+++ /dev/null
-/*
- * Copyright (c) 2004-2006 Apple Computer, Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-/*
- * keyPicker.cpp - select a key pair from a keychain
- */
-
-#include "keyPicker.h"
-#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
-#include <Security/Security.h>
-#include <stdexcept>
-#include <ctype.h>
-#include <clAppUtils/identPicker.h> /* for kcFileName() */
-#include <vector>
-
-/*
- * Obtain either public key hash or PrintName for a given SecKeychainItem. Works on public keys,
- * private keys, identities, and certs. Caller must release the returned result.
- */
-OSStatus getKcItemAttr(
- SecKeychainItemRef kcItem,
- WhichAttr whichAttr,
- CFDataRef *rtnAttr) /* RETURNED */
-{
- /* main job is to figure out which attrType to ask for, and from what Sec item */
- SecKeychainItemRef attrFromThis;
- SecKeychainAttrType attrType = 0;
- OSStatus ortn;
- bool releaseKcItem = false;
-
- CFTypeID cfId = CFGetTypeID(kcItem);
- if(cfId == SecIdentityGetTypeID()) {
- /* switch over to cert */
- ortn = SecIdentityCopyCertificate((SecIdentityRef)kcItem,
- (SecCertificateRef *)&attrFromThis);
- if(ortn)
- cssmPerror("SecIdentityCopyCertificate", ortn);
- return ortn;
- kcItem = attrFromThis;
- releaseKcItem = true;
- cfId = SecCertificateGetTypeID();
- }
-
- if(cfId == SecCertificateGetTypeID()) {
- switch(whichAttr) {
- case WA_Hash:
- attrType = kSecPublicKeyHashItemAttr;
- break;
- case WA_PrintName:
- attrType = kSecLabelItemAttr;
- break;
- default:
- printf("getKcItemAttr: WhichAttr\n");
- return paramErr;
- }
- }
- else if(cfId == SecKeyGetTypeID()) {
- switch(whichAttr) {
- case WA_Hash:
- attrType = kSecKeyLabel;
- break;
- case WA_PrintName:
- attrType = kSecKeyPrintName;
- break;
- default:
- printf("getKcItemAttr: WhichAttr\n");
- return paramErr;
- }
- }
-
- SecKeychainAttributeInfo attrInfo;
- attrInfo.count = 1;
- attrInfo.tag = &attrType;
- attrInfo.format = NULL; // ???
- SecKeychainAttributeList *attrList = NULL;
-
- ortn = SecKeychainItemCopyAttributesAndData(
- kcItem,
- &attrInfo,
- NULL, // itemClass
- &attrList,
- NULL, // don't need the data
- NULL);
- if(releaseKcItem) {
- CFRelease(kcItem);
- }
- if(ortn) {
- cssmPerror("SecKeychainItemCopyAttributesAndData", ortn);
- return paramErr;
- }
- SecKeychainAttribute *attr = attrList->attr;
- *rtnAttr = CFDataCreate(NULL, (UInt8 *)attr->data, attr->length);
- SecKeychainItemFreeAttributesAndData(attrList, NULL);
- return noErr;
-}
-
-/*
- * Class representing one key in the keychain.
- */
-class PickerKey
-{
-public:
- PickerKey(SecKeyRef keyRef);
- ~PickerKey();
-
- bool isUsed() { return mIsUsed;}
- void isUsed(bool u) { mIsUsed = u; }
- bool isPrivate() { return mIsPrivate; }
- CFDataRef getPrintName() { return mPrintName; }
- CFDataRef getPubKeyHash() { return mPubKeyHash; }
- SecKeyRef keyRef() { return mKeyRef; }
-
- PickerKey *partnerKey() { return mPartner; }
- void partnerKey(PickerKey *pk) { mPartner = pk; }
- char *kcFile() { return mKcFile; }
-
-private:
- SecKeyRef mKeyRef;
- CFDataRef mPrintName;
- CFDataRef mPubKeyHash;
- bool mIsPrivate; // private/public key
- bool mIsUsed; // has been spoken for
- PickerKey *mPartner; // other member of public/private pair
- char *mKcFile; // file name of keychain this lives on
-};
-
-PickerKey::PickerKey(SecKeyRef keyRef)
- : mKeyRef(NULL),
- mPrintName(NULL),
- mPubKeyHash(NULL),
- mIsPrivate(false),
- mIsUsed(false),
- mPartner(NULL),
- mKcFile(NULL)
-{
- if(CFGetTypeID(keyRef) != SecKeyGetTypeID()) {
- throw std::invalid_argument("not a key");
- }
-
- OSStatus ortn = getKcItemAttr((SecKeychainItemRef)keyRef, WA_Hash, &mPubKeyHash);
- if(ortn) {
- throw std::invalid_argument("pub key hash not available");
- }
- ortn = getKcItemAttr((SecKeychainItemRef)keyRef, WA_PrintName, &mPrintName);
- if(ortn) {
- throw std::invalid_argument("pub key hash not available");
- }
-
- const CSSM_KEY *cssmKey;
- ortn = SecKeyGetCSSMKey(keyRef, &cssmKey);
- if(ortn) {
- /* should never happen */
- cssmPerror("SecKeyGetCSSMKey", ortn);
- throw std::invalid_argument("SecKeyGetCSSMKey error");
- }
- if(cssmKey->KeyHeader.KeyClass == CSSM_KEYCLASS_PRIVATE_KEY) {
- mIsPrivate = true;
- }
-
- /* stash name of the keychain this lives on */
- SecKeychainRef kcRef;
- ortn = SecKeychainItemCopyKeychain((SecKeychainItemRef)keyRef, &kcRef);
- if(ortn) {
- cssmPerror("SecKeychainItemCopyKeychain", ortn);
- mKcFile = strdup("Unnamed keychain");
- }
- else {
- mKcFile = kcFileName(kcRef);
- }
-
- mKeyRef = keyRef;
- CFRetain(mKeyRef);
-}
-
-PickerKey::~PickerKey()
-{
- if(mKeyRef) {
- CFRelease(mKeyRef);
- }
- if(mPubKeyHash) {
- CFRelease(mPubKeyHash);
- }
- if(mPrintName) {
- CFRelease(mPrintName);
- }
- if(mKcFile) {
- free(mKcFile);
- }
-}
-
-typedef std::vector<PickerKey *> KeyVector;
-
-/*
- * add PickerKey objects of specified type to a KeyVector.
- */
-static void getPickerKeys(
- SecKeychainRef kcRef,
- SecItemClass itemClass, // actually CSSM_DL_DB_RECORD_{PRIVATE,PRIVATE}_KEY for now
- KeyVector &keyVector)
-{
- SecKeychainSearchRef srchRef = NULL;
- SecKeychainItemRef kcItem;
-
- OSStatus ortn = SecKeychainSearchCreateFromAttributes(kcRef,
- itemClass,
- NULL, // any attrs
- &srchRef);
- if(ortn) {
- cssmPerror("SecKeychainSearchCreateFromAttributes", ortn);
- return;
- }
- do {
- ortn = SecKeychainSearchCopyNext(srchRef, &kcItem);
- if(ortn) {
- break;
- }
- try {
- PickerKey *pickerKey = new PickerKey((SecKeyRef)kcItem);
- keyVector.push_back(pickerKey);
- }
- catch(...) {
- printf("**** key item that failed PickerKey construct ***\n");
- /* but keep going */
- }
- } while(ortn == noErr);
- CFRelease(srchRef);
-}
-
-/*
- * Print contents of a CFData assuming it's printable
- */
-static void printCfData(CFDataRef cfd)
-{
- CFIndex len = CFDataGetLength(cfd);
- const UInt8 *cp = CFDataGetBytePtr(cfd);
- for(CFIndex dex=0; dex<len; dex++) {
- char c = cp[dex];
- if(isprint(c)) {
- putchar(c);
- }
- else {
- printf(".%02X.", c);
- }
- }
-}
-
-OSStatus keyPicker(
- SecKeychainRef kcRef, // NULL means the default list
- SecKeyRef *pubKey, // RETURNED
- SecKeyRef *privKey) // RETURNED
-{
-
- /* First create a arrays of all of the keys, parsed and ready for use */
-
- std::vector<PickerKey *> privKeys;
- std::vector<PickerKey *> pubKeys;
- getPickerKeys(kcRef, CSSM_DL_DB_RECORD_PRIVATE_KEY, privKeys);
- getPickerKeys(kcRef, CSSM_DL_DB_RECORD_PUBLIC_KEY, pubKeys);
-
- /* now interate thru private keys, looking for a partner for each one */
- int numPairs = 0;
- unsigned numPrivKeys = privKeys.size();
- unsigned numPubKeys = pubKeys.size();
-
- for(unsigned privDex=0; privDex<numPrivKeys; privDex++) {
- PickerKey *privPk = privKeys[privDex];
- CFDataRef privHash = privPk->getPubKeyHash();
- for(unsigned pubDex=0; pubDex<numPubKeys; pubDex++) {
- PickerKey *pubPk = pubKeys[pubDex];
- if(pubPk->isUsed()) {
- /* already spoken for */
- continue;
- }
- if(!CFEqual(privHash, pubPk->getPubKeyHash())) {
- /* public key hashes don't match */
- continue;
- }
-
- /* got a match */
- pubPk->partnerKey(privPk);
- privPk->partnerKey(pubPk);
- pubPk->isUsed(true);
- privPk->isUsed(true);
-
- /* display */
- printf("[%d] privKey : ", numPairs); printCfData(privPk->getPrintName()); printf("\n");
- printf(" pubKey : "); printCfData(pubPk->getPrintName());printf("\n");
- printf(" keychain : %s\n", privPk->kcFile());
-
- numPairs++;
- }
- }
-
- if(numPairs == 0) {
- printf("*** keyPicker: no key pairs found.\n");
- return paramErr;
- }
-
- OSStatus ortn = noErr;
- int ires;
- while(1) {
- fpurge(stdin);
- printf("\nEnter key pair number or CR to quit : ");
- fflush(stdout);
- char resp[64];
- getString(resp, sizeof(resp));
- if(resp[0] == '\0') {
- ortn = CSSMERR_CSSM_USER_CANCELED;
- break;
- }
- ires = atoi(resp);
- if((ires < 0) || (ires >= numPairs)) {
- printf("***Invalid entry. Type a number between 0 and %d\n", numPairs-1);
- continue;
- }
- break;
- }
-
- if(ortn == noErr) {
- /* find the ires'th partnered private key */
- int goodOnes = 0;
- for(unsigned privDex=0; privDex<numPrivKeys; privDex++) {
- PickerKey *privPk = privKeys[privDex];
- if(!privPk->isUsed()) {
- continue;
- }
- if(goodOnes == ires) {
- /* this is it */
- *privKey = privPk->keyRef();
- *pubKey = privPk->partnerKey()->keyRef();
- }
- goodOnes++;
- }
- }
-
- /* clean out PickerKey arrays */
- for(unsigned privDex=0; privDex<numPrivKeys; privDex++) {
- delete privKeys[privDex];
- }
- for(unsigned pubDex=0; pubDex<numPubKeys; pubDex++) {
- delete pubKeys[pubDex];
- }
- return ortn;
-}
-
projects / apple / security.git / blobdiff