| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_ | 5 #ifndef CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_ |
| 6 #define CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_ | 6 #define CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_ |
| 7 | 7 |
| 8 #include <Security/Security.h> | 8 #include <CoreFoundation/CFBase.h> |
| 9 #include <Security/SecRequirement.h> | |
| 10 | 9 |
| 11 #include "base/basictypes.h" | 10 #include "base/macros.h" |
| 12 #include "base/mac/scoped_cftyperef.h" | |
| 13 #include "base/memory/scoped_ptr.h" | |
| 14 | 11 |
| 15 namespace chrome { | 12 namespace chrome { |
| 16 | 13 |
| 17 // Wraps SecKeychainSetUserInteractionAllowed, restoring the previous setting | 14 // Wraps SecKeychainSetUserInteractionAllowed, restoring the previous setting |
| 18 // on destruction. | 15 // on destruction. |
| 19 class ScopedSecKeychainSetUserInteractionAllowed { | 16 class ScopedSecKeychainSetUserInteractionAllowed { |
| 20 public: | 17 public: |
| 21 explicit ScopedSecKeychainSetUserInteractionAllowed(Boolean allowed); | 18 explicit ScopedSecKeychainSetUserInteractionAllowed(Boolean allowed); |
| 22 ~ScopedSecKeychainSetUserInteractionAllowed(); | 19 ~ScopedSecKeychainSetUserInteractionAllowed(); |
| 23 | 20 |
| 24 private: | 21 private: |
| 25 Boolean old_allowed_; | 22 Boolean old_allowed_; |
| 26 | 23 |
| 27 DISALLOW_COPY_AND_ASSIGN(ScopedSecKeychainSetUserInteractionAllowed); | 24 DISALLOW_COPY_AND_ASSIGN(ScopedSecKeychainSetUserInteractionAllowed); |
| 28 }; | 25 }; |
| 29 | 26 |
| 30 // Holds a paired SecKeychainItemRef and SecAccessRef, maintaining the | |
| 31 // association between the two, and managing their ownership by retaining | |
| 32 // the SecKeychainItemRef and SecAccessRef elements placed into a | |
| 33 // CrSKeychainItemAndAccess object. Suitable for use | |
| 34 // in standard C++ containers. | |
| 35 class CrSKeychainItemAndAccess { | |
| 36 public: | |
| 37 CrSKeychainItemAndAccess(SecKeychainItemRef item, SecAccessRef access); | |
| 38 CrSKeychainItemAndAccess(const CrSKeychainItemAndAccess& that); | |
| 39 | |
| 40 ~CrSKeychainItemAndAccess(); | |
| 41 | |
| 42 void operator=(const CrSKeychainItemAndAccess& that); | |
| 43 | |
| 44 SecKeychainItemRef item() const { return item_; } | |
| 45 SecAccessRef access() const { return access_; } | |
| 46 | |
| 47 private: | |
| 48 base::ScopedCFTypeRef<SecKeychainItemRef> item_; | |
| 49 base::ScopedCFTypeRef<SecAccessRef> access_; | |
| 50 }; | |
| 51 | |
| 52 // Holds the return value from CrSACLCopySimpleContents and an argument to | |
| 53 // CrSACLSetSimpleContents, managing ownership. Used in those wrappers to keep | |
| 54 // logically grouped data together. | |
| 55 struct CrSACLSimpleContents { | |
| 56 CrSACLSimpleContents(); | |
| 57 ~CrSACLSimpleContents(); | |
| 58 | |
| 59 base::ScopedCFTypeRef<CFArrayRef> application_list; | |
| 60 base::ScopedCFTypeRef<CFStringRef> description; | |
| 61 CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR prompt_selector; | |
| 62 }; | |
| 63 | |
| 64 // Holds a SecKeychainAttributeInfo*, calling SecKeychainFreeAttributeInfo on | |
| 65 // destruction. | |
| 66 class ScopedSecKeychainAttributeInfo { | |
| 67 public: | |
| 68 explicit ScopedSecKeychainAttributeInfo( | |
| 69 SecKeychainAttributeInfo* attribute_info); | |
| 70 ~ScopedSecKeychainAttributeInfo(); | |
| 71 | |
| 72 operator SecKeychainAttributeInfo*() const { | |
| 73 return attribute_info_; | |
| 74 } | |
| 75 | |
| 76 private: | |
| 77 SecKeychainAttributeInfo* attribute_info_; | |
| 78 }; | |
| 79 | |
| 80 // Holds the return value from CrSKeychainItemCopyAttributesAndData and an | |
| 81 // argument to CrSKeychainItemCreateFromContent. Used in those wrappers to | |
| 82 // keep logically grouped data together. | |
| 83 struct CrSKeychainItemAttributesAndData { | |
| 84 SecItemClass item_class; | |
| 85 SecKeychainAttributeList* attribute_list; | |
| 86 UInt32 length; | |
| 87 void* data; | |
| 88 }; | |
| 89 | |
| 90 // Holds a CrSKeychainItemAttributesAndData*, calling | |
| 91 // CrSKeychainItemFreeAttributesAndData and freeing the owned | |
| 92 // CrSKeychainItemAttributesAndData* on destruction. | |
| 93 class ScopedCrSKeychainItemAttributesAndData { | |
| 94 public: | |
| 95 ScopedCrSKeychainItemAttributesAndData( | |
| 96 CrSKeychainItemAttributesAndData* attributes_and_data); | |
| 97 ~ScopedCrSKeychainItemAttributesAndData(); | |
| 98 | |
| 99 CrSKeychainItemAttributesAndData* get() const { | |
| 100 return attributes_and_data_.get(); | |
| 101 } | |
| 102 | |
| 103 CrSKeychainItemAttributesAndData* release() { | |
| 104 return attributes_and_data_.release(); | |
| 105 } | |
| 106 | |
| 107 SecItemClass item_class() const { | |
| 108 return attributes_and_data_->item_class; | |
| 109 } | |
| 110 | |
| 111 SecItemClass* item_class_ptr() const { | |
| 112 return &attributes_and_data_->item_class; | |
| 113 } | |
| 114 | |
| 115 SecKeychainAttributeList* attribute_list() const { | |
| 116 return attributes_and_data_->attribute_list; | |
| 117 } | |
| 118 | |
| 119 SecKeychainAttributeList** attribute_list_ptr() const { | |
| 120 return &attributes_and_data_->attribute_list; | |
| 121 } | |
| 122 | |
| 123 UInt32 length() const { | |
| 124 return attributes_and_data_->length; | |
| 125 } | |
| 126 | |
| 127 UInt32* length_ptr() const { | |
| 128 return &attributes_and_data_->length; | |
| 129 } | |
| 130 | |
| 131 void* data() const { | |
| 132 return attributes_and_data_->data; | |
| 133 } | |
| 134 | |
| 135 void** data_ptr() const { | |
| 136 return &attributes_and_data_->data; | |
| 137 } | |
| 138 | |
| 139 private: | |
| 140 scoped_ptr<CrSKeychainItemAttributesAndData> attributes_and_data_; | |
| 141 }; | |
| 142 | |
| 143 // Wraps SecKeychainSearchCreateFromAttributes, returning NULL on error and a | |
| 144 // SecKeychainSearchRef owned by the caller on success. | |
| 145 SecKeychainSearchRef CrSKeychainSearchCreateFromAttributes( | |
| 146 CFTypeRef keychain_or_array, | |
| 147 SecItemClass item_class, | |
| 148 const SecKeychainAttributeList* attribute_list); | |
| 149 | |
| 150 // Wraps SecKeychainSearchCopyNext, tolerating a NULL argument (resulting in | |
| 151 // a NULL return value but nothing logged), returning NULL on error and a | |
| 152 // SecKeychainItemRef owned by the caller on success. | |
| 153 SecKeychainItemRef CrSKeychainSearchCopyNext(SecKeychainSearchRef search); | |
| 154 | |
| 155 // Wraps SecKeychainItemFreeAttributesAndData. | |
| 156 void CrSKeychainItemFreeAttributesAndData( | |
| 157 SecKeychainAttributeList* attribute_list, | |
| 158 void* data); | |
| 159 | |
| 160 // Tests access to |item| by calling SecKeychainItemCopyAttributesAndData, | |
| 161 // taking care to properly free any returned data. Returns true if access to | |
| 162 // |item| is authorized. errSecAuthFailed is considered an "expected" error | |
| 163 // for which nothing will be logged, although false will be returned. | |
| 164 bool CrSKeychainItemTestAccess(SecKeychainItemRef item); | |
| 165 | |
| 166 // Wraps SecKeychainItemCopyAccess, returning NULL on error and a SecAccessRef | |
| 167 // owned by the caller on success. errSecNoAccessForItem and errSecAuthFailed | |
| 168 // are considered "expected" errors for which nothing will be logged, although | |
| 169 // NULL will be returned. | |
| 170 SecAccessRef CrSKeychainItemCopyAccess(SecKeychainItemRef item); | |
| 171 | |
| 172 // Wraps SecAccessCopyACLList, returning NULL on error and a CFArrayRef owned | |
| 173 // by the caller on success. | |
| 174 CFArrayRef CrSAccessCopyACLList(SecAccessRef access); | |
| 175 | |
| 176 // Wraps SecACLCopySimpleContents, returning NULL on error and a | |
| 177 // CrSACLSimpleContents* owned by the caller on success. errSecACLNotSimple is | |
| 178 // considered an "expected" error for which nothing will be logged, although | |
| 179 // NULL will be returned. | |
| 180 CrSACLSimpleContents* CrSACLCopySimpleContents(SecACLRef acl); | |
| 181 | |
| 182 // Wraps SecTrustedApplicationCopyRequirement, tolerating a NULL argument | |
| 183 // (resulting in a NULL return value but nothing logged) and returning NULL on | |
| 184 // error or a SecRequirementRef owned by the caller on success. | |
| 185 SecRequirementRef CrSTrustedApplicationCopyRequirement( | |
| 186 SecTrustedApplicationRef application); | |
| 187 | |
| 188 // Wraps SecRequirementCopyString, tolerating a NULL argument (resulting in | |
| 189 // a NULL return value but nothing logged) and returning NULL on error or a | |
| 190 // CFStringRef owned by the caller on success. | |
| 191 CFStringRef CrSRequirementCopyString(SecRequirementRef requirement, | |
| 192 SecCSFlags flags); | |
| 193 | |
| 194 // Wraps SecTrustedApplicationCreateFromPath, returning NULL on error or a | |
| 195 // SecTrustedApplicationRef owned by the caller on success. | |
| 196 SecTrustedApplicationRef CrSTrustedApplicationCreateFromPath(const char* path); | |
| 197 | |
| 198 // Wraps SecACLSetSimpleContents, adapting it to the CrSACLSimpleContents | |
| 199 // argument, returning false on error or true on success. | |
| 200 bool CrSACLSetSimpleContents(SecACLRef acl, | |
| 201 const CrSACLSimpleContents& acl_simple_contents); | |
| 202 | |
| 203 // Wraps SecKeychainItemCopyKeychain, returning NULL on error or a | |
| 204 // SecKeychainRef owned by the caller on success. | |
| 205 SecKeychainRef CrSKeychainItemCopyKeychain(SecKeychainItemRef item); | |
| 206 | |
| 207 // Wraps SecKeychainAttributeInfoForItemID, returning NULL on error or a | |
| 208 // SecKeychainAttributeInfo* owned by the caller on success. | |
| 209 SecKeychainAttributeInfo* CrSKeychainAttributeInfoForItemID( | |
| 210 SecKeychainRef keychain, | |
| 211 UInt32 item_id); | |
| 212 | |
| 213 // Wraps SecKeychainItemCopyAttributesAndData, returning NULL on error or a | |
| 214 // CrSKeychainItemAttributesAndData* owned by the caller on success. | |
| 215 CrSKeychainItemAttributesAndData* CrSKeychainItemCopyAttributesAndData( | |
| 216 SecKeychainRef keychain, | |
| 217 SecKeychainItemRef item); | |
| 218 | |
| 219 // Wraps SecKeychainItemDelete, returning false on error or true on success. | |
| 220 bool CrSKeychainItemDelete(SecKeychainItemRef item); | |
| 221 | |
| 222 // Wraps SecKeychainItemCreateFromContent, adapting it to the | |
| 223 // CrSKeychainItemAttributesAndData argument, returning NULL on error or a | |
| 224 // SecKeychainItemRef owned by the caller on success. | |
| 225 SecKeychainItemRef CrSKeychainItemCreateFromContent( | |
| 226 const CrSKeychainItemAttributesAndData& attributes_and_data, | |
| 227 SecKeychainRef keychain, | |
| 228 SecAccessRef access); | |
| 229 | |
| 230 } // namespace chrome | 27 } // namespace chrome |
| 231 | 28 |
| 232 #endif // CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_ | 29 #endif // CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 558233002:
Clean up security_wrappers.cc/.h (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master