2 * Copyright (c) 2000-2004,2011,2013-2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
27 #ifndef _SECURITY_KCCURSOR_H_
28 #define _SECURITY_KCCURSOR_H_
30 #include <security_keychain/StorageManager.h>
35 namespace KeychainCore
38 class KCCursorImpl
: public SecCFObject
, public CssmAutoQuery
42 SECCFFUNCTIONS(KCCursorImpl
, SecKeychainSearchRef
, errSecInvalidSearchRef
, gTypes().KCCursorImpl
)
44 friend class KCCursor
;
46 KCCursorImpl(const StorageManager::KeychainList
&searchList
, SecItemClass itemClass
, const SecKeychainAttributeList
*attrList
, CSSM_DB_CONJUNCTIVE dbConjunctive
, CSSM_DB_OPERATOR dbOperator
);
47 KCCursorImpl(const StorageManager::KeychainList
&searchList
, const SecKeychainAttributeList
*attrList
);
50 virtual ~KCCursorImpl() _NOEXCEPT
;
51 bool next(Item
&item
);
54 // Occasionally, you might end up with a keychain where finding a record
55 // might return CSSMERR_DL_RECORD_NOT_FOUND. This is usually due to having a
56 // existing SSGroup element whose matching SSGroup key has been deleted.
58 // You might also have invalid ACLs or records with bad MACs.
60 // If you set this to true, this KCCursor will silently suppress errors when
61 // creating items, and try to delete these corrupt records.
62 void setDeleteInvalidRecords(bool deleteRecord
);
65 StorageManager::KeychainList mSearchList
;
66 StorageManager::KeychainList::iterator mCurrent
;
67 CssmClient::DbCursor mDbCursor
;
69 bool mDeleteInvalidRecords
;
71 // Remembers if we've called newKeychain() on mCurrent.
77 // Call this every time we switch to a new keychain
79 // 1. handle the read locks on the new keychain and the old one
80 // 2. Try to upgrade the new keychain if needed and possible
81 // Handles the end iterator.
82 void newKeychain(StorageManager::KeychainList::iterator kcIter
);
84 // Try to delete a record. Silently swallow any RECORD_NOT_FOUND exceptions,
85 // but throw others upward.
86 void deleteInvalidRecord(DbUniqueRecord
& uniqueId
);
90 class KCCursor
: public SecPointer
<KCCursorImpl
>
95 KCCursor(KCCursorImpl
*impl
) : SecPointer
<KCCursorImpl
>(impl
) {}
97 KCCursor(const StorageManager::KeychainList
&searchList
, const SecKeychainAttributeList
*attrList
)
98 : SecPointer
<KCCursorImpl
>(new KCCursorImpl(searchList
, attrList
)) {}
100 KCCursor(const StorageManager::KeychainList
&searchList
, SecItemClass itemClass
, const SecKeychainAttributeList
*attrList
, CSSM_DB_CONJUNCTIVE dbConjunctive
=CSSM_DB_AND
, CSSM_DB_OPERATOR dbOperator
=CSSM_DB_EQUAL
)
101 : SecPointer
<KCCursorImpl
>(new KCCursorImpl(searchList
, itemClass
, attrList
, dbConjunctive
, dbOperator
)) {}
103 typedef KCCursorImpl Impl
;
107 } // end namespace KeychainCore
109 } // end namespace Security
111 #endif // !_SECURITY_KCCURSOR_H_