[apple/security.git] / libsecurity_keychain / lib / StorageManager.h

/*
 * Copyright (c) 2000-2010 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */


//
// StorageManager.h -- Working with multiple keychains
//
#ifndef _SECURITY_STORAGEMANAGER_H_
#define _SECURITY_STORAGEMANAGER_H_

#include <list>
#include <set>
#include <security_keychain/DLDBListCFPref.h>
#include <security_keychain/DynamicDLDBList.h>
#include <security_keychain/Keychains.h>
#include <security_keychain/KeyItem.h>
#include <Security/Authorization.h>

#define kLegacyKeychainRenamedSuffix    "_renamed"
#define kKeychainRenamedSuffix          "_renamed_"

namespace Security
{

namespace KeychainCore
{

class StorageManager
{
    NOCOPY(StorageManager)
public:
    typedef vector<Keychain> KeychainList;
	typedef vector<DLDbIdentifier> DLDbList;

	StorageManager();
    ~StorageManager() {}

	Mutex* getStorageManagerMutex();
	
    //bool onlist(const Keychain & keychain);

    // These will call addAndNotify() if the specified keychain already exists
	Keychain make(const char *fullPathName);
    Keychain make(const char *fullPathName, bool add);
    Keychain makeLoginAuthUI(const Item *item);
    void created(const Keychain &keychain); // Be notified a Keychain just got created.

	// Misc
    void lockAll();

    void add(const Keychain& keychainToAdd); // Only add if not there yet.  Doesn't write out CFPref

    // Vector-like methods.
	size_t size();
	Keychain at(unsigned int ix);
	Keychain operator[](unsigned int ix);

	KCCursor createCursor(const SecKeychainAttributeList *attrList);
	KCCursor createCursor(SecItemClass itemClass, const SecKeychainAttributeList *attrList);

	// Lookup a keychain object in the cache.  If it doesn't exist, create a
	// new one and add to cache. Doesn't modify search lists.
	// Note this doesn't create an actual database just a reference to one
	// that may or may not exist.
    Keychain keychain(const DLDbIdentifier &dLDbIdentifier);

	// Remove a keychain from the cache if it's in it.
	void removeKeychain(const DLDbIdentifier &dLDbIdentifier, KeychainImpl *keychainImpl);
	// Be notified a (smart card) keychain was removed.
	void didRemoveKeychain(const DLDbIdentifier &dLDbIdentifier);
	
	// Create KC if it doesn't exist, add it to the search list if it exists and is not already on it.
    Keychain makeKeychain(const DLDbIdentifier &dLDbIdentifier, bool add = true);


	// Keychain list maintenance

	// remove kcsToRemove from the search list
	void remove(const KeychainList &kcsToRemove, bool deleteDb = false);

	void getSearchList(KeychainList &keychainList);
	void setSearchList(const KeychainList &keychainList);
	void forceUserSearchListReread ();

	void getSearchList(SecPreferencesDomain domain, KeychainList &keychainList);
	void setSearchList(SecPreferencesDomain domain, const KeychainList &keychainList);

    void rename(Keychain keychain, const char* newName);
    void renameUnique(Keychain keychain, CFStringRef newName);

	// Iff keychainOrArray is NULL return the default KeychainList in keychainList otherwise
	// if keychainOrArray is a CFArrayRef containing SecKeychainRef's convernt it to KeychainList,
	// if keychainOrArray is a SecKeychainRef return a KeychainList with one element.
	void optionalSearchList(CFTypeRef keychainOrArray, KeychainList &keychainList);

	// Convert CFArrayRef of SecKeychainRef's a KeychainList.  The array must not be NULL
	static void convertToKeychainList(CFArrayRef keychainArray, KeychainList &keychainList);

	// Convert KeychainList to a CFArrayRef of SecKeychainRef's.
	static CFArrayRef convertFromKeychainList(const KeychainList &keychainList);

	// Login keychain support
    void login(AuthorizationRef authRef, UInt32 nameLength, const char* name);
	void login(ConstStringPtr name, ConstStringPtr password);
	void login(UInt32 nameLength, const void *name, UInt32 passwordLength, const void *password);
    void stashLogin();
    void stashKeychain();
	void logout();
	void changeLoginPassword(ConstStringPtr oldPassword, ConstStringPtr newPassword);
	void changeLoginPassword(UInt32 oldPasswordLength, const void *oldPassword,  UInt32 newPasswordLength, const void *newPassword);

    void resetKeychain(Boolean resetSearchList);

	Keychain defaultKeychain();
    Keychain defaultKeychainUI(Item &item);
	void defaultKeychain(const Keychain &keychain);

	Keychain loginKeychain();
	void loginKeychain(Keychain keychain);
	
	Keychain defaultKeychain(SecPreferencesDomain domain);
	void defaultKeychain(SecPreferencesDomain domain, const Keychain &keychain);
	
	SecPreferencesDomain domain() { return mDomain; }
	void domain(SecPreferencesDomain newDomain);
	
	bool keychainOwnerPermissionsValidForDomain(const char* path, SecPreferencesDomain domain);

	// non-file based Keychain manipulation
	void addToDomainList(SecPreferencesDomain domain, const char* dbName, const CSSM_GUID &guid, uint32 subServiceType);
	void isInDomainList(SecPreferencesDomain domain, const char* dbName, const CSSM_GUID &guid, uint32 subServiceType);
	void removeFromDomainList(SecPreferencesDomain domain, const char* dbName, const CSSM_GUID &guid, uint32 subServiceType);
	
private:
	static void convertList(DLDbList &ids, const KeychainList &kcs);
	void convertList(KeychainList &kcs, const DLDbList &ids);

    // Only add if not there yet.  Writes out CFPref and broadcasts KCPrefListChanged notification
	void addAndNotify(const Keychain& keychainToAdd);

	// remove a keychain from the sync list
	void removeKeychainFromSyncList (const DLDbIdentifier &id);

    typedef map<DLDbIdentifier, __weak KeychainImpl *> KeychainMap;
	// Weak reference map of all keychains we know about that aren't deleted
	// or removed
    KeychainMap mKeychains;

	// The dynamic search list.
	DynamicDLDBList mDynamicList;

	DLDbListCFPref mSavedList;
	DLDbListCFPref mCommonList;
	SecPreferencesDomain mDomain; // current domain (in mSavedList and cache fields)
	Mutex mMutex;
	RecursiveMutex mKeychainMapMutex;
};

} // end namespace KeychainCore

} // end namespace Security

#endif // !_SECURITY_STORAGEMANAGER_H_
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2000-2010 Apple Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24
	25	//
	26	// StorageManager.h -- Working with multiple keychains
	27	//
	28	#ifndef _SECURITY_STORAGEMANAGER_H_
	29	#define _SECURITY_STORAGEMANAGER_H_
	30
	31	#include <list>
	32	#include <set>
	33	#include <security_keychain/DLDBListCFPref.h>
	34	#include <security_keychain/DynamicDLDBList.h>
	35	#include <security_keychain/Keychains.h>
	36	#include <security_keychain/KeyItem.h>
	37	#include <Security/Authorization.h>
	38
	39	#define kLegacyKeychainRenamedSuffix "_renamed"
	40	#define kKeychainRenamedSuffix "_renamed_"
	41
	42	namespace Security
	43	{
	44
	45	namespace KeychainCore
	46	{
	47
	48	class StorageManager
	49	{
	50	NOCOPY(StorageManager)
	51	public:
	52	typedef vector<Keychain> KeychainList;
	53	typedef vector<DLDbIdentifier> DLDbList;
	54
	55	StorageManager();
	56	~StorageManager() {}
	57
	58	Mutex* getStorageManagerMutex();
	59
	60	//bool onlist(const Keychain & keychain);
	61
	62	// These will call addAndNotify() if the specified keychain already exists
	63	Keychain make(const char *fullPathName);
	64	Keychain make(const char *fullPathName, bool add);
65	Keychain makeLoginAuthUI(const Item *item);
66	void created(const Keychain &keychain); // Be notified a Keychain just got created.
67
68	// Misc
69	void lockAll();
70
71	void add(const Keychain& keychainToAdd); // Only add if not there yet. Doesn't write out CFPref
72
73	// Vector-like methods.
74	size_t size();
75	Keychain at(unsigned int ix);
76	Keychain operator[](unsigned int ix);
77
78	KCCursor createCursor(const SecKeychainAttributeList *attrList);
79	KCCursor createCursor(SecItemClass itemClass, const SecKeychainAttributeList *attrList);
80
81	// Lookup a keychain object in the cache. If it doesn't exist, create a
82	// new one and add to cache. Doesn't modify search lists.
83	// Note this doesn't create an actual database just a reference to one
84	// that may or may not exist.
85	Keychain keychain(const DLDbIdentifier &dLDbIdentifier);
86
87	// Remove a keychain from the cache if it's in it.
88	void removeKeychain(const DLDbIdentifier &dLDbIdentifier, KeychainImpl *keychainImpl);
89	// Be notified a (smart card) keychain was removed.
90	void didRemoveKeychain(const DLDbIdentifier &dLDbIdentifier);
91
92	// Create KC if it doesn't exist, add it to the search list if it exists and is not already on it.
93	Keychain makeKeychain(const DLDbIdentifier &dLDbIdentifier, bool add = true);
94
95
96	// Keychain list maintenance
97
98	// remove kcsToRemove from the search list
99	void remove(const KeychainList &kcsToRemove, bool deleteDb = false);
100
101	void getSearchList(KeychainList &keychainList);
102	void setSearchList(const KeychainList &keychainList);
103	void forceUserSearchListReread ();
104
105	void getSearchList(SecPreferencesDomain domain, KeychainList &keychainList);
106	void setSearchList(SecPreferencesDomain domain, const KeychainList &keychainList);
107
108	void rename(Keychain keychain, const char* newName);
109	void renameUnique(Keychain keychain, CFStringRef newName);
110
111	// Iff keychainOrArray is NULL return the default KeychainList in keychainList otherwise
112	// if keychainOrArray is a CFArrayRef containing SecKeychainRef's convernt it to KeychainList,
113	// if keychainOrArray is a SecKeychainRef return a KeychainList with one element.
114	void optionalSearchList(CFTypeRef keychainOrArray, KeychainList &keychainList);
115
116	// Convert CFArrayRef of SecKeychainRef's a KeychainList. The array must not be NULL
117	static void convertToKeychainList(CFArrayRef keychainArray, KeychainList &keychainList);
118
119	// Convert KeychainList to a CFArrayRef of SecKeychainRef's.
120	static CFArrayRef convertFromKeychainList(const KeychainList &keychainList);
121
122	// Login keychain support
123	void login(AuthorizationRef authRef, UInt32 nameLength, const char* name);
124	void login(ConstStringPtr name, ConstStringPtr password);
125	void login(UInt32 nameLength, const void name, UInt32 passwordLength, const void password);
427c49bc A	126	void stashLogin();
427c49bc A	127	void stashKeychain();
b1ab9ed8 A	128	void logout();
	129	void changeLoginPassword(ConstStringPtr oldPassword, ConstStringPtr newPassword);
	130	void changeLoginPassword(UInt32 oldPasswordLength, const void oldPassword, UInt32 newPasswordLength, const void newPassword);
	131
	132	void resetKeychain(Boolean resetSearchList);
	133
	134	Keychain defaultKeychain();
	135	Keychain defaultKeychainUI(Item &item);
	136	void defaultKeychain(const Keychain &keychain);
	137
	138	Keychain loginKeychain();
	139	void loginKeychain(Keychain keychain);
	140
	141	Keychain defaultKeychain(SecPreferencesDomain domain);
	142	void defaultKeychain(SecPreferencesDomain domain, const Keychain &keychain);
	143
	144	SecPreferencesDomain domain() { return mDomain; }
	145	void domain(SecPreferencesDomain newDomain);
	146
	147	bool keychainOwnerPermissionsValidForDomain(const char* path, SecPreferencesDomain domain);
	148
	149	// non-file based Keychain manipulation
	150	void addToDomainList(SecPreferencesDomain domain, const char* dbName, const CSSM_GUID &guid, uint32 subServiceType);
	151	void isInDomainList(SecPreferencesDomain domain, const char* dbName, const CSSM_GUID &guid, uint32 subServiceType);
	152	void removeFromDomainList(SecPreferencesDomain domain, const char* dbName, const CSSM_GUID &guid, uint32 subServiceType);
	153
	154	private:
	155	static void convertList(DLDbList &ids, const KeychainList &kcs);
	156	void convertList(KeychainList &kcs, const DLDbList &ids);
	157
	158	// Only add if not there yet. Writes out CFPref and broadcasts KCPrefListChanged notification
	159	void addAndNotify(const Keychain& keychainToAdd);
	160
	161	// remove a keychain from the sync list
	162	void removeKeychainFromSyncList (const DLDbIdentifier &id);
	163
	164	typedef map<DLDbIdentifier, __weak KeychainImpl *> KeychainMap;
	165	// Weak reference map of all keychains we know about that aren't deleted
	166	// or removed
	167	KeychainMap mKeychains;
	168
	169	// The dynamic search list.
	170	DynamicDLDBList mDynamicList;
	171
	172	DLDbListCFPref mSavedList;
	173	DLDbListCFPref mCommonList;
	174	SecPreferencesDomain mDomain; // current domain (in mSavedList and cache fields)
	175	Mutex mMutex;
	176	RecursiveMutex mKeychainMapMutex;
	177	};
	178
	179	} // end namespace KeychainCore
	180
	181	} // end namespace Security
	182
	183	#endif // !_SECURITY_STORAGEMANAGER_H_