2 * Copyright (c) 2000-2012 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 // StorageManager.h -- Working with multiple keychains
28 #ifndef _SECURITY_STORAGEMANAGER_H_
29 #define _SECURITY_STORAGEMANAGER_H_
33 #include <security_keychain/DLDBListCFPref.h>
34 #include <security_keychain/DynamicDLDBList.h>
35 #include <security_keychain/Keychains.h>
36 #include <security_keychain/KeyItem.h>
37 #include <Security/Authorization.h>
39 #define kLegacyKeychainRenamedSuffix "_renamed"
40 #define kKeychainRenamedSuffix "_renamed_"
45 namespace KeychainCore
50 NOCOPY(StorageManager
)
52 typedef vector
<Keychain
> KeychainList
;
53 typedef vector
<DLDbIdentifier
> DLDbList
;
58 Mutex
* getStorageManagerMutex();
60 //bool onlist(const Keychain & keychain);
62 // These will call addAndNotify() if the specified keychain already exists
63 Keychain
make(const char *fullPathName
);
64 Keychain
make(const char *fullPathName
, bool add
);
65 Keychain
makeLoginAuthUI(const Item
*item
);
66 void created(const Keychain
&keychain
); // Be notified a Keychain just got created.
71 void add(const Keychain
& keychainToAdd
); // Only add if not there yet. Doesn't write out CFPref
73 // Vector-like methods.
75 Keychain
at(unsigned int ix
);
76 Keychain
operator[](unsigned int ix
);
78 KCCursor
createCursor(const SecKeychainAttributeList
*attrList
);
79 KCCursor
createCursor(SecItemClass itemClass
, const SecKeychainAttributeList
*attrList
);
81 // Lookup a keychain object in the cache. If it doesn't exist, create a
82 // new one and add to cache. Doesn't modify search lists.
83 // Note this doesn't create an actual database just a reference to one
84 // that may or may not exist.
85 Keychain
keychain(const DLDbIdentifier
&dLDbIdentifier
);
87 // Remove a keychain from the cache if it's in it.
88 void removeKeychain(const DLDbIdentifier
&dLDbIdentifier
, KeychainImpl
*keychainImpl
);
89 // Be notified a (smart card) keychain was removed.
90 void didRemoveKeychain(const DLDbIdentifier
&dLDbIdentifier
);
92 // Create KC if it doesn't exist, add it to the search list if it exists and is not already on it.
93 Keychain
makeKeychain(const DLDbIdentifier
&dLDbIdentifier
, bool add
= true);
95 // Reload a keychain from the on-disk database
96 void reloadKeychain(Keychain keychain
);
98 // Keychain list maintenance
100 // remove kcsToRemove from the search list
101 void remove(const KeychainList
&kcsToRemove
, bool deleteDb
= false);
103 void getSearchList(KeychainList
&keychainList
);
104 void setSearchList(const KeychainList
&keychainList
);
105 void forceUserSearchListReread ();
107 void getSearchList(SecPreferencesDomain domain
, KeychainList
&keychainList
);
108 void setSearchList(SecPreferencesDomain domain
, const KeychainList
&keychainList
);
110 void rename(Keychain keychain
, const char* newName
);
111 void renameUnique(Keychain keychain
, CFStringRef newName
);
113 // Iff keychainOrArray is NULL return the default KeychainList in keychainList otherwise
114 // if keychainOrArray is a CFArrayRef containing SecKeychainRef's convernt it to KeychainList,
115 // if keychainOrArray is a SecKeychainRef return a KeychainList with one element.
116 void optionalSearchList(CFTypeRef keychainOrArray
, KeychainList
&keychainList
);
118 // Convert CFArrayRef of SecKeychainRef's a KeychainList. The array must not be NULL
119 static void convertToKeychainList(CFArrayRef keychainArray
, KeychainList
&keychainList
);
121 // Convert KeychainList to a CFArrayRef of SecKeychainRef's.
122 static CFArrayRef
convertFromKeychainList(const KeychainList
&keychainList
);
124 // Login keychain support
125 void login(AuthorizationRef authRef
, UInt32 nameLength
, const char* name
);
126 void login(ConstStringPtr name
, ConstStringPtr password
);
127 void login(UInt32 nameLength
, const void *name
, UInt32 passwordLength
, const void *password
);
129 void stashKeychain();
131 void changeLoginPassword(ConstStringPtr oldPassword
, ConstStringPtr newPassword
);
132 void changeLoginPassword(UInt32 oldPasswordLength
, const void *oldPassword
, UInt32 newPasswordLength
, const void *newPassword
);
134 void resetKeychain(Boolean resetSearchList
);
136 Keychain
defaultKeychain();
137 Keychain
defaultKeychainUI(Item
&item
);
138 void defaultKeychain(const Keychain
&keychain
);
140 Keychain
loginKeychain();
141 void loginKeychain(Keychain keychain
);
143 Keychain
defaultKeychain(SecPreferencesDomain domain
);
144 void defaultKeychain(SecPreferencesDomain domain
, const Keychain
&keychain
);
146 SecPreferencesDomain
domain() { return mDomain
; }
147 void domain(SecPreferencesDomain newDomain
);
149 bool keychainOwnerPermissionsValidForDomain(const char* path
, SecPreferencesDomain domain
);
151 // non-file based Keychain manipulation
152 void addToDomainList(SecPreferencesDomain domain
, const char* dbName
, const CSSM_GUID
&guid
, uint32 subServiceType
);
153 void isInDomainList(SecPreferencesDomain domain
, const char* dbName
, const CSSM_GUID
&guid
, uint32 subServiceType
);
154 void removeFromDomainList(SecPreferencesDomain domain
, const char* dbName
, const CSSM_GUID
&guid
, uint32 subServiceType
);
157 static void convertList(DLDbList
&ids
, const KeychainList
&kcs
);
158 void convertList(KeychainList
&kcs
, const DLDbList
&ids
);
160 DLDbIdentifier
makeDLDbIdentifier(const char* pathName
);
161 CssmClient::Db
makeDb(DLDbIdentifier dLDbIdentifier
);
163 // Only add if not there yet. Writes out CFPref and broadcasts KCPrefListChanged notification
164 void addAndNotify(const Keychain
& keychainToAdd
);
166 // remove a keychain from the sync list
167 void removeKeychainFromSyncList (const DLDbIdentifier
&id
);
169 typedef map
<DLDbIdentifier
, KeychainImpl
*> KeychainMap
;
170 // Reference map of all keychains we know about that aren't deleted
172 KeychainMap mKeychains
;
174 // The dynamic search list.
175 DynamicDLDBList mDynamicList
;
177 DLDbListCFPref mSavedList
;
178 DLDbListCFPref mCommonList
;
179 SecPreferencesDomain mDomain
; // current domain (in mSavedList and cache fields)
181 RecursiveMutex mKeychainMapMutex
;
184 } // end namespace KeychainCore
186 } // end namespace Security
188 #endif // !_SECURITY_STORAGEMANAGER_H_