OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_ | |
6 #define CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_ | |
7 #pragma once | |
8 | |
9 #include <Security/Security.h> | |
10 | |
11 #include "base/basictypes.h" | |
12 #include "base/mac/scoped_cftyperef.h" | |
13 #include "base/memory/scoped_ptr.h" | |
14 | |
15 #if defined(MAC_OS_X_VERSION_10_6) && \ | |
16 MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6 | |
17 | |
18 #include <Security/SecRequirement.h> | |
19 | |
20 #else | |
21 | |
22 typedef struct __SecRequirement* SecRequirementRef; | |
23 typedef uint32_t SecCSFlags; | |
24 | |
25 enum { | |
26 kSecCSDefaultFlags = 0 | |
27 }; | |
28 | |
29 #endif | |
30 | |
31 namespace chrome { | |
32 namespace browser { | |
33 namespace mac { | |
34 | |
35 // Wraps SecKeychainSetUserInteractionAllowed, restoring the previous setting | |
36 // on destruction. | |
37 class ScopedSecKeychainSetUserInteractionAllowed { | |
38 public: | |
39 explicit ScopedSecKeychainSetUserInteractionAllowed(Boolean allowed); | |
stuartmorgan
2012/05/10 06:50:54
It's already C++ code; why not bool?
Mark Mentovai
2012/05/14 21:28:45
stuartmorgan wrote:
| |
40 ~ScopedSecKeychainSetUserInteractionAllowed(); | |
41 | |
42 private: | |
43 Boolean old_allowed_; | |
stuartmorgan
2012/05/10 06:50:54
Same.
| |
44 | |
45 DISALLOW_COPY_AND_ASSIGN(ScopedSecKeychainSetUserInteractionAllowed); | |
46 }; | |
47 | |
48 // Holds a paired SecKeychainItemRef and SecAccessRef, maintaining the | |
49 // association between the two, and managing their ownership by retaining | |
50 // the SecKeychainItemRef and SecAccessRef elements placed into a | |
51 // CrSKeychainItemAndAccess object. Suitable for use | |
52 // in standard C++ containers. | |
53 class CrSKeychainItemAndAccess { | |
54 public: | |
55 CrSKeychainItemAndAccess(SecKeychainItemRef item, SecAccessRef access); | |
56 CrSKeychainItemAndAccess(const CrSKeychainItemAndAccess& that); | |
57 | |
58 ~CrSKeychainItemAndAccess(); | |
59 | |
60 void operator=(const CrSKeychainItemAndAccess& that); | |
61 | |
62 SecKeychainItemRef item() const { return item_; } | |
63 SecAccessRef access() const { return access_; } | |
64 | |
65 private: | |
66 base::mac::ScopedCFTypeRef<SecKeychainItemRef> item_; | |
67 base::mac::ScopedCFTypeRef<SecAccessRef> access_; | |
68 }; | |
69 | |
70 // Holds the return value from CrSACLCopySimpleContents and an argument to | |
71 // CrSACLSetSimpleContents, managing ownership. Used in those wrappers to keep | |
72 // logically grouped data together. | |
73 struct CrSACLSimpleContents { | |
74 CrSACLSimpleContents(); | |
75 ~CrSACLSimpleContents(); | |
76 | |
77 base::mac::ScopedCFTypeRef<CFArrayRef> application_list; | |
78 base::mac::ScopedCFTypeRef<CFStringRef> description; | |
79 CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR prompt_selector; | |
80 }; | |
81 | |
82 // Holds a SecKeychainAttributeInfo*, calling SecKeychainFreeAttributeInfo on | |
83 // destruction. | |
84 class ScopedSecKeychainAttributeInfo { | |
85 public: | |
86 explicit ScopedSecKeychainAttributeInfo( | |
87 SecKeychainAttributeInfo* attribute_info); | |
88 ~ScopedSecKeychainAttributeInfo(); | |
89 | |
90 operator SecKeychainAttributeInfo*() const { | |
91 return attribute_info_; | |
92 } | |
93 | |
94 private: | |
95 SecKeychainAttributeInfo* attribute_info_; | |
96 }; | |
97 | |
98 // Holds the return value from CrSKeychainItemCopyAttributesAndData and an | |
99 // argument to CrSKeychainItemCreateFromContent. Used in those wrappers to | |
100 // keep logically grouped data together. | |
101 struct CrSKeychainItemAttributesAndData { | |
102 SecItemClass item_class; | |
103 SecKeychainAttributeList* attribute_list; | |
104 UInt32 length; | |
105 void* data; | |
106 }; | |
107 | |
108 // Holds a CrSKeychainItemAttributesAndData*, calling | |
109 // CrSKeychainItemFreeAttributesAndData and freeing the owned | |
110 // CrSKeychainItemAttributesAndData* on destruction. | |
111 class ScopedCrSKeychainItemAttributesAndData { | |
112 public: | |
113 ScopedCrSKeychainItemAttributesAndData( | |
114 CrSKeychainItemAttributesAndData* attributes_and_data); | |
115 ~ScopedCrSKeychainItemAttributesAndData(); | |
116 | |
117 CrSKeychainItemAttributesAndData* get() const { | |
118 return attributes_and_data_.get(); | |
119 } | |
120 | |
121 CrSKeychainItemAttributesAndData* release() { | |
122 return attributes_and_data_.release(); | |
123 } | |
124 | |
125 SecItemClass item_class() const { | |
126 return attributes_and_data_->item_class; | |
127 } | |
128 | |
129 SecItemClass* item_class_ptr() const { | |
130 return &attributes_and_data_->item_class; | |
131 } | |
132 | |
133 SecKeychainAttributeList* attribute_list() const { | |
134 return attributes_and_data_->attribute_list; | |
135 } | |
136 | |
137 SecKeychainAttributeList** attribute_list_ptr() const { | |
138 return &attributes_and_data_->attribute_list; | |
139 } | |
140 | |
141 UInt32 length() const { | |
142 return attributes_and_data_->length; | |
143 } | |
144 | |
145 UInt32* length_ptr() const { | |
146 return &attributes_and_data_->length; | |
147 } | |
148 | |
149 void* data() const { | |
150 return attributes_and_data_->data; | |
151 } | |
152 | |
153 void** data_ptr() const { | |
154 return &attributes_and_data_->data; | |
155 } | |
156 | |
157 private: | |
158 scoped_ptr<CrSKeychainItemAttributesAndData> attributes_and_data_; | |
159 }; | |
160 | |
161 // Wraps SecKeychainSearchCreateFromAttributes, returning NULL on error and a | |
162 // SecKeychainSearchRef owned by the caller on success. | |
163 SecKeychainSearchRef CrSKeychainSearchCreateFromAttributes( | |
164 CFTypeRef keychain_or_array, | |
165 SecItemClass item_class, | |
166 const SecKeychainAttributeList* attribute_list); | |
167 | |
168 // Wraps SecKeychainSearchCopyNext, tolerating a NULL argument (resulting in | |
169 // a NULL return value but nothing logged), returning NULL on error and a | |
170 // SecKeychainItemRef owned by the caller on success. | |
171 SecKeychainItemRef CrSKeychainSearchCopyNext(SecKeychainSearchRef search); | |
172 | |
173 // Wraps SecKeychainItemFreeAttributesAndData. | |
174 void CrSKeychainItemFreeAttributesAndData( | |
175 SecKeychainAttributeList* attribute_list, | |
176 void* data); | |
177 | |
178 // Tests access to |item| by calling SecKeychainItemCopyAttributesAndData, | |
179 // taking care to properly free any returned data. Returns true if access to | |
180 // |item| is authorized. errSecAuthFailed is considered an "expected" error | |
181 // for which nothing will be logged, although false will be returned. | |
182 bool CrSKeychainItemTestAccess(SecKeychainItemRef item); | |
183 | |
184 // Wraps SecKeychainItemCopyAccess, returning NULL on error and a SecAccessRef | |
185 // owned by the caller on success. errSecNoAccessForItem is considered an | |
186 // "expected" error for which nothing will be logged, although NULL will be | |
187 // returned. | |
188 SecAccessRef CrSKeychainItemCopyAccess(SecKeychainItemRef item); | |
189 | |
190 // Wraps SecAccessCopyACLList, returning NULL on error and a CFArrayRef owned | |
191 // by the caller on success. | |
192 CFArrayRef CrSAccessCopyACLList(SecAccessRef access); | |
193 | |
194 // Wraps SecACLCopySimpleContents, returning NULL on error and a | |
195 // CrSACLSimpleContents* owned by the caller on success. | |
196 CrSACLSimpleContents* CrSACLCopySimpleContents(SecACLRef acl); | |
197 | |
198 // Wraps SecTrustedApplicationCopyRequirement, tolerating a NULL argument | |
199 // (resulting in a NULL return value but nothing logged) and returning NULL on | |
200 // error or a SecRequirementRef owned by the caller on success. | |
201 SecRequirementRef CrSTrustedApplicationCopyRequirement( | |
202 SecTrustedApplicationRef application); | |
203 | |
204 // Wraps SecRequirementCopyString, tolerating a NULL argument (resulting in | |
205 // a NULL return value but nothing logged) and returning NULL on error or a | |
206 // CFStringRef owned by the caller on success. | |
207 CFStringRef CrSRequirementCopyString(SecRequirementRef requirement, | |
208 SecCSFlags flags); | |
209 | |
210 // Wraps SecTrustedApplicationCreateFromPath, returning NULL on error or a | |
211 // SecTrustedApplicationRef owned by the caller on success. | |
212 SecTrustedApplicationRef CrSTrustedApplicationCreateFromPath(const char* path); | |
213 | |
214 // Wraps SecACLSetSimpleContents, adapting it to the CrSACLSimpleContents | |
215 // argument, returning false on error or true on success. | |
216 bool CrSACLSetSimpleContents(SecACLRef acl, | |
217 const CrSACLSimpleContents& acl_simple_contents); | |
218 | |
219 // Wraps SecKeychainItemCopyKeychain, returning NULL on error or a | |
220 // SecKeychainRef owned by the caller on success. | |
221 SecKeychainRef CrSKeychainItemCopyKeychain(SecKeychainItemRef item); | |
222 | |
223 // Wraps SecKeychainAttributeInfoForItemID, returning NULL on error or a | |
224 // SecKeychainAttributeInfo* owned by the caller on success. | |
225 SecKeychainAttributeInfo* CrSKeychainAttributeInfoForItemID( | |
226 SecKeychainRef keychain, | |
227 UInt32 item_id); | |
228 | |
229 // Wraps SecKeychainItemCopyAttributesAndData, returning NULL on error or a | |
230 // CrSKeychainItemAttributesAndData* owned by the caller on success. | |
231 CrSKeychainItemAttributesAndData* CrSKeychainItemCopyAttributesAndData( | |
232 SecKeychainRef keychain, | |
233 SecKeychainItemRef item); | |
234 | |
235 // Wraps SecKeychainItemDelete, returning false on error or true on success. | |
236 bool CrSKeychainItemDelete(SecKeychainItemRef item); | |
237 | |
238 // Wraps SecKeychainItemCreateFromContent, adapting it to the | |
239 // CrSKeychainItemAttributesAndData argument, returning NULL on error or a | |
240 // SecKeychainItemRef owned by the caller on success. | |
241 SecKeychainItemRef CrSKeychainItemCreateFromContent( | |
242 const CrSKeychainItemAttributesAndData& attributes_and_data, | |
243 SecKeychainRef keychain, | |
244 SecAccessRef access); | |
245 | |
246 } // namespace mac | |
247 } // namespace browser | |
248 } // namespace chrome | |
249 | |
250 #endif // CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_ | |
OLD | NEW |