diff --git a/ADAL/ADAL.xcodeproj/project.pbxproj b/ADAL/ADAL.xcodeproj/project.pbxproj index efab0cfaa..2487c178a 100644 --- a/ADAL/ADAL.xcodeproj/project.pbxproj +++ b/ADAL/ADAL.xcodeproj/project.pbxproj @@ -58,6 +58,9 @@ 236BF403205B49EF006E3897 /* ADWipeTokensTelemetryTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B200BC4320180A57000A81FD /* ADWipeTokensTelemetryTests.m */; }; 236BF407205B4E1A006E3897 /* ADAcquireTokenTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B20DC60C1F0D99A300957806 /* ADAcquireTokenTests.m */; }; 236BF40B205B4E1C006E3897 /* ADAcquireTokenTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B20DC60C1F0D99A300957806 /* ADAcquireTokenTests.m */; }; + 236D398F26F429D00080BB29 /* ADALAuthenticationContext+RemoteDeviceIdentity.h in Headers */ = {isa = PBXBuildFile; fileRef = 236D398D26F429D00080BB29 /* ADALAuthenticationContext+RemoteDeviceIdentity.h */; settings = {ATTRIBUTES = (Public, ); }; }; + 236D399026F429D00080BB29 /* ADALAuthenticationContext+RemoteDeviceIdentity.h in Headers */ = {isa = PBXBuildFile; fileRef = 236D398D26F429D00080BB29 /* ADALAuthenticationContext+RemoteDeviceIdentity.h */; settings = {ATTRIBUTES = (Public, ); }; }; + 236D399326F429D00080BB29 /* ADALAuthenticationContext+RemoteDeviceIdentity.m in Sources */ = {isa = PBXBuildFile; fileRef = 236D398E26F429D00080BB29 /* ADALAuthenticationContext+RemoteDeviceIdentity.m */; }; 23766BB32013D91E00449D47 /* NSDictionary+ADALiOSUITests.m in Sources */ = {isa = PBXBuildFile; fileRef = 23766BB22013D91E00449D47 /* NSDictionary+ADALiOSUITests.m */; }; 23B7919D20118B9F008D4BD2 /* ADAutoPassedInWebViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 23B7919820118B9E008D4BD2 /* ADAutoPassedInWebViewController.m */; }; 23B791A220119030008D4BD2 /* ADAutoRequestViewController.m in Sources */ = {isa = PBXBuildFile; fileRef = 23B791A120119030008D4BD2 /* ADAutoRequestViewController.m */; }; @@ -920,6 +923,8 @@ 236BF3C820521382006E3897 /* ADALUserInformation+Internal.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "ADALUserInformation+Internal.m"; sourceTree = ""; }; 236BF3DF2059C1C4006E3897 /* ADALAuthenticationContext+TestUtil.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "ADALAuthenticationContext+TestUtil.h"; sourceTree = ""; }; 236BF3E02059C1C4006E3897 /* ADALAuthenticationContext+TestUtil.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "ADALAuthenticationContext+TestUtil.m"; sourceTree = ""; }; + 236D398D26F429D00080BB29 /* ADALAuthenticationContext+RemoteDeviceIdentity.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "ADALAuthenticationContext+RemoteDeviceIdentity.h"; sourceTree = ""; }; + 236D398E26F429D00080BB29 /* ADALAuthenticationContext+RemoteDeviceIdentity.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "ADALAuthenticationContext+RemoteDeviceIdentity.m"; sourceTree = ""; }; 23766BB12013D91E00449D47 /* NSDictionary+ADALiOSUITests.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "NSDictionary+ADALiOSUITests.h"; sourceTree = ""; }; 23766BB22013D91E00449D47 /* NSDictionary+ADALiOSUITests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "NSDictionary+ADALiOSUITests.m"; sourceTree = ""; }; 237A6D4B202D0B490084E15F /* adal__uitest__ios.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = adal__uitest__ios.xcconfig; sourceTree = ""; }; @@ -1616,6 +1621,7 @@ children = ( 9453C3A41C583AA8006B9E79 /* public */, 60C351B91DA0D588006C8435 /* ADAL.m */, + 236D398E26F429D00080BB29 /* ADALAuthenticationContext+RemoteDeviceIdentity.m */, D67D3D401F38542700660F32 /* ADAL.pch */, 9453C3A31C583A9C006B9E79 /* ADAL_Internal.h */, D61AFAAB1FD8A06D00DABBE5 /* ADALConstants.h */, @@ -1860,6 +1866,7 @@ 9453C3C01C583AE6006B9E79 /* ADALUserIdentifier.h */, 9453C3C11C583AE6006B9E79 /* ADALUserInformation.h */, 9453C3C21C583AE6006B9E79 /* ADALWebAuthController.h */, + 236D398D26F429D00080BB29 /* ADALAuthenticationContext+RemoteDeviceIdentity.h */, 9453C3C31C583AE6006B9E79 /* ios */, 9453C3C51C583AE6006B9E79 /* mac */, ); @@ -2370,6 +2377,7 @@ 9453C3DB1C583E8B006B9E79 /* ADALErrorCodes.h in Headers */, 9453C3D61C583E8B006B9E79 /* ADALAuthenticationContext.h in Headers */, 9453C3DF1C583E8B006B9E79 /* ADALUserInformation.h in Headers */, + 236D398F26F429D00080BB29 /* ADALAuthenticationContext+RemoteDeviceIdentity.h in Headers */, 9453C3DC1C583E8B006B9E79 /* ADALLogger.h in Headers */, 9453C3DA1C583E8B006B9E79 /* ADALAuthenticationSettings.h in Headers */, 9453C3D81C583E8B006B9E79 /* ADALAuthenticationParameters.h in Headers */, @@ -2426,6 +2434,7 @@ D60B653B1F355C5700A89487 /* ADALAuthorityValidationRequest.h in Headers */, B24D25E92059F67D00025B8B /* ADALResponseCacheHandler.h in Headers */, 94DD18D41C5AC8DE00F80C62 /* ADALAuthenticationSettings.h in Headers */, + 236D399026F429D00080BB29 /* ADALAuthenticationContext+RemoteDeviceIdentity.h in Headers */, 94DD18CF1C5AC8DE00F80C62 /* ADAL.h in Headers */, 94DD18DA1C5AC8DE00F80C62 /* ADALWebAuthController.h in Headers */, 94DD18D91C5AC8DE00F80C62 /* ADALUserInformation.h in Headers */, @@ -3415,6 +3424,7 @@ D6CF4ED51FC37A1B00CD70C5 /* ADAL.m in Sources */, 60D2F4021D531F16008725D9 /* ADALRequestParameters.m in Sources */, A521AB7920EED96A0005735B /* ADALEnrollmentGateway.m in Sources */, + 236D399326F429D00080BB29 /* ADALAuthenticationContext+RemoteDeviceIdentity.m in Sources */, D61AFAAF1FD8A06D00DABBE5 /* ADALConstants.m in Sources */, 9453C4101C586456006B9E79 /* ADALAuthenticationResult.m in Sources */, 9453C4091C586456006B9E79 /* ADALAuthenticationContext+Internal.m in Sources */, @@ -3688,6 +3698,7 @@ D664F1A71D302B9C0017B799 /* ADALAuthenticationRequest+AcquireAssertion.m in Sources */, D69A721B1D4FF68300E91DB3 /* ADALAggregatedDispatcher.m in Sources */, B299FF1A1F22BE32004A2CB9 /* NSString+ADALURLExtensions.m in Sources */, + 21350FCE27BB43A500347037 /* ADALAuthenticationContext+RemoteDeviceIdentity.m in Sources */, D664F1AA1D302B9C0017B799 /* ADALAuthenticationParameters+Internal.m in Sources */, B2A17EA422FFCA300051637E /* ADALBrokerApplicationTokenHelper.m in Sources */, D664F1AB1D302B9C0017B799 /* ADALBrokerNotificationManager.m in Sources */, diff --git a/ADAL/src/ADALAuthenticationContext+RemoteDeviceIdentity.m b/ADAL/src/ADALAuthenticationContext+RemoteDeviceIdentity.m new file mode 100644 index 000000000..7a315d1e3 --- /dev/null +++ b/ADAL/src/ADALAuthenticationContext+RemoteDeviceIdentity.m @@ -0,0 +1,69 @@ +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +#if MS_REMOTE_PKEYAUTH_CALLBACK && TARGET_OS_SIMULATOR + +#import "ADALAuthenticationContext+RemoteDeviceIdentity.h" +#import "MSIDPKeyAuthHandler.h" + +static ADALRemotePkeyAuthResponseCallback s_ADALRemotePkeyAuthResponseCallback = nil; +static BOOL s_isInMemoryTokenCacheEnabled = NO; + +@implementation ADALAuthenticationContext (RemoteDeviceIdentity) + ++ (void)setRemotePkeyAuthCallback:(ADALRemotePkeyAuthResponseCallback)callback +{ + @synchronized (self) + { + s_ADALRemotePkeyAuthResponseCallback = [callback copy]; + + [MSIDPKeyAuthHandler setRemotePkeyAuthCallback:^NSString * (NSString *challengeUrl) { + + @synchronized (self) //Guard against thread-unsafe callback + { + if (s_ADALRemotePkeyAuthResponseCallback) + { + return s_ADALRemotePkeyAuthResponseCallback(challengeUrl); + } + else + { + return nil; + } + } + }]; + + } +} + ++ (void)setIsInMemoryTokenCacheEnabled:(BOOL)enabled +{ + s_isInMemoryTokenCacheEnabled = enabled; +} + ++ (BOOL)isInMemoryTokenCacheEnabled +{ + return s_isInMemoryTokenCacheEnabled; +} +@end + +#endif diff --git a/ADAL/src/ADALAuthenticationContext.m b/ADAL/src/ADALAuthenticationContext.m index 2d1cae1fc..083dac0e2 100755 --- a/ADAL/src/ADALAuthenticationContext.m +++ b/ADAL/src/ADALAuthenticationContext.m @@ -46,6 +46,10 @@ #import "MSIDDefaultTokenCacheAccessor.h" #import "MSIDAADV1Oauth2Factory.h" +#if MS_REMOTE_PKEYAUTH_CALLBACK && TARGET_OS_SIMULATOR +#import "ADALAuthenticationContext+RemoteDeviceIdentity.h" +#endif + // This variable is purposefully a global so that way we can more easily pull it out of the // symbols in a binary to detect what version of ADAL is being used without needing to // run the application. @@ -89,11 +93,28 @@ - (id)initWithAuthority:(NSString *) authority API_ENTRY; self.sharedGroup = sharedGroup; + id tokenCacheDataSource; +#if MS_REMOTE_PKEYAUTH_CALLBACK && TARGET_OS_SIMULATOR + if ([ADALAuthenticationContext isInMemoryTokenCacheEnabled]) + { + tokenCacheDataSource = [MSIDMacTokenCache defaultCache]; + } + else + { + MSIDKeychainTokenCache *keychainTokenCache = [[MSIDKeychainTokenCache alloc] initWithGroup:sharedGroup]; + tokenCacheDataSource = keychainTokenCache; + // In case if sharedGroup is nil, keychainTokenCache.keychainGroup will return default group. + // Note: it is in the following format: . + [self setSharedGroup:[keychainTokenCache keychainGroup]]; + } +#else MSIDKeychainTokenCache *keychainTokenCache = [[MSIDKeychainTokenCache alloc] initWithGroup:sharedGroup]; + tokenCacheDataSource = keychainTokenCache; // In case if sharedGroup is nil, keychainTokenCache.keychainGroup will return default group. // Note: it is in the following format: . - self.sharedGroup = keychainTokenCache.keychainGroup; - MSIDLegacyTokenCacheAccessor *tokenCache = [self createIosCache:keychainTokenCache]; + [self setSharedGroup:[keychainTokenCache keychainGroup]]; +#endif + MSIDLegacyTokenCacheAccessor *tokenCache = [self createIosCache:tokenCacheDataSource]; return [self initWithAuthority:authority validateAuthority:bValidate @@ -127,8 +148,21 @@ - (id)initWithAuthority:(NSString *)authority MSIDLegacyTokenCacheAccessor *tokenCache = nil; #if TARGET_OS_IPHONE +#if MS_REMOTE_PKEYAUTH_CALLBACK && TARGET_OS_SIMULATOR + if ([ADALAuthenticationContext isInMemoryTokenCacheEnabled]) + { + tokenCache = [self createIosCache:[MSIDMacTokenCache defaultCache]]; + } + else + { + tokenCache = [self createIosCache:[MSIDKeychainTokenCache defaultKeychainCache]]; + self.sharedGroup = MSIDKeychainTokenCache.defaultKeychainGroup; + } +#else tokenCache = [self createIosCache:[MSIDKeychainTokenCache defaultKeychainCache]]; - self.sharedGroup = MSIDKeychainTokenCache.defaultKeychainGroup; + [self setSharedGroup:[MSIDKeychainTokenCache defaultKeychainGroup]]; +#endif + #else self.legacyMacCache = [ADALTokenCache defaultCache]; tokenCache = [self createMacCache:self.legacyMacCache.macTokenCache]; diff --git a/ADAL/src/public/ADAL.h b/ADAL/src/public/ADAL.h index 4deb9dbdc..8a4e06cb4 100644 --- a/ADAL/src/public/ADAL.h +++ b/ADAL/src/public/ADAL.h @@ -39,6 +39,7 @@ FOUNDATION_EXPORT const unsigned char ADALFrameworkVersionString[]; typedef void(^ADAuthenticationCallback)(ADALAuthenticationResult* _Nonnull result); #import +#import #import #import #import diff --git a/ADAL/src/public/ADALAuthenticationContext+RemoteDeviceIdentity.h b/ADAL/src/public/ADALAuthenticationContext+RemoteDeviceIdentity.h new file mode 100644 index 000000000..effdad499 --- /dev/null +++ b/ADAL/src/public/ADALAuthenticationContext+RemoteDeviceIdentity.h @@ -0,0 +1,41 @@ +// Copyright (c) Microsoft Corporation. +// All rights reserved. +// +// This code is licensed under the MIT License. +// +// Permission is hereby granted, free of charge, to any person obtaining a copy +// of this software and associated documentation files(the "Software"), to deal +// in the Software without restriction, including without limitation the rights +// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell +// copies of the Software, and to permit persons to whom the Software is +// furnished to do so, subject to the following conditions : +// +// The above copyright notice and this permission notice shall be included in +// all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +// THE SOFTWARE. + +#import "ADALAuthenticationContext.h" + +#if MS_REMOTE_PKEYAUTH_CALLBACK && TARGET_OS_SIMULATOR + +/// This block for the ADAL gets device identity (device has to be enrolled and compliant) +/// @param challengeUrl device CA challenge recieved from AAD +typedef NSString * _Nullable (^ADALRemotePkeyAuthResponseCallback)(NSString * _Nonnull challengeUrl); + +@interface ADALAuthenticationContext (RemoteDeviceIdentity) +/// Enables In memory token cache +@property (class, nonatomic) BOOL isInMemoryTokenCacheEnabled; + +/// Sets a block for the ADAL, which will be called once device CA request from AAD recieved to get device identity (device has to be enrolled and compliant) +/// @param callback The block autjentication challenge is sent. ++(void)setRemotePkeyAuthCallback:(nullable ADALRemotePkeyAuthResponseCallback)callback; + +@end +#endif