1*6777b538SAndroid Build Coastguard Worker // Copyright 2012 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef CRYPTO_APPLE_KEYCHAIN_H_ 6*6777b538SAndroid Build Coastguard Worker #define CRYPTO_APPLE_KEYCHAIN_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <Security/Security.h> 9*6777b538SAndroid Build Coastguard Worker 10*6777b538SAndroid Build Coastguard Worker #include <optional> 11*6777b538SAndroid Build Coastguard Worker 12*6777b538SAndroid Build Coastguard Worker #include "build/build_config.h" 13*6777b538SAndroid Build Coastguard Worker #include "crypto/crypto_export.h" 14*6777b538SAndroid Build Coastguard Worker 15*6777b538SAndroid Build Coastguard Worker namespace crypto { 16*6777b538SAndroid Build Coastguard Worker 17*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_IOS) 18*6777b538SAndroid Build Coastguard Worker using AppleSecKeychainItemRef = void*; 19*6777b538SAndroid Build Coastguard Worker #else 20*6777b538SAndroid Build Coastguard Worker using AppleSecKeychainItemRef = SecKeychainItemRef; 21*6777b538SAndroid Build Coastguard Worker #endif 22*6777b538SAndroid Build Coastguard Worker 23*6777b538SAndroid Build Coastguard Worker // DEPRECATED: use `AppleKeychainV2` instead. 24*6777b538SAndroid Build Coastguard Worker // Wraps the KeychainServices API in a very thin layer, to allow it to be 25*6777b538SAndroid Build Coastguard Worker // mocked out for testing. 26*6777b538SAndroid Build Coastguard Worker 27*6777b538SAndroid Build Coastguard Worker // See Keychain Services documentation for function documentation, as these call 28*6777b538SAndroid Build Coastguard Worker // through directly to their Keychain Services equivalents (Foo -> 29*6777b538SAndroid Build Coastguard Worker // SecKeychainFoo). The only exception is Free, which should be used for 30*6777b538SAndroid Build Coastguard Worker // anything returned from this class that would normally be freed with 31*6777b538SAndroid Build Coastguard Worker // CFRelease (to aid in testing). 32*6777b538SAndroid Build Coastguard Worker // 33*6777b538SAndroid Build Coastguard Worker // The underlying API was deprecated as of the macOS 13 SDK. 34*6777b538SAndroid Build Coastguard Worker // Removal of its use is tracked in https://crbug.com/1348251 35*6777b538SAndroid Build Coastguard Worker // New code should use AppleKeychainV2. 36*6777b538SAndroid Build Coastguard Worker class CRYPTO_EXPORT AppleKeychain { 37*6777b538SAndroid Build Coastguard Worker public: 38*6777b538SAndroid Build Coastguard Worker AppleKeychain(); 39*6777b538SAndroid Build Coastguard Worker 40*6777b538SAndroid Build Coastguard Worker AppleKeychain(const AppleKeychain&) = delete; 41*6777b538SAndroid Build Coastguard Worker AppleKeychain& operator=(const AppleKeychain&) = delete; 42*6777b538SAndroid Build Coastguard Worker 43*6777b538SAndroid Build Coastguard Worker virtual ~AppleKeychain(); 44*6777b538SAndroid Build Coastguard Worker 45*6777b538SAndroid Build Coastguard Worker virtual OSStatus FindGenericPassword(UInt32 service_name_length, 46*6777b538SAndroid Build Coastguard Worker const char* service_name, 47*6777b538SAndroid Build Coastguard Worker UInt32 account_name_length, 48*6777b538SAndroid Build Coastguard Worker const char* account_name, 49*6777b538SAndroid Build Coastguard Worker UInt32* password_length, 50*6777b538SAndroid Build Coastguard Worker void** password_data, 51*6777b538SAndroid Build Coastguard Worker AppleSecKeychainItemRef* item) const; 52*6777b538SAndroid Build Coastguard Worker 53*6777b538SAndroid Build Coastguard Worker virtual OSStatus ItemFreeContent(void* data) const; 54*6777b538SAndroid Build Coastguard Worker 55*6777b538SAndroid Build Coastguard Worker virtual OSStatus AddGenericPassword(UInt32 service_name_length, 56*6777b538SAndroid Build Coastguard Worker const char* service_name, 57*6777b538SAndroid Build Coastguard Worker UInt32 account_name_length, 58*6777b538SAndroid Build Coastguard Worker const char* account_name, 59*6777b538SAndroid Build Coastguard Worker UInt32 password_length, 60*6777b538SAndroid Build Coastguard Worker const void* password_data, 61*6777b538SAndroid Build Coastguard Worker AppleSecKeychainItemRef* item) const; 62*6777b538SAndroid Build Coastguard Worker 63*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_MAC) 64*6777b538SAndroid Build Coastguard Worker virtual OSStatus ItemDelete(AppleSecKeychainItemRef item) const; 65*6777b538SAndroid Build Coastguard Worker #endif // !BUILDFLAG(IS_MAC) 66*6777b538SAndroid Build Coastguard Worker }; 67*6777b538SAndroid Build Coastguard Worker 68*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_MAC) 69*6777b538SAndroid Build Coastguard Worker 70*6777b538SAndroid Build Coastguard Worker // Sets whether Keychain Services is permitted to display UI if needed by 71*6777b538SAndroid Build Coastguard Worker // calling SecKeychainSetUserInteractionAllowed. This operates in a scoped 72*6777b538SAndroid Build Coastguard Worker // fashion: on destruction, the previous state will be restored. This is useful 73*6777b538SAndroid Build Coastguard Worker // to interact with the Keychain on a best-effort basis, without displaying any 74*6777b538SAndroid Build Coastguard Worker // Keychain Services UI (which is beyond the application's control) to the user. 75*6777b538SAndroid Build Coastguard Worker class CRYPTO_EXPORT ScopedKeychainUserInteractionAllowed { 76*6777b538SAndroid Build Coastguard Worker public: 77*6777b538SAndroid Build Coastguard Worker ScopedKeychainUserInteractionAllowed( 78*6777b538SAndroid Build Coastguard Worker const ScopedKeychainUserInteractionAllowed&) = delete; 79*6777b538SAndroid Build Coastguard Worker ScopedKeychainUserInteractionAllowed& operator=( 80*6777b538SAndroid Build Coastguard Worker const ScopedKeychainUserInteractionAllowed&) = delete; 81*6777b538SAndroid Build Coastguard Worker 82*6777b538SAndroid Build Coastguard Worker explicit ScopedKeychainUserInteractionAllowed(Boolean allowed, 83*6777b538SAndroid Build Coastguard Worker OSStatus* status = nullptr); 84*6777b538SAndroid Build Coastguard Worker 85*6777b538SAndroid Build Coastguard Worker ~ScopedKeychainUserInteractionAllowed(); 86*6777b538SAndroid Build Coastguard Worker 87*6777b538SAndroid Build Coastguard Worker private: 88*6777b538SAndroid Build Coastguard Worker std::optional<Boolean> was_allowed_; 89*6777b538SAndroid Build Coastguard Worker }; 90*6777b538SAndroid Build Coastguard Worker 91*6777b538SAndroid Build Coastguard Worker #endif // BUILDFLAG(IS_MAC) 92*6777b538SAndroid Build Coastguard Worker 93*6777b538SAndroid Build Coastguard Worker } // namespace crypto 94*6777b538SAndroid Build Coastguard Worker 95*6777b538SAndroid Build Coastguard Worker #endif // CRYPTO_APPLE_KEYCHAIN_H_ 96