// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_
#define CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_
#include <Security/Security.h>
#include <Security/SecRequirement.h>
#include "base/basictypes.h"
#include "base/mac/scoped_cftyperef.h"
#include "base/memory/scoped_ptr.h"
namespace chrome {
// Wraps SecKeychainSetUserInteractionAllowed, restoring the previous setting
// on destruction.
class ScopedSecKeychainSetUserInteractionAllowed {
public:
explicit ScopedSecKeychainSetUserInteractionAllowed(Boolean allowed);
~ScopedSecKeychainSetUserInteractionAllowed();
private:
Boolean old_allowed_;
DISALLOW_COPY_AND_ASSIGN(ScopedSecKeychainSetUserInteractionAllowed);
};
// Holds a paired SecKeychainItemRef and SecAccessRef, maintaining the
// association between the two, and managing their ownership by retaining
// the SecKeychainItemRef and SecAccessRef elements placed into a
// CrSKeychainItemAndAccess object. Suitable for use
// in standard C++ containers.
class CrSKeychainItemAndAccess {
public:
CrSKeychainItemAndAccess(SecKeychainItemRef item, SecAccessRef access);
CrSKeychainItemAndAccess(const CrSKeychainItemAndAccess& that);
~CrSKeychainItemAndAccess();
void operator=(const CrSKeychainItemAndAccess& that);
SecKeychainItemRef item() const { return item_; }
SecAccessRef access() const { return access_; }
private:
base::ScopedCFTypeRef<SecKeychainItemRef> item_;
base::ScopedCFTypeRef<SecAccessRef> access_;
};
// Holds the return value from CrSACLCopySimpleContents and an argument to
// CrSACLSetSimpleContents, managing ownership. Used in those wrappers to keep
// logically grouped data together.
struct CrSACLSimpleContents {
CrSACLSimpleContents();
~CrSACLSimpleContents();
base::ScopedCFTypeRef<CFArrayRef> application_list;
base::ScopedCFTypeRef<CFStringRef> description;
CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR prompt_selector;
};
// Holds a SecKeychainAttributeInfo*, calling SecKeychainFreeAttributeInfo on
// destruction.
class ScopedSecKeychainAttributeInfo {
public:
explicit ScopedSecKeychainAttributeInfo(
SecKeychainAttributeInfo* attribute_info);
~ScopedSecKeychainAttributeInfo();
operator SecKeychainAttributeInfo*() const {
return attribute_info_;
}
private:
SecKeychainAttributeInfo* attribute_info_;
};
// Holds the return value from CrSKeychainItemCopyAttributesAndData and an
// argument to CrSKeychainItemCreateFromContent. Used in those wrappers to
// keep logically grouped data together.
struct CrSKeychainItemAttributesAndData {
SecItemClass item_class;
SecKeychainAttributeList* attribute_list;
UInt32 length;
void* data;
};
// Holds a CrSKeychainItemAttributesAndData*, calling
// CrSKeychainItemFreeAttributesAndData and freeing the owned
// CrSKeychainItemAttributesAndData* on destruction.
class ScopedCrSKeychainItemAttributesAndData {
public:
ScopedCrSKeychainItemAttributesAndData(
CrSKeychainItemAttributesAndData* attributes_and_data);
~ScopedCrSKeychainItemAttributesAndData();
CrSKeychainItemAttributesAndData* get() const {
return attributes_and_data_.get();
}
CrSKeychainItemAttributesAndData* release() {
return attributes_and_data_.release();
}
SecItemClass item_class() const {
return attributes_and_data_->item_class;
}
SecItemClass* item_class_ptr() const {
return &attributes_and_data_->item_class;
}
SecKeychainAttributeList* attribute_list() const {
return attributes_and_data_->attribute_list;
}
SecKeychainAttributeList** attribute_list_ptr() const {
return &attributes_and_data_->attribute_list;
}
UInt32 length() const {
return attributes_and_data_->length;
}
UInt32* length_ptr() const {
return &attributes_and_data_->length;
}
void* data() const {
return attributes_and_data_->data;
}
void** data_ptr() const {
return &attributes_and_data_->data;
}
private:
scoped_ptr<CrSKeychainItemAttributesAndData> attributes_and_data_;
};
// Wraps SecKeychainSearchCreateFromAttributes, returning NULL on error and a
// SecKeychainSearchRef owned by the caller on success.
SecKeychainSearchRef CrSKeychainSearchCreateFromAttributes(
CFTypeRef keychain_or_array,
SecItemClass item_class,
const SecKeychainAttributeList* attribute_list);
// Wraps SecKeychainSearchCopyNext, tolerating a NULL argument (resulting in
// a NULL return value but nothing logged), returning NULL on error and a
// SecKeychainItemRef owned by the caller on success.
SecKeychainItemRef CrSKeychainSearchCopyNext(SecKeychainSearchRef search);
// Wraps SecKeychainItemFreeAttributesAndData.
void CrSKeychainItemFreeAttributesAndData(
SecKeychainAttributeList* attribute_list,
void* data);
// Tests access to |item| by calling SecKeychainItemCopyAttributesAndData,
// taking care to properly free any returned data. Returns true if access to
// |item| is authorized. errSecAuthFailed is considered an "expected" error
// for which nothing will be logged, although false will be returned.
bool CrSKeychainItemTestAccess(SecKeychainItemRef item);
// Wraps SecKeychainItemCopyAccess, returning NULL on error and a SecAccessRef
// owned by the caller on success. errSecNoAccessForItem and errSecAuthFailed
// are considered "expected" errors for which nothing will be logged, although
// NULL will be returned.
SecAccessRef CrSKeychainItemCopyAccess(SecKeychainItemRef item);
// Wraps SecAccessCopyACLList, returning NULL on error and a CFArrayRef owned
// by the caller on success.
CFArrayRef CrSAccessCopyACLList(SecAccessRef access);
// Wraps SecACLCopySimpleContents, returning NULL on error and a
// CrSACLSimpleContents* owned by the caller on success. errSecACLNotSimple is
// considered an "expected" error for which nothing will be logged, although
// NULL will be returned.
CrSACLSimpleContents* CrSACLCopySimpleContents(SecACLRef acl);
// Wraps SecTrustedApplicationCopyRequirement, tolerating a NULL argument
// (resulting in a NULL return value but nothing logged) and returning NULL on
// error or a SecRequirementRef owned by the caller on success.
SecRequirementRef CrSTrustedApplicationCopyRequirement(
SecTrustedApplicationRef application);
// Wraps SecRequirementCopyString, tolerating a NULL argument (resulting in
// a NULL return value but nothing logged) and returning NULL on error or a
// CFStringRef owned by the caller on success.
CFStringRef CrSRequirementCopyString(SecRequirementRef requirement,
SecCSFlags flags);
// Wraps SecTrustedApplicationCreateFromPath, returning NULL on error or a
// SecTrustedApplicationRef owned by the caller on success.
SecTrustedApplicationRef CrSTrustedApplicationCreateFromPath(const char* path);
// Wraps SecACLSetSimpleContents, adapting it to the CrSACLSimpleContents
// argument, returning false on error or true on success.
bool CrSACLSetSimpleContents(SecACLRef acl,
const CrSACLSimpleContents& acl_simple_contents);
// Wraps SecKeychainItemCopyKeychain, returning NULL on error or a
// SecKeychainRef owned by the caller on success.
SecKeychainRef CrSKeychainItemCopyKeychain(SecKeychainItemRef item);
// Wraps SecKeychainAttributeInfoForItemID, returning NULL on error or a
// SecKeychainAttributeInfo* owned by the caller on success.
SecKeychainAttributeInfo* CrSKeychainAttributeInfoForItemID(
SecKeychainRef keychain,
UInt32 item_id);
// Wraps SecKeychainItemCopyAttributesAndData, returning NULL on error or a
// CrSKeychainItemAttributesAndData* owned by the caller on success.
CrSKeychainItemAttributesAndData* CrSKeychainItemCopyAttributesAndData(
SecKeychainRef keychain,
SecKeychainItemRef item);
// Wraps SecKeychainItemDelete, returning false on error or true on success.
bool CrSKeychainItemDelete(SecKeychainItemRef item);
// Wraps SecKeychainItemCreateFromContent, adapting it to the
// CrSKeychainItemAttributesAndData argument, returning NULL on error or a
// SecKeychainItemRef owned by the caller on success.
SecKeychainItemRef CrSKeychainItemCreateFromContent(
const CrSKeychainItemAttributesAndData& attributes_and_data,
SecKeychainRef keychain,
SecAccessRef access);
} // namespace chrome
#endif // CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_