EMPasswordManager

Objective-C

@protocol EMPasswordManager <NSObject>

Swift

protocol EMPasswordManager : NSObjectProtocol

In the Mobile Protector SDK, some sensitive functionalities are represented by the EMPasswordDomain. Each element of the enum EMPasswordDomainType represents a specific set of functionalities. Before these functionalities can be used, they must first be unlocked.

The Password Manager is a high level interface that allows to set a single password to manage all the EMPasswordDomain at the same time.

Using User-defined Password

  1. Set a password. The first step when using the EMPasswordManager is to set a password. The password should be provided by an outside source (the application user, through a secured communication channel with a server, etc.).

         // Assumptions
         // get PasswordManager from EMEzioMobileContext and assign it to 'passwordManager'
         // then...
         BOOL isSetResult = [passwordManager isPasswordSet:&error];
         if (!isSetResult) {
             // manage error here
         }else{
             // get password and store it in 'userProvidedPassword' string or data.
             // get EMSecureDataFactory from EzioMobileContext and assign it to 'secureDataFactory'
             EMSecureString password = [secureDataFactory secureStringWithString:userProvidedPassword];
             BOOL result = [passwordManager setPassword:&error];
             if (!result) {
                 // manage error here
             }
         }
    

  2. Login. Next, you simply need to login using -loginWithPassword:error: or its asynchronous equivalent -loginWithPassword:completionHandler: to unlock all functionalities represented by the EMPasswordDomain. The EMPasswordManager will remain logged in until -logout: is called.

No Password

  1. If you wish to use the functionalities represented by the EMPasswordDomain without the use of a password, use -login: or its asynchronous equivalent –loginWithCompletionHandler: to login without using a password. As long as no password was set, you can call -login: without needing to provide a password.
  • Usage of the SDK without setting a proper password is strongly discouraged as it introduces a serious security weakness in your application. Note that as long as the -login:, -loginWithPassword:completionHandler:, -removePassword:error: or -removePassword:completionHandler: methods are never used, no security weakness will be introduced even if the password is not yet set.
  • Password domains are protected with passwords and reside in the Documents directory of an your application container. Be very careful when managing local files as this will have severe impact on the SDK’s operations such as when those files generated by the SDK are accidentally deleted using NSFileManager.
  • Tasks can take considerable amount of time and may potentially block the UI if executed on the main thread.

See

EMEzioMobileContext, EMPasswordDomain

Since

3.0

  • Sets the global password.

    It actually creates the password for password ID which was initially created without the password.

    Since

    3.0

    Declaration

    Objective-C

    - (BOOL)setPassword:(id<EMSecureString>)aPassword error:(NSError **)anError;

    Swift

    func setPassword(_ aPassword: (any EMSecureString)!) throws

    Parameters

    aPassword

    The global password value to set.

    anError

    If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

    Return Value

    YES if password was set, NO otherwise.

  • Checks if the global password is set.

    Since

    3.0

    Declaration

    Objective-C

    - (BOOL)isPasswordSet:(NSError **)anError;

    Parameters

    anError

    If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

    Return Value

    YES if password was created, NO otherwise.

  • Checks if the global password is set.

    Since

    4.7.1

    Declaration

    Objective-C

    - (BOOL)isPasswordSet;

    Swift

    func isPasswordSet() -> Bool

    Return Value

    YES if password was created, NO otherwise.

  • Changes the global password.

    Since

    3.0

    Declaration

    Objective-C

    - (BOOL)changePassword:(id<EMSecureString>)anOldPassword
               newPassword:(id<EMSecureString>)aNewPassword
                     error:(NSError **)anError;

    Swift

    func changePassword(_ anOldPassword: (any EMSecureString)!, newPassword aNewPassword: (any EMSecureString)!) throws

    Parameters

    anOldPassword

    The old password to be verified to grant the password change.

    aNewPassword

    The new password to be applied.

    anError

    If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

    Return Value

    YES if password was changed, NO otherwise.

  • Removes the password. This means that it is now possible to login to the password manager with no password.

    After clearing the password, the resource which was originally protected by password will become accessible w/o any protection.

    Since

    3.0

    Declaration

    Objective-C

    - (BOOL)removePassword:(id<EMSecureString>)anOldPassword
                     error:(NSError **)anError;

    Swift

    func removePassword(_ anOldPassword: (any EMSecureString)!) throws

    Parameters

    anOldPassword

    The old password to be verified to grant the password change.

    anError

    If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

    Return Value

    YES if password was cleared, NO otherwise.

  • Checks if the global password is logged in.

    Since

    3.0

    Declaration

    Objective-C

    - (BOOL)isLoggedIn:(NSError **)anError;

    Parameters

    anError

    If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

    Return Value

    YES if logged in, NO otherwise.

  • Checks if the global password is logged in.

    Since

    4.7.1

    Declaration

    Objective-C

    - (BOOL)isLoggedIn;

    Swift

    func isLoggedIn() -> Bool

    Return Value

    YES if logged in, NO otherwise.

  • Logs in with the global password ID in order to allow the secure accesses related to all password domain(s).

    Since

    3.0

    Declaration

    Objective-C

    - (BOOL)loginWithPassword:(id<EMSecureString>)aPassword
                        error:(NSError **)anError;

    Swift

    func login(withPassword aPassword: (any EMSecureString)!) throws

    Parameters

    aPassword

    The previously set password.

    anError

    If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

    Return Value

    YES if password was entered, NO otherwise.

  • Logs out/wipes the global password.

    No more secured accesses will be granted.

    Since

    3.0

    Declaration

    Objective-C

    - (BOOL)logout:(NSError **)anError;

    Swift

    func logout() throws

    Parameters

    anError

    If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

    Return Value

    YES if the specified password has been logged out, NO otherwise.

  • Lets the password manager clearly know that the entire system should NOT be password protected at all. Synchronous variant.

    If password protection is false, do not call any other from this class.

    Warning

    This method blocks the calling thread for a significant amount of time (up-to one second).

    Since

    3.0

    Declaration

    Objective-C

    - (BOOL)login:(NSError **)anError;

    Swift

    func login() throws

    Parameters

    anError

    If an error occurs, upon return contains an NSError object that describes the problem. If you are not interested in possible errors, you may pass in NULL.

    Return Value

    The result of the operation.