@@ -56,20 +56,71 @@ final class KeychainClientTestCase: BaseTestCase {
5656 func testKeychainEncryptionKeyItem( ) {
5757 let item : KeychainItem = . init( kind: . encryptionKey, name: " encryptionKey " )
5858
59+ // Helper to create a KeychainItem.Value for a given string
5960 let itemValueForKey : ( String ) -> KeychainItem . Value = { value in
60- . init( data: . init( value. utf8) , account: ENCRYPTEDUSERDEFAULTSKEYNAME, label: nil , generic: nil , accessPolicy: nil )
61+ . init(
62+ data: . init( value. utf8) ,
63+ account: ENCRYPTEDUSERDEFAULTSKEYNAME,
64+ label: nil ,
65+ generic: nil ,
66+ accessPolicy: nil
67+ )
6168 }
69+
70+ // Verify the base query used to fetch the encryption key.
71+ // Expected fields:
72+ // - service ("svce") set to "encryptionKey"
73+ // - class ("genp") for generic password
74+ // - return data and attributes
75+ // - match limit all
76+ // - synchronizable any
77+ // - no authentication UI (skip prompts)
6278 XCTAssertEqual (
6379 item. getQuery as CFDictionary ,
64- [ " svce " : " encryptionKey " , " class " : " genp " , " m_Limit " : " m_LimitAll " , " r_Data " : 1 , " r_Attributes " : 1 , " nleg " : 1 , " sync " : " syna " ] as CFDictionary
80+ [
81+ " svce " : " encryptionKey " ,
82+ " class " : " genp " ,
83+ " m_Limit " : " m_LimitAll " ,
84+ " r_Data " : 1 ,
85+ " r_Attributes " : 1 ,
86+ " nleg " : 1 ,
87+ " sync " : " syna " ,
88+ " u_AuthUI " : " u_AuthUIS " ,
89+ ] as CFDictionary
6590 )
91+
92+ // Verify the update segment for an existing encryption key value.
93+ // Expected fields:
94+ // - account set to ENCRYPTEDUSERDEFAULTSKEYNAME
95+ // - value data stored as bytes
96+ // - pdmn = "ck", meaning kSecAttrAccessibleAfterFirstUnlock
6697 XCTAssertEqual (
6798 item. updateQuerySegment ( for: itemValueForKey ( " value " ) ) as CFDictionary ,
68- [ " acct " : ENCRYPTEDUSERDEFAULTSKEYNAME, " v_Data " : Data ( " value " . utf8) ] as CFDictionary
99+ [
100+ " acct " : ENCRYPTEDUSERDEFAULTSKEYNAME,
101+ " v_Data " : Data ( " value " . utf8) ,
102+ " pdmn " : " ck " ,
103+ ] as CFDictionary
69104 )
105+
106+ // Verify the insert query for a new encryption key value.
107+ // Expected fields:
108+ // - account set to ENCRYPTEDUSERDEFAULTSKEYNAME
109+ // - service set to "encryptionKey"
110+ // - class = generic password
111+ // - value data stored as bytes
112+ // - nleg = 1 (data protection keychain)
113+ // - pdmn = "ck" (AfterFirstUnlock accessibility)
70114 XCTAssertEqual (
71115 item. insertQuery ( value: itemValueForKey ( " new_value " ) ) as CFDictionary ,
72- [ " acct " : ENCRYPTEDUSERDEFAULTSKEYNAME, " svce " : " encryptionKey " , " class " : " genp " , " v_Data " : Data ( " new_value " . utf8) , " nleg " : 1 ] as CFDictionary
116+ [
117+ " acct " : ENCRYPTEDUSERDEFAULTSKEYNAME,
118+ " svce " : " encryptionKey " ,
119+ " class " : " genp " ,
120+ " v_Data " : Data ( " new_value " . utf8) ,
121+ " nleg " : 1 ,
122+ " pdmn " : " ck " , // AfterFirstUnlock
123+ ] as CFDictionary
73124 )
74125 }
75126
0 commit comments