]> git.saurik.com Git - apple/security.git/blob - OSX/sec/Security/SecItemInternal.h
Security-59306.11.20.tar.gz
[apple/security.git] / OSX / sec / Security / SecItemInternal.h
1 /*
2 * Copyright (c) 2009,2012-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 /*!
25 @header SecItemInternal
26 SecItemInternal defines SPI functions dealing with persistent refs
27 */
28
29 #ifndef _SECURITY_SECITEMINTERNAL_H_
30 #define _SECURITY_SECITEMINTERNAL_H_
31
32 #include <CoreFoundation/CFData.h>
33 #include <sqlite3.h>
34 #include <ipc/securityd_client.h>
35 #include <ctkclient/ctkclient.h>
36
37 __BEGIN_DECLS
38
39 #define kSecServerKeychainChangedNotification "com.apple.security.keychainchanged"
40 #define kSecServerCertificateTrustNotification "com.apple.security.certificatetrust"
41
42 /* label when certificate data is joined with key data */
43 static const CFStringRef kSecAttrIdentityCertificateData = CFSTR("certdata");
44 static const CFStringRef kSecAttrIdentityCertificateTokenID = CFSTR("certtkid");
45
46 // Keys for dictionary of kSecvalueData of token-based items.
47 static const CFStringRef kSecTokenValueObjectIDKey = CFSTR("oid");
48 static const CFStringRef kSecTokenValueAccessControlKey = CFSTR("ac");
49 static const CFStringRef kSecTokenValueDataKey = CFSTR("data");
50
51 CFDataRef _SecItemCreatePersistentRef(CFTypeRef iclass, sqlite_int64 rowid, CFDictionaryRef attributes);
52
53 bool _SecItemParsePersistentRef(CFDataRef persistent_ref, CFStringRef *return_class,
54 sqlite_int64 *return_rowid, CFDictionaryRef *return_token_attrs);
55
56 OSStatus _SecRestoreKeychain(const char *path);
57
58 OSStatus SecOSStatusWith(bool (^perform)(CFErrorRef *error));
59
60 bool cftype_client_to_bool_cftype_error_request(enum SecXPCOperation op, CFTypeRef attributes, __unused SecurityClient *client, CFTypeRef *result, CFErrorRef *error);
61
62 /* Structure representing copy-on-write dictionary. Typical use is:
63 int bar(CFDictionaryRef input);
64 int foo(CFDictionaryRef input) {
65 SecCFDictionaryCOW in = { input };
66 if (condition) {
67 CFDictionarySetValue(SecCFDictionaryCOWGetMutable(&in), key, value);
68 }
69 bar(in.dictionary);
70 CFReleaseSafe(in.mutable_dictionary);
71 }
72 */
73 typedef struct {
74 // Real dictionary, not owned by this structure, should be accessed directly for read-only access.
75 CFDictionaryRef dictionary;
76
77 // On-demand created (and possibly modified), owned writable copy of dictionary.
78 CFMutableDictionaryRef mutable_dictionary;
79 } SecCFDictionaryCOW;
80
81 CFMutableDictionaryRef SecCFDictionaryCOWGetMutable(SecCFDictionaryCOW *cow_dictionary);
82
83 bool SecItemResultProcess(CFDictionaryRef query, CFDictionaryRef auth_params, TKTokenRef token,
84 CFTypeRef raw_result, CFTypeRef *result, CFErrorRef *error);
85
86 typedef enum {
87 kSecItemAuthResultOK,
88 kSecItemAuthResultError,
89 kSecItemAuthResultNeedAuth
90 } SecItemAuthResult;
91
92 bool SecItemAuthDo(SecCFDictionaryCOW *auth_params, CFErrorRef *error, SecItemAuthResult (^perform)(CFArrayRef *ac_pairs, CFErrorRef *error),
93 void (^newCredentialRefAdded)(void));
94
95 bool SecItemAuthDoQuery(SecCFDictionaryCOW *query, SecCFDictionaryCOW *attributes, const void *secItemOperation, CFErrorRef *error,
96 bool (^perform)(TKTokenRef token, CFDictionaryRef query, CFDictionaryRef attributes, CFDictionaryRef auth_params, CFErrorRef *error));
97
98 void SecItemAuthCopyParams(SecCFDictionaryCOW *auth_params, SecCFDictionaryCOW *query);
99
100 TKTokenRef SecTokenCreate(CFStringRef token_id, SecCFDictionaryCOW *auth_params, CFErrorRef *error);
101
102 CFDictionaryRef SecTokenItemValueCopy(CFDataRef db_value, CFErrorRef *error);
103
104 CFDataRef SecItemAttributesCopyPreparedAuthContext(CFTypeRef la_context, CFErrorRef *error);
105
106 CFArrayRef SecItemCopyParentCertificates_ios(CFDataRef normalizedIssuer, CFArrayRef accessGroups, CFErrorRef *error);
107
108 bool SecItemCertificateExists(CFDataRef normalizedIssuer, CFDataRef serialNumber, CFArrayRef accessGroups, CFErrorRef *error);
109
110 __END_DECLS
111
112 #endif /* !_SECURITY_SECITEMINTERNAL_H_ */