ios - i如何通过 Secure Enclave 实现安全的 Touch ID 身份验证？

问题描述

我的应用程序通过了渗透测试，并被建议使用钥匙串服务实现 LAContext，以便安全地访问应用程序的触摸 ID。关于如何实现这一目标的任何想法？下面给出了当前的实现，请让我知道我做错了什么？

func showsystemPasswordWindow(){
    context = LAContext()
    
    //   context.localizedCancelTitle = "Cancel"
    
    // First check if we have the needed hardware support.
    var error: NSError?
    if context.canEvaluatePolicy(.deviceOwnerAuthentication, error: &error) {
        
        let reason = "Device authentication"
        context.evaluatePolicy(.deviceOwnerAuthentication, localizedReason: reason ) { success, error in
            
            if success {
                
                // Move to the main thread because a state update triggers UI changes.
                DispatchQueue.main.async { [unowned self] in
                    self.nav()
                    
                }
                
            } else {
                print(error?.localizedDescription ?? "Failed to authenticate")
                
                DispatchQueue.main.async {
                    
                    self.showsystemPasswordWindow()
                    
                    exit(0)
                    // self.showsystemPasswordWindow()
                }
                // Fall back to a asking for username and password.
                // ...
            }
        }
    } else {
        print(error?.localizedDescription ?? "Can't evaluate policy")
        
        self.makeSignInAsRootViewController()
        // Fall back to a asking for username and password.
        // ...
    }
}

标签： iosswifttouch-id