Implement Keychain reauthorization

chrome/browser/mac/security_wrappers.h

+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_
+#define CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_
+#pragma once
+
+#include <Security/Security.h>
+
+#include "base/basictypes.h"
+#include "base/mac/scoped_cftyperef.h"
+#include "base/memory/scoped_ptr.h"
+
+#if defined(MAC_OS_X_VERSION_10_6) && \
+    MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6
+
+#include <Security/SecRequirement.h>
+
+#else
+
+typedef struct __SecRequirement* SecRequirementRef;
+typedef uint32_t SecCSFlags;
+
+enum {
+  kSecCSDefaultFlags = 0
+};
+
+#endif
+
+namespace chrome {
+namespace browser {
+namespace mac {
+
+// Wraps SecKeychainSetUserInteractionAllowed, restoring the previous setting
+// on destruction.
+class ScopedSecKeychainSetUserInteractionAllowed {
+ public:
+  explicit ScopedSecKeychainSetUserInteractionAllowed(Boolean allowed);

[stuartmorgan, 2012/05/10 06:50:54]

It's already C++ code; why not bool?

[Mark Mentovai, 2012/05/14 21:28:45]

stuartmorgan wrote:
Because of pointers. This doesn’t work without ugly casts that aren’t even
strictly correct:

  bool old_allowed_;
  OSStatus status = SecKeychainGetUserInteractionAllowed(&old_allowed_);

/chrome/trunk/src/chrome/browser/mac/security_wrappers.cc:43:21: error: no
matching function for call to 'SecKeychainGetUserInteractionAllowed'
  OSStatus status = SecKeychainGetUserInteractionAllowed(&old_allowed_);
                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Xcode3.2/SDKs/MacOSX10.5.sdk/System/Library/Frameworks/Security.framework/Headers/SecKeychain.h:598:10:
note: candidate function not viable: no known conversion from 'bool *' to
'Boolean *' (aka 'unsigned char *') for 1st argument; 
OSStatus SecKeychainGetUserInteractionAllowed(Boolean *state);
         ^
1 error generated.

Once you have to have one Boolean for the field, it’s stupid to make the
constructor argument not match.

+  ~ScopedSecKeychainSetUserInteractionAllowed();
+
+ private:
+  Boolean old_allowed_;

[stuartmorgan, 2012/05/10 06:50:54]

Same.

+
+  DISALLOW_COPY_AND_ASSIGN(ScopedSecKeychainSetUserInteractionAllowed);
+};
+
+// Holds a paired SecKeychainItemRef and SecAccessRef, maintaining the
+// association between the two, and managing their ownership by retaining
+// the SecKeychainItemRef and SecAccessRef elements placed into a
+// CrSKeychainItemAndAccess object. Suitable for use
+// in standard C++ containers.
+class CrSKeychainItemAndAccess {
+ public:
+  CrSKeychainItemAndAccess(SecKeychainItemRef item, SecAccessRef access);
+  CrSKeychainItemAndAccess(const CrSKeychainItemAndAccess& that);
+
+  ~CrSKeychainItemAndAccess();
+
+  void operator=(const CrSKeychainItemAndAccess& that);
+
+  SecKeychainItemRef item() const { return item_; }
+  SecAccessRef access() const { return access_; }
+
+ private:
+  base::mac::ScopedCFTypeRef<SecKeychainItemRef> item_;
+  base::mac::ScopedCFTypeRef<SecAccessRef> access_;
+};
+
+// Holds the return value from CrSACLCopySimpleContents and an argument to
+// CrSACLSetSimpleContents, managing ownership. Used in those wrappers to keep
+// logically grouped data together.
+struct CrSACLSimpleContents {
+  CrSACLSimpleContents();
+  ~CrSACLSimpleContents();
+
+  base::mac::ScopedCFTypeRef<CFArrayRef> application_list;
+  base::mac::ScopedCFTypeRef<CFStringRef> description;
+  CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR prompt_selector;
+};
+
+// Holds a SecKeychainAttributeInfo*, calling SecKeychainFreeAttributeInfo on
+// destruction.
+class ScopedSecKeychainAttributeInfo {
+ public:
+  explicit ScopedSecKeychainAttributeInfo(
+      SecKeychainAttributeInfo* attribute_info);
+  ~ScopedSecKeychainAttributeInfo();
+
+  operator SecKeychainAttributeInfo*() const {
+    return attribute_info_;
+  }
+
+ private:
+  SecKeychainAttributeInfo* attribute_info_;
+};
+
+// Holds the return value from CrSKeychainItemCopyAttributesAndData and an
+// argument to CrSKeychainItemCreateFromContent. Used in those wrappers to
+// keep logically grouped data together.
+struct CrSKeychainItemAttributesAndData {
+  SecItemClass item_class;
+  SecKeychainAttributeList* attribute_list;
+  UInt32 length;
+  void* data;
+};
+
+// Holds a CrSKeychainItemAttributesAndData*, calling
+// CrSKeychainItemFreeAttributesAndData and freeing the owned
+// CrSKeychainItemAttributesAndData* on destruction.
+class ScopedCrSKeychainItemAttributesAndData {
+ public:
+  ScopedCrSKeychainItemAttributesAndData(
+      CrSKeychainItemAttributesAndData* attributes_and_data);
+  ~ScopedCrSKeychainItemAttributesAndData();
+
+  CrSKeychainItemAttributesAndData* get() const {
+    return attributes_and_data_.get();
+  }
+
+  CrSKeychainItemAttributesAndData* release() {
+    return attributes_and_data_.release();
+  }
+
+  SecItemClass item_class() const {
+    return attributes_and_data_->item_class;
+  }
+
+  SecItemClass* item_class_ptr() const {
+    return &attributes_and_data_->item_class;
+  }
+
+  SecKeychainAttributeList* attribute_list() const {
+    return attributes_and_data_->attribute_list;
+  }
+
+  SecKeychainAttributeList** attribute_list_ptr() const {
+    return &attributes_and_data_->attribute_list;
+  }
+
+  UInt32 length() const {
+    return attributes_and_data_->length;
+  }
+
+  UInt32* length_ptr() const {
+    return &attributes_and_data_->length;
+  }
+
+  void* data() const {
+    return attributes_and_data_->data;
+  }
+
+  void** data_ptr() const {
+    return &attributes_and_data_->data;
+  }
+
+ private:
+  scoped_ptr<CrSKeychainItemAttributesAndData> attributes_and_data_;
+};
+
+// Wraps SecKeychainSearchCreateFromAttributes, returning NULL on error and a
+// SecKeychainSearchRef owned by the caller on success.
+SecKeychainSearchRef CrSKeychainSearchCreateFromAttributes(
+    CFTypeRef keychain_or_array,
+    SecItemClass item_class,
+    const SecKeychainAttributeList* attribute_list);
+
+// Wraps SecKeychainSearchCopyNext, tolerating a NULL argument (resulting in
+// a NULL return value but nothing logged), returning NULL on error and a
+// SecKeychainItemRef owned by the caller on success.
+SecKeychainItemRef CrSKeychainSearchCopyNext(SecKeychainSearchRef search);
+
+// Wraps SecKeychainItemFreeAttributesAndData.
+void CrSKeychainItemFreeAttributesAndData(
+    SecKeychainAttributeList* attribute_list,
+    void* data);
+
+// Tests access to |item| by calling SecKeychainItemCopyAttributesAndData,
+// taking care to properly free any returned data. Returns true if access to
+// |item| is authorized. errSecAuthFailed is considered an "expected" error
+// for which nothing will be logged, although false will be returned.
+bool CrSKeychainItemTestAccess(SecKeychainItemRef item);
+
+// Wraps SecKeychainItemCopyAccess, returning NULL on error and a SecAccessRef
+// owned by the caller on success. errSecNoAccessForItem is considered an
+// "expected" error for which nothing will be logged, although NULL will be
+// returned.
+SecAccessRef CrSKeychainItemCopyAccess(SecKeychainItemRef item);
+
+// Wraps SecAccessCopyACLList, returning NULL on error and a CFArrayRef owned
+// by the caller on success.
+CFArrayRef CrSAccessCopyACLList(SecAccessRef access);
+
+// Wraps SecACLCopySimpleContents, returning NULL on error and a
+// CrSACLSimpleContents* owned by the caller on success.
+CrSACLSimpleContents* CrSACLCopySimpleContents(SecACLRef acl);
+
+// Wraps SecTrustedApplicationCopyRequirement, tolerating a NULL argument
+// (resulting in a NULL return value but nothing logged) and returning NULL on
+// error or a SecRequirementRef owned by the caller on success.
+SecRequirementRef CrSTrustedApplicationCopyRequirement(
+    SecTrustedApplicationRef application);
+
+// Wraps SecRequirementCopyString, tolerating a NULL argument (resulting in
+// a NULL return value but nothing logged) and returning NULL on error or a
+// CFStringRef owned by the caller on success.
+CFStringRef CrSRequirementCopyString(SecRequirementRef requirement,
+                                     SecCSFlags flags);
+
+// Wraps SecTrustedApplicationCreateFromPath, returning NULL on error or a
+// SecTrustedApplicationRef owned by the caller on success.
+SecTrustedApplicationRef CrSTrustedApplicationCreateFromPath(const char* path);
+
+// Wraps SecACLSetSimpleContents, adapting it to the CrSACLSimpleContents
+// argument, returning false on error or true on success.
+bool CrSACLSetSimpleContents(SecACLRef acl,
+                             const CrSACLSimpleContents& acl_simple_contents);
+
+// Wraps SecKeychainItemCopyKeychain, returning NULL on error or a
+// SecKeychainRef owned by the caller on success.
+SecKeychainRef CrSKeychainItemCopyKeychain(SecKeychainItemRef item);
+
+// Wraps SecKeychainAttributeInfoForItemID, returning NULL on error or a
+// SecKeychainAttributeInfo* owned by the caller on success.
+SecKeychainAttributeInfo* CrSKeychainAttributeInfoForItemID(
+    SecKeychainRef keychain,
+    UInt32 item_id);
+
+// Wraps SecKeychainItemCopyAttributesAndData, returning NULL on error or a
+// CrSKeychainItemAttributesAndData* owned by the caller on success.
+CrSKeychainItemAttributesAndData* CrSKeychainItemCopyAttributesAndData(
+    SecKeychainRef keychain,
+    SecKeychainItemRef item);
+
+// Wraps SecKeychainItemDelete, returning false on error or true on success.
+bool CrSKeychainItemDelete(SecKeychainItemRef item);
+
+// Wraps SecKeychainItemCreateFromContent, adapting it to the
+// CrSKeychainItemAttributesAndData argument, returning NULL on error or a
+// SecKeychainItemRef owned by the caller on success.
+SecKeychainItemRef CrSKeychainItemCreateFromContent(
+    const CrSKeychainItemAttributesAndData& attributes_and_data,
+    SecKeychainRef keychain,
+    SecAccessRef access);
+
+}  // namespace mac
+}  // namespace browser
+}  // namespace chrome
+
+#endif  // CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_