Merge pull request #550 from AzureAD/release/1.3.2

Merge release 1.3.2 into master

Author: oldalton

.travis.yml

@@ -1,5 +1,5 @@
 language: objective-c
-osx_image: xcode10.2
+osx_image: xcode11
 
 # Set up our rubygems (slather and xcpretty, namely)
 install: 

IdentityCore/IdentityCore.xcodeproj/project.pbxproj

@@ -304,6 +304,12 @@
 		23DADC1120B8BF4F005D7389 /* MSIDAadAuthorityCacheRecord.m in Sources */ = {isa = PBXBuildFile; fileRef = 23DADC0F20B8BF4F005D7389 /* MSIDAadAuthorityCacheRecord.m */; };
 		23F32F251FFDAF1900B2905E /* MSIDTestBrokerResponse.m in Sources */ = {isa = PBXBuildFile; fileRef = B2D81BBD1FF5C7460093859A /* MSIDTestBrokerResponse.m */; };
 		23F32F261FFDAF1A00B2905E /* MSIDTestBrokerResponse.m in Sources */ = {isa = PBXBuildFile; fileRef = B2D81BBD1FF5C7460093859A /* MSIDTestBrokerResponse.m */; };
+		23F9FD4622EC08D800DAB65D /* NSKeyedUnarchiver+MSIDExtensions.h in Headers */ = {isa = PBXBuildFile; fileRef = 23F9FD4422EC08D800DAB65D /* NSKeyedUnarchiver+MSIDExtensions.h */; };
+		23F9FD4722EC08D800DAB65D /* NSKeyedUnarchiver+MSIDExtensions.m in Sources */ = {isa = PBXBuildFile; fileRef = 23F9FD4522EC08D800DAB65D /* NSKeyedUnarchiver+MSIDExtensions.m */; };
+		23F9FD4822EC08D800DAB65D /* NSKeyedUnarchiver+MSIDExtensions.m in Sources */ = {isa = PBXBuildFile; fileRef = 23F9FD4522EC08D800DAB65D /* NSKeyedUnarchiver+MSIDExtensions.m */; };
+		23F9FD4B22EC097600DAB65D /* NSKeyedArchiver+MSIDExtensions.h in Headers */ = {isa = PBXBuildFile; fileRef = 23F9FD4922EC097600DAB65D /* NSKeyedArchiver+MSIDExtensions.h */; };
+		23F9FD4C22EC097600DAB65D /* NSKeyedArchiver+MSIDExtensions.m in Sources */ = {isa = PBXBuildFile; fileRef = 23F9FD4A22EC097600DAB65D /* NSKeyedArchiver+MSIDExtensions.m */; };
+		23F9FD4D22EC097600DAB65D /* NSKeyedArchiver+MSIDExtensions.m in Sources */ = {isa = PBXBuildFile; fileRef = 23F9FD4A22EC097600DAB65D /* NSKeyedArchiver+MSIDExtensions.m */; };
 		23FB5C20225516FB002BF1EB /* MSIDClaimsRequestTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 23FB5C1F225516FA002BF1EB /* MSIDClaimsRequestTests.m */; };
 		23FB5C21225516FB002BF1EB /* MSIDClaimsRequestTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 23FB5C1F225516FA002BF1EB /* MSIDClaimsRequestTests.m */; };
 		23FB5C2A225517AA002BF1EB /* MSIDClaimsRequest.m in Sources */ = {isa = PBXBuildFile; fileRef = 23FB5C24225517AA002BF1EB /* MSIDClaimsRequest.m */; };
@@ -1060,6 +1066,9 @@
 		B2DD5BBF204799DC0084313F /* MSIDMacTokenCacheTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 2335EFB3203BB07600C342D0 /* MSIDMacTokenCacheTests.m */; };
 		B2DD5BC120479AA80084313F /* MSIDCacheItemJsonSerializerTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 231CE9C91FE8D79A00E95D3E /* MSIDCacheItemJsonSerializerTests.m */; };
 		B2DD5BC320479D9D0084313F /* MSIDKeyedArchiverSerializerTests.m in Sources */ = {isa = PBXBuildFile; fileRef = 2321531D1FDA1AF100C6960D /* MSIDKeyedArchiverSerializerTests.m */; };
+		B2DFA56E231E0642006F9EF8 /* MSIDKeychainTokenCache.m in Sources */ = {isa = PBXBuildFile; fileRef = 9641B51F1FCF3ECE00AFA0EC /* MSIDKeychainTokenCache.m */; };
+		B2DFA56F231E0649006F9EF8 /* MSIDKeychainTokenCache.h in Headers */ = {isa = PBXBuildFile; fileRef = 9641B51E1FCF3ECE00AFA0EC /* MSIDKeychainTokenCache.h */; };
+		B2DFA570231E064D006F9EF8 /* MSIDKeychainTokenCache+Internal.h in Headers */ = {isa = PBXBuildFile; fileRef = 2353747E22140466002436FC /* MSIDKeychainTokenCache+Internal.h */; };
 		B2E7698E206096A7000F3F2B /* MSIDTelemetryCacheEventTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B2E7698D206096A7000F3F2B /* MSIDTelemetryCacheEventTests.m */; };
 		B2E7698F206096A7000F3F2B /* MSIDTelemetryCacheEventTests.m in Sources */ = {isa = PBXBuildFile; fileRef = B2E7698D206096A7000F3F2B /* MSIDTelemetryCacheEventTests.m */; };
 		B2EB3ADF22F7C74000FA400E /* MSIDBrokerInvocationOptions.m in Sources */ = {isa = PBXBuildFile; fileRef = B2968C8422F3C3E8005AFC33 /* MSIDBrokerInvocationOptions.m */; };
@@ -1446,6 +1455,10 @@
 		23DADC0F20B8BF4F005D7389 /* MSIDAadAuthorityCacheRecord.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDAadAuthorityCacheRecord.m; sourceTree = "<group>"; };
 		23F32F151FF72CE400B2905E /* MSIDMacTokenCacheIntegrationTests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MSIDMacTokenCacheIntegrationTests.m; sourceTree = "<group>"; };
 		23F32F221FFDAB9D00B2905E /* MSIDTokenCacheDataSourceIntegrationTests.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MSIDTokenCacheDataSourceIntegrationTests.m; sourceTree = "<group>"; };
+		23F9FD4422EC08D800DAB65D /* NSKeyedUnarchiver+MSIDExtensions.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "NSKeyedUnarchiver+MSIDExtensions.h"; sourceTree = "<group>"; };
+		23F9FD4522EC08D800DAB65D /* NSKeyedUnarchiver+MSIDExtensions.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "NSKeyedUnarchiver+MSIDExtensions.m"; sourceTree = "<group>"; };
+		23F9FD4922EC097600DAB65D /* NSKeyedArchiver+MSIDExtensions.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = "NSKeyedArchiver+MSIDExtensions.h"; sourceTree = "<group>"; };
+		23F9FD4A22EC097600DAB65D /* NSKeyedArchiver+MSIDExtensions.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = "NSKeyedArchiver+MSIDExtensions.m"; sourceTree = "<group>"; };
 		23FB5C1F225516FA002BF1EB /* MSIDClaimsRequestTests.m */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.objc; path = MSIDClaimsRequestTests.m; sourceTree = "<group>"; };
 		23FB5C24225517AA002BF1EB /* MSIDClaimsRequest.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MSIDClaimsRequest.m; sourceTree = "<group>"; };
 		23FB5C25225517AA002BF1EB /* MSIDIndividualClaimRequestAdditionalInfo.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MSIDIndividualClaimRequestAdditionalInfo.h; sourceTree = "<group>"; };
@@ -2650,8 +2663,6 @@
 				96891A942190F15E00D7F437 /* MSIDWPJChallengeHandler.h */,
 				96891A952190F15E00D7F437 /* MSIDWPJChallengeHandler.m */,
 				962EA0442190D7F50049C4C8 /* MSIDCertAuthHandler.h */,
-				606830032098ACC100CCA6AB /* MSIDNegotiateHandler.h */,
-				606830042098ACED00CCA6AB /* MSIDNegotiateHandler.m */,
 				6068303720A33A7400CCA6AB /* MSIDPKeyAuthHandler.h */,
 				6068303820A33A9000CCA6AB /* MSIDPKeyAuthHandler.m */,
 			);
@@ -2671,6 +2682,8 @@
 			isa = PBXGroup;
 			children = (
 				962EA03C2190D4930049C4C8 /* MSIDCertAuthHandler.m */,
+				606830032098ACC100CCA6AB /* MSIDNegotiateHandler.h */,
+				606830042098ACED00CCA6AB /* MSIDNegotiateHandler.m */,
 			);
 			path = mac;
 			sourceTree = "<group>";
@@ -2688,6 +2701,9 @@
 				232153191FDA101900C6960D /* MSIDUserInformation.m */,
 				9641B5221FCF3EEF00AFA0EC /* MSIDMacTokenCache.h */,
 				9641B5231FCF3EEF00AFA0EC /* MSIDMacTokenCache.m */,
+				9641B51E1FCF3ECE00AFA0EC /* MSIDKeychainTokenCache.h */,
+				9641B51F1FCF3ECE00AFA0EC /* MSIDKeychainTokenCache.m */,
+				2353747E22140466002436FC /* MSIDKeychainTokenCache+Internal.h */,
 				B220AC1D22680D6000423359 /* mac */,
 				B211580B202B84B2005CE586 /* key */,
 				9641B5261FCF3F2600AFA0EC /* serializers */,
@@ -2699,9 +2715,6 @@
 		9641B51D1FCF3EB800AFA0EC /* ios */ = {
 			isa = PBXGroup;
 			children = (
-				9641B51E1FCF3ECE00AFA0EC /* MSIDKeychainTokenCache.h */,
-				9641B51F1FCF3ECE00AFA0EC /* MSIDKeychainTokenCache.m */,
-				2353747E22140466002436FC /* MSIDKeychainTokenCache+Internal.h */,
 			);
 			path = ios;
 			sourceTree = "<group>";
@@ -3467,6 +3480,10 @@
 				1E5B2A852294F5CA003C579D /* MSIDKeychainUtil+Internal.h */,
 				B27CCDCF229E205B00CAD565 /* NSJSONSerialization+MSIDExtensions.h */,
 				B27CCDD0229E205B00CAD565 /* NSJSONSerialization+MSIDExtensions.m */,
+				23F9FD4422EC08D800DAB65D /* NSKeyedUnarchiver+MSIDExtensions.h */,
+				23F9FD4522EC08D800DAB65D /* NSKeyedUnarchiver+MSIDExtensions.m */,
+				23F9FD4922EC097600DAB65D /* NSKeyedArchiver+MSIDExtensions.h */,
+				23F9FD4A22EC097600DAB65D /* NSKeyedArchiver+MSIDExtensions.m */,
 			);
 			path = util;
 			sourceTree = "<group>";
@@ -3962,6 +3979,7 @@
 				238E19C02086FC38004DF483 /* MSIDHttpResponseSerializer.h in Headers */,
 				238E19C32086FC38004DF483 /* MSIDResponseSerialization.h in Headers */,
 				B28D90A0218FBBA200E230D6 /* MSIDTokenResponseValidator.h in Headers */,
+				23F9FD4B22EC097600DAB65D /* NSKeyedArchiver+MSIDExtensions.h in Headers */,
 				B2C7B3B3213C681F009FFCC1 /* MSIDErrorConverter.h in Headers */,
 				2338ECD6208A7B3200809B9E /* MSIDTestContext.h in Headers */,
 				B2C7B3B7213C6839009FFCC1 /* MSIDErrorConverting.h in Headers */,
@@ -3979,6 +3997,7 @@
 				05566D102204BB8A002DBA40 /* MSIDMacKeychainTokenCache.h in Headers */,
 				B210F4311FDDE7EB005A8F76 /* MSIDTokenResponse.h in Headers */,
 				B2B1D57220425DFD00DD81F0 /* MSIDAccountCacheItem.h in Headers */,
+				B2DFA570231E064D006F9EF8 /* MSIDKeychainTokenCache+Internal.h in Headers */,
 				1E33F4A021711C1100919E9C /* MSIDAppMetadataCacheItem.h in Headers */,
 				B2C708B3219A620B00D917B8 /* MSIDBrokerKeyProvider.h in Headers */,
 				23B39ABC209BD47D000AA905 /* MSIDB2CAuthorityResolver.h in Headers */,
@@ -3992,6 +4011,7 @@
 				B2EF143A1FF2F225005DC1C0 /* MSIDAADV2TokenResponse.h in Headers */,
 				9641B5011FCF3E2700AFA0EC /* MSIDTokenCacheDataSource.h in Headers */,
 				233E96F122652B8B007FCE2A /* MSIDDefaultDispatcher+Internal.h in Headers */,
+				23F9FD4622EC08D800DAB65D /* NSKeyedUnarchiver+MSIDExtensions.h in Headers */,
 				B227035E22A367A000030ADC /* MSIDMaskedHashableLogParameter.h in Headers */,
 				235480D420DDF88200246F72 /* MSIDAADAuthority.h in Headers */,
 				238E19CC2086FC87004DF483 /* MSIDRequestSerialization.h in Headers */,
@@ -4036,6 +4056,7 @@
 				96090D9820E59B2000E42B37 /* MSIDNotifications.h in Headers */,
 				96F94A3320817C1A0034676C /* MSIDNTLMHandler.h in Headers */,
 				B297E1E620A12BDE00F370EC /* MSIDDefaultAccountCacheKey.h in Headers */,
+				B2DFA56F231E0649006F9EF8 /* MSIDKeychainTokenCache.h in Headers */,
 				B2C7088D2198E48E00D917B8 /* NSData+AES.h in Headers */,
 				B251CC3B2041058D005E0179 /* MSIDRefreshToken.h in Headers */,
 				B28BDA84217E9676003E5670 /* MSIDB2CIdTokenClaims.h in Headers */,
@@ -4708,6 +4729,7 @@
 				2338ECCC208A675D00809B9E /* MSIDAADRequestErrorHandler.m in Sources */,
 				96F94A2A20816B870034676C /* MSIDWebAADAuthResponse.m in Sources */,
 				B28D90AC218FD1F800E230D6 /* MSIDDefaultTokenResponseValidator.m in Sources */,
+				23F9FD4D22EC097600DAB65D /* NSKeyedArchiver+MSIDExtensions.m in Sources */,
 				B2C7089421991CED00D917B8 /* MSIDAADV1BrokerResponse.m in Sources */,
 				B2AF1D3A218BCF140080C1A0 /* MSIDRequestControllerFactory.m in Sources */,
 				B28BDAC1221F7F230055FFE6 /* MSIDCBAWebAADAuthResponse.m in Sources */,
@@ -4762,6 +4784,7 @@
 				B297E1E320A1272600F370EC /* MSIDLegacyTokenCacheQuery.m in Sources */,
 				B2C7B3B5213C681F009FFCC1 /* MSIDErrorConverter.m in Sources */,
 				B20657B11FC91FD100412B7D /* MSIDTelemetryEventStrings.m in Sources */,
+				B2DFA56E231E0642006F9EF8 /* MSIDKeychainTokenCache.m in Sources */,
 				B2C708A7219A593C00D917B8 /* MSIDLegacyTokenRequestProvider.m in Sources */,
 				B2675684228BAD23000F01D7 /* NSURL+MSIDAADUtils.m in Sources */,
 				1E33F4A121711C1400919E9C /* MSIDAppMetadataCacheItem.m in Sources */,
@@ -4854,6 +4877,7 @@
 				B28BDA86217E9676003E5670 /* MSIDB2CIdTokenClaims.m in Sources */,
 				B2B1D57A204369D600DD81F0 /* MSIDAccountType.m in Sources */,
 				B210F4571FDDFA7B005A8F76 /* MSIDBrokerResponse.m in Sources */,
+				23F9FD4822EC08D800DAB65D /* NSKeyedUnarchiver+MSIDExtensions.m in Sources */,
 				23B39AC8209BF9F2000AA905 /* MSIDOpenIdConfigurationInfoRequest.m in Sources */,
 				23D7447A2097B2DA00210C51 /* MSIDAADV1AuthorizationCodeRequest.m in Sources */,
 				23642AB8218805B000F97009 /* MSIDIntuneMAMResourcesCache.m in Sources */,
@@ -5128,6 +5152,7 @@
 				B2C7086E2198C41300D917B8 /* MSIDDefaultBrokerResponseHandler.m in Sources */,
 				239DF9AE20DED6F7002D428B /* MSIDConstants.m in Sources */,
 				233E96F722652D3A007FCE2A /* MSIDAggregatedDispatcher.m in Sources */,
+				23F9FD4C22EC097600DAB65D /* NSKeyedArchiver+MSIDExtensions.m in Sources */,
 				B20657AA1FC91ECC00412B7D /* MSIDTelemetry.m in Sources */,
 				B2C708892198DE3900D917B8 /* MSIDBrokerCryptoProvider.m in Sources */,
 				B25A35701FC4D70300C7FD43 /* MSIDLogger.m in Sources */,
@@ -5275,6 +5300,7 @@
 				B2CDB57E1FE33EC5003A4B5C /* MSIDIdTokenClaims.m in Sources */,
 				B2000C7920EC47860092790A /* NSData+JWT.m in Sources */,
 				B27CCDD2229E205C00CAD565 /* NSJSONSerialization+MSIDExtensions.m in Sources */,
+				23F9FD4722EC08D800DAB65D /* NSKeyedUnarchiver+MSIDExtensions.m in Sources */,
 				B2C708A6219A593C00D917B8 /* MSIDLegacyTokenRequestProvider.m in Sources */,
 				B2C708AB219A5A3D00D917B8 /* MSIDLegacySilentTokenRequest.m in Sources */,
 				96F21B3220A65896002B87C3 /* MSIDWebviewAuthorization.m in Sources */,

…he/ios/MSIDKeychainTokenCache+Internal.h …/cache/MSIDKeychainTokenCache+Internal.hIdentityCore/src/cache/ios/MSIDKeychainTokenCache+Internal.h renamed to IdentityCore/src/cache/MSIDKeychainTokenCache+Internal.h IdentityCore/src/cache/ios/MSIDKeychainTokenCache+Internal.h renamed to IdentityCore/src/cache/MSIDKeychainTokenCache+Internal.h

@@ -33,6 +33,8 @@
 #import "MSIDExtendedCacheItemSerializing.h"
 #import "MSIDAccountCacheItem.h"
 #import "MSIDAppMetadataCacheItem.h"
+#import "NSKeyedUnarchiver+MSIDExtensions.h"
+#import "NSKeyedArchiver+MSIDExtensions.h"
 
 NSString *const MSIDAdalKeychainGroup = @"com.microsoft.adalcache";
 static NSString *const s_wipeLibraryString = @"Microsoft.ADAL.WipeAll.1";
@@ -139,9 +141,19 @@ - (nullable instancetype)initWithGroup:(nullable NSString *)keychainGroup error:
         return nil;
     }
 
-    self.defaultKeychainQuery = [@{(id)kSecClass : (id)kSecClassGenericPassword,
-                                   (id)kSecAttrAccessGroup : self.keychainGroup} mutableCopy];
+    NSMutableDictionary *defaultKeychainQuery = [@{(id)kSecClass : (id)kSecClassGenericPassword,
+                                                  (id)kSecAttrAccessGroup : self.keychainGroup} mutableCopy];
 
+#ifdef __MAC_OS_X_VERSION_MAX_ALLOWED
+#if __MAC_OS_X_VERSION_MAX_ALLOWED >= 101500
+    if (@available(macOS 10.15, *)) {
+        defaultKeychainQuery[(id)kSecUseDataProtectionKeychain] = @YES;
+    }
+#endif
+#endif
+    
+    self.defaultKeychainQuery = defaultKeychainQuery;
+        
     self.defaultWipeQuery = @{(id)kSecClass : (id)kSecClassGenericPassword,
                               (id)kSecAttrGeneric : [s_wipeLibraryString dataUsingEncoding:NSUTF8StringEncoding],
                               (id)kSecAttrAccessGroup : self.keychainGroup,
@@ -532,7 +544,7 @@ - (BOOL)saveWipeInfoWithContext:(id<MSIDRequestContext>)context
 
     MSID_LOG_WITH_CTX_PII(MSIDLogLevelInfo, context, @"Full wipe info: %@", MSID_PII_LOG_MASKABLE(wipeInfo));
 
-    NSData *wipeData = [NSKeyedArchiver archivedDataWithRootObject:wipeInfo];
+    NSData *wipeData = [NSKeyedArchiver msidArchivedDataWithRootObject:wipeInfo requiringSecureCoding:YES error:nil];
 
     MSID_LOG_WITH_CTX(MSIDLogLevelVerbose, context, @"Trying to update wipe info...");
     MSID_LOG_WITH_CTX_PII(MSIDLogLevelVerbose, context, @"Wipe query: %@", MSID_PII_LOG_MASKABLE(self.defaultWipeQuery));
@@ -588,9 +600,18 @@ - (NSDictionary *)wipeInfo:(id<MSIDRequestContext>)context
         return nil;
     }
 
-    NSDictionary *wipeData = [NSKeyedUnarchiver unarchiveObjectWithData:(__bridge NSData *)(data)];
+    NSError *localError;
+    __auto_type classes = [[NSSet alloc] initWithArray:@[NSDictionary.class, NSString.class, NSDate.class]];
+    NSDictionary *wipeData = [NSKeyedUnarchiver msidUnarchivedObjectOfClasses:classes
+                                                                   fromData:(__bridge NSData *)(data)
+                                                                      error:&localError];
     CFRelease(data);
 
+    if (localError)
+    {
+        MSID_LOG_WITH_CTX_PII(MSIDLogLevelError, context, @"Failed to unarchive wipeData, error: %@", MSID_PII_LOG_MASKABLE(localError));
+    }
+    
     return wipeData;
 }
 

…e/src/cache/ios/MSIDKeychainTokenCache.h …yCore/src/cache/MSIDKeychainTokenCache.hIdentityCore/src/cache/ios/MSIDKeychainTokenCache.h renamed to IdentityCore/src/cache/MSIDKeychainTokenCache.h IdentityCore/src/cache/ios/MSIDKeychainTokenCache.h renamed to IdentityCore/src/cache/MSIDKeychainTokenCache.h

@@ -27,6 +27,8 @@
 #import "MSIDCacheItemSerializing.h"
 #import "MSIDAccountCacheItem.h"
 #import "MSIDUserInformation.h"
+#import "NSKeyedArchiver+MSIDExtensions.h"
+#import "NSKeyedUnarchiver+MSIDExtensions.h"
 
 #define CURRENT_WRAPPER_CACHE_VERSION 1.0
 
@@ -90,17 +92,13 @@ - (nullable NSData *)serialize
 
         @try
         {
-            NSMutableData *data = [NSMutableData data];
-
-            NSKeyedArchiver *archiver = [[NSKeyedArchiver alloc] initForWritingWithMutableData:data];
-            // Maintain backward compatibility with ADAL.
-            [archiver setClassName:@"ADTokenCacheKey" forClass:MSIDLegacyTokenCacheKey.class];
-            [archiver setClassName:@"ADTokenCacheStoreItem" forClass:MSIDLegacyTokenCacheItem.class];
-            [archiver setClassName:@"ADUserInformation" forClass:MSIDUserInformation.class];
-            [archiver encodeObject:wrapper forKey:NSKeyedArchiveRootObjectKey];
-            [archiver finishEncoding];
-
-            result = data;
+            result = [NSKeyedArchiver msidEncodeObject:wrapper usingBlock:^(NSKeyedArchiver *archiver)
+            {
+                // Maintain backward compatibility with ADAL.
+                [archiver setClassName:@"ADTokenCacheKey" forClass:MSIDLegacyTokenCacheKey.class];
+                [archiver setClassName:@"ADTokenCacheStoreItem" forClass:MSIDLegacyTokenCacheItem.class];
+                [archiver setClassName:@"ADUserInformation" forClass:MSIDUserInformation.class];
+            }];
         }
         @catch (id exception)
         {
@@ -119,17 +117,20 @@ - (BOOL)deserialize:(nullable NSData*)data
 
     @try
     {
-        NSKeyedUnarchiver *unarchiver = [[NSKeyedUnarchiver alloc] initForReadingWithData:data];
+        NSKeyedUnarchiver *unarchiver = [NSKeyedUnarchiver msidCreateForReadingFromData:data error:error];
+        
         // Maintain backward compatibility with ADAL.
         [unarchiver setClass:MSIDLegacyTokenCacheKey.class forClassName:@"ADTokenCacheKey"];
         [unarchiver setClass:MSIDLegacyTokenCacheItem.class forClassName:@"ADTokenCacheStoreItem"];
         [unarchiver setClass:MSIDUserInformation.class forClassName:@"ADUserInformation"];
-        cache = [unarchiver decodeObjectOfClass:NSDictionary.class forKey:NSKeyedArchiveRootObjectKey];
+        __auto_type allowedClasses = [NSSet setWithObjects:NSDictionary.class, MSIDLegacyTokenCacheKey.class, MSIDLegacyTokenCacheItem.class, MSIDUserInformation.class, nil];
+        cache = [unarchiver decodeObjectOfClasses:allowedClasses forKey:NSKeyedArchiveRootObjectKey];
         [unarchiver finishDecoding];
     }
     @catch (id exception)
     {
-        if (error) {
+        if (error)
+        {
             *error = MSIDCreateError(MSIDErrorDomain, MSIDErrorCacheBadFormat, @"Failed to unarchive data blob from -deserialize!", nil, nil, nil, nil, nil);
         }
     }

…e/src/cache/ios/MSIDKeychainTokenCache.m …yCore/src/cache/MSIDKeychainTokenCache.mIdentityCore/src/cache/ios/MSIDKeychainTokenCache.m renamed to IdentityCore/src/cache/MSIDKeychainTokenCache.m IdentityCore/src/cache/ios/MSIDKeychainTokenCache.m renamed to IdentityCore/src/cache/MSIDKeychainTokenCache.m

@@ -296,6 +296,8 @@ - (BOOL)removeCredetialsWithQuery:(nonnull MSIDDefaultCredentialCacheQuery *)cac
     }
 
     NSArray<MSIDCredentialCacheItem *> *matchedCredentials = [self getCredentialsWithQuery:cacheQuery context:context error:error];
+    
+    if (!matchedCredentials) return NO;
 
     return [self removeAllCredentials:matchedCredentials
                               context:context