#import "keychain/ckks/CKKSAPSReceiver.h"
#import "keychain/ckks/CKKSLockStateTracker.h"
+#import "keychain/ckks/CKKSReachabilityTracker.h"
#import "keychain/ckks/CloudKitDependencies.h"
#include <securityd/SecDbItem.h>
@class CKKSOutgoingQueueEntry;
@class CKKSZoneChangeFetcher;
-@interface CKKSKeychainView : CKKSZone <CKKSZoneUpdateReceiver, CKKSChangeFetcherErrorOracle, CKKSPeerUpdateListener>
+@interface CKKSKeychainView : CKKSZone <CKKSZoneUpdateReceiver, CKKSChangeFetcherClient, CKKSPeerUpdateListener>
{
CKKSZoneKeyState* _keyHierarchyState;
}
@property CKKSCondition* loggedIn;
@property CKKSCondition* loggedOut;
+@property CKKSCondition* accountStateKnown;
@property CKKSLockStateTracker* lockStateTracker;
@property (nullable) CKKSManifest* latestManifest;
@property (nullable) CKKSResultOperation* keyStateReadyDependency;
+// Wait for the key state to become 'nontransient': no pending operation is expected to advance it (at least until user intervenes)
+@property (nullable) CKKSResultOperation* keyStateNonTransientDependency;
+
// True if we believe there's any items in the keychain which haven't been brought up in CKKS yet
@property bool droppedItems;
@property (weak) CKKSNearFutureScheduler* savedTLKNotifier;
-// Differs from the zonesetupoperation: zoneSetup is only for CK modifications, viewSetup handles local db changes too
-@property CKKSResultOperation* viewSetupOperation;
-
/* Used for debugging: just what happened last time we ran this? */
@property CKKSIncomingQueueOperation* lastIncomingQueueOperation;
@property CKKSNewTLKOperation* lastNewTLKOperation;
@property CKKSOutgoingQueueOperation* lastOutgoingQueueOperation;
@property CKKSProcessReceivedKeysOperation* lastProcessReceivedKeysOperation;
-@property CKKSFetchAllRecordZoneChangesOperation* lastRecordZoneChangesOperation;
@property CKKSReencryptOutgoingItemsOperation* lastReencryptOutgoingItemsOperation;
@property CKKSScanLocalItemsOperation* lastScanLocalItemsOperation;
@property CKKSSynchronizeOperation* lastSynchronizeOperation;
/* Used for testing: pause operation types by adding operations here */
@property NSOperation* holdReencryptOutgoingItemsOperation;
@property NSOperation* holdOutgoingQueueOperation;
+@property NSOperation* holdIncomingQueueOperation;
@property NSOperation* holdLocalSynchronizeOperation;
@property CKKSResultOperation* holdFixupOperation;
/* Trigger this to tell the whole machine that this view has changed */
@property CKKSNearFutureScheduler* notifyViewChangedScheduler;
+/* trigger this to request key state machine poking */
+@property CKKSNearFutureScheduler* pokeKeyStateMachineScheduler;
+
// These are available when you're in a dispatchSyncWithAccountKeys call, but at no other time
// These must be pre-fetched before you get on the CKKS queue, otherwise we end up with CKKS<->SQLite<->SOSAccountQueue deadlocks
@property (nonatomic, readonly) CKKSSelves* currentSelfPeers;
zoneName:(NSString*)zoneName
accountTracker:(CKKSCKAccountStateTracker*)accountTracker
lockStateTracker:(CKKSLockStateTracker*)lockStateTracker
+ reachabilityTracker:(CKKSReachabilityTracker *)reachabilityTracker
+ changeFetcher:(CKKSZoneChangeFetcher*)fetcher
savedTLKNotifier:(CKKSNearFutureScheduler*)savedTLKNotifier
peerProvider:(id<CKKSPeerProvider>)peerProvider
fetchRecordZoneChangesOperationClass:(Class<CKKSFetchRecordZoneChangesOperation>)fetchRecordZoneChangesOperationClass
rateLimiter:(CKKSRateLimiter*)rateLimiter
syncCallback:(SecBoolNSErrorCallback)syncCallback;
-- (void)setCurrentItemForAccessGroup:(SecDbItemRef)newItem
+- (void)setCurrentItemForAccessGroup:(NSData*)newItemPersistentRef
hash:(NSData*)newItemSHA1
accessGroup:(NSString*)accessGroup
identifier:(NSString*)identifier
- replacing:(SecDbItemRef _Nullable)oldItem
+ replacing:(NSData* _Nullable)oldCurrentItemPersistentRef
hash:(NSData* _Nullable)oldItemSHA1
complete:(void (^)(NSError* operror))complete;
- (CKKSIncomingQueueOperation*)processIncomingQueue:(bool)failOnClassA;
- (CKKSIncomingQueueOperation*)processIncomingQueue:(bool)failOnClassA after:(CKKSResultOperation* _Nullable)after;
+- (CKKSScanLocalItemsOperation*)scanLocalItems:(NSString*)name;
+
// Schedules a process queueoperation to happen after the next device unlock. This may be Immediately, if the device is unlocked.
- (void)processIncomingQueueAfterNextUnlock;
+// This operation will complete directly after the next ProcessIncomingQueue, and should supply that IQO's result. Used mainly for testing; otherwise you'd just kick off a IQO directly.
+- (CKKSResultOperation*)resultsOfNextProcessIncomingQueueOperation;
+
// Schedules an operation to update this device's state record in CloudKit
// If rateLimit is true, the operation will abort if it's updated the record in the past 3 days
- (CKKSUpdateDeviceStateOperation*)updateDeviceState:(bool)rateLimit
- (CKKSResultOperation*)fetchAndProcessCKChanges:(CKKSFetchBecause*)because;
- (CKKSResultOperation*)resetLocalData;
-- (CKKSResultOperation*)resetCloudKitZone;
-
-// Call this to pick and start the next key hierarchy operation for the zone
-- (void)advanceKeyStateMachine;
+- (CKKSResultOperation*)resetCloudKitZone:(CKOperationGroup*)operationGroup;
// Call this to tell the key state machine that you think some new data has arrived that it is interested in
- (void)keyStateMachineRequestProcess;
// For our serial queue to work with how handleKeychainEventDbConnection is called from the main thread,
// every block on our queue must have a SecDBConnectionRef available to it before it begins on the queue.
// Use these helper methods to make sure those exist.
-- (void)dispatchAsync:(bool (^)(void))block;
- (void)dispatchSync:(bool (^)(void))block;
- (void)dispatchSyncWithAccountKeys:(bool (^)(void))block;
-/* Synchronous operations which must be called from inside a dispatchAsync or dispatchSync block */
+/* Synchronous operations which must be called from inside a dispatchAsyncWithAccountKeys or dispatchSync block */
// Call this to request the key hierarchy state machine to fetch new updates
- (void)_onqueueKeyStateMachineRequestFetch;
-// Call this to request the key hierarchy state machine to refetch everything in Cloudkit
-- (void)_onqueueKeyStateMachineRequestFullRefetch;
-
// Call this to request the key hierarchy state machine to reprocess
- (void)_onqueueKeyStateMachineRequestProcess;
- (bool)_onqueueCKRecordChanged:(CKRecord*)record resync:(bool)resync;
- (bool)_onqueueCKRecordDeleted:(CKRecordID*)recordID recordType:(NSString*)recordType resync:(bool)resync;
-// For this key, who doesn't yet have a CKKSTLKShare for it?
+// For this key, who doesn't yet have a CKKSTLKShare for it, shared to their current Octagon keys?
// Note that we really want a record sharing the TLK to ourselves, so this function might return
// a non-empty set even if all peers have the TLK: it wants us to make a record for ourself.
- (NSSet<id<CKKSPeer>>* _Nullable)_onqueueFindPeersMissingShare:(CKKSKey*)key error:(NSError* __autoreleasing*)error;
- (CKKSDeviceStateEntry* _Nullable)_onqueueCurrentDeviceStateEntry:(NSError* __autoreleasing*)error;
-// Called by the CKKSZoneChangeFetcher
-- (bool)isFatalCKFetchError:(NSError*)error;
-
// Please don't use these unless you're an Operation in this package
@property NSHashTable<CKKSIncomingQueueOperation*>* incomingQueueOperations;
@property NSHashTable<CKKSOutgoingQueueOperation*>* outgoingQueueOperations;
@property CKKSScanLocalItemsOperation* initialScanOperation;
-// Returns the current state of this view
+// Returns the current state of this view, fastStatus is the same, but as name promise, no expensive calculations
- (NSDictionary<NSString*, NSString*>*)status;
+- (NSDictionary<NSString*, NSString*>*)fastStatus;
@end
NS_ASSUME_NONNULL_END
projects / apple / security.git / blobdiff