]> git.saurik.com Git - apple/security.git/blob - libsecurity_keychain/lib/Keychains.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55179.13.tar.gz
[apple/security.git] / libsecurity_keychain / lib / Keychains.h
1 /*
2 * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // Keychains.h - The Keychain class
26 //
27 #ifndef _SECURITY_KEYCHAINS_H_
28 #define _SECURITY_KEYCHAINS_H_
29
30 #include <security_cdsa_client/cspclient.h>
31 #include <security_cdsa_client/dlclient.h>
32 #include <security_utilities/refcount.h>
33 #include <security_utilities/seccfobject.h>
34 #include <Security/SecKeychain.h>
35 #include <Security/SecKeychainItem.h>
36 #include <memory>
37 #include "SecCFTypes.h"
38 #include "defaultcreds.h"
39
40 class EventBuffer;
41
42 namespace Security
43 {
44
45 namespace KeychainCore
46 {
47
48 class KCCursor;
49 class Item;
50 class PrimaryKey;
51 class StorageManager;
52
53 class KeychainSchemaImpl : public RefCount
54 {
55 NOCOPY(KeychainSchemaImpl)
56 public:
57 friend class KeychainSchema;
58 protected:
59 KeychainSchemaImpl(const CssmClient::Db &db);
60 public:
61 virtual ~KeychainSchemaImpl();
62
63 CSSM_DB_ATTRIBUTE_FORMAT attributeFormatFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const;
64 const CssmAutoDbRecordAttributeInfo &primaryKeyInfosFor(CSSM_DB_RECORDTYPE recordType) const;
65
66 bool operator <(const KeychainSchemaImpl &other) const;
67 bool operator ==(const KeychainSchemaImpl &other) const;
68
69 void getAttributeInfoForRecordType(CSSM_DB_RECORDTYPE recordType, SecKeychainAttributeInfo **Info) const;
70 CssmDbAttributeInfo attributeInfoFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const;
71 bool hasAttribute(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const;
72 bool hasRecordType(CSSM_DB_RECORDTYPE recordType) const;
73
74 void didCreateRelation(CSSM_DB_RECORDTYPE inRelationID,
75 const char *inRelationName,
76 uint32 inNumberOfAttributes,
77 const CSSM_DB_SCHEMA_ATTRIBUTE_INFO *pAttributeInfo,
78 uint32 inNumberOfIndexes,
79 const CSSM_DB_SCHEMA_INDEX_INFO *pIndexInfo);
80
81 private:
82 typedef map<CSSM_DB_RECORDTYPE, CssmAutoDbRecordAttributeInfo *> PrimaryKeyInfoMap;
83 PrimaryKeyInfoMap mPrimaryKeyInfoMap;
84
85 typedef map<uint32, CSSM_DB_ATTRIBUTE_FORMAT> RelationInfoMap;
86 typedef map<CSSM_DB_RECORDTYPE, RelationInfoMap> DatabaseInfoMap;
87 DatabaseInfoMap mDatabaseInfoMap;
88 Mutex mMutex;
89
90 private:
91 const RelationInfoMap &relationInfoMapFor(CSSM_DB_RECORDTYPE recordType) const;
92 };
93
94
95 class KeychainSchema : public RefPointer<KeychainSchemaImpl>
96 {
97 public:
98 KeychainSchema() {}
99 KeychainSchema(KeychainSchemaImpl *impl) : RefPointer<KeychainSchemaImpl>(impl) {}
100 KeychainSchema(const CssmClient::Db &db) : RefPointer<KeychainSchemaImpl>(new KeychainSchemaImpl(db)) {}
101
102 bool operator <(const KeychainSchema &other) const
103 { return ptr && other.ptr ? *ptr < *other.ptr : ptr < other.ptr; }
104 bool operator ==(const KeychainSchema &other) const
105 { return ptr && other.ptr ? *ptr == *other.ptr : ptr == other.ptr; }
106
107 private:
108 typedef KeychainSchemaImpl Impl;
109 };
110
111
112 class ItemImpl;
113
114 class KeychainImpl : public SecCFObject, private CssmClient::Db::DefaultCredentialsMaker
115 {
116 NOCOPY(KeychainImpl)
117 public:
118 SECCFFUNCTIONS(KeychainImpl, SecKeychainRef, errSecInvalidKeychain, gTypes().KeychainImpl)
119
120 friend class Keychain;
121 friend class ItemImpl;
122 protected:
123 KeychainImpl(const CssmClient::Db &db);
124
125 protected:
126 // Methods called by ItemImpl;
127 void didUpdate(const Item &inItem, PrimaryKey &oldPK,
128 PrimaryKey &newPK);
129 void completeAdd(Item &item, PrimaryKey &key);
130
131 void markBlobForDotMacSyncUpdate(CssmData &data);
132
133 public:
134 virtual ~KeychainImpl();
135
136 Mutex* getKeychainMutex();
137 Mutex* getMutexForObject();
138 void aboutToDestruct();
139
140 bool operator ==(const KeychainImpl &) const;
141
142 // Item calls
143 void add(Item &item);
144 void addCopy(Item &item);
145 void deleteItem(Item &item); // item must be persistant.
146
147 // Keychain calls
148 void create(UInt32 passwordLength, const void *inPassword);
149 void createWithBlob(CssmData &blob);
150 void create(ConstStringPtr inPassword);
151 void create();
152 void create(const ResourceControlContext *rcc);
153 void open();
154
155 // Locking and unlocking a keychain.
156 void lock();
157 void unlock();
158 void unlock(const CssmData &password);
159 void unlock(ConstStringPtr password); // @@@ This has a length limit, we should remove it.
160
161 void getSettings(uint32 &outIdleTimeOut, bool &outLockOnSleep);
162 void setSettings(uint32 inIdleTimeOut, bool inLockOnSleep);
163
164 // Passing in NULL for either oldPassword or newPassword will cause them to be prompted for.
165 // To specify a zero length password in either case the oldPasswordLength or newPasswordLength
166 // value must be 0 and the oldPassword or newPassword must not be NULL.
167 void changePassphrase(UInt32 oldPasswordLength, const void *oldPassword,
168 UInt32 newPasswordLength, const void *newPassword);
169 void changePassphrase(ConstStringPtr oldPassword, ConstStringPtr newPassword);
170
171 void authenticate(const CSSM_ACCESS_CREDENTIALS *cred); // Does not do an unlock.
172
173 const char *name() const { return mDb->name(); }
174 UInt32 status() const;
175 bool exists();
176 bool isActive() const;
177
178 KCCursor createCursor(const SecKeychainAttributeList *attrList);
179 KCCursor createCursor(SecItemClass itemClass, const SecKeychainAttributeList *attrList);
180 CssmClient::Db database() { return mDb; }
181 DLDbIdentifier dlDbIdentifier() const { return mDb->dlDbIdentifier(); }
182
183 CssmClient::CSP csp();
184
185 PrimaryKey makePrimaryKey(CSSM_DB_RECORDTYPE recordType, CssmClient::DbUniqueRecord &uniqueId);
186 void gatherPrimaryKeyAttributes(CssmClient::DbAttributes& primaryKeyAttrs);
187
188 const CssmAutoDbRecordAttributeInfo &primaryKeyInfosFor(CSSM_DB_RECORDTYPE recordType);
189
190 Item item(const PrimaryKey& primaryKey);
191 Item item(CSSM_DB_RECORDTYPE recordType, CssmClient::DbUniqueRecord &uniqueId);
192
193 CssmDbAttributeInfo attributeInfoFor(CSSM_DB_RECORDTYPE recordType, UInt32 tag);
194 void getAttributeInfoForItemID(CSSM_DB_RECORDTYPE itemID, SecKeychainAttributeInfo **Info);
195 static void freeAttributeInfo(SecKeychainAttributeInfo *Info);
196 KeychainSchema keychainSchema();
197 void resetSchema();
198 void didDeleteItem(ItemImpl *inItemImpl);
199
200 void recode(const CssmData &data, const CssmData &extraData);
201 void copyBlob(CssmData &dbBlob);
202
203 void setBatchMode(Boolean mode, Boolean rollBack);
204
205 // yield default open() credentials for this keychain (as of now)
206 const AccessCredentials *defaultCredentials();
207
208 // Only call these functions while holding globals().apiLock.
209 bool inCache() const throw() { return mInCache; }
210 void inCache(bool inCache) throw() { mInCache = inCache; }
211
212 void postEvent(SecKeychainEvent kcEvent, ItemImpl* item);
213
214 void addItem(const PrimaryKey &primaryKey, ItemImpl *dbItemImpl);
215
216 private:
217 void removeItem(const PrimaryKey &primaryKey, ItemImpl *inItemImpl);
218 ItemImpl *_lookupItem(const PrimaryKey &primaryKey);
219
220 const AccessCredentials *makeCredentials();
221
222 typedef map<PrimaryKey, __weak ItemImpl *> DbItemMap;
223 // Weak reference map of all items we know about that have a primaryKey
224 DbItemMap mDbItemMap;
225 // True iff we are in the cache of keychains in StorageManager
226 bool mInCache;
227
228 CssmClient::Db mDb;
229
230 KeychainSchema mKeychainSchema;
231
232 // Data for auto-unlock credentials
233 DefaultCredentials mCustomUnlockCreds;
234 bool mIsInBatchMode;
235 EventBuffer *mEventBuffer;
236 Mutex mMutex;
237 };
238
239
240 CFIndex GetKeychainRetainCount(Keychain& kc);
241
242 class Keychain : public SecPointer<KeychainImpl>
243 {
244 public:
245 Keychain();
246 Keychain(KeychainImpl *impl) : SecPointer<KeychainImpl>(impl) {}
247
248 static Keychain optional(SecKeychainRef handle);
249
250 private:
251 friend class StorageManager;
252 Keychain(const CssmClient::Db &db)
253 : SecPointer<KeychainImpl>(new KeychainImpl(db)) {}
254
255 typedef KeychainImpl Impl;
256 };
257
258
259 } // end namespace KeychainCore
260
261 } // end namespace Security
262
263 #endif // !_SECURITY_KEYCHAINS_H_
mirror of Security