chrome/browser/mac/security_wrappers.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_
   6 #define CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_
   7
   8 #include <Security/Security.h>
   9 #include <Security/SecRequirement.h>
  10
  11 #include "base/basictypes.h"
  12 #include "base/mac/scoped_cftyperef.h"
  13 #include "base/memory/scoped_ptr.h"
  14
  15 namespace chrome {
  16
  17 // Wraps SecKeychainSetUserInteractionAllowed, restoring the previous setting
  18 // on destruction.
  19 class ScopedSecKeychainSetUserInteractionAllowed {
  20  public:
  21   explicit ScopedSecKeychainSetUserInteractionAllowed(Boolean allowed);
  22   ~ScopedSecKeychainSetUserInteractionAllowed();
  23
  24  private:
  25   Boolean old_allowed_;
  26
  27   DISALLOW_COPY_AND_ASSIGN(ScopedSecKeychainSetUserInteractionAllowed);
  28 };
  29
  30 // Holds a paired SecKeychainItemRef and SecAccessRef, maintaining the
  31 // association between the two, and managing their ownership by retaining
  32 // the SecKeychainItemRef and SecAccessRef elements placed into a
  33 // CrSKeychainItemAndAccess object. Suitable for use
  34 // in standard C++ containers.
  35 class CrSKeychainItemAndAccess {
  36  public:
  37   CrSKeychainItemAndAccess(SecKeychainItemRef item, SecAccessRef access);
  38   CrSKeychainItemAndAccess(const CrSKeychainItemAndAccess& that);
  39
  40   ~CrSKeychainItemAndAccess();
  41
  42   void operator=(const CrSKeychainItemAndAccess& that);
  43
  44   SecKeychainItemRef item() const { return item_; }
  45   SecAccessRef access() const { return access_; }
  46
  47  private:
  48   base::ScopedCFTypeRef<SecKeychainItemRef> item_;
  49   base::ScopedCFTypeRef<SecAccessRef> access_;
  50 };
  51
  52 // Holds the return value from CrSACLCopySimpleContents and an argument to
  53 // CrSACLSetSimpleContents, managing ownership. Used in those wrappers to keep
  54 // logically grouped data together.
  55 struct CrSACLSimpleContents {
  56   CrSACLSimpleContents();
  57   ~CrSACLSimpleContents();
  58
  59   base::ScopedCFTypeRef<CFArrayRef> application_list;
  60   base::ScopedCFTypeRef<CFStringRef> description;
  61   CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR prompt_selector;
  62 };
  63
  64 // Holds a SecKeychainAttributeInfo*, calling SecKeychainFreeAttributeInfo on
  65 // destruction.
  66 class ScopedSecKeychainAttributeInfo {
  67  public:
  68   explicit ScopedSecKeychainAttributeInfo(
  69       SecKeychainAttributeInfo* attribute_info);
  70   ~ScopedSecKeychainAttributeInfo();
  71
  72   operator SecKeychainAttributeInfo*() const {
  73     return attribute_info_;
  74   }
  75
  76  private:
  77   SecKeychainAttributeInfo* attribute_info_;
  78 };
  79
  80 // Holds the return value from CrSKeychainItemCopyAttributesAndData and an
  81 // argument to CrSKeychainItemCreateFromContent. Used in those wrappers to
  82 // keep logically grouped data together.
  83 struct CrSKeychainItemAttributesAndData {
  84   SecItemClass item_class;
  85   SecKeychainAttributeList* attribute_list;
  86   UInt32 length;
  87   void* data;
  88 };
  89
  90 // Holds a CrSKeychainItemAttributesAndData*, calling
  91 // CrSKeychainItemFreeAttributesAndData and freeing the owned
  92 // CrSKeychainItemAttributesAndData* on destruction.
  93 class ScopedCrSKeychainItemAttributesAndData {
  94  public:
  95   ScopedCrSKeychainItemAttributesAndData(
  96       CrSKeychainItemAttributesAndData* attributes_and_data);
  97   ~ScopedCrSKeychainItemAttributesAndData();
  98
  99   CrSKeychainItemAttributesAndData* get() const {
 100     return attributes_and_data_.get();
 101   }
 102
 103   CrSKeychainItemAttributesAndData* release() {
 104     return attributes_and_data_.release();
 105   }
 106
 107   SecItemClass item_class() const {
 108     return attributes_and_data_->item_class;
 109   }
 110
 111   SecItemClass* item_class_ptr() const {
 112     return &attributes_and_data_->item_class;
 113   }
 114
 115   SecKeychainAttributeList* attribute_list() const {
 116     return attributes_and_data_->attribute_list;
 117   }
 118
 119   SecKeychainAttributeList** attribute_list_ptr() const {
 120     return &attributes_and_data_->attribute_list;
 121   }
 122
 123   UInt32 length() const {
 124     return attributes_and_data_->length;
 125   }
 126
 127   UInt32* length_ptr() const {
 128     return &attributes_and_data_->length;
 129   }
 130
 131   void* data() const {
 132     return attributes_and_data_->data;
 133   }
 134
 135   void** data_ptr() const {
 136     return &attributes_and_data_->data;
 137   }
 138
 139  private:
 140   scoped_ptr<CrSKeychainItemAttributesAndData> attributes_and_data_;
 141 };
 142
 143 // Wraps SecKeychainSearchCreateFromAttributes, returning NULL on error and a
 144 // SecKeychainSearchRef owned by the caller on success.
 145 SecKeychainSearchRef CrSKeychainSearchCreateFromAttributes(
 146     CFTypeRef keychain_or_array,
 147     SecItemClass item_class,
 148     const SecKeychainAttributeList* attribute_list);
 149
 150 // Wraps SecKeychainSearchCopyNext, tolerating a NULL argument (resulting in
 151 // a NULL return value but nothing logged), returning NULL on error and a
 152 // SecKeychainItemRef owned by the caller on success.
 153 SecKeychainItemRef CrSKeychainSearchCopyNext(SecKeychainSearchRef search);
 154
 155 // Wraps SecKeychainItemFreeAttributesAndData.
 156 void CrSKeychainItemFreeAttributesAndData(
 157     SecKeychainAttributeList* attribute_list,
 158     void* data);
 159
 160 // Tests access to |item| by calling SecKeychainItemCopyAttributesAndData,
 161 // taking care to properly free any returned data. Returns true if access to
 162 // |item| is authorized. errSecAuthFailed is considered an "expected" error
 163 // for which nothing will be logged, although false will be returned.
 164 bool CrSKeychainItemTestAccess(SecKeychainItemRef item);
 165
 166 // Wraps SecKeychainItemCopyAccess, returning NULL on error and a SecAccessRef
 167 // owned by the caller on success. errSecNoAccessForItem and errSecAuthFailed
 168 // are considered "expected" errors for which nothing will be logged, although
 169 // NULL will be returned.
 170 SecAccessRef CrSKeychainItemCopyAccess(SecKeychainItemRef item);
 171
 172 // Wraps SecAccessCopyACLList, returning NULL on error and a CFArrayRef owned
 173 // by the caller on success.
 174 CFArrayRef CrSAccessCopyACLList(SecAccessRef access);
 175
 176 // Wraps SecACLCopySimpleContents, returning NULL on error and a
 177 // CrSACLSimpleContents* owned by the caller on success. errSecACLNotSimple is
 178 // considered an "expected" error for which nothing will be logged, although
 179 // NULL will be returned.
 180 CrSACLSimpleContents* CrSACLCopySimpleContents(SecACLRef acl);
 181
 182 // Wraps SecTrustedApplicationCopyRequirement, tolerating a NULL argument
 183 // (resulting in a NULL return value but nothing logged) and returning NULL on
 184 // error or a SecRequirementRef owned by the caller on success.
 185 SecRequirementRef CrSTrustedApplicationCopyRequirement(
 186     SecTrustedApplicationRef application);
 187
 188 // Wraps SecRequirementCopyString, tolerating a NULL argument (resulting in
 189 // a NULL return value but nothing logged) and returning NULL on error or a
 190 // CFStringRef owned by the caller on success.
 191 CFStringRef CrSRequirementCopyString(SecRequirementRef requirement,
 192                                      SecCSFlags flags);
 193
 194 // Wraps SecTrustedApplicationCreateFromPath, returning NULL on error or a
 195 // SecTrustedApplicationRef owned by the caller on success.
 196 SecTrustedApplicationRef CrSTrustedApplicationCreateFromPath(const char* path);
 197
 198 // Wraps SecACLSetSimpleContents, adapting it to the CrSACLSimpleContents
 199 // argument, returning false on error or true on success.
 200 bool CrSACLSetSimpleContents(SecACLRef acl,
 201                              const CrSACLSimpleContents& acl_simple_contents);
 202
 203 // Wraps SecKeychainItemCopyKeychain, returning NULL on error or a
 204 // SecKeychainRef owned by the caller on success.
 205 SecKeychainRef CrSKeychainItemCopyKeychain(SecKeychainItemRef item);
 206
 207 // Wraps SecKeychainAttributeInfoForItemID, returning NULL on error or a
 208 // SecKeychainAttributeInfo* owned by the caller on success.
 209 SecKeychainAttributeInfo* CrSKeychainAttributeInfoForItemID(
 210     SecKeychainRef keychain,
 211     UInt32 item_id);
 212
 213 // Wraps SecKeychainItemCopyAttributesAndData, returning NULL on error or a
 214 // CrSKeychainItemAttributesAndData* owned by the caller on success.
 215 CrSKeychainItemAttributesAndData* CrSKeychainItemCopyAttributesAndData(
 216     SecKeychainRef keychain,
 217     SecKeychainItemRef item);
 218
 219 // Wraps SecKeychainItemDelete, returning false on error or true on success.
 220 bool CrSKeychainItemDelete(SecKeychainItemRef item);
 221
 222 // Wraps SecKeychainItemCreateFromContent, adapting it to the
 223 // CrSKeychainItemAttributesAndData argument, returning NULL on error or a
 224 // SecKeychainItemRef owned by the caller on success.
 225 SecKeychainItemRef CrSKeychainItemCreateFromContent(
 226     const CrSKeychainItemAttributesAndData& attributes_and_data,
 227     SecKeychainRef keychain,
 228     SecAccessRef access);
 229
 230 }  // namespace chrome
 231
 232 #endif  // CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_