crypto/mock_apple_keychain.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CRYPTO_MOCK_KEYCHAIN_MAC_H_
   6 #define CRYPTO_MOCK_KEYCHAIN_MAC_H_
   7
   8 #include <stdint.h>
   9
  10 #include <map>
  11 #include <set>
  12 #include <string>
  13 #include <vector>
  14
  15 #include "base/compiler_specific.h"
  16 #include "crypto/apple_keychain.h"
  17
  18 namespace crypto {
  19
  20 // Mock Keychain wrapper for testing code that interacts with the OS X
  21 // Keychain.  Implemented by storing SecKeychainAttributeList and
  22 // KeychainPasswordData values in separate mutable containers and
  23 // mapping them to integer keys.
  24 //
  25 // Note that "const" is pretty much meaningless for this class; the const-ness
  26 // of AppleKeychain doesn't apply to the actual keychain data, so all of the
  27 // Mock data is mutable; don't assume that it won't change over the life of
  28 // tests.
  29 class CRYPTO_EXPORT MockAppleKeychain : public AppleKeychain {
  30  public:
  31   MockAppleKeychain();
  32   ~MockAppleKeychain() override;
  33
  34   // AppleKeychain implementation.
  35   OSStatus FindGenericPassword(CFTypeRef keychainOrArray,
  36                                UInt32 serviceNameLength,
  37                                const char* serviceName,
  38                                UInt32 accountNameLength,
  39                                const char* accountName,
  40                                UInt32* passwordLength,
  41                                void** passwordData,
  42                                SecKeychainItemRef* itemRef) const override;
  43   OSStatus ItemFreeContent(SecKeychainAttributeList* attrList,
  44                            void* data) const override;
  45   OSStatus AddGenericPassword(SecKeychainRef keychain,
  46                               UInt32 serviceNameLength,
  47                               const char* serviceName,
  48                               UInt32 accountNameLength,
  49                               const char* accountName,
  50                               UInt32 passwordLength,
  51                               const void* passwordData,
  52                               SecKeychainItemRef* itemRef) const override;
  53
  54 #if !defined(OS_IOS)
  55   OSStatus ItemCopyAttributesAndData(SecKeychainItemRef itemRef,
  56                                      SecKeychainAttributeInfo* info,
  57                                      SecItemClass* itemClass,
  58                                      SecKeychainAttributeList** attrList,
  59                                      UInt32* length,
  60                                      void** outData) const override;
  61   // Pass "fail_me" as the data to get errSecAuthFailed.
  62   OSStatus ItemModifyAttributesAndData(SecKeychainItemRef itemRef,
  63                                        const SecKeychainAttributeList* attrList,
  64                                        UInt32 length,
  65                                        const void* data) const override;
  66   OSStatus ItemFreeAttributesAndData(SecKeychainAttributeList* attrList,
  67                                      void* data) const override;
  68   OSStatus ItemDelete(SecKeychainItemRef itemRef) const override;
  69   OSStatus SearchCreateFromAttributes(
  70       CFTypeRef keychainOrArray,
  71       SecItemClass itemClass,
  72       const SecKeychainAttributeList* attrList,
  73       SecKeychainSearchRef* searchRef) const override;
  74   OSStatus SearchCopyNext(SecKeychainSearchRef searchRef,
  75                           SecKeychainItemRef* itemRef) const override;
  76   // Pass "some.domain.com" as the serverName to get errSecDuplicateItem.
  77   OSStatus AddInternetPassword(SecKeychainRef keychain,
  78                                UInt32 serverNameLength,
  79                                const char* serverName,
  80                                UInt32 securityDomainLength,
  81                                const char* securityDomain,
  82                                UInt32 accountNameLength,
  83                                const char* accountName,
  84                                UInt32 pathLength,
  85                                const char* path,
  86                                UInt16 port,
  87                                SecProtocolType protocol,
  88                                SecAuthenticationType authenticationType,
  89                                UInt32 passwordLength,
  90                                const void* passwordData,
  91                                SecKeychainItemRef* itemRef) const override;
  92   void Free(CFTypeRef ref) const override;
  93
  94   // Return the counts of objects returned by Create/Copy functions but never
  95   // Free'd as they should have been.
  96   int UnfreedSearchCount() const;
  97   int UnfreedKeychainItemCount() const;
  98   int UnfreedAttributeDataCount() const;
  99
 100   // Returns true if all items added with AddInternetPassword have a creator
 101   // code set.
 102   bool CreatorCodesSetForAddedItems() const;
 103
 104   struct KeychainTestData {
 105     const SecAuthenticationType auth_type;
 106     const char* server;
 107     const SecProtocolType protocol;
 108     const char* path;
 109     const UInt32 port;
 110     const char* security_domain;
 111     const char* creation_date;
 112     const char* username;
 113     const char* password;
 114     const bool negative_item;
 115   };
 116   // Adds a keychain item with the given info to the test set.
 117   void AddTestItem(const KeychainTestData& item_data);
 118 #endif  // !defined(OS_IOS)
 119
 120   // |FindGenericPassword()| can return different results depending on user
 121   // interaction with the system Keychain.  For mocking purposes we allow the
 122   // user of this class to specify the result code of the
 123   // |FindGenericPassword()| call so we can simulate the result of different
 124   // user interactions.
 125   void set_find_generic_result(OSStatus result) {
 126     find_generic_result_ = result;
 127   }
 128
 129   // Returns the true if |AddGenericPassword()| was called.
 130   bool called_add_generic() const { return called_add_generic_; }
 131
 132   // Returns the value of the password set when |AddGenericPassword()| was
 133   // called.
 134   std::string add_generic_password() const { return add_generic_password_; }
 135
 136   // Returns the number of allocations - deallocations for password data.
 137   int password_data_count() const { return password_data_count_; }
 138
 139  private:
 140   // Type used for the keys in the std::map(s) and MockAppleKeychain items.
 141   typedef uintptr_t MockKeychainItemType;
 142
 143   // Type of the map holding the mock keychain attributes.
 144   typedef std::map<MockKeychainItemType, SecKeychainAttributeList>
 145       MockKeychainAttributesMap;
 146
 147 #if !defined(OS_IOS)
 148   // Returns true if the keychain already contains a password that matches the
 149   // attributes provided.
 150   bool AlreadyContainsInternetPassword(
 151       UInt32 serverNameLength,
 152       const char* serverName,
 153       UInt32 securityDomainLength,
 154       const char* securityDomain,
 155       UInt32 accountNameLength,
 156       const char* accountName,
 157       UInt32 pathLength,
 158       const char* path,
 159       UInt16 port,
 160       SecProtocolType protocol,
 161       SecAuthenticationType authenticationType) const;
 162   // Initializes storage for keychain data at |key|.
 163   void InitializeKeychainData(MockKeychainItemType key) const;
 164   // Sets the data and length of |tag| in the item-th test item.
 165   void SetTestDataBytes(
 166       MockKeychainItemType item,
 167       UInt32 tag,
 168       const void* data,
 169       size_t length);
 170   // Sets the data and length of |tag| in the item-th test item based on
 171   // |value|. The null-terminator will not be included; the Keychain Services
 172   // docs don't indicate whether it is or not, so clients should not assume
 173   // that it will be.
 174   void SetTestDataString(MockKeychainItemType item,
 175                          UInt32 tag,
 176                          const char* value);
 177   // Sets the data of the corresponding attribute of the item-th test item to
 178   // |value|. Assumes that the space has alread been allocated, and the length
 179   // set.
 180   void SetTestDataPort(MockKeychainItemType item, UInt32 value);
 181   void SetTestDataProtocol(MockKeychainItemType item, SecProtocolType value);
 182   void SetTestDataAuthType(MockKeychainItemType item,
 183                            SecAuthenticationType value);
 184   void SetTestDataNegativeItem(MockKeychainItemType item, Boolean value);
 185   void SetTestDataCreator(MockKeychainItemType item, OSType value);
 186   // Sets the password data and length for the item-th test item.
 187   void SetTestDataPasswordBytes(MockKeychainItemType item,
 188                                 const void* data,
 189                                 size_t length);
 190   // Sets the password for the item-th test item. As with SetTestDataString,
 191   // the data will not be null-terminated.
 192   void SetTestDataPasswordString(MockKeychainItemType item, const char* value);
 193
 194   // Returns the address of the attribute in attribute_list with tag |tag|.
 195   static SecKeychainAttribute* AttributeWithTag(
 196       const SecKeychainAttributeList& attribute_list,
 197       UInt32 tag);
 198
 199   static const SecKeychainSearchRef kDummySearchRef;
 200
 201   typedef struct KeychainPasswordData {
 202     KeychainPasswordData() : data(NULL), length(0) {}
 203     void* data;
 204     UInt32 length;
 205   } KeychainPasswordData;
 206
 207   // Mutable because the MockAppleKeychain API requires its internal keychain
 208   // storage to be modifiable by users of this class.
 209   mutable MockKeychainAttributesMap keychain_attr_list_;
 210   mutable std::map<MockKeychainItemType,
 211                    KeychainPasswordData> keychain_data_;
 212   mutable MockKeychainItemType next_item_key_;
 213
 214   // Tracks the items that should be returned in subsequent calls to
 215   // SearchCopyNext, based on the last call to SearchCreateFromAttributes.
 216   // We can't handle multiple active searches, since we don't track the search
 217   // ref we return, but we don't need to for our mocking.
 218   mutable std::vector<MockKeychainItemType> remaining_search_results_;
 219
 220   // Track copies and releases to make sure they balance. Really these should
 221   // be maps to track per item, but this should be good enough to catch
 222   // real mistakes.
 223   mutable int search_copy_count_;
 224   mutable int keychain_item_copy_count_;
 225   mutable int attribute_data_copy_count_;
 226
 227   // Tracks which items (by key) were added with AddInternetPassword.
 228   mutable std::set<MockKeychainItemType> added_via_api_;
 229 #endif  // !defined(OS_IOS)
 230
 231   // Result code for the |FindGenericPassword()| method.
 232   OSStatus find_generic_result_;
 233
 234   // Records whether |AddGenericPassword()| gets called.
 235   mutable bool called_add_generic_;
 236
 237   // Tracks the allocations and frees of password data in |FindGenericPassword|
 238   // and |ItemFreeContent|.
 239   mutable int password_data_count_;
 240
 241   // Records the password being set when |AddGenericPassword()| gets called.
 242   mutable std::string add_generic_password_;
 243 };
 244
 245 }  // namespace crypto
 246
 247 #endif  // CRYPTO_MOCK_KEYCHAIN_MAC_H_