";
NSString * const KEY_USERNAME = @"com.ligen.app.username";
NSString * const KEY_PASSWORD = @"com.ligen.app.password";
// 存入keychain
NSMutableDictionary *usernamepasswordPairs = [NSMutableDictionary dictionary];
[usernamepasswordPairs setObject:@"ligen" forKey:KEY_USERNAME];
[usernamepasswordPairs setObject:@"123456" forKey:KEY_PASSWORD];
[LgKeychain save:KEY_USERNAME_PASSWORD data:usernamepasswordPairs];
// 从keychain中取出用户名密码
NSMutableDictionary *getOutUsernamePasswordPairs = (NSMutableDictionary *)[LgKeychain load:KEY_USERNAME_PASSWORD];
NSLog(@"KEY_USERNAME:%@\n KEY_PASSWORD: %@", [getOutUsernamePasswordPairs objectForKey:KEY_USERNAME], [getOutUsernamePasswordPairs objectForKey:KEY_PASSWORD]);