From 8e8501abb04c64e831292574ac61d2cbfef88e13 Mon Sep 17 00:00:00 2001
From: Danny Moesch <danny.moesch@icloud.com>
Date: Wed, 10 Jul 2019 21:57:15 +0200
Subject: [PATCH] Save app passcode in Keychain and migrate existing passcode
 from SharedDefaults

---
 .../SettingsTableViewController.swift         |  2 +-
 passKit/Helpers/DefaultsKeys.swift            |  2 +-
 passKit/Models/PasscodeLock.swift             | 25 ++++++++++++-------
 3 files changed, 18 insertions(+), 11 deletions(-)

diff --git a/pass/Controllers/SettingsTableViewController.swift b/pass/Controllers/SettingsTableViewController.swift
index 4157c56..0689fec 100644
--- a/pass/Controllers/SettingsTableViewController.swift
+++ b/pass/Controllers/SettingsTableViewController.swift
@@ -159,7 +159,7 @@ class SettingsTableViewController: UITableViewController, UITabBarControllerDele
 
     override func tableView(_ tableView: UITableView, didSelectRowAt indexPath: IndexPath) {
         if tableView.cellForRow(at: indexPath) == passcodeTableViewCell {
-            if SharedDefaults[.passcodeKey] != nil{
+            if passcodeLock.hasPasscode {
                 showPasscodeActionSheet()
             } else {
                 setPasscodeLock()
diff --git a/passKit/Helpers/DefaultsKeys.swift b/passKit/Helpers/DefaultsKeys.swift
index 37e26c7..675cc01 100644
--- a/passKit/Helpers/DefaultsKeys.swift
+++ b/passKit/Helpers/DefaultsKeys.swift
@@ -20,6 +20,7 @@ public extension DefaultsKeys {
     static let pgpPublicKeyArmor = DefaultsKey<String?>("pgpPublicKeyArmor")
     static let pgpPrivateKeyArmor = DefaultsKey<String?>("pgpPrivateKeyArmor")
     static let gitSSHPrivateKeyArmor = DefaultsKey<String?>("gitSSHPrivateKeyArmor")
+    static let passcodeKey = DefaultsKey<String?>("passcodeKey")
 
     static let gitURL = DefaultsKey<URL?>("gitURL")
     static let gitAuthenticationMethod = DefaultsKey<String?>("gitAuthenticationMethod")
@@ -33,7 +34,6 @@ public extension DefaultsKeys {
     static let lastSyncedTime = DefaultsKey<Date?>("lastSyncedTime")
 
     static let isTouchIDOn = DefaultsKey<Bool>("isTouchIDOn", defaultValue: false)
-    static let passcodeKey = DefaultsKey<String?>("passcodeKey")
 
     static let isHideUnknownOn = DefaultsKey<Bool>("isHideUnknownOn", defaultValue: false)
     static let isHideOTPOn = DefaultsKey<Bool>("isHideOTPOn", defaultValue: false)
diff --git a/passKit/Models/PasscodeLock.swift b/passKit/Models/PasscodeLock.swift
index 3ec15ae..541def5 100644
--- a/passKit/Models/PasscodeLock.swift
+++ b/passKit/Models/PasscodeLock.swift
@@ -6,15 +6,20 @@
 //  Copyright © 2017 Yishi Lin. All rights reserved.
 //
 
-import Foundation
-import LocalAuthentication
-
-open class PasscodeLock {
+public class PasscodeLock {
     public static let shared = PasscodeLock()
 
-    fileprivate let passcodeKey = "passcode.lock.passcode"
-    fileprivate var passcode: String? {
-        return SharedDefaults[.passcodeKey]
+    private static let identifier = Globals.bundleIdentifier + "passcode"
+
+    /// Cached passcode to avoid frequent access to Keychain
+    private var passcode: String? = AppKeychain.get(for: PasscodeLock.identifier)
+
+    /// Constructor used to migrate passcode from SharedDefaults to Keychain
+    private init() {
+        if let passcode = SharedDefaults[.passcodeKey] {
+            save(passcode: passcode)
+            SharedDefaults[.passcodeKey] = nil
+        }
     }
 
     public var hasPasscode: Bool {
@@ -22,7 +27,8 @@ open class PasscodeLock {
     }
 
     public func save(passcode: String) {
-        SharedDefaults[.passcodeKey] = passcode
+        AppKeychain.add(string: passcode, for: PasscodeLock.identifier)
+        self.passcode = passcode
     }
 
     public func check(passcode: String) -> Bool {
@@ -30,6 +36,7 @@ open class PasscodeLock {
     }
 
     public func delete() {
-        SharedDefaults[.passcodeKey] = nil
+        AppKeychain.removeContent(for: PasscodeLock.identifier)
+        passcode = nil
     }
 }