]> git.saurik.com Git - apple/security.git/blob - OSX/sec/SOSCircle/SecureObjectSync/SOSAccountTrustClassic+Identity.m
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Security-58286.20.16.tar.gz
[apple/security.git] / OSX / sec / SOSCircle / SecureObjectSync / SOSAccountTrustClassic+Identity.m
1 //
2 // SOSAccountTrustClassicIdentity.m
3 // Security
4 //
5
6
7 #import <Foundation/Foundation.h>
8 #include <AssertMacros.h>
9 #import "Security/SecureObjectSync/SOSAccountTrustClassic.h"
10 #import "Security/SecureObjectSync/SOSAccountTrustClassic+Expansion.h"
11 #import "Security/SecureObjectSync/SOSAccountTrustClassic+Identity.h"
12 #import "Security/SecureObjectSync/SOSAccountTrustClassic+Circle.h"
13
14 #import "Security/SecureObjectSync/SOSViews.h"
15
16 @implementation SOSAccountTrustClassic (Identity)
17
18 -(bool) updateFullPeerInfo:(SOSAccount*)account minimum:(CFSetRef)minimumViews excluded:(CFSetRef)excludedViews
19 {
20 if (self.trustedCircle && self.fullPeerInfo) {
21 if(SOSFullPeerInfoUpdateToCurrent(self.fullPeerInfo, minimumViews, excludedViews)) {
22 [self modifyCircle:account.circle_transport err:NULL action:^(SOSCircleRef circle_to_change) {
23 secnotice("circleChange", "Calling SOSCircleUpdatePeerInfo for gestalt change");
24 return SOSCircleUpdatePeerInfo(circle_to_change, self.peerInfo);
25 }];
26 }
27 }
28
29 return true;
30 }
31
32 -(SOSFullPeerInfoRef) getMyFullPeerInfo
33 {
34 return self.trustedCircle ? self.fullPeerInfo : NULL;
35 }
36
37 -(bool) fullPeerInfoVerify:(SecKeyRef) privKey err:(CFErrorRef *)error
38 {
39 if(!self.fullPeerInfo) return false;
40 SecKeyRef pubKey = SecKeyCreatePublicFromPrivate(privKey);
41 bool retval = SOSPeerInfoApplicationVerify(self.peerInfo, pubKey, error);
42 CFReleaseNull(pubKey);
43 return retval;
44 }
45
46 -(bool) hasFullPeerInfo:(CFErrorRef*) error
47 {
48 bool hasPeer = false;
49 if(![self hasCircle:error]){
50 return hasPeer;
51 }
52 hasPeer = self.fullPeerInfo != NULL;
53
54 if (!hasPeer)
55 SOSCreateErrorWithFormat(kSOSErrorPeerNotFound, NULL, error, NULL, CFSTR("No peer for circle"));
56
57 return hasPeer;
58 }
59
60 -(SOSFullPeerInfoRef) CopyAccountIdentityPeerInfo
61 {
62 return SOSFullPeerInfoCopyFullPeerInfo(self.fullPeerInfo);
63 }
64
65 -(bool) ensureFullPeerAvailable:(CFDictionaryRef)gestalt deviceID:(CFStringRef)deviceID backupKey:(CFDataRef)backup err:(CFErrorRef *) error
66 {
67 require_action_quiet(self.trustedCircle, fail, SOSCreateErrorWithFormat(kSOSErrorNoCircle, NULL, error, NULL, CFSTR("Don't have circle")));
68
69 if (self.fullPeerInfo == NULL) {
70 CFStringRef keyName = CFStringCreateWithFormat(kCFAllocatorDefault, NULL, CFSTR("ID for %@-%@"), SOSPeerGestaltGetName(gestalt), SOSCircleGetName(self.trustedCircle));
71 SecKeyRef full_key = GeneratePermanentFullECKey(256, keyName, error);
72
73 NSString* octagonKeyName = [@"Octagon " stringByAppendingString:(__bridge NSString*)keyName];
74 SecKeyRef octagonFullKey = GeneratePermanentFullECKey(384, (__bridge CFStringRef)octagonKeyName, error);
75
76 if (full_key && octagonFullKey) {
77 CFSetRef initialViews = SOSViewCopyViewSet(kViewSetInitial);
78
79 self.fullPeerInfo = nil;
80 self.fullPeerInfo = SOSFullPeerInfoCreateWithViews(kCFAllocatorDefault, gestalt, backup, initialViews, full_key,octagonFullKey, error);
81 CFDictionaryRef v2dictionaryTestUpdates = [self getValueFromExpansion:kSOSTestV2Settings err:NULL];
82 if(v2dictionaryTestUpdates) SOSFullPeerInfoUpdateV2Dictionary(self.fullPeerInfo, v2dictionaryTestUpdates, NULL);
83 CFReleaseNull(initialViews);
84 CFReleaseNull(full_key);
85
86 CFSetRef pendingDefaultViews = SOSViewCopyViewSet(kViewSetDefault);
87 [self pendEnableViewSet:pendingDefaultViews];
88 CFReleaseNull(pendingDefaultViews);
89
90 [self setValueInExpansion:kSOSUnsyncedViewsKey value:kCFBooleanTrue err:NULL];
91
92 if (!self.fullPeerInfo) {
93 secerror("Can't make FullPeerInfo for %@-%@ (%@) - is AKS ok?", SOSPeerGestaltGetName(gestalt), SOSCircleGetName(self.trustedCircle), error ? (void*)*error : (void*)CFSTR("-"));
94 }
95 else{
96 secnotice("fpi", "alert KeychainSyncingOverIDSProxy the fpi is available");
97 notify_post(kSecServerPeerInfoAvailable);
98 if(deviceID)
99 SOSFullPeerInfoUpdateDeviceID(self.fullPeerInfo, deviceID, error);
100 }
101 }
102 else {
103 secerror("No full_key: %@:", error ? *error : NULL);
104
105 }
106
107 CFReleaseNull(keyName);
108 }
109
110 fail:
111 return self.fullPeerInfo != NULL;
112 }
113 -(bool) isMyPeerActive:(CFErrorRef*) error
114 {
115 return (self.peerInfo ? SOSCircleHasActivePeer(self.trustedCircle, self.peerInfo, error) : false);
116 }
117
118 -(void) purgeIdentity
119 {
120 if (self.fullPeerInfo) {
121 // Purge private key but don't return error if we can't.
122 CFErrorRef purgeError = NULL;
123 if (!SOSFullPeerInfoPurgePersistentKey(self.fullPeerInfo, &purgeError)) {
124 secwarning("Couldn't purge persistent key for %@ [%@]", self.fullPeerInfo, purgeError);
125 }
126 CFReleaseNull(purgeError);
127
128 self.fullPeerInfo=nil;
129 }
130 }
131 @end
mirror of Security