Package apple.localauthentication

Class LAContext

  • All Implemented Interfaces:
    NSObject
    public class LAContext
extends NSObject
    Class that represents an authentication context. This context can be used for evaluating policies.
    See Also:
    LAPolicy

    • Constructor Detail

      • LAContext

        protected LAContext​(org.moe.natj.general.Pointer peer)

    • Method Detail

      • accessInstanceVariablesDirectly

        public static boolean accessInstanceVariablesDirectly()

      • allocWithZone

        public static java.lang.Object allocWithZone​(org.moe.natj.general.ptr.VoidPtr zone)

      • automaticallyNotifiesObserversForKey

        public static boolean automaticallyNotifiesObserversForKey​(java.lang.String key)

      • cancelPreviousPerformRequestsWithTarget

        public static void cancelPreviousPerformRequestsWithTarget​(java.lang.Object aTarget)

      • cancelPreviousPerformRequestsWithTargetSelectorObject

        public static void cancelPreviousPerformRequestsWithTargetSelectorObject​(java.lang.Object aTarget,
                                                                         org.moe.natj.objc.SEL aSelector,
                                                                         java.lang.Object anArgument)

      • classFallbacksForKeyedArchiver

        public static NSArray<java.lang.String> classFallbacksForKeyedArchiver()

      • classForKeyedUnarchiver

        public static org.moe.natj.objc.Class classForKeyedUnarchiver()

      • debugDescription_static

        public static java.lang.String debugDescription_static()

      • description_static

        public static java.lang.String description_static()

      • hash_static

        public static long hash_static()

      • instanceMethodSignatureForSelector

        public static NSMethodSignature instanceMethodSignatureForSelector​(org.moe.natj.objc.SEL aSelector)

      • instancesRespondToSelector

        public static boolean instancesRespondToSelector​(org.moe.natj.objc.SEL aSelector)

      • isSubclassOfClass

        public static boolean isSubclassOfClass​(org.moe.natj.objc.Class aClass)

      • keyPathsForValuesAffectingValueForKey

        public static NSSet<java.lang.String> keyPathsForValuesAffectingValueForKey​(java.lang.String key)

      • new_objc

        public static java.lang.Object new_objc()

      • resolveClassMethod

        public static boolean resolveClassMethod​(org.moe.natj.objc.SEL sel)

      • resolveInstanceMethod

        public static boolean resolveInstanceMethod​(org.moe.natj.objc.SEL sel)

      • setVersion_static

        public static void setVersion_static​(long aVersion)

      • superclass_static

        public static org.moe.natj.objc.Class superclass_static()

      • version_static

        public static long version_static()

      • canEvaluatePolicyError

        public boolean canEvaluatePolicyError​(long policy,
                                      org.moe.natj.general.ptr.Ptr<NSError> error)
        Determines if a particular policy can be evaluated. Policies can have certain requirements which, when not satisfied, would always cause the policy evaluation to fail - e.g. a passcode set, a fingerprint enrolled with Touch ID or a face set up with Face ID. This method allows easy checking for such conditions. Applications should consume the returned value immediately and avoid relying on it for an extensive period of time. At least, it is guaranteed to stay valid until the application enters background. [@warning] Do not call this method in the reply block of evaluatePolicy:reply: because it could lead to a deadlock.
        Parameters:
        policy - Policy for which the preflight check should be run.
        error - Optional output parameter which is set to nil if the policy can be evaluated, or it contains error information if policy evaluation is not possible.
        Returns:
        YES if the policy can be evaluated, NO otherwise.

      • evaluateAccessControlOperationLocalizedReasonReply

        public void evaluateAccessControlOperationLocalizedReasonReply​(SecAccessControlRef accessControl,
                                                               long operation,
                                                               java.lang.String localizedReason,
                                                               LAContext.Block_evaluateAccessControlOperationLocalizedReasonReply reply)
        Evaluates access control object for the specified operation. Access control evaluation may involve prompting user for various kinds of interaction or authentication. Actual behavior is dependent on evaluated access control, device type, and can be affected by installed configuration profiles. Be sure to keep a strong reference to the context while the evaluation is in progress. Otherwise, an evaluation would be canceled when the context is being deallocated. The method does not block. Instead, the caller must provide a reply block to be called asynchronously when evaluation finishes. The block is executed on a private queue internal to the framework in an unspecified threading context. Other than that, no guarantee is made about which queue, thread, or run-loop the block is executed on. After successful access control evaluation, the LAContext can be used with keychain operations, so that they do not require user to authenticate. Access control evaluation may fail for various reasons, including user cancel, system cancel and others, see LAError codes. [@warning] localizedReason parameter is mandatory and the call will throw NSInvalidArgumentException if nil or empty string is specified. [@warning] Applications should also supply NSFaceIDUsageDescription key in the Info.plist. This key identifies a string value that contains a message to be displayed to users when the app is trying to use Face ID for the first time. Users can choose to allow or deny the use of Face ID by the app before the first use or later in Face ID privacy settings. When the use of Face ID is denied, evaluations will fail with LAErrorBiometryNotAvailable.
        Parameters:
        accessControl - Access control object that is typically created by SecAccessControlCreateWithFlags.
        operation - Type of operation the access control will be used with.
        localizedReason - Application reason for authentication. This string must be provided in correct localization and should be short and clear. It will be eventually displayed in the authentication dialog subtitle for Touch ID or passcode. The name of the calling application will be displayed in title, so it should not be duplicated here. This parameter is mostly ignored by Face ID authentication. Face ID will show generic instructions unless a customized fallback title is provided in localizedFallbackTitle property. For that case, it will show the authentication reason so that the instructions can be made consistent with the custom button title. Therefore, you should make sure that users are already aware of the need and reason for Face ID authentication before they have triggered the policy evaluation.
        reply - Reply block that is executed when access control evaluation finishes. success Reply parameter that is YES if the access control has been evaluated successfully or NO if the evaluation failed. error Reply parameter that is nil if the access control has been evaluated successfully, or it contains error information about the evaluation failure.

      • evaluatePolicyLocalizedReasonReply

        public void evaluatePolicyLocalizedReasonReply​(long policy,
                                               java.lang.String localizedReason,
                                               LAContext.Block_evaluatePolicyLocalizedReasonReply reply)
        Evaluates the specified policy. Policy evaluation may involve prompting user for various kinds of interaction or authentication. Actual behavior is dependent on evaluated policy, device type, and can be affected by installed configuration profiles. Be sure to keep a strong reference to the context while the evaluation is in progress. Otherwise, an evaluation would be canceled when the context is being deallocated. The method does not block. Instead, the caller must provide a reply block to be called asynchronously when evaluation finishes. The block is executed on a private queue internal to the framework in an unspecified threading context. Other than that, no guarantee is made about which queue, thread, or run-loop the block is executed on. Implications of successful policy evaluation are policy specific. In general, this operation is not idempotent. Policy evaluation may fail for various reasons, including user cancel, system cancel and others, see LAError codes. [@warning] localizedReason parameter is mandatory and the call will throw NSInvalidArgumentException if nil or empty string is specified. [@warning] Applications should also supply NSFaceIDUsageDescription key in the Info.plist. This key identifies a string value that contains a message to be displayed to users when the app is trying to use Face ID for the first time. Users can choose to allow or deny the use of Face ID by the app before the first use or later in Face ID privacy settings. When the use of Face ID is denied, evaluations will fail with LAErrorBiometryNotAvailable. [@li] LAErrorUserFallback if user tapped the fallback button [@li] LAErrorUserCancel if user has tapped the Cancel button [@li] LAErrorSystemCancel if some system event interrupted the evaluation (e.g. Home button pressed).
        Parameters:
        policy - Policy to be evaluated.
        reply - Reply block that is executed when policy evaluation finishes. success Reply parameter that is YES if the policy has been evaluated successfully or NO if the evaluation failed. error Reply parameter that is nil if the policy has been evaluated successfully, or it contains error information about the evaluation failure.
        localizedReason - Application reason for authentication. This string must be provided in correct localization and should be short and clear. It will be eventually displayed in the authentication dialog subtitle for Touch ID or passcode. The name of the calling application will be displayed in title, so it should not be duplicated here. This parameter is mostly ignored by Face ID authentication. Face ID will show generic instructions unless a customized fallback title is provided in localizedFallbackTitle property. For that case, it will show the authentication reason so that the instructions can be made consistent with the custom button title. Therefore, you should make sure that users are already aware of the need and reason for Face ID authentication before they have triggered the policy evaluation.
        See Also:
        Typical error codes returned by this call are:

      • evaluatedPolicyDomainState

        public NSData evaluatedPolicyDomainState()
        Contains policy domain state. This property is set only when evaluatePolicy is called and succesful Touch ID or Face ID authentication was performed, or when canEvaluatePolicy succeeds for a biometric policy. It stays nil for all other cases. If biometric database was modified (fingers or faces were removed or added), evaluatedPolicyDomainState data will change. Nature of such database changes cannot be determined but comparing data of evaluatedPolicyDomainState after different evaluatePolicy will reveal the fact database was changed between calls. [@warning] Please note that the value returned by this property can change exceptionally between major OS versions even if the state of biometry has not changed.

      • invalidate

        public void invalidate()
        Invalidates the context. The context is invalidated automatically when it is (auto)released. This method allows invalidating it manually while it is still in scope. Invalidation terminates any existing policy evaluation and the respective call will fail with LAErrorAppCancel. After the context has been invalidated, it can not be used for policy evaluation and an attempt to do so will fail with LAErrorInvalidContext. Invalidating a context that has been already invalidated has no effect.

      • isCredentialSet

        public boolean isCredentialSet​(long type)
        Reveals if credential was set with this context.
        Parameters:
        type - Type of credential we are asking for.
        Returns:
        YES on success, NO otherwise.

      • localizedCancelTitle

        public java.lang.String localizedCancelTitle()
        Cancel button title. Allows cancel button title customization. A default title "Cancel" is used when this property is left nil or is set to empty string.

      • localizedFallbackTitle

        public java.lang.String localizedFallbackTitle()
        Fallback button title. Allows fallback button title customization. If set to empty string, the button will be hidden. A default title "Enter Password" is used when this property is left nil.

      • maxBiometryFailures

        @Deprecated
public NSNumber maxBiometryFailures()
        Deprecated.
        This property is deprecated and setting it has no effect.

      • setCredentialType

        public boolean setCredentialType​(NSData credential,
                                 long type)
        Sets a credential to this context. Some policies allow to bind application-provided credential with them. This method allows credential to be passed to the right context.
        Parameters:
        credential - Credential to be used with subsequent calls. Setting this parameter to nil will remove any existing credential of the specified type.
        type - Type of the provided credential.
        Returns:
        YES if the credential was set successfully, NO otherwise.

      • setLocalizedCancelTitle

        public void setLocalizedCancelTitle​(java.lang.String value)
        Cancel button title. Allows cancel button title customization. A default title "Cancel" is used when this property is left nil or is set to empty string.

      • setLocalizedFallbackTitle

        public void setLocalizedFallbackTitle​(java.lang.String value)
        Fallback button title. Allows fallback button title customization. If set to empty string, the button will be hidden. A default title "Enter Password" is used when this property is left nil.

      • setMaxBiometryFailures

        @Deprecated
public void setMaxBiometryFailures​(NSNumber value)
        Deprecated.
        This property is deprecated and setting it has no effect.

      • setTouchIDAuthenticationAllowableReuseDuration

        public void setTouchIDAuthenticationAllowableReuseDuration​(double value)
        Time interval for accepting a successful Touch ID or Face ID device unlock (on the lock screen) from the past. This property can be set with a time interval in seconds. If the device was successfully unlocked by biometry within this time interval, then biometric authentication on this context will succeed automatically and the reply block will be called without prompting user for Touch ID or Face ID. The default value is 0, meaning that no previous biometric unlock can be reused. This property is meant only for reusing biometric matches from the device lock screen. It does not allow reusing previous biometric matches in application or between applications. The maximum supported interval is 5 minutes and setting the value beyond 5 minutes does not increase the accepted interval.
        See Also:
        LATouchIDAuthenticationMaximumAllowableReuseDuration

      • touchIDAuthenticationAllowableReuseDuration

        public double touchIDAuthenticationAllowableReuseDuration()
        Time interval for accepting a successful Touch ID or Face ID device unlock (on the lock screen) from the past. This property can be set with a time interval in seconds. If the device was successfully unlocked by biometry within this time interval, then biometric authentication on this context will succeed automatically and the reply block will be called without prompting user for Touch ID or Face ID. The default value is 0, meaning that no previous biometric unlock can be reused. This property is meant only for reusing biometric matches from the device lock screen. It does not allow reusing previous biometric matches in application or between applications. The maximum supported interval is 5 minutes and setting the value beyond 5 minutes does not increase the accepted interval.
        See Also:
        LATouchIDAuthenticationMaximumAllowableReuseDuration

      • biometryType

        public long biometryType()
        Indicates the type of the biometry supported by the device. This property is set when canEvaluatePolicy has been called for a biometric policy. The default value is LABiometryTypeNone.

      • interactionNotAllowed

        public boolean interactionNotAllowed()
        Allows running authentication in non-interactive mode. If the context is used in a keychain query by the means of kSecUseAuthenticationContext, then setting this property to YES has the same effect as passing kSecUseNoAuthenticationUI in the query, i.e. the keychain call will eventually fail with errSecInteractionNotAllowed instead of displaying the authentication UI. If this property is used with a LocalAuthentication evaluation, it will eventually fail with LAErrorNotInteractive instead of displaying the authentication UI.

      • localizedReason

        public java.lang.String localizedReason()
        Allows setting the default localized authentication reason on context. A localized string from this property is displayed in the authentication UI if the caller didn't specify its own authentication reason (e.g. a keychain operation with kSecUseAuthenticationContext). This property is ignored if the authentication reason was provided by caller.

      • setInteractionNotAllowed

        public void setInteractionNotAllowed​(boolean value)
        Allows running authentication in non-interactive mode. If the context is used in a keychain query by the means of kSecUseAuthenticationContext, then setting this property to YES has the same effect as passing kSecUseNoAuthenticationUI in the query, i.e. the keychain call will eventually fail with errSecInteractionNotAllowed instead of displaying the authentication UI. If this property is used with a LocalAuthentication evaluation, it will eventually fail with LAErrorNotInteractive instead of displaying the authentication UI.

      • setLocalizedReason

        public void setLocalizedReason​(java.lang.String value)
        Allows setting the default localized authentication reason on context. A localized string from this property is displayed in the authentication UI if the caller didn't specify its own authentication reason (e.g. a keychain operation with kSecUseAuthenticationContext). This property is ignored if the authentication reason was provided by caller.