fix: Name of key on iOS should contain userId and keyId

tevincent · tevincent · commit 56913a49b1b3 · 2026-03-13T09:01:18.000+01:00
diff --git a/multiplatform-lib/src/appleMain/kotlin/internal/KeyPairManagerImpl.apple.kt b/multiplatform-lib/src/appleMain/kotlin/internal/KeyPairManagerImpl.apple.kt
@@ -27,7 +27,6 @@ import com.infomaniak.auth.lib.extensions.toNSData
 import com.infomaniak.auth.lib.extensions.toNsData
 import com.infomaniak.auth.lib.extensions.tryIt
 import com.infomaniak.auth.lib.extensions.use
-import com.infomaniak.auth.lib.internal.KeyPairManager.Companion.ALIAS
 import kotlinx.cinterop.ExperimentalForeignApi
 import kotlinx.cinterop.MemScope
 import kotlinx.cinterop.alloc
@@ -80,7 +79,7 @@ internal actual class KeyPairManagerImpl : KeyPairManager {
     ): Xor<ByteArray, Failure.KeyManagement.KeyExtractionFailed> = Dispatchers.IO {
         memScoped {
             // Get private key to retrieve public key
-            getPrivateKeyRef().use { privateKeyRef ->
+            getPrivateKeyRef("$userId-$keyId").use { privateKeyRef ->
                 SecKeyCopyPublicKey(privateKeyRef) ?: throw Exception("Failed to extract public key from private key")
             }.use { publicKeyRef ->
 
@@ -101,7 +100,7 @@ internal actual class KeyPairManagerImpl : KeyPairManager {
         keyId: String
     ): Xor<ByteArray, Failure.KeyManagement.KeyExtractionFailed> {
         memScoped {
-            getPrivateKeyRef().use { privateKeyRef ->
+            getPrivateKeyRef("$userId-$keyId").use { privateKeyRef ->
                 val result = tryIt { errorPointer ->
                     SecKeyCopyExternalRepresentation(privateKeyRef, errorPointer)
                 }
@@ -115,12 +114,12 @@ internal actual class KeyPairManagerImpl : KeyPairManager {
     }
 
     @OptIn(ExperimentalForeignApi::class)
-    private fun MemScope.getPrivateKeyRef(): SecKeyRef {
+    private fun MemScope.getPrivateKeyRef(keyAlias: String): SecKeyRef {
         val query = buildCFDictionary {
             this[kSecAttrKeyType] = kSecAttrKeyTypeECSECPrimeRandom
             this[kSecAttrKeyClass] = kSecAttrKeyClassPrivate
             this[kSecClass] = kSecClassKey
-            this[kSecAttrApplicationTag] = ALIAS.toNsData()
+            this[kSecAttrApplicationTag] = keyAlias.toNsData()
             this[kSecReturnRef] = true
         }
 
diff --git a/multiplatform-lib/src/commonMain/kotlin/CryptoObjectsBuilder.kt b/multiplatform-lib/src/commonMain/kotlin/CryptoObjectsBuilder.kt
@@ -39,7 +39,7 @@ import kotlin.uuid.Uuid
 
 // This class should be internal
 @OptIn(ExperimentalUuidApi::class, ExperimentalSerializationApi::class)
-class CryptoObjectsBuilder() {
+internal class CryptoObjectsBuilder {
 
     internal val base64NoPadding = Base64.UrlSafe.withPadding(Base64.PaddingOption.ABSENT)
 
diff --git a/multiplatform-lib/src/commonMain/kotlin/internal/KeyManager.kt b/multiplatform-lib/src/commonMain/kotlin/internal/KeyManager.kt
@@ -32,8 +32,6 @@ internal interface KeyPairManager {
     suspend fun retrievePrivateKey(userId: Int, keyId: String): Xor<ByteArray, Failure.KeyManagement.KeyExtractionFailed>
 
     companion object {
-        protected const val ALIAS = "default"
-
         val privateKeyPurposes = KeyPurposes.privateKeyDefaults
         val publicKeyPurposes = KeyPurposes.publicKeyDefaults
     }

Original file line number	Diff line number	Diff line change
`@@ -32,8 +32,6 @@ internal interface KeyPairManager {`
`32`	`32`	`suspend fun retrievePrivateKey(userId: Int, keyId: String): Xor<ByteArray, Failure.KeyManagement.KeyExtractionFailed>`
`33`	`33`
`34`	`34`	`companion object {`
`35`		`- protected const val ALIAS = "default"`
`36`		`-`
`37`	`35`	`val privateKeyPurposes = KeyPurposes.privateKeyDefaults`
`38`	`36`	`val publicKeyPurposes = KeyPurposes.publicKeyDefaults`
`39`	`37`	`}`