Merge pull request #1658 from AzureAD/release/1.19.0

Release/1.19.0

Author: galwarsamy

.gitignore

@@ -70,4 +70,4 @@ fastlane/test_output
 .DS_Store
 
 #VSCode
-.vscode
+.vscode

IdentityCore/IdentityCore.xcodeproj/project.pbxproj

@@ -48,3 +48,22 @@
 
 #define STRING_CASE(_CASE) case _CASE: return @#_CASE
 #define MSID_ENABLE_SSO_EXTENSION (!MSID_EXCLUDE_WEBKIT)
+
+// Check if IdentityCore-Swift.h is available (generated at build time)
+// This macro evaluates to 1 if the Swift bridging header is available, 0 otherwise.
+// Use this macro to conditionally compile code that depends on Swift implementations.
+//
+// Note: JWE decryption functionality relies on Swift implementations. When
+// MSID_IDENTITYCORE_SWIFT_AVAILABLE evaluates to 0, JWE decryption will not
+// be available and operations that require JWE decryption are expected to fail.
+//
+// Example usage:
+//   #if MSID_IDENTITYCORE_SWIFT_AVAILABLE
+//   #import "IdentityCore-Swift.h"
+//   // Use Swift classes here (including JWE decryption functionality)
+//   #endif
+#if __has_include("IdentityCore-Swift.h")
+    #define MSID_IDENTITYCORE_SWIFT_AVAILABLE 1
+#else
+    #define MSID_IDENTITYCORE_SWIFT_AVAILABLE 0
+#endif

IdentityCore/src/IdentityCore_Internal.h

@@ -0,0 +1,37 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.  
+
+
+import Foundation
+import CryptoKit
+
+public class MSIDAesGcmDecryptor: NSObject {
+    
+    @objc public func decryptWithAES256GCMHandler(message ciphertext: Data, iv nonce: Data, key keyData: Data, tag: Data, aad: Data) throws -> Data
+    {
+        let sealedBox = try AES.GCM.SealedBox(nonce: AES.GCM.Nonce(data: nonce), ciphertext: ciphertext, tag: tag)
+        let key = SymmetricKey(data: keyData)
+        return try AES.GCM.open(sealedBox, using: key, authenticating: aad)
+    }
+}

IdentityCore/src/JWEResponse/MSIDAesGcmDecryptor.swift

@@ -0,0 +1,44 @@
+//
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.  
+
+#import <Foundation/Foundation.h>
+#import "MSIDJweResponse.h"
+#import "MSIDRequestContext.h"
+#import "MSIDJWECrypto.h"
+#import "MSIDJsonSerializable.h"
+
+typedef NSString *const MSIDJWECryptoKeyExchangeAlgorithm NS_TYPED_ENUM;
+typedef NSString *const MSIDJWECryptoKeyResponseEncryptionAlgorithm NS_TYPED_ENUM;
+
+extern MSIDJWECryptoKeyExchangeAlgorithm const _Nonnull MSID_KEY_EXCHANGE_ALGORITHM_ECDH_ES;
+extern MSIDJWECryptoKeyResponseEncryptionAlgorithm const _Nonnull MSID_RESPONSE_ENCRYPTION_ALGORITHM_A256GCM;
+
+NS_ASSUME_NONNULL_BEGIN
+@interface MSIDJweResponse (EcdhAesGcm)
+- (BOOL)IsJweResponseAlgorithmSupported:(NSError * _Nullable __autoreleasing * _Nullable)error;
+- (nullable NSDictionary *)decryptJweResponseWithPrivateStk:(SecKeyRef)privateStk
+                                                  jweCrypto:(MSIDJWECrypto *)jweCrypto
+                                                      error:(NSError * _Nullable __autoreleasing * _Nullable)error;
+@end
+NS_ASSUME_NONNULL_END