[apple/security.git] / OSX / libsecurity_keychain / lib / Item.h

/*
 * Copyright (c) 2000-2004,2011-2014 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


//
// Item.h
//
#ifndef _SECURITY_ITEM_H_
#define _SECURITY_ITEM_H_

#include <security_keychain/Keychains.h>
#include <security_keychain/PrimaryKey.h>
#include <security_cdsa_client/securestorage.h>
#include <security_keychain/Access.h>

namespace Security
{

using namespace CssmClient;

namespace KeychainCore
{
class Keychain;

class ItemImpl : public SecCFObject
{
public:
	SECCFFUNCTIONS(ItemImpl, SecKeychainItemRef, errSecInvalidItemRef, gTypes().ItemImpl)

    friend class Item;
	friend class KeychainImpl;
protected:

	// new item constructors
    ItemImpl(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data, bool inhibitCheck = false);

	ItemImpl(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data);

	// db item constructor
    ItemImpl(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);

	// PrimaryKey item constructor
    ItemImpl(const Keychain &keychain, const PrimaryKey &primaryKey);

public:

	static ItemImpl* make(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
	static ItemImpl* make(const Keychain &keychain, const PrimaryKey &primaryKey);

	ItemImpl(ItemImpl &item);

	// Return true if we got the attribute, false if we only got the actualLength.
	void getAttributeFrom(CssmDbAttributeData *data, SecKeychainAttribute &attr,  UInt32 *actualLength);
	void getClass(SecKeychainAttribute &attr,  UInt32 *actualLength);

	// For iOS keys
	void setPersistentRef(CFDataRef ref);
	// returns NULL for securityd keys, or the (non-NULL) persistent ref for iOS keys
	CFDataRef getPersistentRef();
	
	PrimaryKey addWithCopyInfo(Keychain &keychain, bool isCopy);
	Mutex* getMutexForObject();

    // Return true iff the item integrity has not been compromised.
    virtual bool checkIntegrity();
    bool checkIntegrity(AclBearer& key);
    static bool checkIntegrityFromDictionary(AclBearer& key, DbAttributes* dbAttributes);

protected:
	// Methods called by KeychainImpl;

	// Add the receiver to keychain
	virtual PrimaryKey add(Keychain &keychain);

    // Prepare a dbAttributes to extract all possible attributes with a call to
    // getContent.
    void fillDbAttributesFromSchema(DbAttributes& dbAttributes, CSSM_DB_RECORDTYPE recordType, Keychain keychain = NULL);

    // Get all current attributes of this item. This will call out to the
    // database (if there is one) and then overly the current pending updates.
    // You must delete the returned object.
    DbAttributes* getCurrentAttributes();

    // Return a canonical form of this item's attributes
    void encodeAttributes(CssmOwnedData &attributeBlob);

    // Return a canonical form of the attributes passed in
    static void encodeAttributesFromDictionary(CssmOwnedData &attributeBlob, DbAttributes* dbAttributes);

    // Return a canonical digest of the record type and attributes of the item
    void computeDigest(CssmOwnedData &sha2);

    // Return a canonical digest of the record type and attributes passed in
    static void computeDigestFromDictionary(CssmOwnedData &sha2, DbAttributes* dbAttributes);

	// Get the default value for an attribute
	static const CSSM_DATA &defaultAttributeValue(const CSSM_DB_ATTRIBUTE_INFO &info);

public:
    virtual ~ItemImpl();
    bool isPersistent();
    bool isModified();

	virtual void update();

	void aboutToDestruct();

	// put a copy of the item into a given keychain
	virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL);

    CSSM_DB_RECORDTYPE recordType();

	// Used for writing the record to the database.
    CssmClient::DbUniqueRecord dbUniqueRecord();
	const CssmClient::DbAttributes *modifiedAttributes();
	const CssmData *modifiedData();
	virtual void didModify(); // Forget any attributes and data we just wrote to the db

	Keychain keychain();
	PrimaryKey primaryKey();
	bool operator < (const ItemImpl &other);

	void getAttribute(SecKeychainAttribute& attr,  UInt32 *actualLength);
	void getData(CssmDataContainer& outData);

	void modifyContent(const SecKeychainAttributeList *attrList, UInt32 dataLength, const void *inData);
	void getContent(SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData);
	static void freeContent(SecKeychainAttributeList *attrList, void *data);
	static void freeAttributesAndData(SecKeychainAttributeList *attrList, void *data);

	void getAttributesAndData(SecKeychainAttributeInfo *info, SecItemClass *itemClass,
							  SecKeychainAttributeList **attrList, UInt32 *length, void **outData);
	void modifyAttributesAndData(const SecKeychainAttributeList *attrList, UInt32 dataLength, const void *inData);

	void setAttribute(SecKeychainAttribute& attr);
	void setAttribute(const CssmDbAttributeInfo &info, const CssmPolyData &data);
	void setData(UInt32 length,const void *data);
	void setAccess(Access *newAccess);
	void copyRecordIdentifier(CSSM_DATA &data);
	SSGroup group();

    void getContent(DbAttributes *dbAttributes, CssmDataContainer *itemData);
    void getLocalContent(SecKeychainAttributeList *attributeList, UInt32 *outLength, void **outData);

    bool useSecureStorage(const CssmClient::Db &db);
	virtual void willRead();

    // create a persistent reference to this item
    void copyPersistentReference(CFDataRef &outDataRef, bool isSecIdentityRef=false);
	static Item makeFromPersistentReference(const CFDataRef persistentRef, bool *isIdentityRef=NULL);

	// for keychain syncing
	void doNotEncrypt () {mDoNotEncrypt = true;}

	// for posting events on this item
	void postItemEvent (SecKeychainEvent theEvent);

	// Only call these functions while holding globals().apiLock.
	bool inCache() const throw() { return mInCache; }
	void inCache(bool inCache) throw() { mInCache = inCache; }

	/* For binding to extended attributes. */
	virtual const CssmData &itemID();

	/* Overrides for SecCFObject methods */
	bool equal(SecCFObject &other);
    virtual CFHashCode hash();
	
    bool mayDelete();
    
protected:

    /* Saves the item with a new SSGroup and ACL. If you pass in an old SSGroup,
     * the ACL will be copied from the old group, and the old group deleted. */
    void updateSSGroup(Db& db, CSSM_DB_RECORDTYPE recordType, CssmDataContainer* data, Keychain keychain = NULL, SecPointer<Access> access = NULL);

    void doChange(Keychain keychain, CSSM_DB_RECORDTYPE recordType, void (^tryChange) () );

    // Add integrity acl entry to access.
    void addIntegrity(Access &access, bool force = false);

    // Set the integrity of this item to whatever my attributes are now
    // If force, then perform this even if the underlying keychain claims to not
    // support it. (This is needed because during an upgrade, the underlying
    // keychain is confused about its actual version until it's written to disk.)
    virtual void setIntegrity(bool force = false);

    // Set the integrity of this bearer to be whatever my attributes are now
    virtual void setIntegrity(AclBearer &bearer, bool force = false);

	// new item members
	RefPointer<CssmDataContainer> mData;
	auto_ptr<CssmClient::DbAttributes> mDbAttributes;
	SecPointer<Access> mAccess;

	// db item members
	CssmClient::DbUniqueRecord mUniqueId;
	Keychain mKeychain;
	PrimaryKey mPrimaryKey;

	// non-NULL only for secd items (managed by secd, not securityd)
	CFDataRef secd_PersistentRef;

private:
	// keychain syncing flags
	bool mDoNotEncrypt;

	// mInCache is protected by globals().apiLock
	// True iff we are in the cache of items in mKeychain
	bool mInCache;

protected:
	Mutex mMutex;
};


class Item : public SecPointer<ItemImpl>
{
public:
    Item();
    Item(ItemImpl *impl);
    Item(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data, bool inhibitCheck);
	Item(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data);
    Item(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
    Item(const Keychain &keychain, const PrimaryKey &primaryKey);
	Item(ItemImpl &item);
};


CFIndex GetItemRetainCount(Item& item);

} // end namespace KeychainCore

} // end namespace Security


#endif // !_SECURITY_ITEM_H_
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2000-2004,2011-2014 Apple Inc. All Rights Reserved.
427c49bc	3	*
b1ab9ed8	4	* @APPLE_LICENSE_HEADER_START@
d8f41ccd	5	*
b1ab9ed8 A	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
d8f41ccd	12	*
b1ab9ed8 A	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
d8f41ccd	20	*
b1ab9ed8 A	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	//
	26	// Item.h
	27	//
	28	#ifndef _SECURITY_ITEM_H_
	29	#define _SECURITY_ITEM_H_
	30
	31	#include <security_keychain/Keychains.h>
	32	#include <security_keychain/PrimaryKey.h>
	33	#include <security_cdsa_client/securestorage.h>
	34	#include <security_keychain/Access.h>
	35
	36	namespace Security
	37	{
	38
	39	using namespace CssmClient;
	40
	41	namespace KeychainCore
	42	{
	43	class Keychain;
	44
	45	class ItemImpl : public SecCFObject
	46	{
	47	public:
	48	SECCFFUNCTIONS(ItemImpl, SecKeychainItemRef, errSecInvalidItemRef, gTypes().ItemImpl)
	49
	50	friend class Item;
	51	friend class KeychainImpl;
	52	protected:
	53
	54	// new item constructors
	55	ItemImpl(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data, bool inhibitCheck = false);
427c49bc	56
b1ab9ed8 A	57	ItemImpl(SecItemClass itemClass, SecKeychainAttributeList attrList, UInt32 length, const void data);
b1ab9ed8 A	58
427c49bc	59	// db item constructor
b1ab9ed8 A	60	ItemImpl(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
b1ab9ed8 A	61
427c49bc	62	// PrimaryKey item constructor
b1ab9ed8 A	63	ItemImpl(const Keychain &keychain, const PrimaryKey &primaryKey);
	64
	65	public:
	66
	67	static ItemImpl* make(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
	68	static ItemImpl* make(const Keychain &keychain, const PrimaryKey &primaryKey);
427c49bc	69
b1ab9ed8 A	70	ItemImpl(ItemImpl &item);
	71
	72	// Return true if we got the attribute, false if we only got the actualLength.
	73	void getAttributeFrom(CssmDbAttributeData data, SecKeychainAttribute &attr, UInt32 actualLength);
	74	void getClass(SecKeychainAttribute &attr, UInt32 *actualLength);
427c49bc A	75
	76	// For iOS keys
	77	void setPersistentRef(CFDataRef ref);
	78	// returns NULL for securityd keys, or the (non-NULL) persistent ref for iOS keys
	79	CFDataRef getPersistentRef();
b1ab9ed8 A	80
	81	PrimaryKey addWithCopyInfo(Keychain &keychain, bool isCopy);
	82	Mutex* getMutexForObject();
	83
e3d460c9 A	84	// Return true iff the item integrity has not been compromised.
	85	virtual bool checkIntegrity();
	86	bool checkIntegrity(AclBearer& key);
	87	static bool checkIntegrityFromDictionary(AclBearer& key, DbAttributes* dbAttributes);
	88
b1ab9ed8 A	89	protected:
	90	// Methods called by KeychainImpl;
	91
	92	// Add the receiver to keychain
	93	virtual PrimaryKey add(Keychain &keychain);
	94
e3d460c9 A	95	// Prepare a dbAttributes to extract all possible attributes with a call to
	96	// getContent.
	97	void fillDbAttributesFromSchema(DbAttributes& dbAttributes, CSSM_DB_RECORDTYPE recordType, Keychain keychain = NULL);
	98
	99	// Get all current attributes of this item. This will call out to the
	100	// database (if there is one) and then overly the current pending updates.
	101	// You must delete the returned object.
	102	DbAttributes* getCurrentAttributes();
	103
	104	// Return a canonical form of this item's attributes
	105	void encodeAttributes(CssmOwnedData &attributeBlob);
	106
	107	// Return a canonical form of the attributes passed in
	108	static void encodeAttributesFromDictionary(CssmOwnedData &attributeBlob, DbAttributes* dbAttributes);
	109
	110	// Return a canonical digest of the record type and attributes of the item
	111	void computeDigest(CssmOwnedData &sha2);
	112
	113	// Return a canonical digest of the record type and attributes passed in
	114	static void computeDigestFromDictionary(CssmOwnedData &sha2, DbAttributes* dbAttributes);
	115
b1ab9ed8 A	116	// Get the default value for an attribute
	117	static const CSSM_DATA &defaultAttributeValue(const CSSM_DB_ATTRIBUTE_INFO &info);
	118
	119	public:
	120	virtual ~ItemImpl();
	121	bool isPersistent();
	122	bool isModified();
	123
	124	virtual void update();
	125
	126	void aboutToDestruct();
427c49bc	127
b1ab9ed8 A	128	// put a copy of the item into a given keychain
	129	virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL);
	130
	131	CSSM_DB_RECORDTYPE recordType();
	132
	133	// Used for writing the record to the database.
	134	CssmClient::DbUniqueRecord dbUniqueRecord();
	135	const CssmClient::DbAttributes *modifiedAttributes();
	136	const CssmData *modifiedData();
	137	virtual void didModify(); // Forget any attributes and data we just wrote to the db
	138
	139	Keychain keychain();
	140	PrimaryKey primaryKey();
	141	bool operator < (const ItemImpl &other);
	142
	143	void getAttribute(SecKeychainAttribute& attr, UInt32 *actualLength);
	144	void getData(CssmDataContainer& outData);
427c49bc	145
b1ab9ed8 A	146	void modifyContent(const SecKeychainAttributeList attrList, UInt32 dataLength, const void inData);
	147	void getContent(SecItemClass itemClass, SecKeychainAttributeList attrList, UInt32 length, void *outData);
	148	static void freeContent(SecKeychainAttributeList attrList, void data);
	149	static void freeAttributesAndData(SecKeychainAttributeList attrList, void data);
	150
	151	void getAttributesAndData(SecKeychainAttributeInfo info, SecItemClass itemClass,
	152	SecKeychainAttributeList *attrList, UInt32 length, void **outData);
	153	void modifyAttributesAndData(const SecKeychainAttributeList attrList, UInt32 dataLength, const void inData);
	154
	155	void setAttribute(SecKeychainAttribute& attr);
	156	void setAttribute(const CssmDbAttributeInfo &info, const CssmPolyData &data);
	157	void setData(UInt32 length,const void *data);
	158	void setAccess(Access *newAccess);
	159	void copyRecordIdentifier(CSSM_DATA &data);
	160	SSGroup group();
	161
	162	void getContent(DbAttributes dbAttributes, CssmDataContainer itemData);
	163	void getLocalContent(SecKeychainAttributeList attributeList, UInt32 outLength, void **outData);
	164
	165	bool useSecureStorage(const CssmClient::Db &db);
	166	virtual void willRead();
	167
	168	// create a persistent reference to this item
427c49bc A	169	void copyPersistentReference(CFDataRef &outDataRef, bool isSecIdentityRef=false);
427c49bc A	170	static Item makeFromPersistentReference(const CFDataRef persistentRef, bool *isIdentityRef=NULL);
b1ab9ed8 A	171
	172	// for keychain syncing
	173	void doNotEncrypt () {mDoNotEncrypt = true;}
	174
	175	// for posting events on this item
	176	void postItemEvent (SecKeychainEvent theEvent);
	177
	178	// Only call these functions while holding globals().apiLock.
	179	bool inCache() const throw() { return mInCache; }
	180	void inCache(bool inCache) throw() { mInCache = inCache; }
	181
	182	/* For binding to extended attributes. */
	183	virtual const CssmData &itemID();
427c49bc A	184
	185	/* Overrides for SecCFObject methods */
	186	bool equal(SecCFObject &other);
	187	virtual CFHashCode hash();
b1ab9ed8	188
427c49bc A	189	bool mayDelete();
427c49bc A	190
b1ab9ed8	191	protected:
e3d460c9 A	192
	193	/* Saves the item with a new SSGroup and ACL. If you pass in an old SSGroup,
	194	* the ACL will be copied from the old group, and the old group deleted. */
	195	void updateSSGroup(Db& db, CSSM_DB_RECORDTYPE recordType, CssmDataContainer* data, Keychain keychain = NULL, SecPointer<Access> access = NULL);
	196
	197	void doChange(Keychain keychain, CSSM_DB_RECORDTYPE recordType, void (^tryChange) () );
	198
	199	// Add integrity acl entry to access.
	200	void addIntegrity(Access &access, bool force = false);
	201
	202	// Set the integrity of this item to whatever my attributes are now
	203	// If force, then perform this even if the underlying keychain claims to not
	204	// support it. (This is needed because during an upgrade, the underlying
	205	// keychain is confused about its actual version until it's written to disk.)
	206	virtual void setIntegrity(bool force = false);
	207
	208	// Set the integrity of this bearer to be whatever my attributes are now
	209	virtual void setIntegrity(AclBearer &bearer, bool force = false);
	210
b1ab9ed8	211	// new item members
427c49bc A	212	RefPointer<CssmDataContainer> mData;
427c49bc A	213	auto_ptr<CssmClient::DbAttributes> mDbAttributes;
b1ab9ed8 A	214	SecPointer<Access> mAccess;
	215
	216	// db item members
427c49bc	217	CssmClient::DbUniqueRecord mUniqueId;
b1ab9ed8	218	Keychain mKeychain;
427c49bc A	219	PrimaryKey mPrimaryKey;
	220
	221	// non-NULL only for secd items (managed by secd, not securityd)
	222	CFDataRef secd_PersistentRef;
	223
b1ab9ed8 A	224	private:
	225	// keychain syncing flags
	226	bool mDoNotEncrypt;
	227
	228	// mInCache is protected by globals().apiLock
	229	// True iff we are in the cache of items in mKeychain
	230	bool mInCache;
	231
	232	protected:
	233	Mutex mMutex;
	234	};
	235
	236
	237	class Item : public SecPointer<ItemImpl>
	238	{
	239	public:
	240	Item();
	241	Item(ItemImpl *impl);
	242	Item(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data, bool inhibitCheck);
	243	Item(SecItemClass itemClass, SecKeychainAttributeList attrList, UInt32 length, const void data);
	244	Item(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
	245	Item(const Keychain &keychain, const PrimaryKey &primaryKey);
	246	Item(ItemImpl &item);
	247	};
	248
427c49bc	249
b1ab9ed8 A	250	CFIndex GetItemRetainCount(Item& item);
	251
	252	} // end namespace KeychainCore
	253
	254	} // end namespace Security
	255
427c49bc A	256
427c49bc A	257
b1ab9ed8	258	#endif // !_SECURITY_ITEM_H_