Extracted the logic for storing the encrypted compositekey into a

seperate class

MacPass.xcodeproj/project.pbxproj

@@ -306,6 +306,7 @@
 		6021FE9818E1650F00C3BC51 /* DatabaseSettingsWindow.xib in Resources */ = {isa = PBXBuildFile; fileRef = 6021FE9A18E1650F00C3BC51 /* DatabaseSettingsWindow.xib */; };
 		7837112C225540D1009BD28D /* PluginRepositoryBrowserView.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7837112E225540D1009BD28D /* PluginRepositoryBrowserView.xib */; };
 		78E1F8B022E3A5D600E738AE /* AutotypeDoctorReportViewController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 78E1F8B222E3A5D600E738AE /* AutotypeDoctorReportViewController.xib */; };
+		AF105CF325FE5B2000C4FD3C /* MPTouchIdCompositeKeyStore.m in Sources */ = {isa = PBXBuildFile; fileRef = AF105CF125FE5B2000C4FD3C /* MPTouchIdCompositeKeyStore.m */; };
 		FA13910C1F9CD9EB0033D256 /* Localizable.stringsdict in Resources */ = {isa = PBXBuildFile; fileRef = FA13910A1F9CD9EB0033D256 /* Localizable.stringsdict */; };
 		FA9FD3271FB5E8F4003CEDD6 /* AutotypeCandidateSelectionView.xib in Resources */ = {isa = PBXBuildFile; fileRef = FA9FD3291FB5E8F4003CEDD6 /* AutotypeCandidateSelectionView.xib */; };
 		FA9FD32C1FB5EDD3003CEDD6 /* AutotypeBuilderView.xib in Resources */ = {isa = PBXBuildFile; fileRef = FA9FD32E1FB5EDD3003CEDD6 /* AutotypeBuilderView.xib */; };
@@ -1043,6 +1044,8 @@
 		ABE8662E2316617500201125 /* zh-Hans */ = {isa = PBXFileReference; lastKnownFileType = text.plist.stringsdict; name = "zh-Hans"; path = "zh-Hans.lproj/Localizable.stringsdict"; sourceTree = "<group>"; };
 		ABE8662F2316617500201125 /* zh-Hans */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = "zh-Hans"; path = "zh-Hans.lproj/AutotypeDoctorReportViewController.strings"; sourceTree = "<group>"; };
 		ABE86630231662D200201125 /* zh-Hans */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = "zh-Hans"; path = "zh-Hans.lproj/PluginDataView.strings"; sourceTree = "<group>"; };
+		AF105CF125FE5B2000C4FD3C /* MPTouchIdCompositeKeyStore.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = MPTouchIdCompositeKeyStore.m; sourceTree = "<group>"; };
+		AF105CF225FE5B2000C4FD3C /* MPTouchIdCompositeKeyStore.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = MPTouchIdCompositeKeyStore.h; sourceTree = "<group>"; };
 		BB3E050C1FE9D1CA00F0B46F /* nl */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = nl; path = nl.lproj/AutotypeCandidateSelectionView.strings; sourceTree = "<group>"; };
 		BB3E050D1FE9D1CB00F0B46F /* nl */ = {isa = PBXFileReference; lastKnownFileType = text.plist.stringsdict; name = nl; path = nl.lproj/Localizable.stringsdict; sourceTree = "<group>"; };
 		BB3E050E1FE9D1CC00F0B46F /* nl */ = {isa = PBXFileReference; lastKnownFileType = text.plist.strings; name = nl; path = nl.lproj/ReferenceBuilderView.strings; sourceTree = "<group>"; };
@@ -1298,6 +1301,8 @@
 				4C4B7EF717A4B335000234C7 /* MPUniqueCharactersFormatter.m */,
 				4C3C4EAD18D7039300153127 /* MPValueTransformerHelper.h */,
 				4C3C4EAE18D7039300153127 /* MPValueTransformerHelper.m */,
+				AF105CF225FE5B2000C4FD3C /* MPTouchIdCompositeKeyStore.h */,
+				AF105CF125FE5B2000C4FD3C /* MPTouchIdCompositeKeyStore.m */,
 			);
 			name = Helper;
 			sourceTree = "<group>";
@@ -2215,6 +2220,7 @@
 				4C978E0D19AE54AB003067DF /* MPFlagsHelper.m in Sources */,
 				4C6F228919A4A7F90012310C /* MPAutotypeClear.m in Sources */,
 				4C0B038C18E36DA400B9F9C9 /* MPFixAutotypeWindowController.m in Sources */,
+				AF105CF325FE5B2000C4FD3C /* MPTouchIdCompositeKeyStore.m in Sources */,
 				4C7679BF1D76D6D8001F33D6 /* MPErrorRecoveryAttempter.m in Sources */,
 				4CAD338F205169D30068587E /* MPPluginRepositoryItem.m in Sources */,
 				4C9BFFFB1FD19B5400264B16 /* MPPrettyPasswordTransformer.m in Sources */,

MacPass/MPPasswordInputController.m

@@ -29,14 +29,12 @@
 #import "MPTouchBarButtonCreator.h"
 #import "MPSettingsHelper.h"
 #import "MPConstants.h"
-#import "MPSettingsHelper.h"
+#import "MPTouchIdCompositeKeyStore.h"
 
 #import "HNHUi/HNHUi.h"
 
 #import "NSError+Messages.h"
 
-static NSMutableDictionary* touchIDSecuredPasswords;
-
 @interface MPPasswordInputController ()
 
 @property (strong) NSButton *showPasswordButton;
@@ -71,9 +69,6 @@ static NSMutableDictionary* touchIDSecuredPasswords;
   self = [super initWithNibName:nibNameOrNil bundle:nibBundleOrNil];
   if(self) {
     _enablePassword = YES;
-    if(touchIDSecuredPasswords == NULL) {
-      touchIDSecuredPasswords = [[NSMutableDictionary alloc]init];
-    }
     [NSNotificationCenter.defaultCenter addObserver:self selector:@selector(_selectKeyURL) name:MPDidChangeStoredKeyFilesSettings object:nil];
   }
   return self;
@@ -169,22 +164,7 @@ static NSMutableDictionary* touchIDSecuredPasswords;
 
 - (void) _touchIdUpdateKeyForCurrentDocument: (KPKCompositeKey*)compositeKey forDocumentKey: (NSString*) documentKey{
   NSData* encryptedKey = [self _touchIdEncryptCompositeKey:compositeKey];
-  if (self.touchIdEnabledButton.state == NSControlStateValueMixed) {
+  [MPTouchIdCompositeKeyStore.defaultStore save:encryptedKey forDocumentKey:documentKey];
-    [NSUserDefaults.standardUserDefaults removeObjectForKey:documentKey];
-    if(encryptedKey != NULL) {
-      [touchIDSecuredPasswords setObject:encryptedKey forKey:documentKey];
-    }
-  }
-  else if(self.touchIdEnabledButton.state == NSControlStateValueOn) {
-    [touchIDSecuredPasswords removeObjectForKey:documentKey];
-    if(encryptedKey != NULL) {
-      [NSUserDefaults.standardUserDefaults setObject:encryptedKey forKey:documentKey];
-    }
-  }
-  else {
-    [NSUserDefaults.standardUserDefaults removeObjectForKey:documentKey];
-    [touchIDSecuredPasswords removeObjectForKey:documentKey];
-  }
 }
 
 - (void) _touchIdCreateAndAddRSAKeyPair {
@@ -340,21 +320,7 @@ static NSMutableDictionary* touchIDSecuredPasswords;
   if(![self _touchIdGetKeyForCurrentDocument:&documentKey]) {
     return false;
   }
-  NSData* transientKey  = [touchIDSecuredPasswords valueForKey:documentKey];
+  return [MPTouchIdCompositeKeyStore.defaultStore load:result forDocumentKey:documentKey];
-  NSData* persistentKey =[NSUserDefaults.standardUserDefaults dataForKey:documentKey];
-  if(transientKey == NULL && persistentKey == NULL) {
-    return false;
-  }
-  if(transientKey == NULL || persistentKey == NULL) {
-    *result = transientKey == NULL ? persistentKey : transientKey;
-    return true;
-  }
-  if(self.touchIdEnabledButton.state == NSControlStateValueOn) {
-    *result = persistentKey;
-    return true;
-  }
-  *result = transientKey;
-  return true;
 }
 
 - (IBAction)unlockWithTouchID:(id)sender {

MacPass/MPTouchIdCompositeKeyStore.h

@@ -0,0 +1,21 @@
+//
+//  MPTouchIdCompositeKeyStore.h
+//  MacPass
+//
+//  Created by Julius Zint on 14.03.21.
+//  Copyright © 2021 HicknHack Software GmbH. All rights reserved.
+//
+
+#ifndef MPTouchIdCompositeKeyStore_h
+#define MPTouchIdCompositeKeyStore_h
+
+static NSMutableDictionary* touchIDSecuredPasswords;
+
+@interface MPTouchIdCompositeKeyStore : NSObject
+  @property (class, strong, readonly) MPTouchIdCompositeKeyStore *defaultStore;
+
+  - (void) save:(NSData*) encryptedCompositeKey forDocumentKey:(NSString*) documentKey;
+  - (bool) load:(NSData**) encryptedCompositeKey forDocumentKey:(NSString*) documentKey;
+@end
+
+#endif /* MPTouchIdCompositeKeyStore_h */

MacPass/MPTouchIdCompositeKeyStore.m

@@ -0,0 +1,64 @@
+//
+//  MPTouchIdCompositeKeyStore.m
+//  MacPass
+//
+//  Created by Julius Zint on 14.03.21.
+//  Copyright © 2021 HicknHack Software GmbH. All rights reserved.
+//
+#import "MPSettingsHelper.h"
+#import "MPTouchIdCompositeKeyStore.h"
+
+@implementation MPTouchIdCompositeKeyStore
+
++ (instancetype)defaultStore {
+  static MPTouchIdCompositeKeyStore *instance;
+  static dispatch_once_t onceToken;
+  dispatch_once(&onceToken, ^{
+    instance = [[MPTouchIdCompositeKeyStore alloc] init];
+    if(touchIDSecuredPasswords == NULL) {
+      touchIDSecuredPasswords = [[NSMutableDictionary alloc]init];
+    }
+  });
+  return instance;
+}
+
+- (void) save: (NSData*) encryptedCompositeKey forDocumentKey:(NSString*) documentKey {
+  long touchIdMode = [NSUserDefaults.standardUserDefaults integerForKey:kMPSettingsKeyEntryTouchIdEnabled];
+  if (touchIdMode == NSControlStateValueMixed) {
+    [NSUserDefaults.standardUserDefaults removeObjectForKey:documentKey];
+    if(encryptedCompositeKey != NULL) {
+      [touchIDSecuredPasswords setObject:encryptedCompositeKey forKey:documentKey];
+    }
+  }
+  else if(touchIdMode == NSControlStateValueOn) {
+    [touchIDSecuredPasswords removeObjectForKey:documentKey];
+    if(encryptedCompositeKey != NULL) {
+      [NSUserDefaults.standardUserDefaults setObject:encryptedCompositeKey forKey:documentKey];
+    }
+  }
+  else {
+    [NSUserDefaults.standardUserDefaults removeObjectForKey:documentKey];
+    [touchIDSecuredPasswords removeObjectForKey:documentKey];
+  }
+}
+
+- (bool) load: (NSData**) encryptedCompositeKey forDocumentKey: (NSString*) documentKey {
+  long touchIdMode = [NSUserDefaults.standardUserDefaults integerForKey:kMPSettingsKeyEntryTouchIdEnabled];
+  NSData* transientKey  = [touchIDSecuredPasswords valueForKey:documentKey];
+  NSData* persistentKey =[NSUserDefaults.standardUserDefaults dataForKey:documentKey];
+  if(transientKey == NULL && persistentKey == NULL) {
+    return false;
+  }
+  if(transientKey == NULL || persistentKey == NULL) {
+    *encryptedCompositeKey = transientKey == NULL ? persistentKey : transientKey;
+    return true;
+  }
+  if(touchIdMode == NSControlStateValueOn) {
+    *encryptedCompositeKey = persistentKey;
+    return true;
+  }
+  *encryptedCompositeKey = transientKey;
+  return true;
+}
+
+@end