EMPasswordManager Protocol Reference

Conforms to NSObject
Declared in EMPasswordManager.h

Overview

In the Mobile Protector SDK, some sensitive functionalities are represented by the EMPasswordDomain. Each element of the enum EMPasswordDomainType represents a specific set of functionalities. Before these functionalities can be used, they must first be unlocked.

The Password Manager is a high level interface that allows to set a single password to manage all the EMPasswordDomain at the same time.

Using User-defined Password

  1. Set a password. The first step when using the EMPasswordManager is to set a password. The password should be provided by an outside source (the application user, through a secured communication channel with a server, etc.).

     // Assumptions
 // get PasswordManager from EMEzioMobileContext and assign it to 'passwordManager'
 // then...
 BOOL isSetResult = [passwordManager isPasswordSet:&error];
 if (!isSetResult) {
     // manage error here
 }else{
     // get password and store it in 'userProvidedPassword' string or data.
     // get EMSecureDataFactory from EzioMobileContext and assign it to 'secureDataFactory'
     EMSecureString password = [secureDataFactory secureStringWithString:userProvidedPassword];
     BOOL result = [passwordManager setPassword:&error];
     if (!result) {
         // manage error here
     }
 }

  2. Login. Next, you simply need to login using loginWithPassword:error: or its asynchronous equivalent -loginWithPassword:completionHandler: to unlock all functionalities represented by the EMPasswordDomain. The EMPasswordManager will remain logged in until logout: is called.

No Password

  1. If you wish to use the functionalities represented by the EMPasswordDomain without the use of a password, use login: or its asynchronous equivalent –loginWithCompletionHandler: to login without using a password. As long as no password was set, you can call login: without needing to provide a password.

  • Usage of the SDK without setting a proper password is strongly discouraged as it introduces a serious security weakness in your application. Note that as long as the [login:](#//api/name/login:), -loginWithPassword:completionHandler:, [removePassword:error:](#//api/name/removePassword:error:) or -removePassword:completionHandler: methods are never used, no security weakness will be introduced even if the password is not yet set.
  • Password domains are protected with passwords and reside in the `Documents` directory of an your application container. **Be very careful when managing local files as this will have severe impact on the SDK's operations** such as when those files generated by the SDK are accidentally deleted using `NSFileManager`.
  • Tasks can take considerable amount of time and may potentially block the UI if executed on the main thread.

Also see: EMEzioMobileContext, EMPasswordDomain

Setting a password

– setPassword:error: required method

Sets the global password.

- (BOOL)setPassword:(id<EMSecureString>)aPassword error:(NSError **)anError

Parameters

aPassword

The global password value to set.
anError

If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

Return Value

YES if password was set, NO otherwise.

Availability

3.0

Discussion

It actually creates the password for password ID which was initially created without the password.

Declared In

EMPasswordManager.h

– isPasswordSet: required method

Checks if the global password is set.

- (BOOL)isPasswordSet:(NSError **)anError

Parameters

anError

If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

Return Value

YES if password was created, NO otherwise.

Availability

3.0

Declared In

EMPasswordManager.h

– isPasswordSet required method

Checks if the global password is set.

- (BOOL)isPasswordSet

Return Value

YES if password was created, NO otherwise.

Availability

4.7.1

Declared In

EMPasswordManager.h

Changing password

– changePassword:newPassword:error: required method

Changes the global password.

- (BOOL)changePassword:(id<EMSecureString>)anOldPassword newPassword:(id<EMSecureString>)aNewPassword error:(NSError **)anError

Parameters

anOldPassword

The old password to be verified to grant the password change.
aNewPassword

The new password to be applied.
anError

If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

Return Value

YES if password was changed, NO otherwise.

Availability

3.0

Declared In

EMPasswordManager.h

Removing password

– removePassword:error: required method

Removes the password. This means that it is now possible to login to the password manager with no password.

- (BOOL)removePassword:(id<EMSecureString>)anOldPassword error:(NSError **)anError

Parameters

anOldPassword

The old password to be verified to grant the password change.
anError

If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

Return Value

YES if password was cleared, NO otherwise.

Availability

3.0

Discussion

After clearing the password, the resource which was originally protected by password will become accessible w/o any protection.

Declared In

EMPasswordManager.h

Logging in/out

– isLoggedIn: required method

Checks if the global password is logged in.

- (BOOL)isLoggedIn:(NSError **)anError

Parameters

anError

If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

Return Value

YES if logged in, NO otherwise.

Availability

3.0

Declared In

EMPasswordManager.h

– isLoggedIn required method

Checks if the global password is logged in.

- (BOOL)isLoggedIn

Return Value

YES if logged in, NO otherwise.

Availability

4.7.1

Declared In

EMPasswordManager.h

– loginWithPassword:error: required method

Logs in with the global password ID in order to allow the secure accesses related to all password domain(s).

- (BOOL)loginWithPassword:(id<EMSecureString>)aPassword error:(NSError **)anError

Parameters

aPassword

The previously set password.
anError

If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

Return Value

YES if password was entered, NO otherwise.

Availability

3.0

Declared In

EMPasswordManager.h

– logout: required method

Logs out/wipes the global password.

- (BOOL)logout:(NSError **)anError

Parameters

anError

If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

Return Value

YES if the specified password has been logged out, NO otherwise.

Availability

3.0

Discussion

No more secured accesses will be granted.

Declared In

EMPasswordManager.h

– login: required method

Lets the password manager clearly know that the entire system should NOT be password protected at all. Synchronous variant.

- (BOOL)login:(NSError **)anError

Parameters

anError

If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

Return Value

The result of the operation.

Availability

3.0

Discussion

If password protection is false, do not call any other from this class.

Warning: This method blocks the calling thread for a significant amount of time (up-to one second).

Declared In

EMPasswordManager.h

– reset: required method

The reset of the password manager, will delete all files and keychains of password manager, OOB, and SecureStorage. Token data will not be impacted.

- (BOOL)reset:(NSError **)anError

Parameters

anError

If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

Return Value

The result of the operation.

Availability

4.7.1

Discussion

Warning: Dangerous Operation! Calling this method will invalidate SecureStorage and OOB functionality. In the case of OOB, re-registration is required. SecureStorage will also need to be re-created. Token domain (OTP) will not get affected. After calling this method, user must set again the password and perform login.

Declared In

EMPasswordManager.h