From 2f46c11edf2806b31bd51f88218b767638723833 Mon Sep 17 00:00:00 2001
From: Udoy Soumik <salman.soumik@augmedix.com>
Date: Wed, 9 Mar 2022 21:34:56 +0600
Subject: [PATCH 1/6] # Added SecAccessControlFlag support.

---
 KeychainSwift.xcodeproj/project.pbxproj      | 16 ++++-
 Sources/KeychainSwift.swift                  | 26 +++++---
 Sources/KeychainSwiftAccessControlFlag.swift | 70 ++++++++++++++++++++
 3 files changed, 100 insertions(+), 12 deletions(-)
 create mode 100644 Sources/KeychainSwiftAccessControlFlag.swift

diff --git a/KeychainSwift.xcodeproj/project.pbxproj b/KeychainSwift.xcodeproj/project.pbxproj
index 6119eeb..ce8e742 100644
--- a/KeychainSwift.xcodeproj/project.pbxproj
+++ b/KeychainSwift.xcodeproj/project.pbxproj
@@ -27,6 +27,11 @@
 		508566A81FA34EB1004208ED /* macOS_Tests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 508566991FA34EB1004208ED /* macOS_Tests.swift */; };
 		508566A91FA34EB1004208ED /* SynchronizableTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5085669A1FA34EB1004208ED /* SynchronizableTests.swift */; };
 		508566AA1FA34EB1004208ED /* SynchronizableTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5085669A1FA34EB1004208ED /* SynchronizableTests.swift */; };
+		667F3ACD27D8F89500E0BBF1 /* KeychainSwiftAccessControlFlag.swift in Sources */ = {isa = PBXBuildFile; fileRef = 667F3ACC27D8F89500E0BBF1 /* KeychainSwiftAccessControlFlag.swift */; };
+		667F3ACE27D8F89500E0BBF1 /* KeychainSwiftAccessControlFlag.swift in Sources */ = {isa = PBXBuildFile; fileRef = 667F3ACC27D8F89500E0BBF1 /* KeychainSwiftAccessControlFlag.swift */; };
+		667F3ACF27D8F8A300E0BBF1 /* KeychainSwiftAccessControlFlag.swift in Sources */ = {isa = PBXBuildFile; fileRef = 667F3ACC27D8F89500E0BBF1 /* KeychainSwiftAccessControlFlag.swift */; };
+		667F3AD027D8F8A400E0BBF1 /* KeychainSwiftAccessControlFlag.swift in Sources */ = {isa = PBXBuildFile; fileRef = 667F3ACC27D8F89500E0BBF1 /* KeychainSwiftAccessControlFlag.swift */; };
+		667F3AD127D8F8A500E0BBF1 /* KeychainSwiftAccessControlFlag.swift in Sources */ = {isa = PBXBuildFile; fileRef = 667F3ACC27D8F89500E0BBF1 /* KeychainSwiftAccessControlFlag.swift */; };
 		7E3A6B7E1D3F6779007C5B1F /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7E3A6B7D1D3F6779007C5B1F /* AppDelegate.swift */; };
 		7E3A6B801D3F6779007C5B1F /* ViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7E3A6B7F1D3F6779007C5B1F /* ViewController.swift */; };
 		7E3A6B821D3F6779007C5B1F /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 7E3A6B811D3F6779007C5B1F /* Assets.xcassets */; };
@@ -130,6 +135,7 @@
 		508566981FA34EB1004208ED /* Info.plist */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
 		508566991FA34EB1004208ED /* macOS_Tests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = macOS_Tests.swift; sourceTree = "<group>"; };
 		5085669A1FA34EB1004208ED /* SynchronizableTests.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = SynchronizableTests.swift; sourceTree = "<group>"; };
+		667F3ACC27D8F89500E0BBF1 /* KeychainSwiftAccessControlFlag.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = KeychainSwiftAccessControlFlag.swift; sourceTree = "<group>"; };
 		7E3A6B601D3F62C2007C5B1F /* macOS Tests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = "macOS Tests.xctest"; sourceTree = BUILT_PRODUCTS_DIR; };
 		7E3A6B7B1D3F6779007C5B1F /* macOS Demo.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = "macOS Demo.app"; sourceTree = BUILT_PRODUCTS_DIR; };
 		7E3A6B7D1D3F6779007C5B1F /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = "<group>"; };
@@ -299,6 +305,7 @@
 				7ED6C98F1B1C128100FE8090 /* TegKeychainConstants.swift */,
 				7ED6C9711B1C118F00FE8090 /* KeychainSwift.h */,
 				7ED6C96F1B1C118F00FE8090 /* Supporting Files */,
+				667F3ACC27D8F89500E0BBF1 /* KeychainSwiftAccessControlFlag.swift */,
 			);
 			path = Sources;
 			sourceTree = "<group>";
@@ -717,6 +724,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				232B4C821BC2995D001F2B7A /* KeychainSwift.swift in Sources */,
+				667F3ACE27D8F89500E0BBF1 /* KeychainSwiftAccessControlFlag.swift in Sources */,
 				232B4C831BC2995D001F2B7A /* KeychainSwiftAccessOptions.swift in Sources */,
 				232B4C841BC2995D001F2B7A /* TegKeychainConstants.swift in Sources */,
 			);
@@ -727,6 +735,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				232B4C921BC29991001F2B7A /* KeychainSwift.swift in Sources */,
+				667F3ACF27D8F8A300E0BBF1 /* KeychainSwiftAccessControlFlag.swift in Sources */,
 				232B4C931BC29991001F2B7A /* KeychainSwiftAccessOptions.swift in Sources */,
 				232B4C941BC29991001F2B7A /* TegKeychainConstants.swift in Sources */,
 			);
@@ -737,6 +746,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				23E785681BDA415000B7564A /* KeychainSwift.swift in Sources */,
+				667F3AD027D8F8A400E0BBF1 /* KeychainSwiftAccessControlFlag.swift in Sources */,
 				23E785691BDA415000B7564A /* KeychainSwiftAccessOptions.swift in Sources */,
 				23E7856A1BDA415000B7564A /* TegKeychainConstants.swift in Sources */,
 			);
@@ -769,6 +779,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				7ED6C9911B1C128100FE8090 /* KeychainSwiftAccessOptions.swift in Sources */,
+				667F3ACD27D8F89500E0BBF1 /* KeychainSwiftAccessControlFlag.swift in Sources */,
 				7ED6C9901B1C128100FE8090 /* KeychainSwift.swift in Sources */,
 				7ED6C9921B1C128100FE8090 /* TegKeychainConstants.swift in Sources */,
 			);
@@ -783,6 +794,7 @@
 				7ED6C9971B1C12B300FE8090 /* KeychainSwiftAccessOptions.swift in Sources */,
 				C7E1DE4C1E4B7C9F003818F6 /* ConcurrencyTests.swift in Sources */,
 				7ED6C9961B1C12B100FE8090 /* KeychainSwift.swift in Sources */,
+				667F3AD127D8F8A500E0BBF1 /* KeychainSwiftAccessControlFlag.swift in Sources */,
 				508566A91FA34EB1004208ED /* SynchronizableTests.swift in Sources */,
 				5085669B1FA34EB1004208ED /* AccessGroupTests.swift in Sources */,
 				7ED6C9981B1C12B500FE8090 /* TegKeychainConstants.swift in Sources */,
@@ -1161,7 +1173,7 @@
 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				IPHONEOS_DEPLOYMENT_TARGET = 9.0;
+				IPHONEOS_DEPLOYMENT_TARGET = 11.3;
 				MTL_ENABLE_DEBUG_INFO = YES;
 				ONLY_ACTIVE_ARCH = YES;
 				SDKROOT = iphoneos;
@@ -1216,7 +1228,7 @@
 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				IPHONEOS_DEPLOYMENT_TARGET = 9.0;
+				IPHONEOS_DEPLOYMENT_TARGET = 11.3;
 				MTL_ENABLE_DEBUG_INFO = NO;
 				SDKROOT = iphoneos;
 				SWIFT_OPTIMIZATION_LEVEL = "-Owholemodule";
diff --git a/Sources/KeychainSwift.swift b/Sources/KeychainSwift.swift
index 55bed1f..7fd7c00 100644
--- a/Sources/KeychainSwift.swift
+++ b/Sources/KeychainSwift.swift
@@ -52,19 +52,20 @@ open class KeychainSwift {
   
   Stores the text value in the keychain item under the given key.
   
-  - parameter key: Key under which the text value is stored in the keychain.
-  - parameter value: Text string to be written to the keychain.
-  - parameter withAccess: Value that indicates when your app needs access to the text in the keychain item. By default the .AccessibleWhenUnlocked option is used that permits the data to be accessed only while the device is unlocked by the user.
+- parameter key: Key under which the text value is stored in the keychain.
+- parameter value: Text string to be written to the keychain.
+- parameter withAccess: Value that indicates when your app needs access to the text in the keychain item. By default the .AccessibleWhenUnlocked option is used that permits the data to be accessed only while the device is unlocked by the user.
+- parameter withControlFlag: Value that indicates when your value in keychain can be read and written.
    
    - returns: True if the text was successfully written to the keychain.
 
   */
   @discardableResult
   open func set(_ value: String, forKey key: String,
-                  withAccess access: KeychainSwiftAccessOptions? = nil) -> Bool {
+                withAccess access: KeychainSwiftAccessOptions? = nil, withControlFlag controlFlag: KeychainSwiftAccessControlFlag? = nil) -> Bool {
     
     if let value = value.data(using: String.Encoding.utf8) {
-      return set(value, forKey: key, withAccess: access)
+      return set(value, forKey: key, withAccess: access, withControlFlag: controlFlag)
     }
     
     return false
@@ -74,16 +75,17 @@ open class KeychainSwift {
   
   Stores the data in the keychain item under the given key.
   
-  - parameter key: Key under which the data is stored in the keychain.
-  - parameter value: Data to be written to the keychain.
-  - parameter withAccess: Value that indicates when your app needs access to the text in the keychain item. By default the .AccessibleWhenUnlocked option is used that permits the data to be accessed only while the device is unlocked by the user.
+- parameter key: Key under which the data is stored in the keychain.
+- parameter value: Data to be written to the keychain.
+- parameter withAccess: Value that indicates when your app needs access to the text in the keychain item. By default the .AccessibleWhenUnlocked option is used that permits the data to be accessed only while the device is unlocked by the user.
+- parameter withControlFlag: Value that indicates when your value in keychain can be read and written.
   
   - returns: True if the text was successfully written to the keychain.
   
   */
   @discardableResult
   open func set(_ value: Data, forKey key: String,
-    withAccess access: KeychainSwiftAccessOptions? = nil) -> Bool {
+                withAccess access: KeychainSwiftAccessOptions? = nil, withControlFlag controlFlag: KeychainSwiftAccessControlFlag? = nil) -> Bool {
     
     // The lock prevents the code to be run simultaneously
     // from multiple threads which may result in crashing
@@ -95,12 +97,16 @@ open class KeychainSwift {
     let accessible = access?.value ?? KeychainSwiftAccessOptions.defaultOption.value
       
     let prefixedKey = keyWithPrefix(key)
+    var accessWithFlag:Any = access as Any
+    if let control = controlFlag{
+        accessWithFlag = SecAccessControlCreateWithFlags(nil, accessible as CFString, control.value, nil) as Any
+    }
       
     var query: [String : Any] = [
       KeychainSwiftConstants.klass       : kSecClassGenericPassword,
       KeychainSwiftConstants.attrAccount : prefixedKey,
       KeychainSwiftConstants.valueData   : value,
-      KeychainSwiftConstants.accessible  : accessible
+      KeychainSwiftConstants.accessible  : accessWithFlag
     ]
       
     query = addAccessGroupWhenPresent(query)
diff --git a/Sources/KeychainSwiftAccessControlFlag.swift b/Sources/KeychainSwiftAccessControlFlag.swift
new file mode 100644
index 0000000..b1eb4d3
--- /dev/null
+++ b/Sources/KeychainSwiftAccessControlFlag.swift
@@ -0,0 +1,70 @@
+//
+//  KeychainSwiftAccessControlFlag.swift
+//  KeychainSwift
+//
+//  Created by Salman Soumik on 3/9/22.
+//  Copyright © 2022 Evgenii Neumerzhitckii. All rights reserved.
+//
+
+import Security
+
+/**
+
+These flags are used to determine when a keychain item should be readable. The default value is userPresence.
+
+*/
+public enum KeychainSwiftAccessControlFlag {
+  
+  /**
+  
+   Constraint: Touch ID (any finger) or Face ID. Touch ID or Face ID must be available. With Touch ID
+   at least one finger must be enrolled. With Face ID user has to be enrolled. Item is still accessible by Touch ID even
+   if fingers are added or removed. Item is still accessible by Face ID if user is re-enrolled.
+  
+  */
+  case biometryAny
+  
+  /**
+  
+   Constraint: Touch ID from the set of currently enrolled fingers. Touch ID must be available and at least one finger must
+   be enrolled. When fingers are added or removed, the item is invalidated. When Face ID is re-enrolled this item is invalidated.
+  
+  */
+  case biometryCurrentSet
+  
+  /**
+   User presence policy using biometry or Passcode. Biometry does not have to be available or enrolled. Item is still
+   accessible by Touch ID even if fingers are added or removed. Item is still accessible by Face ID if user is re-enrolled.
+  
+  */
+  case userPresence
+  
+  /**
+  
+   Constraint: Device passcode
+  
+  */
+  case devicePasscode
+
+
+  
+  static var defaultOption: KeychainSwiftAccessControlFlag {
+    return .userPresence
+  }
+  
+  var value: SecAccessControlCreateFlags {
+    switch self {
+    case .biometryAny:
+        return .biometryAny
+      
+    case .biometryCurrentSet:
+        return .biometryCurrentSet
+      
+    case .userPresence:
+        return .userPresence
+      
+    case .devicePasscode:
+        return .devicePasscode
+    }
+  }
+}

From 6c61c7c7274dc17e5306c6f1107fa1883a2576c3 Mon Sep 17 00:00:00 2001
From: Udoy Soumik <salman.soumik@augmedix.com>
Date: Wed, 9 Mar 2022 21:54:28 +0600
Subject: [PATCH 2/6] Add unit test for SecAccessFlag

---
 Tests/KeychainSwiftTests/KeychainSwiftTests.swift | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Tests/KeychainSwiftTests/KeychainSwiftTests.swift b/Tests/KeychainSwiftTests/KeychainSwiftTests.swift
index 3cea865..e524a23 100644
--- a/Tests/KeychainSwiftTests/KeychainSwiftTests.swift
+++ b/Tests/KeychainSwiftTests/KeychainSwiftTests.swift
@@ -33,6 +33,13 @@ class KeychainSwiftTests: XCTestCase {
     let accessValue = obj.lastQueryParameters?[KeychainSwiftConstants.accessible] as? String
     XCTAssertEqual(KeychainSwiftAccessOptions.accessibleAfterFirstUnlock.value, accessValue!)
   }
+    
+  func testSetWithAccessControlFlag() {
+    obj.set("hello :)", forKey: "key 1", withAccess: .accessibleAfterFirstUnlock, withControlFlag: .userPresence)
+      let accessValue = (obj.lastQueryParameters?[KeychainSwiftConstants.accessible]) as! SecAccessControl
+      let checkAccessValue = SecAccessControlCreateWithFlags(nil, (KeychainSwiftAccessOptions.accessibleAfterFirstUnlock.value) as CFString, .userPresence, nil)!
+      XCTAssertEqual(checkAccessValue, accessValue)
+  }
   
   // MARK: - Set data
   // -----------------------

From 51653f2b169ebf7f37e3cf4fb020ea2fc49c2f10 Mon Sep 17 00:00:00 2001
From: Udoy Soumik <salman.soumik@augmedix.com>
Date: Wed, 9 Mar 2022 22:04:57 +0600
Subject: [PATCH 3/6] Version minimum updated

---
 KeychainSwift.xcodeproj/project.pbxproj | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/KeychainSwift.xcodeproj/project.pbxproj b/KeychainSwift.xcodeproj/project.pbxproj
index ce8e742..e6fceb3 100644
--- a/KeychainSwift.xcodeproj/project.pbxproj
+++ b/KeychainSwift.xcodeproj/project.pbxproj
@@ -1173,7 +1173,7 @@
 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				IPHONEOS_DEPLOYMENT_TARGET = 11.3;
+				IPHONEOS_DEPLOYMENT_TARGET = 12.0;
 				MTL_ENABLE_DEBUG_INFO = YES;
 				ONLY_ACTIVE_ARCH = YES;
 				SDKROOT = iphoneos;
@@ -1228,7 +1228,7 @@
 				GCC_WARN_UNINITIALIZED_AUTOS = YES_AGGRESSIVE;
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
-				IPHONEOS_DEPLOYMENT_TARGET = 11.3;
+				IPHONEOS_DEPLOYMENT_TARGET = 12.0;
 				MTL_ENABLE_DEBUG_INFO = NO;
 				SDKROOT = iphoneos;
 				SWIFT_OPTIMIZATION_LEVEL = "-Owholemodule";

From de0908a21886b6508e7417ecb6bcf12e6de801cc Mon Sep 17 00:00:00 2001
From: Udoy Soumik <salman.soumik@augmedix.com>
Date: Wed, 9 Mar 2022 22:28:14 +0600
Subject: [PATCH 4/6] # Add sec access control flag for bool

---
 Sources/KeychainSwift.swift | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Sources/KeychainSwift.swift b/Sources/KeychainSwift.swift
index 7fd7c00..5f1b874 100644
--- a/Sources/KeychainSwift.swift
+++ b/Sources/KeychainSwift.swift
@@ -131,12 +131,12 @@ open class KeychainSwift {
   */
   @discardableResult
   open func set(_ value: Bool, forKey key: String,
-    withAccess access: KeychainSwiftAccessOptions? = nil) -> Bool {
+    withAccess access: KeychainSwiftAccessOptions? = nil, withControlFlag controlFlag: KeychainSwiftAccessControlFlag? = nil) -> Bool {
   
     let bytes: [UInt8] = value ? [1] : [0]
     let data = Data(bytes)
 
-    return set(data, forKey: key, withAccess: access)
+    return set(data, forKey: key, withAccess: access,withControlFlag: controlFlag)
   }
 
   /**

From 3d2dcda4c007075037c453cb3838f35fd5524db3 Mon Sep 17 00:00:00 2001
From: Udoy Soumik <salman.soumik@augmedix.com>
Date: Thu, 10 Mar 2022 13:30:57 +0600
Subject: [PATCH 5/6] # Replace access with it's string value

---
 Sources/KeychainSwift.swift | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Sources/KeychainSwift.swift b/Sources/KeychainSwift.swift
index 5f1b874..8f49b44 100644
--- a/Sources/KeychainSwift.swift
+++ b/Sources/KeychainSwift.swift
@@ -97,7 +97,7 @@ open class KeychainSwift {
     let accessible = access?.value ?? KeychainSwiftAccessOptions.defaultOption.value
       
     let prefixedKey = keyWithPrefix(key)
-    var accessWithFlag:Any = access as Any
+    var accessWithFlag:Any = accessible as Any
     if let control = controlFlag{
         accessWithFlag = SecAccessControlCreateWithFlags(nil, accessible as CFString, control.value, nil) as Any
     }

From a471327a3fb00f51a48fef8469827a4f59eed610 Mon Sep 17 00:00:00 2001
From: Udoy Soumik <salman.soumik@augmedix.com>
Date: Thu, 10 Mar 2022 14:15:19 +0600
Subject: [PATCH 6/6] # change flag from accessible to control for control
 flags

---
 Sources/KeychainSwift.swift        | 23 +++++++++++++++++------
 Sources/TegKeychainConstants.swift |  2 ++
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/Sources/KeychainSwift.swift b/Sources/KeychainSwift.swift
index 8f49b44..3e163da 100644
--- a/Sources/KeychainSwift.swift
+++ b/Sources/KeychainSwift.swift
@@ -98,16 +98,27 @@ open class KeychainSwift {
       
     let prefixedKey = keyWithPrefix(key)
     var accessWithFlag:Any = accessible as Any
+    
+    var query: [String : Any]
+      
     if let control = controlFlag{
         accessWithFlag = SecAccessControlCreateWithFlags(nil, accessible as CFString, control.value, nil) as Any
+        query = [
+        KeychainSwiftConstants.klass       : kSecClassGenericPassword,
+        KeychainSwiftConstants.attrAccount : prefixedKey,
+        KeychainSwiftConstants.valueData   : value,
+        KeychainSwiftConstants.accessControl  : accessWithFlag
+        ]
+    }else{
+        query = [
+        KeychainSwiftConstants.klass       : kSecClassGenericPassword,
+        KeychainSwiftConstants.attrAccount : prefixedKey,
+        KeychainSwiftConstants.valueData   : value,
+        KeychainSwiftConstants.accessible  : accessible
+        ]
     }
+    
       
-    var query: [String : Any] = [
-      KeychainSwiftConstants.klass       : kSecClassGenericPassword,
-      KeychainSwiftConstants.attrAccount : prefixedKey,
-      KeychainSwiftConstants.valueData   : value,
-      KeychainSwiftConstants.accessible  : accessWithFlag
-    ]
       
     query = addAccessGroupWhenPresent(query)
     query = addSynchronizableIfRequired(query, addingItems: true)
diff --git a/Sources/TegKeychainConstants.swift b/Sources/TegKeychainConstants.swift
index 0ac13df..8c7c362 100644
--- a/Sources/TegKeychainConstants.swift
+++ b/Sources/TegKeychainConstants.swift
@@ -12,6 +12,8 @@ public struct KeychainSwiftConstants {
    
    */
   public static var accessible: String { return toString(kSecAttrAccessible) }
+    
+  public static var accessControl: String { return toString(kSecAttrAccessControl) }
   
   /// Used for specifying a String key when setting/getting a Keychain value.
   public static var attrAccount: String { return toString(kSecAttrAccount) }