Article|Searching for Keychain Items 文章|搜索钥匙链项目

1 Article|Searching for Keychain Items 文章|搜索钥匙链项目

Find keychain items based on search criteria that you specify.
根据指定的查询条件搜索钥匙链项目

2 Overview 概述

You find keychain items using a query dictionary that tells the keychain services API what item attributes to look for and what to return when a match is found. The query dictionary also lets you specify additional parameters to refine the search. For example, you can control case sensitivity when matching string attributes or limit the number of matches.
我们查询钥匙链项目时,需要使用一个查询字典来告诉钥匙链服务API,查找什么属性的项目,有项目匹配时返回什么数据.查询字典也可以让你使用特定的附加参数来精炼查询.比如,我们在匹配字符串属性时可以控制大小写敏感性或者限制匹配的数量.

As an example of conducting a search, consider the password item stored in Adding a Password to the Keychain. After providing credentials (that your app stores) for a network service, the user works with your app for a while and then eventually moves on to something else. When the user returns, your app may need to reauthenticate with the server in order to continue working. This time the app loads the password from the keychain instead of bothering the user with a login view.
实施查询的例子,考虑在 添加密码到钥匙链 一节中存储的密码.在为一个网络服务提供了用户名密码后(应用已经存储),用户使用当前应用了一段时间,然后突然去做其他事情了.当用户回来时,应用或许需要再次和服务器进行验证来继续工作.这一次,应用应该从钥匙链中获取密码,而不是用一个登录视图再次麻烦用户输入.

2.1 Create a Search Query 创建一个搜索查询

Begin the search by constructing a query dictionary:
在开始搜索之前,需要构建一个查询字典:

let query: [String: Any] = [kSecClass as String: kSecClassInternetPassword,
                            kSecAttrServer as String: server,
                            kSecMatchLimit as String: kSecMatchLimitOne,
                            kSecReturnAttributes as String: true,
                            kSecReturnData as String: true]

This query searches for Internet password items whose server attribute matches the server attribute you previously used when adding the password item. The query also limits the results to a single value (which is actually the default behavior) using the kSecMatchLimit search parameter. You receive only the first match found in the keychain, if any.
这个查询搜索类型为网络密码的项目,并且项目的服务器属性和之前添加密码项目时的相匹配.该查询还用kSecMatchLimit搜索属性限制了结果是一个值(默认也是返回一个值).如果有匹配的项目,返回第一个匹配的项目.

Finally, the query requests from the password item both its attributes and its data. You need both, because the kSecAttrAccount attribute contains the user name and the item’s data holds the password itself.
最后,查询从密码项目中同时请求了它的属性和它的数据.我们需要两者,因为kSecAttrAccount属性包含了用户名,而项目数据保存了密码.

Note注意:
By default, your app can freely retrieve its own keychain items but not those of other apps. However, keychain services does provide mechanisms for broadening or narrowing that accessibility, for example, using the kSecAttrAccessGroup attribute.
默认情况下,你的应用可以自由获取它自己保存的钥匙链项目,但是不能获取其他应用保存的钥匙链项目.然而,钥匙链服务提供了机制来扩大或者缩小访问范围,例如,使用kSecAttrAccessGroup属性.

2.2 Initiate the Search 初始化搜索

After you’ve created the query dictionary, you initiate the search with a call to the SecItemCopyMatching function:
在创建查询字典后,需要用SecItemCopyMatching函数初始化搜索.

var item: CFTypeRef?
let status = SecItemCopyMatching(query as CFDictionary, &item)
guard status != errSecItemNotFound else { throw KeychainError.noPassword }
guard status == errSecSuccess else { throw KeychainError.unhandledError(status: status) }

As you do with many Security framework functions, you first test the returned status value. Among other things, an error might occur if no matching item is found—for example, because you didn’t previously store a password for the given server. If an error occurs, you receive the errSecItemNotFound result, which you may want to treat differently from a general error. In fact, detecting this error is one way to recognize that you’re making your first pass through your app’s login flow, before you’ve stored anything.
处理大多数安全框架函数时,你需要首先检查返回状态的值.除此之外,如果没有匹配的项目搜索到,会触发一个错误,例如,你事先并没有为某个服务器存储密码.如果错误发生时,你会得到一个errSecItemNotFound结果,这个结果你应该和其他错误区别对待.事实上,检测此错误是在存储任何内容之前识别你正在首次通过应用程序的登录的一种方法。

When the search succeeds, the SecItemCopyMatching function provides a result through its item parameter. The type of the returned item depends on the nature of the query, as described in Item Return Result Keys.
如果搜索成功,SecItemCopyMatching函数通过item参数返回一个结果.返回的数据类型取决于查询的性质,如 项目返回结果键 中所述.

2.3 Extract the Result 提取结果

Because in your search you requested multiple return types and allowed only a single result, you should expect the result to be a dictionary. You recover the user name from the attribute value associated with the kSecAttrAccount key. Meanwhile, you use the kSecValueData key to extract the password data, which you then convert to a string:
因为在搜索中,你请求了多个返回类型,并且只允许一个结果,你应该期望结果是字典。可以从kSecAttrAccount键关联的值中恢复用户名。同时,使用kSecValueData键提取密码数据,然后将其转换为字符串:

guard let existingItem = item as? [String : Any],
    let passwordData = existingItem[kSecValueData as String] as? Data,
    let password = String(data: passwordData, encoding: String.Encoding.utf8),
    let account = existingItem[kSecAttrAccount as String] as? String
else {
    throw KeychainError.unexpectedPasswordData
}
let credentials = Credentials(username: account, password: password)

If when conducting the search you instead set the value associated with the kSecMatchLimit key to an integer number greater than 1, the returned item is an array whose entry count is limited to the value you set. Each entry in this array is formatted like the bare dictionary you obtain when limiting the matches to one. If you specify kSecMatchLimitAll for the kSecMatchLimit key, the array size is limited only by the number of matches found in the keychain.
如果在执行搜索时将kSecMatchLimit键相关联的值设置为大于1的整数,则返回的项是一个数组,其元素上限为你设置的值。此数组中的每个条目的格式与将匹配限制为一个时获得的字典类似。如果为kSecMatchLimit键指定kSecMatchLimitAll,则数组大小仅受钥匙链中的匹配数限制。

Note注意
You can’t combine the kSecReturnData and kSecMatchLimitAll options when copying password items, because copying each password item could require additional authentication. Instead, request a reference or persistent reference to the items, then request the data for only the specific passwords that you actually require.
当在复制类型为密码的项目时,不能将kSecReturnData和kSecMatchLimitAll选项组合在一起,因为复制每个密码项可能需要额外的身份验证。取而代之,请求项目的引用或持久引用,然后仅请求实际需要的特定密码的数据。

When you do get an array of results, you may need to iterate through the array for a single item of interest. You might do this by examining some other item attribute, such as the account, the creation date, or a label. On the other hand, if you know about a distinguishing characteristic ahead of time, it’s typically more efficient to narrow your initial keychain search query with the corresponding attributes.
得到一个结果数组时,你可能需要为一个感兴趣的项目遍历该数组。你可以通过检查某些其他项目属性(如帐户、创建日期或标签)来进行筛选。另一方面,如果你提前知道一个用于区别的特征,使用该属性来缩小初始钥匙链搜索查询的范围通常会更有效。

Whether or not you need to handle multiple matches at all depends on how your app uses the keychain. If you allow the user to select among different identities at runtime, you might want to store multiple passwords for a single server and then let the user select among the search results using the stored account as a selection key. Other times, you might decide to filter your search down to a single result without involving the user. If you take this approach, make sure that you don’t create similar items in the keychain—test for and then delete or modify existing items instead. See Updating and Deleting Keychain Items for more details.
是否需要处理多个匹配项目取决于应用程序如何使用钥匙链。如果允许用户在运行时在不同身份之间进行选择,则可能需要为单个服务器存储多个密码,然后让用户使用存储的帐户作为选择键来在搜索结果中进行选择。其他时候,可能会决定将搜索筛选为单个结果,而不涉及用户。如果采用此方法,请确保没有在的钥匙链中创建类似的项目,测试并删除或修改现有项。更多信息,请参考[更新和删除钥匙链项目]。

3 See Also

3.1 Keychain Item Search

  • SecItemCopyMatching函数
    Returns one or more keychain items that match a search query, or copies attributes of specific keychain items.
    返回一个或者多个和搜索查询匹配的钥匙链项目,或者特定钥匙链项目的属性拷贝.

  • Search Attribute Keys and Values 搜索属性的键与值
    Filter a keychain item search.
    限定钥匙链项目的搜索.

  • Item Return Result Keys 项目返回结果键
    Specify how you want returned keychain item data formatted.
    指定返回的钥匙链项目数据格式.

©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 215,539评论 6 497
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 91,911评论 3 391
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 161,337评论 0 351
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 57,723评论 1 290
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 66,795评论 6 388
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 50,762评论 1 294
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,742评论 3 416
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 38,508评论 0 271
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,954评论 1 308
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 37,247评论 2 331
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 39,404评论 1 345
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 35,104评论 5 340
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 40,736评论 3 324
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 31,352评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,557评论 1 268
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 47,371评论 2 368
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 44,292评论 2 352

推荐阅读更多精彩内容