xref: /aosp_15_r20/external/cronet/crypto/apple_keychain.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CRYPTO_APPLE_KEYCHAIN_H_
6 #define CRYPTO_APPLE_KEYCHAIN_H_
7 
8 #include <Security/Security.h>
9 
10 #include <optional>
11 
12 #include "build/build_config.h"
13 #include "crypto/crypto_export.h"
14 
15 namespace crypto {
16 
17 #if BUILDFLAG(IS_IOS)
18 using AppleSecKeychainItemRef = void*;
19 #else
20 using AppleSecKeychainItemRef = SecKeychainItemRef;
21 #endif
22 
23 // DEPRECATED: use `AppleKeychainV2` instead.
24 // Wraps the KeychainServices API in a very thin layer, to allow it to be
25 // mocked out for testing.
26 
27 // See Keychain Services documentation for function documentation, as these call
28 // through directly to their Keychain Services equivalents (Foo ->
29 // SecKeychainFoo). The only exception is Free, which should be used for
30 // anything returned from this class that would normally be freed with
31 // CFRelease (to aid in testing).
32 //
33 // The underlying API was deprecated as of the macOS 13 SDK.
34 // Removal of its use is tracked in https://crbug.com/1348251
35 // New code should use AppleKeychainV2.
36 class CRYPTO_EXPORT AppleKeychain {
37  public:
38   AppleKeychain();
39 
40   AppleKeychain(const AppleKeychain&) = delete;
41   AppleKeychain& operator=(const AppleKeychain&) = delete;
42 
43   virtual ~AppleKeychain();
44 
45   virtual OSStatus FindGenericPassword(UInt32 service_name_length,
46                                        const char* service_name,
47                                        UInt32 account_name_length,
48                                        const char* account_name,
49                                        UInt32* password_length,
50                                        void** password_data,
51                                        AppleSecKeychainItemRef* item) const;
52 
53   virtual OSStatus ItemFreeContent(void* data) const;
54 
55   virtual OSStatus AddGenericPassword(UInt32 service_name_length,
56                                       const char* service_name,
57                                       UInt32 account_name_length,
58                                       const char* account_name,
59                                       UInt32 password_length,
60                                       const void* password_data,
61                                       AppleSecKeychainItemRef* item) const;
62 
63 #if BUILDFLAG(IS_MAC)
64   virtual OSStatus ItemDelete(AppleSecKeychainItemRef item) const;
65 #endif  // !BUILDFLAG(IS_MAC)
66 };
67 
68 #if BUILDFLAG(IS_MAC)
69 
70 // Sets whether Keychain Services is permitted to display UI if needed by
71 // calling SecKeychainSetUserInteractionAllowed. This operates in a scoped
72 // fashion: on destruction, the previous state will be restored. This is useful
73 // to interact with the Keychain on a best-effort basis, without displaying any
74 // Keychain Services UI (which is beyond the application's control) to the user.
75 class CRYPTO_EXPORT ScopedKeychainUserInteractionAllowed {
76  public:
77   ScopedKeychainUserInteractionAllowed(
78       const ScopedKeychainUserInteractionAllowed&) = delete;
79   ScopedKeychainUserInteractionAllowed& operator=(
80       const ScopedKeychainUserInteractionAllowed&) = delete;
81 
82   explicit ScopedKeychainUserInteractionAllowed(Boolean allowed,
83                                                 OSStatus* status = nullptr);
84 
85   ~ScopedKeychainUserInteractionAllowed();
86 
87  private:
88   std::optional<Boolean> was_allowed_;
89 };
90 
91 #endif  // BUILDFLAG(IS_MAC)
92 
93 }  // namespace crypto
94 
95 #endif  // CRYPTO_APPLE_KEYCHAIN_H_
96