Merge pull request #3 from trifork/tkc/improved-testing

Improved testing arcitecture

.azure-pipelines/azure-pipelines.yml

@@ -6,6 +6,7 @@ jobs:
   strategy:
     maxParallel: 10
     matrix:
+      # Previous iOS versions requires previous Xcode verisons, which isn't supported by TIMEncryptedStorage
       ios14:
         IMAGE_NAME: 'macos-10.15'
         XCODE_DEVELOPER_PATH: /Applications/Xcode_12.4.app
@@ -14,5 +15,11 @@ jobs:
   pool:
     vmImage: $(IMAGE_NAME)
   steps:
+  - script: sudo xcode-select -switch $(XCODE_DEVELOPER_PATH)
+    displayName: Select Xcode version
+
+  - script: xcodebuild -version
+    displayName: Xcode version
+
   - script: xcodebuild -scheme TIMEncryptedStorage -sdk iphonesimulator -destination 'platform=iOS Simulator,name=$(IOS_SIMULATORS)' test
     displayName: 'xcodebuild test'

README.md

@@ -1,5 +1,7 @@
 # Trifork Identity Manager Encrypted Storage iOS
 
+![iOS-9.0](https://img.shields.io/static/v1?logo=apple&label=iOS&message=9.0%2B&color=orange&style=for-the-badge)
+
 `TIMEncryptedStorage` is a standalone framework designed for [Trifork Identity Manager](http://identitymanager.trifork.com/) as a encrypted storage handler. .
 
 This framework handles communication with the Trifork Identity Manager KeyService and stores/fetches encrypted/decrypted data from the iOS Keychain. Furthermore, it handles biometric access to data by a long secret from the key service
@@ -14,8 +16,8 @@ Add this repo to your SPM 📦
 
 https://github.com/trifork/TIMEncryptedStorage-iOS
 
-### Setup configuration
-Before using any function from `TIMEncryptedStorage` you have to configure the framework by calling the `configure` method (typically you want to do this on app startup):
+### Initialisation
+`TIMEncryptedStorage` depends on a secure storage and key service instance. The default way of configuring this is as in the example below.
 
 ```swift
 import TIMEncryptedStorage // Required for TIMKeyServiceConfiguration
@@ -24,9 +26,15 @@ let config = TIMKeyServiceConfiguration(
     realmBaseUrl: "<TIM Keyservice URL>",
     version: .v1
 )
-TIMEncryptedStorage.configure(keyServiceConfiguration: config, encryptionMethod: .aesGcm)
+let encryptedStorage = TIMEncryptedStorage(
+    secureStorage: TIMKeychain(),
+    keyService: TIMKeyService(configuration: config),
+    encryptionMethod: .aesGcm
+)
 ```
 
+You might want to implement your own versions of the `SecureStorage` and `TIMKeyServiceProtocol` protocol for testing purposes.
+
 ## Common use cases
 
 The following exampes uses `TIMEncryptedStorage`'s `Combine` interface, which returns `Future` classes. If you are developing an app with a deployment target lower than iOS 13, the same interfaces exists with completion closures instead (those are deprecated from iOS 13 though).
@@ -35,7 +43,7 @@ The following exampes uses `TIMEncryptedStorage`'s `Combine` interface, which re
 ```swift
 // Store data encrypted for the first time with a new secret "1234"
 let myRawData = Data("someData".utf8)
-TIMEncryptedStorage.storeWithNewKey(id: "my-id", data: myRawData, secret: "1234")
+encryptedStorage.storeWithNewKey(id: "my-id", data: myRawData, secret: "1234")
     .sink { (_) in } receiveValue: { (result) in
         print("Key created with id: \(result.keyId)")
         print("Key created with longSecret: \(result.longSecret)")
@@ -48,7 +56,7 @@ TIMEncryptedStorage.storeWithNewKey(id: "my-id", data: myRawData, secret: "1234"
 ### Load and decrypt data
 ```swift
 let keyId = "<keyId from store with newKey>"
-TIMEncryptedStorage.get(id: "my-id", keyId: keyId, secret: "1234")
+encryptedStorage.get(id: "my-id", keyId: keyId, secret: "1234")
     .sink { (_) in } receiveValue: { (data) in
         let string = String(data: data, encoding: .utf8)
         print("Loaded data from \(keyId): \(string)")

Sources/TIMEncryptedStorage/Extensions/TIMKeyModel+Extensions.swift

@@ -6,13 +6,13 @@ extension TIMKeyModel {
 
     /// Encrypts data, using the data in the receiver model
     /// Note that the returned data is a combined set of nonce and encrypted data.
-    func encrypt(data: Data) throws -> Data {
+    func encrypt(data: Data, encryptionMethod: TIMESEncryptionMethod) throws -> Data {
         guard let keyRaw = keyRaw else {
             throw TIMEncryptedStorageError.invalidEncryptionKey
         }
 
         let encrypted: Data
-        switch TIMEncryptedStorage.encryptionMethod {
+        switch encryptionMethod {
         case .aesCbc:
             let iv = IVGenerator.randomIv()
             let encryptedData = try TIMESCryptor.AES.CBC.encrypt(key: keyRaw, data: data, iv: iv)
@@ -21,7 +21,7 @@ extension TIMKeyModel {
             encrypted = combined
         default:
             if #available(iOS 13, *) {
-                if TIMEncryptedStorage.encryptionMethod == .aesGcm {
+                if encryptionMethod == .aesGcm {
                     encrypted = try TIMESCryptor.AES.GCM.encrypt(key: keyRaw, data: data)
                 } else {
                     throw TIMEncryptedStorageError.invalidEncryptionMethod
@@ -36,20 +36,20 @@ extension TIMKeyModel {
 
     /// Decrypts data using the data in the receiver mode.
     /// Note that this method expects a combined set of data, with nonce and encrypted data.
-    func decrypt(data: Data) throws -> Data {
+    func decrypt(data: Data, encryptionMethod: TIMESEncryptionMethod) throws -> Data {
         guard let keyRaw = keyRaw else {
             throw TIMEncryptedStorageError.invalidEncryptionKey
         }
 
         let decrypted: Data
-        switch TIMEncryptedStorage.encryptionMethod {
+        switch encryptionMethod {
         case .aesCbc:
             let iv = data.prefix(IVGenerator.ivSize)
             let encryptedData = data.suffix(from: IVGenerator.ivSize)
             decrypted = try TIMESCryptor.AES.CBC.decrypt(key: keyRaw, data: encryptedData, iv: iv)
         default:
             if #available(iOS 13, *) {
-                if TIMEncryptedStorage.encryptionMethod == .aesGcm {
+                if encryptionMethod == .aesGcm {
                     decrypted = try TIMESCryptor.AES.GCM.decrypt(key: keyRaw, data: data)
                 } else {
                     throw TIMEncryptedStorageError.invalidEncryptionMethod