]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_keychain/lib/Item.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57337.50.23.tar.gz
[apple/security.git] / OSX / libsecurity_keychain / lib / Item.h
1 /*
2 * Copyright (c) 2000-2004,2011-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24
25 //
26 // Item.h
27 //
28 #ifndef _SECURITY_ITEM_H_
29 #define _SECURITY_ITEM_H_
30
31 #include <security_keychain/Keychains.h>
32 #include <security_keychain/PrimaryKey.h>
33 #include <security_cdsa_client/securestorage.h>
34 #include <security_keychain/Access.h>
35
36 namespace Security
37 {
38
39 using namespace CssmClient;
40
41 namespace KeychainCore
42 {
43 class Keychain;
44
45 class ItemImpl : public SecCFObject
46 {
47 public:
48 SECCFFUNCTIONS(ItemImpl, SecKeychainItemRef, errSecInvalidItemRef, gTypes().ItemImpl)
49
50 friend class Item;
51 friend class KeychainImpl;
52 protected:
53
54 // new item constructors
55 ItemImpl(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data, bool inhibitCheck = false);
56
57 ItemImpl(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data);
58
59 // db item constructor
60 ItemImpl(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
61
62 // PrimaryKey item constructor
63 ItemImpl(const Keychain &keychain, const PrimaryKey &primaryKey);
64
65 public:
66
67 static ItemImpl* make(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
68 static ItemImpl* make(const Keychain &keychain, const PrimaryKey &primaryKey);
69
70 ItemImpl(ItemImpl &item);
71
72 // Return true if we got the attribute, false if we only got the actualLength.
73 void getAttributeFrom(CssmDbAttributeData *data, SecKeychainAttribute &attr, UInt32 *actualLength);
74 void getClass(SecKeychainAttribute &attr, UInt32 *actualLength);
75
76 // For iOS keys
77 void setPersistentRef(CFDataRef ref);
78 // returns NULL for securityd keys, or the (non-NULL) persistent ref for iOS keys
79 CFDataRef getPersistentRef();
80
81 PrimaryKey addWithCopyInfo(Keychain &keychain, bool isCopy);
82 Mutex* getMutexForObject();
83
84 // Return true iff the item integrity has not been compromised.
85 virtual bool checkIntegrity();
86 bool checkIntegrity(AclBearer& key);
87 static bool checkIntegrityFromDictionary(AclBearer& key, DbAttributes* dbAttributes);
88
89 protected:
90 // Methods called by KeychainImpl;
91
92 // Add the receiver to keychain
93 virtual PrimaryKey add(Keychain &keychain);
94
95 // Prepare a dbAttributes to extract all possible attributes with a call to
96 // getContent.
97 void fillDbAttributesFromSchema(DbAttributes& dbAttributes, CSSM_DB_RECORDTYPE recordType, Keychain keychain = NULL);
98
99 // Get all current attributes of this item. This will call out to the
100 // database (if there is one) and then overly the current pending updates.
101 // You must delete the returned object.
102 DbAttributes* getCurrentAttributes();
103
104 // Return a canonical form of this item's attributes
105 void encodeAttributes(CssmOwnedData &attributeBlob);
106
107 // Return a canonical form of the attributes passed in
108 static void encodeAttributesFromDictionary(CssmOwnedData &attributeBlob, DbAttributes* dbAttributes);
109
110 // Return a canonical digest of the record type and attributes of the item
111 void computeDigest(CssmOwnedData &sha2);
112
113 // Return a canonical digest of the record type and attributes passed in
114 static void computeDigestFromDictionary(CssmOwnedData &sha2, DbAttributes* dbAttributes);
115
116 // Get the default value for an attribute
117 static const CSSM_DATA &defaultAttributeValue(const CSSM_DB_ATTRIBUTE_INFO &info);
118
119 public:
120 virtual ~ItemImpl();
121 bool isPersistent();
122 bool isModified();
123
124 virtual void update();
125
126 void aboutToDestruct();
127
128 // put a copy of the item into a given keychain
129 virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL);
130
131 CSSM_DB_RECORDTYPE recordType();
132
133 // Used for writing the record to the database.
134 CssmClient::DbUniqueRecord dbUniqueRecord();
135 const CssmClient::DbAttributes *modifiedAttributes();
136 const CssmData *modifiedData();
137 virtual void didModify(); // Forget any attributes and data we just wrote to the db
138
139 Keychain keychain();
140 PrimaryKey primaryKey();
141 bool operator < (const ItemImpl &other);
142
143 void getAttribute(SecKeychainAttribute& attr, UInt32 *actualLength);
144 void getData(CssmDataContainer& outData);
145
146 void modifyContent(const SecKeychainAttributeList *attrList, UInt32 dataLength, const void *inData);
147 void getContent(SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData);
148 static void freeContent(SecKeychainAttributeList *attrList, void *data);
149 static void freeAttributesAndData(SecKeychainAttributeList *attrList, void *data);
150
151 void getAttributesAndData(SecKeychainAttributeInfo *info, SecItemClass *itemClass,
152 SecKeychainAttributeList **attrList, UInt32 *length, void **outData);
153 void modifyAttributesAndData(const SecKeychainAttributeList *attrList, UInt32 dataLength, const void *inData);
154
155 void setAttribute(SecKeychainAttribute& attr);
156 void setAttribute(const CssmDbAttributeInfo &info, const CssmPolyData &data);
157 void setData(UInt32 length,const void *data);
158 void setAccess(Access *newAccess);
159 void copyRecordIdentifier(CSSM_DATA &data);
160 SSGroup group();
161
162 void getContent(DbAttributes *dbAttributes, CssmDataContainer *itemData);
163 void getLocalContent(SecKeychainAttributeList *attributeList, UInt32 *outLength, void **outData);
164
165 bool useSecureStorage(const CssmClient::Db &db);
166 virtual void willRead();
167
168 // create a persistent reference to this item
169 void copyPersistentReference(CFDataRef &outDataRef, bool isSecIdentityRef=false);
170 static Item makeFromPersistentReference(const CFDataRef persistentRef, bool *isIdentityRef=NULL);
171
172 // for keychain syncing
173 void doNotEncrypt () {mDoNotEncrypt = true;}
174
175 // for posting events on this item
176 void postItemEvent (SecKeychainEvent theEvent);
177
178 // Only call these functions while holding globals().apiLock.
179 bool inCache() const throw() { return mInCache; }
180 void inCache(bool inCache) throw() { mInCache = inCache; }
181
182 /* For binding to extended attributes. */
183 virtual const CssmData &itemID();
184
185 /* Overrides for SecCFObject methods */
186 bool equal(SecCFObject &other);
187 virtual CFHashCode hash();
188
189 bool mayDelete();
190
191 protected:
192
193 /* Saves the item with a new SSGroup and ACL. If you pass in an old SSGroup,
194 * the ACL will be copied from the old group, and the old group deleted. */
195 void updateSSGroup(Db& db, CSSM_DB_RECORDTYPE recordType, CssmDataContainer* data, Keychain keychain = NULL, SecPointer<Access> access = NULL);
196
197 void doChange(Keychain keychain, CSSM_DB_RECORDTYPE recordType, void (^tryChange) () );
198
199 // Add integrity acl entry to access.
200 void addIntegrity(Access &access, bool force = false);
201
202 // Set the integrity of this item to whatever my attributes are now
203 // If force, then perform this even if the underlying keychain claims to not
204 // support it. (This is needed because during an upgrade, the underlying
205 // keychain is confused about its actual version until it's written to disk.)
206 virtual void setIntegrity(bool force = false);
207
208 // Set the integrity of this bearer to be whatever my attributes are now
209 virtual void setIntegrity(AclBearer &bearer, bool force = false);
210
211 // new item members
212 RefPointer<CssmDataContainer> mData;
213 auto_ptr<CssmClient::DbAttributes> mDbAttributes;
214 SecPointer<Access> mAccess;
215
216 // db item members
217 CssmClient::DbUniqueRecord mUniqueId;
218 Keychain mKeychain;
219 PrimaryKey mPrimaryKey;
220
221 // non-NULL only for secd items (managed by secd, not securityd)
222 CFDataRef secd_PersistentRef;
223
224 private:
225 // keychain syncing flags
226 bool mDoNotEncrypt;
227
228 // mInCache is protected by globals().apiLock
229 // True iff we are in the cache of items in mKeychain
230 bool mInCache;
231
232 protected:
233 Mutex mMutex;
234 };
235
236
237 class Item : public SecPointer<ItemImpl>
238 {
239 public:
240 Item();
241 Item(ItemImpl *impl);
242 Item(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data, bool inhibitCheck);
243 Item(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data);
244 Item(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
245 Item(const Keychain &keychain, const PrimaryKey &primaryKey);
246 Item(ItemImpl &item);
247 };
248
249
250 CFIndex GetItemRetainCount(Item& item);
251
252 } // end namespace KeychainCore
253
254 } // end namespace Security
255
256
257
258 #endif // !_SECURITY_ITEM_H_
mirror of Security