+++ /dev/null
-/*
- * Copyright (c) 2000-2004,2011-2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-//
-// Keychains.h - The Keychain class
-//
-#ifndef _SECURITY_KEYCHAINS_H_
-#define _SECURITY_KEYCHAINS_H_
-
-#include <security_cdsa_client/cspclient.h>
-#include <security_cdsa_client/dlclient.h>
-#include <security_utilities/refcount.h>
-#include <security_utilities/seccfobject.h>
-#include <Security/SecKeychain.h>
-#include <Security/SecKeychainItem.h>
-#include <memory>
-#include "SecCFTypes.h"
-#include "defaultcreds.h"
-
-class EventBuffer;
-
-namespace Security
-{
-
-namespace KeychainCore
-{
-
-class KCCursor;
-class Item;
-class PrimaryKey;
-class StorageManager;
-
-class KeychainSchemaImpl : public RefCount
-{
- NOCOPY(KeychainSchemaImpl)
-public:
- friend class KeychainSchema;
-protected:
- KeychainSchemaImpl(const CssmClient::Db &db);
-public:
- virtual ~KeychainSchemaImpl();
-
- CSSM_DB_ATTRIBUTE_FORMAT attributeFormatFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const;
- const CssmAutoDbRecordAttributeInfo &primaryKeyInfosFor(CSSM_DB_RECORDTYPE recordType) const;
-
- bool operator <(const KeychainSchemaImpl &other) const;
- bool operator ==(const KeychainSchemaImpl &other) const;
-
- void getAttributeInfoForRecordType(CSSM_DB_RECORDTYPE recordType, SecKeychainAttributeInfo **Info) const;
- CssmDbAttributeInfo attributeInfoFor(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const;
- bool hasAttribute(CSSM_DB_RECORDTYPE recordType, uint32 attributeId) const;
- bool hasRecordType(CSSM_DB_RECORDTYPE recordType) const;
-
- void didCreateRelation(CSSM_DB_RECORDTYPE inRelationID,
- const char *inRelationName,
- uint32 inNumberOfAttributes,
- const CSSM_DB_SCHEMA_ATTRIBUTE_INFO *pAttributeInfo,
- uint32 inNumberOfIndexes,
- const CSSM_DB_SCHEMA_INDEX_INFO *pIndexInfo);
-
-private:
- typedef map<CSSM_DB_RECORDTYPE, CssmAutoDbRecordAttributeInfo *> PrimaryKeyInfoMap;
- PrimaryKeyInfoMap mPrimaryKeyInfoMap;
-
- typedef map<uint32, CSSM_DB_ATTRIBUTE_FORMAT> RelationInfoMap;
- typedef map<CSSM_DB_RECORDTYPE, RelationInfoMap> DatabaseInfoMap;
- DatabaseInfoMap mDatabaseInfoMap;
- Mutex mMutex;
-
-private:
- const RelationInfoMap &relationInfoMapFor(CSSM_DB_RECORDTYPE recordType) const;
-};
-
-
-class KeychainSchema : public RefPointer<KeychainSchemaImpl>
-{
-public:
- KeychainSchema() {}
- KeychainSchema(KeychainSchemaImpl *impl) : RefPointer<KeychainSchemaImpl>(impl) {}
- KeychainSchema(const CssmClient::Db &db) : RefPointer<KeychainSchemaImpl>(new KeychainSchemaImpl(db)) {}
- ~KeychainSchema();
-
- bool operator <(const KeychainSchema &other) const
- { return ptr && other.ptr ? *ptr < *other.ptr : ptr < other.ptr; }
- bool operator ==(const KeychainSchema &other) const
- { return ptr && other.ptr ? *ptr == *other.ptr : ptr == other.ptr; }
-
-private:
- typedef KeychainSchemaImpl Impl;
-};
-
-
-class ItemImpl;
-
-class KeychainImpl : public SecCFObject, private CssmClient::Db::DefaultCredentialsMaker
-{
- NOCOPY(KeychainImpl)
-public:
- SECCFFUNCTIONS(KeychainImpl, SecKeychainRef, errSecInvalidKeychain, gTypes().KeychainImpl)
-
- friend class Keychain;
- friend class ItemImpl;
-protected:
- KeychainImpl(const CssmClient::Db &db);
-
-protected:
- // Methods called by ItemImpl;
- void didUpdate(const Item &inItem, PrimaryKey &oldPK,
- PrimaryKey &newPK);
- void completeAdd(Item &item, PrimaryKey &key);
-
-public:
- virtual ~KeychainImpl();
-
- Mutex* getKeychainMutex();
- Mutex* getMutexForObject();
- void aboutToDestruct();
-
- bool operator ==(const KeychainImpl &) const;
-
- // Item calls
- void add(Item &item);
- void addCopy(Item &item);
- void deleteItem(Item &item); // item must be persistent.
-
- // Keychain calls
- void create(UInt32 passwordLength, const void *inPassword);
- void createWithBlob(CssmData &blob);
- void create(ConstStringPtr inPassword);
- void create();
- void create(const ResourceControlContext *rcc);
- void open();
-
- // Locking and unlocking a keychain.
- void lock();
- void unlock();
- void unlock(const CssmData &password);
- void unlock(ConstStringPtr password); // @@@ This has a length limit, we should remove it.
- void stash();
- void stashCheck();
-
- void getSettings(uint32 &outIdleTimeOut, bool &outLockOnSleep);
- void setSettings(uint32 inIdleTimeOut, bool inLockOnSleep);
-
- // Passing in NULL for either oldPassword or newPassword will cause them to be prompted for.
- // To specify a zero length password in either case the oldPasswordLength or newPasswordLength
- // value must be 0 and the oldPassword or newPassword must not be NULL.
- void changePassphrase(UInt32 oldPasswordLength, const void *oldPassword,
- UInt32 newPasswordLength, const void *newPassword);
- void changePassphrase(ConstStringPtr oldPassword, ConstStringPtr newPassword);
-
- void authenticate(const CSSM_ACCESS_CREDENTIALS *cred); // Does not do an unlock.
-
- const char *name() const { return mDb->name(); }
- UInt32 status() const;
- bool exists();
- bool isActive() const;
-
- KCCursor createCursor(const SecKeychainAttributeList *attrList);
- KCCursor createCursor(SecItemClass itemClass, const SecKeychainAttributeList *attrList);
- CssmClient::Db database() { return mDb; }
- DLDbIdentifier dlDbIdentifier() const { return mDb->dlDbIdentifier(); }
-
- CssmClient::CSP csp();
-
- PrimaryKey makePrimaryKey(CSSM_DB_RECORDTYPE recordType, CssmClient::DbUniqueRecord &uniqueId);
- void gatherPrimaryKeyAttributes(CssmClient::DbAttributes& primaryKeyAttrs);
-
- const CssmAutoDbRecordAttributeInfo &primaryKeyInfosFor(CSSM_DB_RECORDTYPE recordType);
-
- Item item(const PrimaryKey& primaryKey);
- Item item(CSSM_DB_RECORDTYPE recordType, CssmClient::DbUniqueRecord &uniqueId);
-
- CssmDbAttributeInfo attributeInfoFor(CSSM_DB_RECORDTYPE recordType, UInt32 tag);
- void getAttributeInfoForItemID(CSSM_DB_RECORDTYPE itemID, SecKeychainAttributeInfo **Info);
- static void freeAttributeInfo(SecKeychainAttributeInfo *Info);
- KeychainSchema keychainSchema();
- void resetSchema();
- void didDeleteItem(ItemImpl *inItemImpl);
-
- void recode(const CssmData &data, const CssmData &extraData);
- void copyBlob(CssmData &dbBlob);
-
- void setBatchMode(Boolean mode, Boolean rollBack);
-
- // yield default open() credentials for this keychain (as of now)
- const AccessCredentials *defaultCredentials();
-
- // Only call these functions while holding globals().apiLock.
- bool inCache() const throw() { return mInCache; }
- void inCache(bool inCache) throw() { mInCache = inCache; }
-
- void postEvent(SecKeychainEvent kcEvent, ItemImpl* item);
-
- void addItem(const PrimaryKey &primaryKey, ItemImpl *dbItemImpl);
-
- bool mayDelete();
-
-private:
- void removeItem(const PrimaryKey &primaryKey, ItemImpl *inItemImpl);
- ItemImpl *_lookupItem(const PrimaryKey &primaryKey);
-
- const AccessCredentials *makeCredentials();
-
- typedef map<PrimaryKey, __weak ItemImpl *> DbItemMap;
- // Weak reference map of all items we know about that have a primaryKey
- DbItemMap mDbItemMap;
- // True iff we are in the cache of keychains in StorageManager
- bool mInCache;
-
- CssmClient::Db mDb;
-
- KeychainSchema mKeychainSchema;
-
- // Data for auto-unlock credentials
- DefaultCredentials mCustomUnlockCreds;
- bool mIsInBatchMode;
- EventBuffer *mEventBuffer;
- Mutex mMutex;
-};
-
-
-CFIndex GetKeychainRetainCount(Keychain& kc);
-
-class Keychain : public SecPointer<KeychainImpl>
-{
-public:
- Keychain();
- Keychain(KeychainImpl *impl) : SecPointer<KeychainImpl>(impl) {}
- ~Keychain();
-
- static Keychain optional(SecKeychainRef handle);
-
-private:
- friend class StorageManager;
- Keychain(const CssmClient::Db &db)
- : SecPointer<KeychainImpl>(new KeychainImpl(db)) {}
-
- typedef KeychainImpl Impl;
-};
-
-
-} // end namespace KeychainCore
-
-} // end namespace Security
-
-#endif // !_SECURITY_KEYCHAINS_H_
projects / apple / security.git / blobdiff