Refactor and add secure storage module

packages/celest_auth/analysis_options.yaml

@@ -10,4 +10,4 @@ analyzer:
     depend_on_referenced_packages: error
     public_member_api_docs: ignore # TODO
   exclude:
-    - lib/src/platform/**/*.ffi.dart
+    - "**/*.ffi.dart"

packages/celest_auth/android/build.gradle

@@ -66,4 +66,7 @@ dependencies {
     implementation "androidx.biometric:biometric:1.2.0-alpha05"
     implementation "com.google.android.gms:play-services-auth:21.0.0"
     implementation "com.google.android.gms:play-services-fido:20.1.0"
+
+    // Secure Storage
+    implementation 'androidx.security:security-crypto:1.1.0-alpha06'
 }

packages/celest_auth/android/src/main/kotlin/dev/celest/celest_auth/CelestSecureStorage.kt

@@ -0,0 +1,61 @@
+package dev.celest.celest_auth
+
+import android.annotation.SuppressLint
+import android.app.Activity
+import android.content.SharedPreferences
+import androidx.annotation.Keep
+import androidx.annotation.Nullable
+import androidx.security.crypto.EncryptedSharedPreferences
+import androidx.security.crypto.MasterKey
+
+// TODO(dnys1): Exclude from backup:
+// - https://developer.android.com/reference/androidx/security/crypto/EncryptedSharedPreferences
+// - https://developer.android.com/guide/topics/data/autobackup#IncludingFiles
+@Keep
+class CelestSecureStorage(private val mainActivity: Activity) {
+
+    private val sharedPreferences: SharedPreferences by lazy {
+        val masterKey = MasterKey.Builder(mainActivity)
+            .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
+            .build()
+        val sharedPreferences = EncryptedSharedPreferences.create(
+            mainActivity,
+            "auth_secrets",
+            masterKey,
+            EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
+            EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM,
+        )
+        sharedPreferences
+    }
+
+    private val editor: SharedPreferences.Editor
+        get() = sharedPreferences.edit()
+
+    fun write(dataKey: String, value: String?) {
+        with(editor) {
+            putString(dataKey, value)
+            apply()
+        }
+    }
+
+    fun read(dataKey: String): String? = sharedPreferences.getString(dataKey, null)
+
+    fun readAll(): Map<String, String> = sharedPreferences.all.mapValues { it.value as String }
+
+    fun delete(dataKey: String): String? {
+        val current = read(dataKey)
+        with(editor) {
+            remove(dataKey)
+            apply()
+        }
+        return current
+    }
+
+    fun clear() {
+        with(editor) {
+            clear()
+            apply()
+        }
+    }
+
+}

packages/celest_auth/example/android/app/build.gradle

@@ -71,4 +71,5 @@ dependencies {
     implementation "androidx.biometric:biometric:1.2.0-alpha05"
     implementation "com.google.android.gms:play-services-auth:21.0.0"
     implementation "com.google.android.gms:play-services-fido:20.1.0"
+    implementation 'androidx.security:security-crypto:1.1.0-alpha06'
 }

packages/celest_auth/example/ios/Runner/Runner.entitlements

@@ -4,7 +4,7 @@
 <dict>
 	<key>com.apple.developer.associated-domains</key>
 	<array>
-		<string>webcredentials:a102-136-24-157-119.ngrok-free.app?developer=true</string>
+		<string>webcredentials:0a3b-136-24-157-119.ngrok-free.app?developer=true</string>
 	</array>
 </dict>
 </plist>

packages/celest_auth/example/lib/main.dart

@@ -4,9 +4,8 @@ import 'package:corks/corks.dart';
 import 'package:flutter/material.dart';
 import 'package:http/http.dart' as http;
 
-final authClient = AuthClient(
-  baseUri: Uri.https('a102-136-24-157-119.ngrok-free.app'),
-);
+final baseUri = Uri.https('0a3b-136-24-157-119.ngrok-free.app');
+final authClient = AuthClient(baseUri: baseUri);
 final passkeys = PasskeyPlatform(protocol: authClient.passkeys);
 
 void main() {
@@ -46,6 +45,11 @@ class _MainAppState extends State<MainApp> {
       final response = await passkeys.register(
         PasskeyRegistrationRequest(
           username: _controller.text,
+          authenticatorSelection: const AuthenticatorSelectionCriteria(
+            authenticatorAttachment: AuthenticatorAttachment.platform,
+            residentKey: ResidentKeyRequirement.preferred,
+            userVerification: UserVerificationRequirement.discouraged,
+          ),
         ),
       );
       await authClient.passkeys.verifyRegistration(
@@ -143,9 +147,7 @@ class _MainAppState extends State<MainApp> {
                       onPressed: () {
                         setState(() {
                           _request = http.get(
-                            Uri.parse(
-                              'https://a102-136-24-157-119.ngrok-free.app/authenticated',
-                            ),
+                            baseUri.resolve('/authenticated'),
                           );
                         });
                       },

packages/celest_auth/ffigen.core_foundation.yaml

@@ -0,0 +1,50 @@
+name: CoreFoundation
+description: |
+  Bindings for Core Foundation on iOS/macOS.
+
+  Regenerate bindings with `dart run ffigen --config=ffigen.core_foundation.yaml`.
+language: "c"
+output:
+  bindings: "lib/src/native/darwin/core_foundation.ffi.dart"
+compiler-opts:
+  - "-F/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks"
+headers:
+  entry-points:
+    - "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/CoreFoundation.framework/Headers/CFDictionary.h"
+    - "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/CoreFoundation.framework/Headers/CFString.h"
+    - "/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/CoreFoundation.framework/Headers/CFData.h"
+preamble: |
+  // ignore_for_file: type=lint
+  // ignore_for_file: return_of_invalid_type
+  // ignore_for_file: unnecessary_non_null_assertion
+comments:
+  style: any
+  length: full
+
+ffi-native:
+exclude-all-by-default: true
+typedefs:
+  include:
+    - "CF.*"
+globals:
+  include:
+    - "kCF.*"
+functions:
+  include:
+    - CFDictionaryCreate
+    - CFDataCreate
+    - CFStringGetCStringPtr
+    - CFStringGetCString
+    - CFStringGetLength
+    - CFStringGetMaximumSizeForEncoding
+    - CFStringCreateWithCString
+    - CFDataGetBytePtr
+    - CFRelease
+structs:
+  rename:
+    "__CFString": CFString
+    "__CFData": CFData
+    "__CFDictionary": CFDictionary
+unnamed-enums:
+  include:
+    - "kCF.*"

packages/celest_auth/ffigen.darwin.yaml

@@ -5,7 +5,7 @@ description: |
   Regenerate bindings with `dart run ffigen --config=ffigen.darwin.yaml`.
 language: "objc"
 output:
-  bindings: "lib/src/platform/darwin/celest_auth.ffi.dart"
+  bindings: "lib/src/native/darwin/celest_auth.ffi.dart"
 headers:
   entry-points:
     - "example/build/macos/Build/Products/Release/celest_auth/celest_auth.framework/Headers/celest_auth-Swift.h"
@@ -14,7 +14,7 @@ headers:
     - "/System/Volumes/Data/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/Foundation.framework/Headers/Foundation.h"
 import:
   symbol-files:
-    - "package:celest_auth/src/platform/darwin/foundation.yaml"
+    - "package:celest_auth/src/native/darwin/foundation.yaml"
 preamble: |
   // ignore_for_file: type=lint
   // ignore_for_file: return_of_invalid_type

packages/celest_auth/ffigen.foundation.yaml

@@ -5,10 +5,10 @@ description: |
   Regenerate bindings with `dart run ffigen --config=ffigen.foundation.yaml`.
 language: "objc"
 output:
-  bindings: "lib/src/platform/darwin/foundation.ffi.dart"
+  bindings: "lib/src/native/darwin/foundation.ffi.dart"
   symbol-file:
-    output: "package:celest_auth/src/platform/darwin/foundation.yaml"
-    import-path: "package:celest_auth/src/platform/darwin/foundation.ffi.dart"
+    output: "package:celest_auth/src/native/darwin/foundation.yaml"
+    import-path: "package:celest_auth/src/native/darwin/foundation.ffi.dart"
 headers:
   entry-points:
     - "/System/Volumes/Data/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/Foundation.framework/Headers/NSString.h"

packages/celest_auth/ffigen.security.yaml

@@ -0,0 +1,76 @@
+name: SecurityFramework
+description: |
+  Bindings for Security framework on iOS/macOS.
+
+  Regenerate bindings with `dart run ffigen --config=ffigen.security.yaml`.
+language: "c"
+output:
+  bindings: "lib/src/native/darwin/security.ffi.dart"
+compiler-opts:
+  - "-F/System/Volumes/Data/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks"
+headers:
+  entry-points:
+    - "/System/Volumes/Data/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/System/Library/Frameworks/Security.framework/Headers/SecItem.h"
+preamble: |
+  // ignore_for_file: type=lint
+  // ignore_for_file: return_of_invalid_type
+  // ignore_for_file: unnecessary_non_null_assertion
+comments:
+  style: any
+  length: full
+library-imports:
+  cf: "package:celest_auth/src/native/darwin/core_foundation.ffi.dart"
+
+ffi-native:
+exclude-all-by-default: true
+functions:
+  include:
+    - SecItemAdd
+    - SecItemUpdate
+    - SecItemCopyMatching
+    - SecItemDelete
+    - SecCopyErrorMessageString
+globals:
+  include:
+    - "kSec.*"
+    - "kCF.*"
+unnamed-enums:
+  include:
+    - errSecSuccess
+    - errSecItemNotFound
+    - errSecDuplicateItem
+    - errSecUserCanceled
+    - errSecAuthFailed
+    - errSecInteractionRequired
+    - errSecMissingEntitlement
+    - errSecInvalidOwnerEdit
+type-map:
+  typedefs:
+    CFString:
+      lib: cf
+      c-type: CFString
+      dart-type: CFString
+    CFType:
+      lib: cf
+      c-type: CFType
+      dart-type: CFType
+    CFData:
+      lib: cf
+      c-type: CFData
+      dart-type: CFData
+    CFDictionary:
+      lib: cf
+      c-type: CFDictionary
+      dart-type: CFDictionary
+    CFStringRef:
+      lib: cf
+      c-type: CFStringRef
+      dart-type: CFStringRef
+    CFTypeRef:
+      lib: cf
+      c-type: CFTypeRef
+      dart-type: CFTypeRef
+    CFDictionaryRef:
+      lib: cf
+      c-type: CFDictionaryRef
+      dart-type: CFDictionaryRef