PrivateDataConfirmation: prompt with touch/face/pin/password ID for viewing/exporting keys

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>

1 files changed, 37 insertions, 0 deletions

diff --git a/WireGuard/WireGuard/UI/PrivateDataConfirmation.swift b/WireGuard/WireGuard/UI/PrivateDataConfirmation.swift
new file mode 100644
index 0000000..c03e64a
--- /dev/null
+++ b/WireGuard/WireGuard/UI/PrivateDataConfirmation.swift
@@ -0,0 +1,37 @@
+// SPDX-License-Identifier: MIT
+// Copyright © 2018-2019 WireGuard LLC. All Rights Reserved.
+
+import Foundation
+import LocalAuthentication
+#if os(macOS)
+import AppKit
+#endif
+
+class PrivateDataConfirmation {
+    static func confirmAccess(to reason: String, _ after: @escaping () -> Void) {
+        let context = LAContext()
+
+        var error: NSError?
+        if !context.canEvaluatePolicy(.deviceOwnerAuthentication, error: &error) {
+            guard let error = error as? LAError else { return }
+            if error.code == .passcodeNotSet {
+                // We give no protection to folks who just don't set a passcode.
+                after()
+            }
+            return
+        }
+
+        context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: reason) { success, _ in
+            DispatchQueue.main.async {
+                #if os(macOS)
+                if !NSApp.isActive {
+                    NSApp.activate(ignoringOtherApps: true)
+                }
+                #endif
+                if success {
+                    after()
+                }
+            }
+        }
+    }
+}