--- /dev/null
+/*
+ * Copyright (c) 2000-2004,2011-2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+
+//
+// Item.cpp
+//
+
+#include "Item.h"
+
+#include "Certificate.h"
+#include "KeyItem.h"
+#include "ExtendedAttribute.h"
+
+#include "Globals.h"
+#include <security_cdsa_utilities/Schema.h>
+#include "KCEventNotifier.h"
+#include "KCExceptions.h"
+#include "cssmdatetime.h"
+#include <security_cdsa_client/keychainacl.h>
+#include <security_utilities/osxcode.h>
+#include <security_utilities/trackingallocator.h>
+#include <Security/SecKeychainItemPriv.h>
+#include <Security/cssmapple.h>
+#include <CommonCrypto/CommonDigest.h>
+
+#define SENDACCESSNOTIFICATIONS 1
+
+//%%% schema indexes should be defined in Schema.h
+#define _kSecAppleSharePasswordItemClass 'ashp'
+#define APPLEDB_CSSM_PRINTNAME_ATTRIBUTE 1 /* schema index for label attribute of keys or certificates */
+#define APPLEDB_GENERIC_PRINTNAME_ATTRIBUTE 7 /* schema index for label attribute of password items */
+#define IS_PASSWORD_ITEM_CLASS(X) ( (X) == kSecInternetPasswordItemClass || \
+ (X) == kSecGenericPasswordItemClass || \
+ (X) == _kSecAppleSharePasswordItemClass ) ? 1 : 0
+
+using namespace KeychainCore;
+using namespace CSSMDateTimeUtils;
+
+//
+// ItemImpl
+//
+
+// NewItemImpl constructor
+ItemImpl::ItemImpl(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data, bool dontDoAttributes)
+ : mDbAttributes(new DbAttributes()),
+ mKeychain(NULL),
+ secd_PersistentRef(NULL),
+ mDoNotEncrypt(false),
+ mInCache(false),
+ mMutex(Mutex::recursive)
+{
+ if (length && data)
+ mData = new CssmDataContainer(data, length);
+
+ mDbAttributes->recordType(Schema::recordTypeFor(itemClass));
+
+ if (itemCreator)
+ mDbAttributes->add(Schema::attributeInfo(kSecCreatorItemAttr), itemCreator);
+}
+
+ItemImpl::ItemImpl(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data)
+ : mDbAttributes(new DbAttributes()),
+ mKeychain(NULL),
+ secd_PersistentRef(NULL),
+ mDoNotEncrypt(false),
+ mInCache(false),
+ mMutex(Mutex::recursive)
+{
+ if (length && data)
+ mData = new CssmDataContainer(data, length);
+
+
+ mDbAttributes->recordType(Schema::recordTypeFor(itemClass));
+
+ if(attrList)
+ {
+ for(UInt32 i=0; i < attrList->count; i++)
+ {
+ mDbAttributes->add(Schema::attributeInfo(attrList->attr[i].tag), CssmData(attrList->attr[i].data, attrList->attr[i].length));
+ }
+ }
+}
+
+// DbItemImpl constructor
+ItemImpl::ItemImpl(const Keychain &keychain, const PrimaryKey &primaryKey, const DbUniqueRecord &uniqueId)
+ : mUniqueId(uniqueId), mKeychain(keychain), mPrimaryKey(primaryKey),
+ secd_PersistentRef(NULL), mDoNotEncrypt(false), mInCache(false),
+ mMutex(Mutex::recursive)
+{
+}
+
+// PrimaryKey ItemImpl constructor
+ItemImpl::ItemImpl(const Keychain &keychain, const PrimaryKey &primaryKey)
+: mKeychain(keychain), mPrimaryKey(primaryKey), secd_PersistentRef(NULL), mDoNotEncrypt(false),
+ mInCache(false),
+ mMutex(Mutex::recursive)
+{
+}
+
+ItemImpl* ItemImpl::make(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId)
+{
+ ItemImpl* ii = new ItemImpl(keychain, primaryKey, uniqueId);
+ keychain->addItem(primaryKey, ii);
+ return ii;
+}
+
+
+
+ItemImpl* ItemImpl::make(const Keychain &keychain, const PrimaryKey &primaryKey)
+{
+ ItemImpl* ii = new ItemImpl(keychain, primaryKey);
+ keychain->addItem(primaryKey, ii);
+ return ii;
+}
+
+
+
+// Constructor used when copying an item to a keychain.
+
+ItemImpl::ItemImpl(ItemImpl &item) :
+ mData(item.modifiedData() ? NULL : new CssmDataContainer()),
+ mDbAttributes(new DbAttributes()),
+ mKeychain(NULL),
+ secd_PersistentRef(NULL),
+ mDoNotEncrypt(false),
+ mInCache(false),
+ mMutex(Mutex::recursive)
+{
+ mDbAttributes->recordType(item.recordType());
+ CSSM_DB_RECORD_ATTRIBUTE_INFO *schemaAttributes = NULL;
+
+ if (item.mKeychain) {
+ // get the entire source item from its keychain. This requires figuring
+ // out the schema for the item based on its record type.
+
+ for (uint32 i = 0; i < Schema::DBInfo.NumberOfRecordTypes; i++)
+ if (item.recordType() == Schema::DBInfo.RecordAttributeNames[i].DataRecordType) {
+ schemaAttributes = &Schema::DBInfo.RecordAttributeNames[i];
+ break;
+ }
+
+ if (schemaAttributes == NULL)
+ // the source item is invalid
+ MacOSError::throwMe(errSecInvalidItemRef);
+
+ for (uint32 i = 0; i < schemaAttributes->NumberOfAttributes; i++)
+ mDbAttributes->add(schemaAttributes->AttributeInfo[i]);
+
+ item.getContent(mDbAttributes.get(), mData.get());
+ }
+
+ // @@@ We don't deal with modified attributes.
+
+ if (item.modifiedData())
+ // the copied data comes from the source item
+ mData = new CssmDataContainer(item.modifiedData()->Data,
+ item.modifiedData()->Length);
+}
+
+ItemImpl::~ItemImpl()
+{
+ if (secd_PersistentRef) {
+ CFRelease(secd_PersistentRef);
+ }
+}
+
+
+
+Mutex*
+ItemImpl::getMutexForObject()
+{
+ if (mKeychain.get())
+ {
+ return mKeychain->getKeychainMutex();
+ }
+
+ return NULL;
+}
+
+
+
+void
+ItemImpl::aboutToDestruct()
+{
+ if (mKeychain && *mPrimaryKey)
+ {
+ mKeychain->removeItem(mPrimaryKey, this);
+ }
+}
+
+
+
+void
+ItemImpl::didModify()
+{
+ StLock<Mutex>_(mMutex);
+ mData = NULL;
+ mDbAttributes.reset(NULL);
+}
+
+const CSSM_DATA &
+ItemImpl::defaultAttributeValue(const CSSM_DB_ATTRIBUTE_INFO &info)
+{
+ static const uint32 zeroInt = 0;
+ static const double zeroDouble = 0.0;
+ static const char timeBytes[] = "20010101000000Z";
+
+ static const CSSM_DATA defaultFourBytes = { 4, (uint8 *) &zeroInt };
+ static const CSSM_DATA defaultEightBytes = { 8, (uint8 *) &zeroDouble };
+ static const CSSM_DATA defaultTime = { 16, (uint8 *) timeBytes };
+ static const CSSM_DATA defaultZeroBytes = { 0, NULL };
+
+ switch (info.AttributeFormat)
+ {
+ case CSSM_DB_ATTRIBUTE_FORMAT_SINT32:
+ case CSSM_DB_ATTRIBUTE_FORMAT_UINT32:
+ return defaultFourBytes;
+
+ case CSSM_DB_ATTRIBUTE_FORMAT_REAL:
+ return defaultEightBytes;
+
+ case CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE:
+ return defaultTime;
+
+ default:
+ return defaultZeroBytes;
+ }
+}
+
+
+
+PrimaryKey ItemImpl::addWithCopyInfo (Keychain &keychain, bool isCopy)
+{
+ StLock<Mutex>_(mMutex);
+ // If we already have a Keychain we can't be added.
+ if (mKeychain)
+ MacOSError::throwMe(errSecDuplicateItem);
+
+ // If we don't have any attributes we can't be added.
+ // (this might occur if attempting to add the item twice, since our attributes
+ // and data are set to NULL at the end of this function.)
+ if (!mDbAttributes.get())
+ MacOSError::throwMe(errSecDuplicateItem);
+
+ CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType();
+
+ // update the creation and update dates on the new item
+ if (!isCopy)
+ {
+ KeychainSchema schema = keychain->keychainSchema();
+ SInt64 date;
+ GetCurrentMacLongDateTime(date);
+ if (schema->hasAttribute(recordType, kSecCreationDateItemAttr))
+ {
+ setAttribute(schema->attributeInfoFor(recordType, kSecCreationDateItemAttr), date);
+ }
+
+ if (schema->hasAttribute(recordType, kSecModDateItemAttr))
+ {
+ setAttribute(schema->attributeInfoFor(recordType, kSecModDateItemAttr), date);
+ }
+ }
+
+ // If the label (PrintName) attribute isn't specified, set a default label.
+ if (!mDoNotEncrypt && !mDbAttributes->find(Schema::attributeInfo(kSecLabelItemAttr)))
+ {
+ // if doNotEncrypt was set all of the attributes are wrapped in the data blob. Don't calculate here.
+ CssmDbAttributeData *label = NULL;
+ switch (recordType)
+ {
+ case CSSM_DL_DB_RECORD_GENERIC_PASSWORD:
+ label = mDbAttributes->find(Schema::attributeInfo(kSecServiceItemAttr));
+ break;
+
+ case CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD:
+ case CSSM_DL_DB_RECORD_INTERNET_PASSWORD:
+ label = mDbAttributes->find(Schema::attributeInfo(kSecServerItemAttr));
+ // if AppleShare server name wasn't specified, try the server address
+ if (!label) label = mDbAttributes->find(Schema::attributeInfo(kSecAddressItemAttr));
+ break;
+
+ default:
+ break;
+ }
+ // if all else fails, use the account name.
+ if (!label)
+ label = mDbAttributes->find(Schema::attributeInfo(kSecAccountItemAttr));
+
+ if (label && label->size())
+ setAttribute (Schema::attributeInfo(kSecLabelItemAttr), label->at<CssmData>(0));
+ }
+
+ // get the attributes that are part of the primary key
+ const CssmAutoDbRecordAttributeInfo &primaryKeyInfos =
+ keychain->primaryKeyInfosFor(recordType);
+
+ // make sure each primary key element has a value in the item, otherwise
+ // the database will complain. we make a set of the provided attribute infos
+ // to avoid O(N^2) behavior.
+
+ DbAttributes *attributes = mDbAttributes.get();
+ typedef set<CssmDbAttributeInfo> InfoSet;
+ InfoSet infoSet;
+
+ if (!mDoNotEncrypt)
+ {
+ // make a set of all the attributes in the key
+ for (uint32 i = 0; i < attributes->size(); i++)
+ infoSet.insert(attributes->at(i).Info);
+
+ for (uint32 i = 0; i < primaryKeyInfos.size(); i++) { // check to make sure all required attributes are in the key
+ InfoSet::const_iterator it = infoSet.find(primaryKeyInfos.at(i));
+
+ if (it == infoSet.end()) { // not in the key? add the default
+ // we need to add a default value to the item attributes
+ attributes->add(primaryKeyInfos.at(i), defaultAttributeValue(primaryKeyInfos.at(i)));
+ }
+ }
+ }
+
+ Db db(keychain->database());
+ if (mDoNotEncrypt)
+ {
+ mUniqueId = db->insertWithoutEncryption (recordType, NULL, mData.get());
+ }
+ else if (useSecureStorage(db))
+ {
+ // Add the item to the secure storage db
+ SSDbImpl* impl = dynamic_cast<SSDbImpl *>(&(*db));
+ if (impl == NULL)
+ {
+ CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER);
+ }
+
+ SSDb ssDb(impl);
+
+ TrackingAllocator allocator(Allocator::standard());
+
+ // hhs replaced with the new aclFactory class
+ AclFactory aclFactory;
+ const AccessCredentials *nullCred = aclFactory.nullCred();
+
+ SecPointer<Access> access = mAccess;
+ if (!access) {
+ // create default access controls for the new item
+ CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(kSecLabelItemAttr));
+ string printName = data ? CssmData::overlay(data->Value[0]).toString() : "keychain item";
+ access = new Access(printName);
+
+ // special case for "iTools" password - allow anyone to decrypt the item
+ if (recordType == CSSM_DL_DB_RECORD_GENERIC_PASSWORD)
+ {
+ CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(kSecServiceItemAttr));
+ if (data && data->Value[0].Length == 6 && !memcmp("iTools", data->Value[0].Data, 6))
+ {
+ typedef vector<SecPointer<ACL> > AclSet;
+ AclSet acls;
+ access->findAclsForRight(CSSM_ACL_AUTHORIZATION_DECRYPT, acls);
+ for (AclSet::const_iterator it = acls.begin(); it != acls.end(); it++)
+ (*it)->form(ACL::allowAllForm);
+ }
+ }
+ }
+
+ // Get the handle of the DL underlying this CSPDL.
+ CSSM_DL_DB_HANDLE dldbh;
+ db->passThrough(CSSM_APPLECSPDL_DB_GET_HANDLE, NULL,
+ reinterpret_cast<void **>(&dldbh));
+
+ // Turn off autocommit on the underlying DL and remember the old state.
+ CSSM_BOOL autoCommit = CSSM_TRUE;
+ ObjectImpl::check(CSSM_DL_PassThrough(dldbh,
+ CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT,
+ 0, reinterpret_cast<void **>(&autoCommit)));
+
+ try
+ {
+ // Create a new SSGroup with temporary access controls
+ Access::Maker maker;
+ ResourceControlContext prototype;
+ maker.initialOwner(prototype, nullCred);
+ SSGroup ssGroup(ssDb, &prototype);
+
+ try
+ {
+ // Insert the record using the newly created group.
+ mUniqueId = ssDb->insert(recordType, mDbAttributes.get(),
+ mData.get(), ssGroup, maker.cred());
+ }
+ catch(...)
+ {
+ ssGroup->deleteKey(nullCred);
+ throw;
+ }
+
+ // now finalize the access controls on the group
+ access->setAccess(*ssGroup, maker);
+ mAccess = NULL; // use them and lose them
+ if (autoCommit)
+ {
+ // autoCommit was on so commit now that we are done and turn
+ // it back on.
+ ObjectImpl::check(CSSM_DL_PassThrough(dldbh,
+ CSSM_APPLEFILEDL_COMMIT, NULL, NULL));
+ CSSM_DL_PassThrough(dldbh, CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT,
+ reinterpret_cast<const void *>(autoCommit), NULL);
+ }
+ }
+ catch (...)
+ {
+ if (autoCommit)
+ {
+ // autoCommit was off so rollback since we failed and turn
+ // autoCommit back on.
+ CSSM_DL_PassThrough(dldbh, CSSM_APPLEFILEDL_ROLLBACK, NULL, NULL);
+ CSSM_DL_PassThrough(dldbh, CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT,
+ reinterpret_cast<const void *>(autoCommit), NULL);
+ }
+ throw;
+ }
+ }
+ else
+ {
+ // add the item to the (regular) db
+ mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get());
+ }
+
+ mPrimaryKey = keychain->makePrimaryKey(recordType, mUniqueId);
+ mKeychain = keychain;
+
+ // Forget our data and attributes.
+ mData = NULL;
+ mDbAttributes.reset(NULL);
+
+ return mPrimaryKey;
+}
+
+
+
+PrimaryKey
+ItemImpl::add (Keychain &keychain)
+{
+ return addWithCopyInfo (keychain, false);
+}
+
+
+
+Item
+ItemImpl::copyTo(const Keychain &keychain, Access *newAccess)
+{
+ StLock<Mutex>_(mMutex);
+ Item item(*this);
+ if (newAccess)
+ item->setAccess(newAccess);
+ else
+ {
+ /* Attempt to copy the access from the current item to the newly created one. */
+ SSGroup myGroup = group();
+ if (myGroup)
+ {
+ SecPointer<Access> access = new Access(*myGroup);
+ item->setAccess(access);
+ }
+ }
+
+ keychain->addCopy(item);
+ return item;
+}
+
+void
+ItemImpl::update()
+{
+ StLock<Mutex>_(mMutex);
+ if (!mKeychain)
+ MacOSError::throwMe(errSecNoSuchKeychain);
+
+ // Don't update if nothing changed.
+ if (!isModified())
+ return;
+
+ CSSM_DB_RECORDTYPE aRecordType = recordType();
+ KeychainSchema schema = mKeychain->keychainSchema();
+
+ // Update the modification date on the item if there is a mod date attribute.
+ if (schema->hasAttribute(aRecordType, kSecModDateItemAttr))
+ {
+ SInt64 date;
+ GetCurrentMacLongDateTime(date);
+ setAttribute(schema->attributeInfoFor(aRecordType, kSecModDateItemAttr), date);
+ }
+
+ // Make sure that we have mUniqueId
+ dbUniqueRecord();
+ Db db(mUniqueId->database());
+ if (mDoNotEncrypt)
+ {
+ CSSM_DB_RECORD_ATTRIBUTE_DATA attrData;
+ memset (&attrData, 0, sizeof (attrData));
+ attrData.DataRecordType = aRecordType;
+
+ mUniqueId->modifyWithoutEncryption(aRecordType,
+ &attrData,
+ mData.get(),
+ CSSM_DB_MODIFY_ATTRIBUTE_REPLACE);
+ }
+ else if (useSecureStorage(db))
+ {
+ // Add the item to the secure storage db
+ SSDbUniqueRecordImpl * impl = dynamic_cast<SSDbUniqueRecordImpl *>(&(*mUniqueId));
+ if (impl == NULL)
+ {
+ CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER);
+ }
+
+ SSDbUniqueRecord ssUniqueId(impl);
+
+ // @@@ Share this instance
+ const AccessCredentials *autoPrompt = globals().itemCredentials();
+
+
+ // Only call this is user interaction is enabled.
+ ssUniqueId->modify(aRecordType,
+ mDbAttributes.get(),
+ mData.get(),
+ CSSM_DB_MODIFY_ATTRIBUTE_REPLACE,
+ autoPrompt);
+ }
+ else
+ {
+ mUniqueId->modify(aRecordType,
+ mDbAttributes.get(),
+ mData.get(),
+ CSSM_DB_MODIFY_ATTRIBUTE_REPLACE);
+ }
+
+ if (!mDoNotEncrypt)
+ {
+ PrimaryKey oldPK = mPrimaryKey;
+ mPrimaryKey = mKeychain->makePrimaryKey(aRecordType, mUniqueId);
+
+ // Forget our data and attributes.
+ mData = NULL;
+ mDbAttributes.reset(NULL);
+
+ // Let the Keychain update what it needs to.
+ mKeychain->didUpdate(this, oldPK, mPrimaryKey);
+ }
+}
+
+void
+ItemImpl::getClass(SecKeychainAttribute &attr, UInt32 *actualLength)
+{
+ StLock<Mutex>_(mMutex);
+ if (actualLength)
+ *actualLength = sizeof(SecItemClass);
+
+ if (attr.length < sizeof(SecItemClass))
+ MacOSError::throwMe(errSecBufferTooSmall);
+
+ SecItemClass aClass = Schema::itemClassFor(recordType());
+ memcpy(attr.data, &aClass, sizeof(SecItemClass));
+}
+
+void
+ItemImpl::setAttribute(SecKeychainAttribute& attr)
+{
+ StLock<Mutex>_(mMutex);
+ setAttribute(Schema::attributeInfo(attr.tag), CssmData(attr.data, attr.length));
+}
+
+CSSM_DB_RECORDTYPE
+ItemImpl::recordType()
+{
+ StLock<Mutex>_(mMutex);
+ if (mDbAttributes.get())
+ return mDbAttributes->recordType();
+
+ return mPrimaryKey->recordType();
+}
+
+const DbAttributes *
+ItemImpl::modifiedAttributes()
+{
+ StLock<Mutex>_(mMutex);
+ return mDbAttributes.get();
+}
+
+const CssmData *
+ItemImpl::modifiedData()
+{
+ StLock<Mutex>_(mMutex);
+ return mData.get();
+}
+
+void
+ItemImpl::setData(UInt32 length,const void *data)
+{
+ StLock<Mutex>_(mMutex);
+ mData = new CssmDataContainer(data, length);
+}
+
+void
+ItemImpl::setAccess(Access *newAccess)
+{
+ StLock<Mutex>_(mMutex);
+ mAccess = newAccess;
+}
+
+CssmClient::DbUniqueRecord
+ItemImpl::dbUniqueRecord()
+{
+ StLock<Mutex>_(mMutex);
+ if (!isPersistent()) // is there no database attached?
+ {
+ MacOSError::throwMe(errSecNotAvailable);
+ }
+
+ if (!mUniqueId)
+ {
+ DbCursor cursor(mPrimaryKey->createCursor(mKeychain));
+ if (!cursor->next(NULL, NULL, mUniqueId))
+ MacOSError::throwMe(errSecInvalidItemRef);
+ }
+
+ return mUniqueId;
+}
+
+PrimaryKey
+ItemImpl::primaryKey()
+{
+ return mPrimaryKey;
+}
+
+bool
+ItemImpl::isPersistent()
+{
+ return mKeychain;
+}
+
+bool
+ItemImpl::isModified()
+{
+ StLock<Mutex>_(mMutex);
+ return mData.get() || mDbAttributes.get();
+}
+
+Keychain
+ItemImpl::keychain()
+{
+ return mKeychain;
+}
+
+bool
+ItemImpl::operator < (const ItemImpl &other)
+{
+ if (mData && *mData)
+ {
+ // Pointer compare
+ return this < &other;
+ }
+
+ return mPrimaryKey < other.mPrimaryKey;
+}
+
+void
+ItemImpl::setAttribute(const CssmDbAttributeInfo &info, const CssmPolyData &data)
+{
+ StLock<Mutex>_(mMutex);
+ if (!mDbAttributes.get())
+ {
+ mDbAttributes.reset(new DbAttributes());
+ mDbAttributes->recordType(mPrimaryKey->recordType());
+ }
+
+ size_t length = data.Length;
+ const void *buf = reinterpret_cast<const void *>(data.Data);
+ uint8 timeString[16];
+
+ // XXX This code is duplicated in KCCursorImpl::KCCursorImpl()
+ // Convert a 4 or 8 byte TIME_DATE to a CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE
+ // style attribute value.
+ if (info.format() == CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE)
+ {
+ if (length == sizeof(UInt32))
+ {
+ MacSecondsToTimeString(*reinterpret_cast<const UInt32 *>(buf), 16, &timeString);
+ buf = &timeString;
+ length = 16;
+ }
+ else if (length == sizeof(SInt64))
+ {
+ MacLongDateTimeToTimeString(*reinterpret_cast<const SInt64 *>(buf), 16, &timeString);
+ buf = &timeString;
+ length = 16;
+ }
+ }
+
+ mDbAttributes->add(info, CssmData(const_cast<void*>(buf), length));
+}
+
+void
+ItemImpl::modifyContent(const SecKeychainAttributeList *attrList, UInt32 dataLength, const void *inData)
+{
+ StLock<Mutex>_(mMutex);
+ if (!mDbAttributes.get())
+ {
+ mDbAttributes.reset(new DbAttributes());
+ mDbAttributes->recordType(mPrimaryKey->recordType());
+ }
+
+ if(attrList) // optional
+ {
+ for(UInt32 ix=0; ix < attrList->count; ix++)
+ {
+ SecKeychainAttrType attrTag = attrList->attr[ix].tag;
+
+ if (attrTag == APPLEDB_CSSM_PRINTNAME_ATTRIBUTE)
+ {
+ // must remap a caller-supplied kSecKeyPrintName attribute tag for key items, since it isn't in the schema
+ // (note that this will ultimately match kGenericPrintName in Schema.cpp)
+ attrTag = kSecLabelItemAttr;
+ }
+
+ mDbAttributes->add(Schema::attributeInfo(attrTag), CssmData(attrList->attr[ix].data, attrList->attr[ix].length));
+ }
+ }
+
+ if(inData)
+ {
+ mData = new CssmDataContainer(inData, dataLength);
+ }
+
+ update();
+}
+
+void
+ItemImpl::getContent(SecItemClass *itemClass, SecKeychainAttributeList *attrList, UInt32 *length, void **outData)
+{
+ StLock<Mutex>_(mMutex);
+ // If the data hasn't been set we can't return it.
+ if (!mKeychain && outData)
+ {
+ CssmData *data = mData.get();
+ if (!data)
+ MacOSError::throwMe(errSecDataNotAvailable);
+ }
+ // TODO: need to check and make sure attrs are valid and handle error condition
+
+
+ if (itemClass)
+ *itemClass = Schema::itemClassFor(recordType());
+
+ bool getDataFromDatabase = mKeychain && mPrimaryKey;
+ if (getDataFromDatabase) // are we attached to a database?
+ {
+ dbUniqueRecord();
+
+ // get the number of attributes requested by the caller
+ UInt32 attrCount = attrList ? attrList->count : 0;
+
+ // make a DBAttributes structure and populate it
+ DbAttributes dbAttributes(mUniqueId->database(), attrCount);
+ for (UInt32 ix = 0; ix < attrCount; ++ix)
+ {
+ dbAttributes.add(Schema::attributeInfo(attrList->attr[ix].tag));
+ }
+
+ // request the data from the database (since we are a reference "item" and the data is really stored there)
+ CssmDataContainer itemData;
+ getContent(&dbAttributes, outData ? &itemData : NULL);
+
+ // retrieve the data from result
+ for (UInt32 ix = 0; ix < attrCount; ++ix)
+ {
+ if (dbAttributes.at(ix).NumberOfValues > 0)
+ {
+ attrList->attr[ix].data = dbAttributes.at(ix).Value[0].Data;
+ attrList->attr[ix].length = (UInt32)dbAttributes.at(ix).Value[0].Length;
+
+ // We don't want the data released, it is up the client
+ dbAttributes.at(ix).Value[0].Data = NULL;
+ dbAttributes.at(ix).Value[0].Length = 0;
+ }
+ else
+ {
+ attrList->attr[ix].data = NULL;
+ attrList->attr[ix].length = 0;
+ }
+ }
+
+ // clean up
+ if (outData)
+ {
+ *outData=itemData.data();
+ itemData.Data = NULL;
+
+ if (length)
+ *length=(UInt32)itemData.length();
+ itemData.Length = 0;
+ }
+ }
+ else
+ {
+ getLocalContent(attrList, length, outData);
+ }
+
+ // Inform anyone interested that we are doing this
+#if SENDACCESSNOTIFICATIONS
+ if (outData)
+ {
+ secdebug("kcnotify", "ItemImpl::getContent(%p, %p, %p, %p) retrieved content",
+ itemClass, attrList, length, outData);
+
+ KCEventNotifier::PostKeychainEvent(kSecDataAccessEvent, mKeychain, this);
+ }
+#endif
+}
+
+void
+ItemImpl::freeContent(SecKeychainAttributeList *attrList, void *data)
+{
+ Allocator &allocator = Allocator::standard(); // @@@ This might not match the one used originally
+ if (data)
+ allocator.free(data);
+
+ UInt32 attrCount = attrList ? attrList->count : 0;
+ for (UInt32 ix = 0; ix < attrCount; ++ix)
+ {
+ allocator.free(attrList->attr[ix].data);
+ attrList->attr[ix].data = NULL;
+ }
+}
+
+void
+ItemImpl::modifyAttributesAndData(const SecKeychainAttributeList *attrList, UInt32 dataLength, const void *inData)
+{
+ StLock<Mutex>_(mMutex);
+ if (!mKeychain)
+ MacOSError::throwMe(errSecNoSuchKeychain);
+
+ if (!mDoNotEncrypt)
+ {
+ if (!mDbAttributes.get())
+ {
+ mDbAttributes.reset(new DbAttributes());
+ mDbAttributes->recordType(mPrimaryKey->recordType());
+ }
+
+ CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType();
+ UInt32 attrCount = attrList ? attrList->count : 0;
+ for (UInt32 ix = 0; ix < attrCount; ix++)
+ {
+ SecKeychainAttrType attrTag = attrList->attr[ix].tag;
+
+ if (attrTag == kSecLabelItemAttr)
+ {
+ // must remap a caller-supplied label attribute tag for password items, since it isn't in the schema
+ // (note that this will ultimately match kGenericPrintName in Schema.cpp)
+ if (IS_PASSWORD_ITEM_CLASS( Schema::itemClassFor(recordType) ))
+ attrTag = APPLEDB_GENERIC_PRINTNAME_ATTRIBUTE;
+ }
+
+ CssmDbAttributeInfo info=mKeychain->attributeInfoFor(recordType, attrTag);
+
+ if (attrList->attr[ix].length || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_STRING || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_BLOB
+ || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_STRING || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_BIG_NUM
+ || info.AttributeFormat==CSSM_DB_ATTRIBUTE_FORMAT_MULTI_UINT32)
+ mDbAttributes->add(info, CssmData(attrList->attr[ix].data, attrList->attr[ix].length));
+ else
+ mDbAttributes->add(info);
+ }
+ }
+
+ if(inData)
+ {
+ mData = new CssmDataContainer(inData, dataLength);
+ }
+
+ update();
+}
+
+void
+ItemImpl::getAttributesAndData(SecKeychainAttributeInfo *info, SecItemClass *itemClass,
+ SecKeychainAttributeList **attrList, UInt32 *length, void **outData)
+{
+ StLock<Mutex>_(mMutex);
+ // If the data hasn't been set we can't return it.
+ if (!mKeychain && outData)
+ {
+ CssmData *data = mData.get();
+ if (!data)
+ MacOSError::throwMe(errSecDataNotAvailable);
+ }
+ // TODO: need to check and make sure attrs are valid and handle error condition
+
+ SecItemClass myItemClass = Schema::itemClassFor(recordType());
+ if (itemClass)
+ *itemClass = myItemClass;
+
+ // @@@ This call won't work for floating items (like certificates).
+ dbUniqueRecord();
+
+ UInt32 attrCount = info ? info->count : 0;
+ DbAttributes dbAttributes(mUniqueId->database(), attrCount);
+ for (UInt32 ix = 0; ix < attrCount; ix++)
+ {
+ CssmDbAttributeData &record = dbAttributes.add();
+ record.Info.AttributeNameFormat=CSSM_DB_ATTRIBUTE_NAME_AS_INTEGER;
+ record.Info.Label.AttributeID=info->tag[ix];
+
+ if (record.Info.Label.AttributeID == kSecLabelItemAttr)
+ {
+ // must remap a caller-supplied label attribute tag for password items, since it isn't in the schema
+ if (IS_PASSWORD_ITEM_CLASS( myItemClass ))
+ record.Info.Label.AttributeID = APPLEDB_GENERIC_PRINTNAME_ATTRIBUTE;
+ }
+ }
+
+ CssmDataContainer itemData;
+ getContent(&dbAttributes, outData ? &itemData : NULL);
+
+ if (info && attrList)
+ {
+ SecKeychainAttributeList *theList=reinterpret_cast<SecKeychainAttributeList *>(malloc(sizeof(SecKeychainAttributeList)));
+ SecKeychainAttribute *attr=reinterpret_cast<SecKeychainAttribute *>(malloc(sizeof(SecKeychainAttribute)*attrCount));
+ theList->count=attrCount;
+ theList->attr=attr;
+
+ for (UInt32 ix = 0; ix < attrCount; ++ix)
+ {
+ attr[ix].tag=info->tag[ix];
+
+ if (dbAttributes.at(ix).NumberOfValues > 0)
+ {
+ attr[ix].data = dbAttributes.at(ix).Value[0].Data;
+ attr[ix].length = (UInt32)dbAttributes.at(ix).Value[0].Length;
+
+ // We don't want the data released, it is up the client
+ dbAttributes.at(ix).Value[0].Data = NULL;
+ dbAttributes.at(ix).Value[0].Length = 0;
+ }
+ else
+ {
+ attr[ix].data = NULL;
+ attr[ix].length = 0;
+ }
+ }
+ *attrList=theList;
+ }
+
+ if (outData)
+ {
+ *outData=itemData.data();
+ itemData.Data=NULL;
+
+ if (length) *length=(UInt32)itemData.length();
+ itemData.Length=0;
+
+#if SENDACCESSNOTIFICATIONS
+ secdebug("kcnotify", "ItemImpl::getAttributesAndData(%p, %p, %p, %p, %p) retrieved data",
+ info, itemClass, attrList, length, outData);
+
+ KCEventNotifier::PostKeychainEvent(kSecDataAccessEvent, mKeychain, this);
+#endif
+ }
+
+}
+
+void
+ItemImpl::freeAttributesAndData(SecKeychainAttributeList *attrList, void *data)
+{
+ Allocator &allocator = Allocator::standard(); // @@@ This might not match the one used originally
+
+ if (data)
+ allocator.free(data);
+
+ if (attrList)
+ {
+ for (UInt32 ix = 0; ix < attrList->count; ++ix)
+ {
+ allocator.free(attrList->attr[ix].data);
+ }
+ free(attrList->attr);
+ free(attrList);
+ }
+}
+
+void
+ItemImpl::getAttribute(SecKeychainAttribute& attr, UInt32 *actualLength)
+{
+ StLock<Mutex>_(mMutex);
+ if (attr.tag == kSecClassItemAttr)
+ return getClass(attr, actualLength);
+
+ if (mDbAttributes.get())
+ {
+ CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(attr.tag));
+ if (data)
+ {
+ getAttributeFrom(data, attr, actualLength);
+ return;
+ }
+ }
+
+ if (!mKeychain)
+ MacOSError::throwMe(errSecNoSuchAttr);
+
+ dbUniqueRecord();
+ DbAttributes dbAttributes(mUniqueId->database(), 1);
+ dbAttributes.add(Schema::attributeInfo(attr.tag));
+ mUniqueId->get(&dbAttributes, NULL);
+ getAttributeFrom(&dbAttributes.at(0), attr, actualLength);
+}
+
+void
+ItemImpl::getAttributeFrom(CssmDbAttributeData *data, SecKeychainAttribute &attr, UInt32 *actualLength)
+{
+ StLock<Mutex>_(mMutex);
+ static const uint32 zero = 0;
+ UInt32 length;
+ const void *buf = NULL;
+
+ // Temporary storage for buf.
+ sint64 macLDT;
+ uint32 macSeconds;
+ sint16 svalue16;
+ uint16 uvalue16;
+ sint8 svalue8;
+ uint8 uvalue8;
+
+ if (!data)
+ length = 0;
+ else if (data->size() < 1) // Attribute has no values.
+ {
+ if (data->format() == CSSM_DB_ATTRIBUTE_FORMAT_SINT32
+ || data->format() == CSSM_DB_ATTRIBUTE_FORMAT_UINT32)
+ {
+ length = sizeof(zero);
+ buf = &zero;
+ }
+ else if (CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE)
+ length = 0; // Should we throw here?
+ else // All other formats
+ length = 0;
+ }
+ else // Get the first value
+ {
+ length = (UInt32)data->Value[0].Length;
+ buf = data->Value[0].Data;
+
+ if (data->format() == CSSM_DB_ATTRIBUTE_FORMAT_SINT32)
+ {
+ if (attr.length == sizeof(sint8))
+ {
+ length = attr.length;
+ svalue8 = sint8(*reinterpret_cast<const sint32 *>(buf));
+ buf = &svalue8;
+ }
+ else if (attr.length == sizeof(sint16))
+ {
+ length = attr.length;
+ svalue16 = sint16(*reinterpret_cast<const sint32 *>(buf));
+ buf = &svalue16;
+ }
+ }
+ else if (data->format() == CSSM_DB_ATTRIBUTE_FORMAT_UINT32)
+ {
+ if (attr.length == sizeof(uint8))
+ {
+ length = attr.length;
+ uvalue8 = uint8(*reinterpret_cast<const uint32 *>(buf));
+ buf = &uvalue8;
+ }
+ else if (attr.length == sizeof(uint16))
+ {
+ length = attr.length;
+ uvalue16 = uint16(*reinterpret_cast<const uint32 *>(buf));
+ buf = &uvalue16;
+ }
+ }
+ else if (data->format() == CSSM_DB_ATTRIBUTE_FORMAT_TIME_DATE)
+ {
+ if (attr.length == sizeof(uint32))
+ {
+ TimeStringToMacSeconds(data->Value[0], macSeconds);
+ buf = &macSeconds;
+ length = attr.length;
+ }
+ else if (attr.length == sizeof(sint64))
+ {
+ TimeStringToMacLongDateTime(data->Value[0], macLDT);
+ buf = &macLDT;
+ length = attr.length;
+ }
+ }
+ }
+
+ if (actualLength)
+ *actualLength = length;
+
+ if (length)
+ {
+ if (attr.length < length)
+ MacOSError::throwMe(errSecBufferTooSmall);
+
+ memcpy(attr.data, buf, length);
+ }
+}
+
+void
+ItemImpl::getData(CssmDataContainer& outData)
+{
+ StLock<Mutex>_(mMutex);
+ if (!mKeychain)
+ {
+ CssmData *data = mData.get();
+ // If the data hasn't been set we can't return it.
+ if (!data)
+ MacOSError::throwMe(errSecDataNotAvailable);
+
+ outData = *data;
+ return;
+ }
+
+ getContent(NULL, &outData);
+
+#if SENDACCESSNOTIFICATIONS
+ secdebug("kcnotify", "ItemImpl::getData retrieved data");
+
+ //%%%<might> be done elsewhere, but here is good for now
+ KCEventNotifier::PostKeychainEvent(kSecDataAccessEvent, mKeychain, this);
+#endif
+}
+
+SSGroup
+ItemImpl::group()
+{
+ StLock<Mutex>_(mMutex);
+ SSGroup group;
+ if (!!mUniqueId)
+ {
+ Db db(mKeychain->database());
+ if (useSecureStorage(db))
+ {
+ group = safer_cast<SSDbUniqueRecordImpl &>(*mUniqueId).group();
+ }
+ }
+
+ return group;
+}
+
+void ItemImpl::getLocalContent(SecKeychainAttributeList *attributeList, UInt32 *outLength, void **outData)
+{
+ StLock<Mutex>_(mMutex);
+ willRead();
+ Allocator &allocator = Allocator::standard(); // @@@ This might not match the one used originally
+ if (outData)
+ {
+ CssmData *data = mData.get();
+ if (!data)
+ MacOSError::throwMe(errSecDataNotAvailable);
+
+ // Copy the data out of our internal cached copy.
+ UInt32 length = (UInt32)data->Length;
+ *outData = allocator.malloc(length);
+ memcpy(*outData, data->Data, length);
+ if (outLength)
+ *outLength = length;
+ }
+
+ if (attributeList)
+ {
+ if (!mDbAttributes.get())
+ MacOSError::throwMe(errSecDataNotAvailable);
+
+ // Pull attributes out of a "floating" item, i.e. one that isn't attached to a database
+ for (UInt32 ix = 0; ix < attributeList->count; ++ix)
+ {
+ SecKeychainAttribute &attribute = attributeList->attr[ix];
+ CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(attribute.tag));
+ if (data && data->NumberOfValues > 0)
+ {
+ // Copy the data out of our internal cached copy.
+ UInt32 length = (UInt32)data->Value[0].Length;
+ attribute.data = allocator.malloc(length);
+ memcpy(attribute.data, data->Value[0].Data, length);
+ attribute.length = length;
+ }
+ else
+ {
+ attribute.length = 0;
+ attribute.data = NULL;
+ }
+ }
+ }
+}
+
+void
+ItemImpl::getContent(DbAttributes *dbAttributes, CssmDataContainer *itemData)
+{
+ StLock<Mutex>_(mMutex);
+ // Make sure mUniqueId is set.
+ dbUniqueRecord();
+ if (itemData)
+ {
+ Db db(mUniqueId->database());
+ if (mDoNotEncrypt)
+ {
+ mUniqueId->getWithoutEncryption (dbAttributes, itemData);
+ return;
+ }
+ if (useSecureStorage(db))
+ {
+ SSDbUniqueRecordImpl* impl = dynamic_cast<SSDbUniqueRecordImpl *>(&(*mUniqueId));
+ if (impl == NULL)
+ {
+ CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER);
+ }
+
+ SSDbUniqueRecord ssUniqueId(impl);
+ const AccessCredentials *autoPrompt = globals().itemCredentials();
+ ssUniqueId->get(dbAttributes, itemData, autoPrompt);
+ return;
+ }
+ }
+
+ mUniqueId->get(dbAttributes, itemData);
+}
+
+bool
+ItemImpl::useSecureStorage(const Db &db)
+{
+ StLock<Mutex>_(mMutex);
+ switch (recordType())
+ {
+ case CSSM_DL_DB_RECORD_GENERIC_PASSWORD:
+ case CSSM_DL_DB_RECORD_INTERNET_PASSWORD:
+ case CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD:
+ if (db->dl()->subserviceMask() & CSSM_SERVICE_CSP)
+ return true;
+ break;
+ default:
+ break;
+ }
+ return false;
+}
+
+void ItemImpl::willRead()
+{
+}
+
+Item ItemImpl::makeFromPersistentReference(const CFDataRef persistentRef, bool *isIdentityRef)
+{
+ CssmData dictData((void*)::CFDataGetBytePtr(persistentRef), ::CFDataGetLength(persistentRef));
+ NameValueDictionary dict(dictData);
+
+ Keychain keychain;
+ Item item = (ItemImpl *) NULL;
+
+ if (isIdentityRef) {
+ *isIdentityRef = (dict.FindByName(IDENTITY_KEY) != 0) ? true : false;
+ }
+
+ // make sure we have a database identifier
+ if (dict.FindByName(SSUID_KEY) != 0)
+ {
+ DLDbIdentifier dlDbIdentifier = NameValueDictionary::MakeDLDbIdentifierFromNameValueDictionary(dict);
+ DLDbIdentifier newDlDbIdentifier(dlDbIdentifier.ssuid(),
+ DLDbListCFPref::ExpandTildesInPath(dlDbIdentifier.dbName()).c_str(),
+ dlDbIdentifier.dbLocation());
+
+ keychain = globals().storageManager.keychain(newDlDbIdentifier);
+
+ const NameValuePair* aDictItem = dict.FindByName(ITEM_KEY);
+ if (aDictItem && keychain)
+ {
+ PrimaryKey primaryKey(aDictItem->Value());
+ item = keychain->item(primaryKey);
+ }
+ }
+ KCThrowIf_( !item, errSecItemNotFound );
+ return item;
+}
+
+void ItemImpl::copyPersistentReference(CFDataRef &outDataRef, bool isSecIdentityRef)
+{
+ if (secd_PersistentRef) {
+ outDataRef = secd_PersistentRef;
+ return;
+ }
+ StLock<Mutex>_(mMutex);
+ // item must be in a keychain and have a primary key to be persistent
+ if (!mKeychain || !mPrimaryKey) {
+ MacOSError::throwMe(errSecItemNotFound);
+ }
+ DLDbIdentifier dlDbIdentifier = mKeychain->dlDbIdentifier();
+ DLDbIdentifier newDlDbIdentifier(dlDbIdentifier.ssuid(),
+ DLDbListCFPref::AbbreviatedPath(mKeychain->name()).c_str(),
+ dlDbIdentifier.dbLocation());
+ NameValueDictionary dict;
+ NameValueDictionary::MakeNameValueDictionaryFromDLDbIdentifier(newDlDbIdentifier, dict);
+
+ CssmData* pKey = mPrimaryKey;
+ dict.Insert (new NameValuePair(ITEM_KEY, *pKey));
+
+ if (isSecIdentityRef) {
+ uint32_t value = -1;
+ CssmData valueData((void*)&value, sizeof(value));
+ dict.Insert (new NameValuePair(IDENTITY_KEY, valueData));
+ }
+
+ // flatten the NameValueDictionary
+ CssmData dictData;
+ dict.Export(dictData);
+ outDataRef = ::CFDataCreate(kCFAllocatorDefault, dictData.Data, dictData.Length);
+ free (dictData.Data);
+}
+
+void ItemImpl::copyRecordIdentifier(CSSM_DATA &data)
+{
+ StLock<Mutex>_(mMutex);
+ CssmClient::DbUniqueRecord uniqueRecord = dbUniqueRecord ();
+ uniqueRecord->getRecordIdentifier(data);
+}
+
+/*
+ * Obtain blob used to bind a keychain item to an Extended Attribute record.
+ * We just use the PrimaryKey blob as the default. Note that for standard Items,
+ * this can cause the loss of extended attribute bindings if a Primary Key
+ * attribute changes.
+ */
+const CssmData &ItemImpl::itemID()
+{
+ StLock<Mutex>_(mMutex);
+ if(mPrimaryKey->length() == 0) {
+ /* not in a keychain; we don't have a primary key */
+ MacOSError::throwMe(errSecNoSuchAttr);
+ }
+ return *mPrimaryKey;
+}
+
+bool ItemImpl::equal(SecCFObject &other)
+{
+ // First check to see if both items have a primary key and
+ // if the primary key is the same. If so then these
+ // items must be equal
+ ItemImpl& other_item = (ItemImpl&)other;
+ if (mPrimaryKey != NULL && mPrimaryKey == other_item.mPrimaryKey)
+ {
+ return true;
+ }
+
+ // The primary keys do not match so do a CFHash of the
+ // data of the item and compare those for equality
+ CFHashCode this_hash = hash();
+ CFHashCode other_hash = other.hash();
+ return (this_hash == other_hash);
+}
+
+CFHashCode ItemImpl::hash()
+{
+ CFHashCode result = SecCFObject::hash();
+
+ StLock<Mutex>_(mMutex);
+ RefPointer<CssmDataContainer> data_to_hash;
+
+ // Use the item data for the hash
+ if (mData && *mData)
+ {
+ data_to_hash = mData;
+ }
+
+ // If there is no primary key AND not data ????
+ // just return the 'old' hash value which is the
+ // object pointer.
+ if (NULL != data_to_hash.get())
+ {
+ CFDataRef temp_data = NULL;
+ unsigned char digest[CC_SHA256_DIGEST_LENGTH];
+
+ if (data_to_hash->length() < 80)
+ {
+ // If it is less than 80 bytes then CFData can be used
+ temp_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault,
+ (const UInt8 *)data_to_hash->data(), data_to_hash->length(), kCFAllocatorNull);
+
+ }
+ // CFData truncates its hash value to 80 bytes. ????
+ // In order to do the 'right thing' a SHA 256 hash will be used to
+ // include all of the data
+ else
+ {
+ memset(digest, 0, CC_SHA256_DIGEST_LENGTH);
+
+ CC_SHA256((const void *)data_to_hash->data(), (CC_LONG)data_to_hash->length(), digest);
+
+ temp_data = CFDataCreateWithBytesNoCopy(kCFAllocatorDefault,
+ (const UInt8 *)digest, CC_SHA256_DIGEST_LENGTH, kCFAllocatorNull);
+ }
+
+ if (NULL != temp_data)
+ {
+ result = CFHash(temp_data);
+ CFRelease(temp_data);
+ }
+
+ }
+
+ return result;
+}
+
+
+void ItemImpl::postItemEvent(SecKeychainEvent theEvent)
+{
+ mKeychain->postEvent(theEvent, this);
+}
+
+
+
+//
+// Item -- This class is here to magically create the right subclass of ItemImpl
+// when constructing new items.
+//
+Item::Item()
+{
+}
+
+Item::Item(ItemImpl *impl) : SecPointer<ItemImpl>(impl)
+{
+}
+
+Item::Item(SecItemClass itemClass, OSType itemCreator, UInt32 length, const void* data, bool inhibitCheck)
+{
+ if (!inhibitCheck)
+ {
+ if (itemClass == CSSM_DL_DB_RECORD_X509_CERTIFICATE
+ || itemClass == CSSM_DL_DB_RECORD_PUBLIC_KEY
+ || itemClass == CSSM_DL_DB_RECORD_PRIVATE_KEY
+ || itemClass == CSSM_DL_DB_RECORD_SYMMETRIC_KEY)
+ MacOSError::throwMe(errSecNoSuchClass); /* @@@ errSecInvalidClass */
+ }
+
+ *this = new ItemImpl(itemClass, itemCreator, length, data, inhibitCheck);
+}
+
+Item::Item(SecItemClass itemClass, SecKeychainAttributeList *attrList, UInt32 length, const void* data)
+{
+ *this = new ItemImpl(itemClass, attrList, length, data);
+}
+
+Item::Item(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId)
+ : SecPointer<ItemImpl>(
+ primaryKey->recordType() == CSSM_DL_DB_RECORD_X509_CERTIFICATE
+ ? Certificate::make(keychain, primaryKey, uniqueId)
+ : (primaryKey->recordType() == CSSM_DL_DB_RECORD_PUBLIC_KEY
+ || primaryKey->recordType() == CSSM_DL_DB_RECORD_PRIVATE_KEY
+ || primaryKey->recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY)
+ ? KeyItem::make(keychain, primaryKey, uniqueId)
+ : primaryKey->recordType() == CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE
+ ? ExtendedAttribute::make(keychain, primaryKey, uniqueId)
+ : ItemImpl::make(keychain, primaryKey, uniqueId))
+{
+}
+
+Item::Item(const Keychain &keychain, const PrimaryKey &primaryKey)
+ : SecPointer<ItemImpl>(
+ primaryKey->recordType() == CSSM_DL_DB_RECORD_X509_CERTIFICATE
+ ? Certificate::make(keychain, primaryKey)
+ : (primaryKey->recordType() == CSSM_DL_DB_RECORD_PUBLIC_KEY
+ || primaryKey->recordType() == CSSM_DL_DB_RECORD_PRIVATE_KEY
+ || primaryKey->recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY)
+ ? KeyItem::make(keychain, primaryKey)
+ : primaryKey->recordType() == CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE
+ ? ExtendedAttribute::make(keychain, primaryKey)
+ : ItemImpl::make(keychain, primaryKey))
+{
+}
+
+Item::Item(ItemImpl &item)
+ : SecPointer<ItemImpl>(
+ item.recordType() == CSSM_DL_DB_RECORD_X509_CERTIFICATE
+ ? new Certificate(safer_cast<Certificate &>(item))
+ : (item.recordType() == CSSM_DL_DB_RECORD_PUBLIC_KEY
+ || item.recordType() == CSSM_DL_DB_RECORD_PRIVATE_KEY
+ || item.recordType() == CSSM_DL_DB_RECORD_SYMMETRIC_KEY)
+ ? new KeyItem(safer_cast<KeyItem &>(item))
+ : item.recordType() == CSSM_DL_DB_RECORD_EXTENDED_ATTRIBUTE
+ ? new ExtendedAttribute(safer_cast<ExtendedAttribute &>(item))
+ : new ItemImpl(item))
+{
+}
+
+CFIndex KeychainCore::GetItemRetainCount(Item& item)
+{
+ return CFGetRetainCount(item->handle(false));
+}
+
+void ItemImpl::setPersistentRef(CFDataRef ref)
+{
+ if (secd_PersistentRef) {
+ CFRelease(secd_PersistentRef);
+ }
+ secd_PersistentRef = ref;
+ CFRetain(ref);
+}
+
+CFDataRef ItemImpl::getPersistentRef()
+{
+ return secd_PersistentRef;
+}
+
+
+
+bool ItemImpl::mayDelete()
+{
+ ObjectImpl* uniqueIDImpl = mUniqueId.get();
+
+ if (uniqueIDImpl != NULL)
+ {
+ bool result = mUniqueId->isIdle();
+ return result;
+ }
+ else
+ {
+ return true;
+ }
+}
projects / apple / security.git / blobdiff