| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_INTERNAL_H_ | |
| 6 #define CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_INTERNAL_H_ | |
| 7 | |
| 8 #include <Security/Security.h> | |
| 9 | |
| 10 #include <string> | |
| 11 #include <vector> | |
| 12 | |
| 13 #include "base/macros.h" | |
| 14 #include "components/autofill/core/common/password_form.h" | |
| 15 #include "crypto/apple_keychain.h" | |
| 16 | |
| 17 using crypto::AppleKeychain; | |
| 18 | |
| 19 // Adapter that wraps a AppleKeychain and provides interaction in terms of | |
| 20 // PasswordForms instead of Keychain items. | |
| 21 class MacKeychainPasswordFormAdapter { | |
| 22 public: | |
| 23 // Creates an adapter for |keychain|. This class does not take ownership of | |
| 24 // |keychain|, so the caller must make sure that the keychain outlives the | |
| 25 // created object. | |
| 26 explicit MacKeychainPasswordFormAdapter(const AppleKeychain* keychain); | |
| 27 | |
| 28 // Returns all keychain entries matching |signon_realm| and |scheme|. | |
| 29 std::vector<std::unique_ptr<autofill::PasswordForm>> PasswordsFillingForm( | |
| 30 const std::string& signon_realm, | |
| 31 autofill::PasswordForm::Scheme scheme); | |
| 32 | |
| 33 // Returns true if there is the Keychain entry that matches |query_form| on | |
| 34 // all of the fields that uniquely identify a Keychain item. | |
| 35 bool HasPasswordExactlyMatchingForm(const autofill::PasswordForm& query_form); | |
| 36 | |
| 37 // Returns true if the keychain contains any items that are mergeable with | |
| 38 // |query_form|. This is different from actually extracting the passwords | |
| 39 // and checking the return count, since doing that would require reading the | |
| 40 // passwords from the keychain, thus potentially triggering authorizaiton UI, | |
| 41 // whereas this won't. | |
| 42 bool HasPasswordsMergeableWithForm( | |
| 43 const autofill::PasswordForm& query_form); | |
| 44 | |
| 45 // Returns all keychain items of types corresponding to password forms. | |
| 46 std::vector<SecKeychainItemRef> GetAllPasswordFormKeychainItems(); | |
| 47 | |
| 48 // Returns all keychain entries corresponding to password forms. | |
| 49 // TODO(vabr): This is only used in tests, should be moved there. | |
| 50 std::vector<std::unique_ptr<autofill::PasswordForm>> | |
| 51 GetAllPasswordFormPasswords(); | |
| 52 | |
| 53 // Creates a new keychain entry from |form|, or updates the password of an | |
| 54 // existing keychain entry if there is a collision. Returns true if a keychain | |
| 55 // entry was successfully added/updated. | |
| 56 bool AddPassword(const autofill::PasswordForm& form); | |
| 57 | |
| 58 // Removes the keychain password matching |form| if any. Returns true if a | |
| 59 // keychain item was found and successfully removed. | |
| 60 bool RemovePassword(const autofill::PasswordForm& form); | |
| 61 | |
| 62 // Controls whether or not Chrome will restrict Keychain searches to items | |
| 63 // that it created. Defaults to false. | |
| 64 void SetFindsOnlyOwnedItems(bool finds_only_owned); | |
| 65 | |
| 66 private: | |
| 67 // Returns PasswordForm instances transformed from |items|. Also calls | |
| 68 // AppleKeychain::Free on all of the keychain items and clears |items|. | |
| 69 std::vector<std::unique_ptr<autofill::PasswordForm>> | |
| 70 ConvertKeychainItemsToForms(std::vector<SecKeychainItemRef>* items); | |
| 71 | |
| 72 // Searches |keychain| for the specific keychain entry that corresponds to the | |
| 73 // given form, and returns it (or NULL if no match is found). The caller is | |
| 74 // responsible for calling AppleKeychain::Free on on the returned item. | |
| 75 SecKeychainItemRef KeychainItemForForm( | |
| 76 const autofill::PasswordForm& form); | |
| 77 | |
| 78 // Returns the Keychain items matching the given signon_realm, scheme, and | |
| 79 // optionally path and username (either of both can be NULL). | |
| 80 // The caller is responsible for calling AppleKeychain::Free on the | |
| 81 // returned items. | |
| 82 std::vector<SecKeychainItemRef> MatchingKeychainItems( | |
| 83 const std::string& signon_realm, | |
| 84 autofill::PasswordForm::Scheme scheme, | |
| 85 const char* path, | |
| 86 const char* username); | |
| 87 | |
| 88 // Returns the Keychain SecAuthenticationType type corresponding to |scheme|. | |
| 89 SecAuthenticationType AuthTypeForScheme( | |
| 90 autofill::PasswordForm::Scheme scheme); | |
| 91 | |
| 92 // Changes the password for keychain_item to |password|; returns true if the | |
| 93 // password was successfully changed. | |
| 94 bool SetKeychainItemPassword(SecKeychainItemRef keychain_item, | |
| 95 const std::string& password); | |
| 96 | |
| 97 // Sets the creator code of keychain_item to creator_code; returns true if the | |
| 98 // creator code was successfully set. | |
| 99 bool SetKeychainItemCreatorCode(SecKeychainItemRef keychain_item, | |
| 100 OSType creator_code); | |
| 101 | |
| 102 // Returns the creator code to be used for a Keychain search, depending on | |
| 103 // whether this object was instructed to search only for items it created. | |
| 104 // If searches should be restricted in this way, the application-specific | |
| 105 // creator code will be returned. Otherwise, 0 will be returned, indicating | |
| 106 // a search of all items, regardless of creator. | |
| 107 OSType CreatorCodeForSearch(); | |
| 108 | |
| 109 const AppleKeychain* keychain_; | |
| 110 | |
| 111 // If true, Keychain searches are restricted to items created by Chrome. | |
| 112 bool finds_only_owned_; | |
| 113 | |
| 114 DISALLOW_COPY_AND_ASSIGN(MacKeychainPasswordFormAdapter); | |
| 115 }; | |
| 116 | |
| 117 namespace internal_keychain_helpers { | |
| 118 | |
| 119 // Pair of pointers to a SecKeychainItemRef and a corresponding PasswordForm. | |
| 120 typedef std::pair<SecKeychainItemRef, std::unique_ptr<autofill::PasswordForm>> | |
| 121 ItemFormPair; | |
| 122 | |
| 123 // Sets the fields of |form| based on the keychain data from |keychain_item|. | |
| 124 // Fields that can't be determined from |keychain_item| will be unchanged. If | |
| 125 // |extract_password_data| is true, the password data will be copied from | |
| 126 // |keychain_item| in addition to its attributes, and the |blacklisted_by_user| | |
| 127 // field will be set to true for empty passwords ("" or " "). | |
| 128 // If |extract_password_data| is false, only the password attributes will be | |
| 129 // copied, and the |blacklisted_by_user| field will always be false. | |
| 130 // | |
| 131 // IMPORTANT: If |extract_password_data| is true, this function can cause the OS | |
| 132 // to trigger UI (to allow access to the keychain item if we aren't trusted for | |
| 133 // the item), and block until the UI is dismissed. | |
| 134 // | |
| 135 // If excessive prompting for access to other applications' keychain items | |
| 136 // becomes an issue, the password storage API will need to intially call this | |
| 137 // function with |extract_password_data| set to false, and retrieve the password | |
| 138 // later (accessing other fields doesn't require authorization). | |
| 139 bool FillPasswordFormFromKeychainItem(const AppleKeychain& keychain, | |
| 140 SecKeychainItemRef keychain_item, | |
| 141 autofill::PasswordForm* form, | |
| 142 bool extract_password_data); | |
| 143 | |
| 144 // Returns true if |keychain_item| has the application-specific creator code in | |
| 145 // its attributes. | |
| 146 bool HasCreatorCode(const AppleKeychain& keychain, | |
| 147 SecKeychainItemRef keychain_item); | |
| 148 | |
| 149 // Use FormMatchStrictness to configure which forms are considered a match by | |
| 150 // FormsMatchForMerge: | |
| 151 enum FormMatchStrictness { | |
| 152 STRICT_FORM_MATCH, // Match only forms with the same scheme, signon realm and | |
| 153 // username value. | |
| 154 FUZZY_FORM_MATCH, // Also match cases where the first form's | |
| 155 // original_signon_realm is nonempty and matches the | |
| 156 // second form's signon_realm. | |
| 157 }; | |
| 158 | |
| 159 // Returns true if the two given forms are suitable for merging (see | |
| 160 // MergePasswordForms). | |
| 161 bool FormsMatchForMerge(const autofill::PasswordForm& form_a, | |
| 162 const autofill::PasswordForm& form_b, | |
| 163 FormMatchStrictness strictness); | |
| 164 | |
| 165 // Populates merged_forms by combining the password data from keychain_forms and | |
| 166 // the metadata from database_forms, removing used entries from the two source | |
| 167 // lists. | |
| 168 // | |
| 169 // On return, database_forms and keychain_forms will have only unused | |
| 170 // entries; for database_forms that means entries for which no corresponding | |
| 171 // password can be found (and which aren't blacklist entries), and for | |
| 172 // keychain_forms its entries that weren't merged into at least one database | |
| 173 // form. | |
| 174 void MergePasswordForms( | |
| 175 std::vector<std::unique_ptr<autofill::PasswordForm>>* keychain_forms, | |
| 176 std::vector<std::unique_ptr<autofill::PasswordForm>>* database_forms, | |
| 177 std::vector<std::unique_ptr<autofill::PasswordForm>>* merged_forms); | |
| 178 | |
| 179 // For every form in |database_forms|, if such a form has a corresponding entry | |
| 180 // in |keychain|, this adds the password from the entry and moves that form from | |
| 181 // |database_forms| into |passwords|. | |
| 182 void GetPasswordsForForms( | |
| 183 const AppleKeychain& keychain, | |
| 184 std::vector<std::unique_ptr<autofill::PasswordForm>>* database_forms, | |
| 185 std::vector<std::unique_ptr<autofill::PasswordForm>>* passwords); | |
| 186 | |
| 187 // Loads all items in the system keychain into |keychain_items|, creates for | |
| 188 // each keychain item a corresponding PasswordForm that doesn't contain any | |
| 189 // password data, and returns the two collections as a vector of ItemFormPairs. | |
| 190 // Used by GetPasswordsForForms for optimized matching of keychain items with | |
| 191 // PasswordForms in the database. | |
| 192 // Note: Since no password data is loaded here, the resulting PasswordForms | |
| 193 // will include blacklist entries, which will have to be filtered out later. | |
| 194 // Caller owns the SecKeychainItemRefs and PasswordForms that are returned. | |
| 195 // This operation does not require OS authorization. | |
| 196 std::vector<ItemFormPair> ExtractAllKeychainItemAttributesIntoPasswordForms( | |
| 197 std::vector<SecKeychainItemRef>* keychain_items, | |
| 198 const AppleKeychain& keychain); | |
| 199 | |
| 200 // Takes a PasswordForm's signon_realm and parses it into its component parts, | |
| 201 // which are returned though the appropriate out parameters. | |
| 202 // Returns true if it can be successfully parsed, in which case all out params | |
| 203 // that are non-NULL will be set. If there is no port, port will be 0. | |
| 204 // If the return value is false, the state of the out params is undefined. | |
| 205 bool ExtractSignonRealmComponents(const std::string& signon_realm, | |
| 206 std::string* server, | |
| 207 UInt32* port, | |
| 208 bool* is_secure, | |
| 209 std::string* security_domain); | |
| 210 | |
| 211 // Returns true if the signon_realm of |query_form| can be successfully parsed | |
| 212 // by ExtractSignonRealmComponents, and if |query_form| matches |other_form|. | |
| 213 bool FormIsValidAndMatchesOtherForm(const autofill::PasswordForm& query_form, | |
| 214 const autofill::PasswordForm& other_form); | |
| 215 | |
| 216 // Returns PasswordForm instances populated with password data for each keychain | |
| 217 // entry in |item_form_pairs| that could be merged with |query_form|. | |
| 218 std::vector<std::unique_ptr<autofill::PasswordForm>> | |
| 219 ExtractPasswordsMergeableWithForm( | |
| 220 const AppleKeychain& keychain, | |
| 221 const std::vector<ItemFormPair>& item_form_pairs, | |
| 222 const autofill::PasswordForm& query_form); | |
| 223 | |
| 224 } // namespace internal_keychain_helpers | |
| 225 | |
| 226 #endif // CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_INTERNAL_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2909283002:
Delete PasswordStoreMac and SimplePasswordStoreMac. (Closed)
