Security-179.tar.gz

[apple/security.git] / Keychain / SecKeychainItem.cpp

/*
 * Copyright (c) 2000-2002 Apple Computer, Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */

#include <Security/SecKeychainItem.h>

#include <Security/Keychains.h>
#include <Security/KeyItem.h>
#include <Security/Item.h>

#include "SecBridge.h"
#include "KCExceptions.h"
#include "Access.h"


//
// Given a polymorphic Sec type object, return
// its AclBearer component.
// Note: Login ACLs are not hooked into this layer;
// modules or attachments have no Sec* layer representation.
//
RefPointer<AclBearer> aclBearer(CFTypeRef itemRef)
{
        // well, exactly what kind of something are you?
        CFTypeID id = CFGetTypeID(itemRef);
        if (id == gTypes().ItemImpl.typeID) {
                // keychain item. If it's in a protected group, return the group key
                if (SSGroup group = ItemImpl::required(SecKeychainItemRef(itemRef))->group())
                        return &*group;
        } else if (id == gTypes().KeyItem.typeID) {
                // key item, return the key itself.
                if (CssmClient::Key key = KeyItem::required(SecKeyRef(itemRef))->key())
                        return &*key;
        } else if (id == gTypes().KeychainImpl.typeID) {
                // keychain (this yields the database ACL)
                //@@@ not hooked up yet
        }
        // Guess not. Bummer
        MacOSError::throwMe(errSecNoAccessForItem);
}


CFTypeID
SecKeychainItemGetTypeID(void)
{
        BEGIN_SECAPI

        secdebug("kcitem", "SecKeychainItemGetTypeID()");
        return gTypes().ItemImpl.typeID;

        END_SECAPI1(_kCFRuntimeNotATypeID)
}


OSStatus
SecKeychainItemCreateFromContent(SecItemClass itemClass, SecKeychainAttributeList *attrList,
                UInt32 length, const void *data, SecKeychainRef keychainRef,
                SecAccessRef initialAccess, SecKeychainItemRef *itemRef)
{
    BEGIN_SECAPI
                secdebug("kcitem", "SecKeychainItemCreateFromContent(%lu, %p, %lu, %p, %p, %p)",
                        itemClass, attrList, length, data, keychainRef, initialAccess);
                KCThrowParamErrIf_(length!=0 && data==NULL);
        Item item(itemClass, attrList, length, data);
                if (initialAccess)
                        item->setAccess(Access::required(initialAccess));

        Keychain keychain = nil;
        try
        {
            keychain = Keychain::optional(keychainRef);
            if ( !keychain->exists() )
            {
                MacOSError::throwMe(errSecNoSuchKeychain);      // Might be deleted or not available at this time.
            }
        }
        catch(...)
        {
            keychain = globals().storageManager.defaultKeychainUI(item);
        }

        keychain->add(item);
        if (itemRef)
                *itemRef = item->handle();
        END_SECAPI
}


OSStatus
SecKeychainItemModifyContent(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data)
{
    BEGIN_SECAPI
                secdebug("kcitem", "SecKeychainItemModifyContent(%p, %p, %lu, %p)", itemRef, attrList, length, data);
                Item item = ItemImpl::required(itemRef);
                item->modifyContent(attrList, length, data);
        END_SECAPI
}


OSStatus
SecKeychainItemCopyContent(SecKeychainItemRef itemRef, SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData)
{
        BEGIN_SECAPI
                secdebug("kcitem", "SecKeychainItemCopyContent(%p, %p, %p, %p, %p)",
                        itemRef, itemClass, attrList, length, outData);
                Item item = ItemImpl::required(itemRef);
                item->getContent(itemClass, attrList, length, outData);
        END_SECAPI
}


OSStatus
SecKeychainItemFreeContent(SecKeychainAttributeList *attrList, void *data)
{
        BEGIN_SECAPI
                secdebug("kcitem", "SecKeychainItemFreeContent(%p, %p)", attrList, data);
                ItemImpl::freeContent(attrList, data);
        END_SECAPI
}


OSStatus
SecKeychainItemModifyAttributesAndData(SecKeychainItemRef itemRef, const SecKeychainAttributeList *attrList, UInt32 length, const void *data)
{
    BEGIN_SECAPI
                secdebug("kcitem", "SecKeychainItemModifyAttributesAndData(%p, %p, %lu, %p)", itemRef, attrList, length, data);
                Item item = ItemImpl::required(itemRef);
                item->modifyAttributesAndData(attrList, length, data);
        END_SECAPI
}


OSStatus
SecKeychainItemCopyAttributesAndData(SecKeychainItemRef itemRef, SecKeychainAttributeInfo *info, SecItemClass *itemClass, SecKeychainAttributeList **attrList, UInt32 *length, void **outData)
{
        BEGIN_SECAPI
                secdebug("kcitem", "SecKeychainItemCopyAttributesAndData(%p, %p, %p, %p, %p, %p)", itemRef, info, itemClass, attrList, length, outData);
                Item item = ItemImpl::required(itemRef);
                item->getAttributesAndData(info, itemClass, attrList, length, outData);
        END_SECAPI
}


OSStatus
SecKeychainItemFreeAttributesAndData(SecKeychainAttributeList *attrList, void *data)
{
        BEGIN_SECAPI
                secdebug("kcitem", "SecKeychainItemFreeAttributesAndData(%p, %p)", attrList, data);
                ItemImpl::freeAttributesAndData(attrList, data);
        END_SECAPI
}


OSStatus
SecKeychainItemDelete(SecKeychainItemRef itemRef)
{
    BEGIN_SECAPI
                secdebug("kcitem", "SecKeychainItemFreeAttributesAndData(%p)", itemRef);
                Item item = ItemImpl::required( itemRef );
                Keychain keychain = item->keychain();
                KCThrowIf_( !keychain, errSecInvalidItemRef );
                
        keychain->deleteItem( item ); // item must be persistant.
        END_SECAPI
}


OSStatus
SecKeychainItemCopyKeychain(SecKeychainItemRef itemRef, SecKeychainRef* keychainRef)
{
    BEGIN_SECAPI
                secdebug("kcitem", "SecKeychainItemCopyKeychain(%p, %p)", itemRef, keychainRef);
                Required(keychainRef) = ItemImpl::required(itemRef)->keychain()->handle();
        END_SECAPI
}


OSStatus
SecKeychainItemCreateCopy(SecKeychainItemRef itemRef, SecKeychainRef destKeychainRef,
        SecAccessRef initialAccess, SecKeychainItemRef *itemCopy)
{
    BEGIN_SECAPI
                secdebug("kcitem", "SecKeychainItemCreateCopy(%p, %p, %p, %p)",
                        itemRef, destKeychainRef, initialAccess, itemCopy);

                Item copy = ItemImpl::required(itemRef)->copyTo(Keychain::optional(destKeychainRef), Access::optional(initialAccess));
                if (itemCopy)
                        *itemCopy = copy->handle();
        END_SECAPI
}


OSStatus
SecKeychainItemGetUniqueRecordID(SecKeychainItemRef itemRef, const CSSM_DB_UNIQUE_RECORD **uniqueRecordID)
{
    BEGIN_SECAPI
                secdebug("kcitem", "SecKeychainItemGetUniqueRecordID(%p, %p)", itemRef, uniqueRecordID);
        Required(uniqueRecordID) = ItemImpl::required(itemRef)->dbUniqueRecord();
        END_SECAPI
}


OSStatus
SecKeychainItemGetDLDBHandle(SecKeychainItemRef itemRef, CSSM_DL_DB_HANDLE* dldbHandle)
{
    BEGIN_SECAPI
                secdebug("kcitem", "SecKeychainItemGetDLDBHandle(%p, %p)", itemRef, dldbHandle);
        *dldbHandle = ItemImpl::required(itemRef)->keychain()->database()->handle();
        END_SECAPI
}


OSStatus SecAccessCreateFromObject(CFTypeRef sourceRef,
        SecAccessRef *accessRef)
{
        BEGIN_SECAPI
        secdebug("kcitem", "SecAccessCreateFromObject(%p, %p)", sourceRef, accessRef);
        Required(accessRef);    // preflight
        SecPointer<Access> access = new Access(*aclBearer(sourceRef));
        *accessRef = access->handle();
        END_SECAPI
}


/*!
 */
OSStatus SecAccessModifyObject(SecAccessRef accessRef, CFTypeRef sourceRef)
{
        BEGIN_SECAPI
        secdebug("kcitem", "SecAccessModifyObject(%p, %p)", accessRef, sourceRef);
        Access::required(accessRef)->setAccess(*aclBearer(sourceRef), true);
        END_SECAPI
}

OSStatus
SecKeychainItemCopyAccess(SecKeychainItemRef itemRef, SecAccessRef* accessRef)
{
    BEGIN_SECAPI

        secdebug("kcitem", "SecKeychainItemCopyAccess(%p, %p)", itemRef, accessRef);
        Required(accessRef);    // preflight
        SecPointer<Access> access = new Access(*aclBearer(reinterpret_cast<CFTypeRef>(itemRef)));
        *accessRef = access->handle();

    END_SECAPI
}


OSStatus
SecKeychainItemSetAccess(SecKeychainItemRef itemRef, SecAccessRef accessRef)
{
    BEGIN_SECAPI

        secdebug("kcitem", "SecKeychainItemSetAccess(%p, %p)", itemRef, accessRef);
        Access::required(accessRef)->setAccess(*aclBearer(reinterpret_cast<CFTypeRef>(itemRef)), true);

    END_SECAPI
}