OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_ |
| 6 #define CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_ |
| 7 #pragma once |
| 8 |
| 9 #include <Security/Security.h> |
| 10 |
| 11 #include "base/basictypes.h" |
| 12 #include "base/mac/scoped_cftyperef.h" |
| 13 #include "base/memory/scoped_ptr.h" |
| 14 |
| 15 #if defined(MAC_OS_X_VERSION_10_6) && \ |
| 16 MAC_OS_X_VERSION_MAX_ALLOWED >= MAC_OS_X_VERSION_10_6 |
| 17 |
| 18 #include <Security/SecRequirement.h> |
| 19 |
| 20 #else |
| 21 |
| 22 typedef struct __SecRequirement* SecRequirementRef; |
| 23 typedef uint32_t SecCSFlags; |
| 24 |
| 25 enum { |
| 26 kSecCSDefaultFlags = 0 |
| 27 }; |
| 28 |
| 29 #endif |
| 30 |
| 31 namespace chrome { |
| 32 namespace browser { |
| 33 namespace mac { |
| 34 |
| 35 // Wraps SecKeychainSetUserInteractionAllowed, restoring the previous setting |
| 36 // on destruction. |
| 37 class ScopedSecKeychainSetUserInteractionAllowed { |
| 38 public: |
| 39 explicit ScopedSecKeychainSetUserInteractionAllowed(Boolean allowed); |
| 40 ~ScopedSecKeychainSetUserInteractionAllowed(); |
| 41 |
| 42 private: |
| 43 Boolean old_allowed_; |
| 44 |
| 45 DISALLOW_COPY_AND_ASSIGN(ScopedSecKeychainSetUserInteractionAllowed); |
| 46 }; |
| 47 |
| 48 // Holds a paired SecKeychainItemRef and SecAccessRef, maintaining the |
| 49 // association between the two, and managing their ownership by retaining |
| 50 // the SecKeychainItemRef and SecAccessRef elements placed into a |
| 51 // CrSKeychainItemAndAccess object. Suitable for use |
| 52 // in standard C++ containers. |
| 53 class CrSKeychainItemAndAccess { |
| 54 public: |
| 55 CrSKeychainItemAndAccess(SecKeychainItemRef item, SecAccessRef access); |
| 56 CrSKeychainItemAndAccess(const CrSKeychainItemAndAccess& that); |
| 57 |
| 58 ~CrSKeychainItemAndAccess(); |
| 59 |
| 60 void operator=(const CrSKeychainItemAndAccess& that); |
| 61 |
| 62 SecKeychainItemRef item() const { return item_; } |
| 63 SecAccessRef access() const { return access_; } |
| 64 |
| 65 private: |
| 66 base::mac::ScopedCFTypeRef<SecKeychainItemRef> item_; |
| 67 base::mac::ScopedCFTypeRef<SecAccessRef> access_; |
| 68 }; |
| 69 |
| 70 // Holds the return value from CrSACLCopySimpleContents and an argument to |
| 71 // CrSACLSetSimpleContents, managing ownership. Used in those wrappers to keep |
| 72 // logically grouped data together. |
| 73 struct CrSACLSimpleContents { |
| 74 CrSACLSimpleContents(); |
| 75 ~CrSACLSimpleContents(); |
| 76 |
| 77 base::mac::ScopedCFTypeRef<CFArrayRef> application_list; |
| 78 base::mac::ScopedCFTypeRef<CFStringRef> description; |
| 79 CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR prompt_selector; |
| 80 }; |
| 81 |
| 82 // Holds a SecKeychainAttributeInfo*, calling SecKeychainFreeAttributeInfo on |
| 83 // destruction. |
| 84 class ScopedSecKeychainAttributeInfo { |
| 85 public: |
| 86 explicit ScopedSecKeychainAttributeInfo( |
| 87 SecKeychainAttributeInfo* attribute_info); |
| 88 ~ScopedSecKeychainAttributeInfo(); |
| 89 |
| 90 operator SecKeychainAttributeInfo*() const { |
| 91 return attribute_info_; |
| 92 } |
| 93 |
| 94 private: |
| 95 SecKeychainAttributeInfo* attribute_info_; |
| 96 }; |
| 97 |
| 98 // Holds the return value from CrSKeychainItemCopyAttributesAndData and an |
| 99 // argument to CrSKeychainItemCreateFromContent. Used in those wrappers to |
| 100 // keep logically grouped data together. |
| 101 struct CrSKeychainItemAttributesAndData { |
| 102 SecItemClass item_class; |
| 103 SecKeychainAttributeList* attribute_list; |
| 104 UInt32 length; |
| 105 void* data; |
| 106 }; |
| 107 |
| 108 // Holds a CrSKeychainItemAttributesAndData*, calling |
| 109 // CrSKeychainItemFreeAttributesAndData and freeing the owned |
| 110 // CrSKeychainItemAttributesAndData* on destruction. |
| 111 class ScopedCrSKeychainItemAttributesAndData { |
| 112 public: |
| 113 ScopedCrSKeychainItemAttributesAndData( |
| 114 CrSKeychainItemAttributesAndData* attributes_and_data); |
| 115 ~ScopedCrSKeychainItemAttributesAndData(); |
| 116 |
| 117 CrSKeychainItemAttributesAndData* get() const { |
| 118 return attributes_and_data_.get(); |
| 119 } |
| 120 |
| 121 CrSKeychainItemAttributesAndData* release() { |
| 122 return attributes_and_data_.release(); |
| 123 } |
| 124 |
| 125 SecItemClass item_class() const { |
| 126 return attributes_and_data_->item_class; |
| 127 } |
| 128 |
| 129 SecItemClass* item_class_ptr() const { |
| 130 return &attributes_and_data_->item_class; |
| 131 } |
| 132 |
| 133 SecKeychainAttributeList* attribute_list() const { |
| 134 return attributes_and_data_->attribute_list; |
| 135 } |
| 136 |
| 137 SecKeychainAttributeList** attribute_list_ptr() const { |
| 138 return &attributes_and_data_->attribute_list; |
| 139 } |
| 140 |
| 141 UInt32 length() const { |
| 142 return attributes_and_data_->length; |
| 143 } |
| 144 |
| 145 UInt32* length_ptr() const { |
| 146 return &attributes_and_data_->length; |
| 147 } |
| 148 |
| 149 void* data() const { |
| 150 return attributes_and_data_->data; |
| 151 } |
| 152 |
| 153 void** data_ptr() const { |
| 154 return &attributes_and_data_->data; |
| 155 } |
| 156 |
| 157 private: |
| 158 scoped_ptr<CrSKeychainItemAttributesAndData> attributes_and_data_; |
| 159 }; |
| 160 |
| 161 // Wraps SecKeychainSearchCreateFromAttributes, returning NULL on error and a |
| 162 // SecKeychainSearchRef owned by the caller on success. |
| 163 SecKeychainSearchRef CrSKeychainSearchCreateFromAttributes( |
| 164 CFTypeRef keychain_or_array, |
| 165 SecItemClass item_class, |
| 166 const SecKeychainAttributeList* attribute_list); |
| 167 |
| 168 // Wraps SecKeychainSearchCopyNext, tolerating a NULL argument (resulting in |
| 169 // a NULL return value but nothing logged), returning NULL on error and a |
| 170 // SecKeychainItemRef owned by the caller on success. |
| 171 SecKeychainItemRef CrSKeychainSearchCopyNext(SecKeychainSearchRef search); |
| 172 |
| 173 // Wraps SecKeychainItemFreeAttributesAndData. |
| 174 void CrSKeychainItemFreeAttributesAndData( |
| 175 SecKeychainAttributeList* attribute_list, |
| 176 void* data); |
| 177 |
| 178 // Tests access to |item| by calling SecKeychainItemCopyAttributesAndData, |
| 179 // taking care to properly free any returned data. Returns true if access to |
| 180 // |item| is authorized. errSecAuthFailed is considered an "expected" error |
| 181 // for which nothing will be logged, although false will be returned. |
| 182 bool CrSKeychainItemTestAccess(SecKeychainItemRef item); |
| 183 |
| 184 // Wraps SecKeychainItemCopyAccess, returning NULL on error and a SecAccessRef |
| 185 // owned by the caller on success. errSecNoAccessForItem and errSecAuthFailed |
| 186 // are considered "expected" errors for which nothing will be logged, although |
| 187 // NULL will be returned. |
| 188 SecAccessRef CrSKeychainItemCopyAccess(SecKeychainItemRef item); |
| 189 |
| 190 // Wraps SecAccessCopyACLList, returning NULL on error and a CFArrayRef owned |
| 191 // by the caller on success. |
| 192 CFArrayRef CrSAccessCopyACLList(SecAccessRef access); |
| 193 |
| 194 // Wraps SecACLCopySimpleContents, returning NULL on error and a |
| 195 // CrSACLSimpleContents* owned by the caller on success. errSecACLNotSimple is |
| 196 // considered an "expected" error for which nothing will be logged, although |
| 197 // NULL will be returned. |
| 198 CrSACLSimpleContents* CrSACLCopySimpleContents(SecACLRef acl); |
| 199 |
| 200 // Wraps SecTrustedApplicationCopyRequirement, tolerating a NULL argument |
| 201 // (resulting in a NULL return value but nothing logged) and returning NULL on |
| 202 // error or a SecRequirementRef owned by the caller on success. |
| 203 SecRequirementRef CrSTrustedApplicationCopyRequirement( |
| 204 SecTrustedApplicationRef application); |
| 205 |
| 206 // Wraps SecRequirementCopyString, tolerating a NULL argument (resulting in |
| 207 // a NULL return value but nothing logged) and returning NULL on error or a |
| 208 // CFStringRef owned by the caller on success. |
| 209 CFStringRef CrSRequirementCopyString(SecRequirementRef requirement, |
| 210 SecCSFlags flags); |
| 211 |
| 212 // Wraps SecTrustedApplicationCreateFromPath, returning NULL on error or a |
| 213 // SecTrustedApplicationRef owned by the caller on success. |
| 214 SecTrustedApplicationRef CrSTrustedApplicationCreateFromPath(const char* path); |
| 215 |
| 216 // Wraps SecACLSetSimpleContents, adapting it to the CrSACLSimpleContents |
| 217 // argument, returning false on error or true on success. |
| 218 bool CrSACLSetSimpleContents(SecACLRef acl, |
| 219 const CrSACLSimpleContents& acl_simple_contents); |
| 220 |
| 221 // Wraps SecKeychainItemCopyKeychain, returning NULL on error or a |
| 222 // SecKeychainRef owned by the caller on success. |
| 223 SecKeychainRef CrSKeychainItemCopyKeychain(SecKeychainItemRef item); |
| 224 |
| 225 // Wraps SecKeychainAttributeInfoForItemID, returning NULL on error or a |
| 226 // SecKeychainAttributeInfo* owned by the caller on success. |
| 227 SecKeychainAttributeInfo* CrSKeychainAttributeInfoForItemID( |
| 228 SecKeychainRef keychain, |
| 229 UInt32 item_id); |
| 230 |
| 231 // Wraps SecKeychainItemCopyAttributesAndData, returning NULL on error or a |
| 232 // CrSKeychainItemAttributesAndData* owned by the caller on success. |
| 233 CrSKeychainItemAttributesAndData* CrSKeychainItemCopyAttributesAndData( |
| 234 SecKeychainRef keychain, |
| 235 SecKeychainItemRef item); |
| 236 |
| 237 // Wraps SecKeychainItemDelete, returning false on error or true on success. |
| 238 bool CrSKeychainItemDelete(SecKeychainItemRef item); |
| 239 |
| 240 // Wraps SecKeychainItemCreateFromContent, adapting it to the |
| 241 // CrSKeychainItemAttributesAndData argument, returning NULL on error or a |
| 242 // SecKeychainItemRef owned by the caller on success. |
| 243 SecKeychainItemRef CrSKeychainItemCreateFromContent( |
| 244 const CrSKeychainItemAttributesAndData& attributes_and_data, |
| 245 SecKeychainRef keychain, |
| 246 SecAccessRef access); |
| 247 |
| 248 } // namespace mac |
| 249 } // namespace browser |
| 250 } // namespace chrome |
| 251 |
| 252 #endif // CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_ |
OLD | NEW |