OSX/sec/Security/SecItemInternal.h

   1 /*
   2  * Copyright (c) 2009,2012-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*!
  25     @header SecItemInternal
  26     SecItemInternal defines SPI functions dealing with persistent refs
  27 */
  28
  29 #ifndef _SECURITY_SECITEMINTERNAL_H_
  30 #define _SECURITY_SECITEMINTERNAL_H_
  31
  32 #include <CoreFoundation/CFData.h>
  33 #include <sqlite3.h>
  34 #include <ipc/securityd_client.h>
  35 #include <ctkclient/ctkclient.h>
  36
  37 __BEGIN_DECLS
  38
  39 #define kSecServerKeychainChangedNotification   "com.apple.security.keychainchanged"
  40 #define kSecServerCertificateTrustNotification  "com.apple.security.certificatetrust"
  41
  42 /* label when certificate data is joined with key data */
  43 static const CFStringRef kSecAttrIdentityCertificateData = CFSTR("certdata");
  44 static const CFStringRef kSecAttrIdentityCertificateTokenID = CFSTR("certtkid");
  45
  46 // Keys for dictionary of kSecvalueData of token-based items.
  47 static const CFStringRef kSecTokenValueObjectIDKey = CFSTR("oid");
  48 static const CFStringRef kSecTokenValueAccessControlKey = CFSTR("ac");
  49 static const CFStringRef kSecTokenValueDataKey = CFSTR("data");
  50
  51 CFDataRef _SecItemCreatePersistentRef(CFTypeRef iclass, sqlite_int64 rowid, CFDictionaryRef attributes);
  52
  53 bool _SecItemParsePersistentRef(CFDataRef persistent_ref, CFStringRef *return_class,
  54     sqlite_int64 *return_rowid, CFDictionaryRef *return_token_attrs);
  55
  56 OSStatus _SecRestoreKeychain(const char *path);
  57
  58 OSStatus SecOSStatusWith(bool (^perform)(CFErrorRef *error));
  59
  60 bool cftype_client_to_bool_cftype_error_request(enum SecXPCOperation op, CFTypeRef attributes, __unused SecurityClient *client, CFTypeRef *result, CFErrorRef *error);
  61
  62 /* Structure representing copy-on-write dictionary.  Typical use is:
  63  int bar(CFDictionaryRef input);
  64  int foo(CFDictionaryRef input) {
  65      SecCFDictionaryCOW in = { input };
  66      if (condition) {
  67          CFDictionarySetValue(SecCFDictionaryCOWGetMutable(&in), key, value);
  68      }
  69      bar(in.dictionary);
  70      CFReleaseSafe(in.mutable_dictionary);
  71  }
  72  */
  73 typedef struct {
  74     // Real dictionary, not owned by this structure, should be accessed directly for read-only access.
  75     CFDictionaryRef dictionary;
  76
  77     // On-demand created (and possibly modified), owned writable copy of dictionary.
  78     CFMutableDictionaryRef mutable_dictionary;
  79 } SecCFDictionaryCOW;
  80
  81 CFMutableDictionaryRef SecCFDictionaryCOWGetMutable(SecCFDictionaryCOW *cow_dictionary);
  82
  83 bool SecItemResultProcess(CFDictionaryRef query, CFDictionaryRef auth_params, TKTokenRef token,
  84                           CFTypeRef raw_result, CFTypeRef *result, CFErrorRef *error);
  85
  86 typedef enum {
  87     kSecItemAuthResultOK,
  88     kSecItemAuthResultError,
  89     kSecItemAuthResultNeedAuth
  90 } SecItemAuthResult;
  91
  92 bool SecItemAuthDo(SecCFDictionaryCOW *auth_params, CFErrorRef *error, SecItemAuthResult (^perform)(CFArrayRef *ac_pairs, CFErrorRef *error),
  93                    void (^newCredentialRefAdded)(void));
  94
  95 bool SecItemAuthDoQuery(SecCFDictionaryCOW *query, SecCFDictionaryCOW *attributes, const void *secItemOperation, CFErrorRef *error,
  96                                bool (^perform)(TKTokenRef token, CFDictionaryRef query, CFDictionaryRef attributes, CFDictionaryRef auth_params, CFErrorRef *error));
  97
  98 void SecItemAuthCopyParams(SecCFDictionaryCOW *auth_params, SecCFDictionaryCOW *query);
  99
 100 TKTokenRef SecTokenCreate(CFStringRef token_id, SecCFDictionaryCOW *auth_params, CFErrorRef *error);
 101
 102 CFDictionaryRef SecTokenItemValueCopy(CFDataRef db_value, CFErrorRef *error);
 103
 104 CFArrayRef SecItemCopyParentCertificates_ios(CFDataRef normalizedIssuer, CFArrayRef accessGroups, CFErrorRef *error);
 105
 106 bool SecItemCertificateExists(CFDataRef normalizedIssuer, CFDataRef serialNumber, CFArrayRef accessGroups, CFErrorRef *error);
 107
 108 __END_DECLS
 109
 110 #endif /* !_SECURITY_SECITEMINTERNAL_H_ */