#define FILE_PASSWORD_BYTES_LENGTH 16#pragma mark - Stored files- (NSString

1. #define FILE_PASSWORD_BYTES_LENGTH 16
2.  
3.  
4. #pragma mark - Stored files
5.  
6. - (NSString *)writeDataToEncryptedFile:(NSData *)theData withName:(NSString *)theName forAccount:(NSString*)account {
7.  
8. NSData *readyToStoreData = [self encryptData:theData withPassword:[self getPasswordForAccount:account]];
9.  
10. NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);
11. NSString *documentsDirectory = paths.firstObject;
12. NSString *savedFilePath = [documentsDirectory stringByAppendingPathComponent:theName];
13. NSFileManager *fileManager = [NSFileManager defaultManager];
14.  
15. if([fileManager fileExistsAtPath:savedFilePath]){
16. [fileManager removeItemAtPath:savedFilePath error:nil];
17. }
18. [readyToStoreData writeToFile:savedFilePath options:NSDataWritingFileProtectionComplete error:nil];
19.  
20. //Exclude files from backup in iCloud
21. NSURL *documentsUrl = [[NSURL alloc] initWithString:savedFilePath];
22. NSError *error;
23. if ([documentsUrl setResourceValue:@(YES) forKey:NSURLIsExcludedFromBackupKey error:&error] == NO) {
24. NSLog(@"Error: Unable to exclude directory from backup: %@", error);
25. }
26.  
27. // Enable hardware-level encryption of files
28. NSDictionary* attributes = [NSDictionary dictionaryWithObject:NSFileProtectionComplete
29. forKey:NSFileProtectionKey];
30. [fileManager setAttributes:attributes ofItemAtPath:savedFilePath error:nil];
31.  
32. return savedFilePath;
33. }
34.  
35. - (NSData *)readFileWithPath:(NSString *)fullFileName
36. {
37. NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);
38. NSString *documentsDirectory = paths.firstObject;
39. NSString *savedFilePath = [documentsDirectory stringByAppendingPathComponent:fullFileName];
40. NSData *encryptedData = [NSData dataWithContentsOfFile:savedFilePath];
41.  
42.  
43. #pragma mark - Cached files
44.  
45. - (NSString *)writeDataToEncryptedTemporaryFile:(NSData *)theData withName:(NSString *)theName forAccount:(NSString*)account {
46.  
47. NSData *readyToStoreData = [self encryptData:theData withPassword:[self getPasswordForAccount:account]];
48.  
49. NSArray *paths = NSSearchPathForDirectoriesInDomains(NSCachesDirectory, NSUserDomainMask, YES);
50. NSString *documentsDirectory = paths.firstObject;
51. NSString *savedFilePath = [documentsDirectory stringByAppendingPathComponent:theName];
52. NSFileManager *fileManager = [NSFileManager defaultManager];
53.  
54. if([fileManager fileExistsAtPath:savedFilePath]){
55. [fileManager removeItemAtPath:savedFilePath error:nil];
56. }
57. [readyToStoreData writeToFile:savedFilePath options:NSDataWritingFileProtectionComplete error:nil];
58.  
59. //Exclude files from backup in iCloud
60. NSURL *documentsUrl = [[NSURL alloc] initWithString:savedFilePath];
61. NSError *error;
62. if ([documentsUrl setResourceValue:@(YES) forKey:NSURLIsExcludedFromBackupKey error:&error] == NO) {
63. NSLog(@"Error: Unable to exclude directory from backup: %@", error);
64. }
65.  
66. // Enable hardware-level encryption of files
67. NSDictionary* attributes = [NSDictionary dictionaryWithObject:NSFileProtectionComplete
68. forKey:NSFileProtectionKey];
69. [fileManager setAttributes:attributes ofItemAtPath:savedFilePath error:nil];
70.  
71. return savedFilePath;
72. }
73.  
74. - (NSString *)writeDataToEncryptedTemporaryFile:(NSData *)theData withFileExtension:(NSString *)fileExtension forAccount:(NSString*)account {
75.  
76. NSData *readyToStoreData = [self encryptData:theData withPassword:[self getPasswordForAccount:account]];
77. NSString *filename = [NSString stringWithFormat:@"%@.%@",[self getUniqueFilename],fileExtension];
78.  
79. NSArray *paths = NSSearchPathForDirectoriesInDomains(NSCachesDirectory, NSUserDomainMask, YES);
80. NSString *documentsDirectory = paths.firstObject;
81. NSString *savedFilePath = [documentsDirectory stringByAppendingPathComponent:filename];
82. NSFileManager *fileManager = [NSFileManager defaultManager];
83.  
84. if([fileManager fileExistsAtPath:savedFilePath]){
85. [fileManager removeItemAtPath:savedFilePath error:nil];
86. }
87. [readyToStoreData writeToFile:savedFilePath options:NSDataWritingFileProtectionComplete error:nil];
88.  
89. //Exclude files from backup in iCloud
90. NSURL *documentsUrl = [[NSURL alloc] initWithString:savedFilePath];
91. NSError *error;
92. if ([documentsUrl setResourceValue:@(YES) forKey:NSURLIsExcludedFromBackupKey error:&error] == NO) {
93. NSLog(@"Error: Unable to exclude directory from backup: %@", error);
94. }
95.  
96. // Enable hardware-level encryption of files
97. NSDictionary* attributes = [NSDictionary dictionaryWithObject:NSFileProtectionComplete
98. forKey:NSFileProtectionKey];
99. [fileManager setAttributes:attributes ofItemAtPath:savedFilePath error:nil];
100.  
101. return savedFilePath;
102. }
103.  
104.  
105.  
106. #pragma mark - Read files/data
107.  
108. - (NSData*)readEncryptedDataFromTemporaryFileWithName:(NSString *)filename forAccount:(NSString*)account
109. {
110. NSArray *paths = NSSearchPathForDirectoriesInDomains(NSCachesDirectory, NSUserDomainMask, YES);
111. NSString *documentsDirectory = [paths objectAtIndex:0];
112. NSString *savedFilePath = [documentsDirectory stringByAppendingPathComponent:filename];
113. NSData *encryptedData = [NSData dataWithContentsOfFile:savedFilePath];
114. return [self decryptData:encryptedData withPassword:[self getPasswordForAccount:account]];
115. }
116.  
117. - (NSData*)readEncryptedDataFromTemporaryPath:(NSString *)fullPath forAccount:(NSString*)account
118. {
119. NSData *encryptedData = [NSData dataWithContentsOfFile:fullPath];
120. return [AFSEFileManagerHelper decryptData:encryptedData withPassword:[self getPasswordForAccount:account]];
121. }
122.  
123.  
124. #pragma mark - Helpers
125.  
126. - (NSData *)generatePasswordWithLength:(NSInteger)length
127. {
128. int err = 0;
129. NSMutableData* clientRandom = [NSMutableData dataWithLength:length];
130. err = SecRandomCopyBytes(kSecRandomDefault, length, [clientRandom mutableBytes]);
131. if(err == 0) {
132. NSData *base64Data = [clientRandom base64EncodedDataWithOptions:0];
133. NSData *returnData = [base64Data subdataWithRange:NSMakeRange(0, length)];
134. return returnData;
135. }
136. return nil;
137. }
138.  
139. - (NSString *)getPasswordForAccount:(NSString*)account {
140.  
141. NSString *password = [AFSEKeychainManagerHelper getPasswordForAccount:account];
142. if (password.length == 0) {
143.  
144. NSData *generatedPassword = [self generatePasswordWithLength:FILE_PASSWORD_BYTES_LENGTH];
145. password = [[NSString alloc] initWithData:generatedPassword
146. encoding:NSUTF8StringEncoding];
147. [AFSEKeychainManagerHelper setPassword:password
148. forAccount:loginConfiguration.uniqueUserIdentifier];
149. }
150. return password;
151. }
152.  
153.  
154. #pragma mark Encryption
155.  
156. - (NSData *)encryptData:(NSData *)theData withPassword:(NSString *)thePassword
157. {
158. return [RNCryptor encryptData:theData password:thePassword];;
159. }
160.  
161.  
162. - (NSData *)decryptData:(NSData *)theData withPassword:(NSString *)thePassword
163. {
164. NSError *error = nil;
165. NSData *plaintext = [RNCryptor decryptData:theData password:thePassword error:&error];
166. if (error != nil) {
167. NSLog(@"ERROR:%@", error);
168. return nil;
169. }
170. return plaintext;
171. }
172.  
173. #pragma mark - Unique filename
174.  
175. - (NSString *)getUniqueFilename
176. {
177. return [[NSProcessInfo processInfo] globallyUniqueString];
178. }