xref: /aosp_15_r20/external/cronet/crypto/apple_keychain_mac.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1*6777b538SAndroid Build Coastguard Worker // Copyright 2012 The Chromium Authors
2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be
3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file.
4*6777b538SAndroid Build Coastguard Worker 
5*6777b538SAndroid Build Coastguard Worker #include "crypto/apple_keychain.h"
6*6777b538SAndroid Build Coastguard Worker 
7*6777b538SAndroid Build Coastguard Worker #include "base/memory/raw_ptr.h"
8*6777b538SAndroid Build Coastguard Worker #include "base/synchronization/lock.h"
9*6777b538SAndroid Build Coastguard Worker #include "crypto/mac_security_services_lock.h"
10*6777b538SAndroid Build Coastguard Worker 
11*6777b538SAndroid Build Coastguard Worker namespace {
12*6777b538SAndroid Build Coastguard Worker 
13*6777b538SAndroid Build Coastguard Worker // Supports the pattern where a function F(T* out) allows |out| to be nullptr
14*6777b538SAndroid Build Coastguard Worker // but its implementation requires a T variable even in the absence of |out|.
15*6777b538SAndroid Build Coastguard Worker // Such a function can maintain a local OptionalOutParameter<T> to provide the
16*6777b538SAndroid Build Coastguard Worker // internal T value, assigning its value to *out on destruction if possible.
17*6777b538SAndroid Build Coastguard Worker template <typename T>
18*6777b538SAndroid Build Coastguard Worker class OptionalOutParameter {
19*6777b538SAndroid Build Coastguard Worker  public:
20*6777b538SAndroid Build Coastguard Worker   OptionalOutParameter(const OptionalOutParameter&) = delete;
21*6777b538SAndroid Build Coastguard Worker   OptionalOutParameter& operator=(const OptionalOutParameter&) = delete;
22*6777b538SAndroid Build Coastguard Worker 
OptionalOutParameter(T * out,T value=T ())23*6777b538SAndroid Build Coastguard Worker   OptionalOutParameter(T* out, T value = T()) : out_(out), value_(value) {}
24*6777b538SAndroid Build Coastguard Worker 
~OptionalOutParameter()25*6777b538SAndroid Build Coastguard Worker   ~OptionalOutParameter() {
26*6777b538SAndroid Build Coastguard Worker     if (out_) {
27*6777b538SAndroid Build Coastguard Worker       *out_ = value_;
28*6777b538SAndroid Build Coastguard Worker     }
29*6777b538SAndroid Build Coastguard Worker   }
30*6777b538SAndroid Build Coastguard Worker 
operator =(T value)31*6777b538SAndroid Build Coastguard Worker   OptionalOutParameter& operator=(T value) {
32*6777b538SAndroid Build Coastguard Worker     value_ = value;
33*6777b538SAndroid Build Coastguard Worker     return *this;
34*6777b538SAndroid Build Coastguard Worker   }
operator T() const35*6777b538SAndroid Build Coastguard Worker   operator T() const { return value_; }
36*6777b538SAndroid Build Coastguard Worker 
37*6777b538SAndroid Build Coastguard Worker  private:
38*6777b538SAndroid Build Coastguard Worker   const raw_ptr<T> out_;
39*6777b538SAndroid Build Coastguard Worker   T value_;
40*6777b538SAndroid Build Coastguard Worker };
41*6777b538SAndroid Build Coastguard Worker 
42*6777b538SAndroid Build Coastguard Worker }  // namespace
43*6777b538SAndroid Build Coastguard Worker 
44*6777b538SAndroid Build Coastguard Worker // Much of the Keychain API was marked deprecated as of the macOS 13 SDK.
45*6777b538SAndroid Build Coastguard Worker // Removal of its use is tracked in https://crbug.com/1348251 but deprecation
46*6777b538SAndroid Build Coastguard Worker // warnings are disabled in the meanwhile.
47*6777b538SAndroid Build Coastguard Worker #pragma clang diagnostic push
48*6777b538SAndroid Build Coastguard Worker #pragma clang diagnostic ignored "-Wdeprecated-declarations"
49*6777b538SAndroid Build Coastguard Worker 
50*6777b538SAndroid Build Coastguard Worker namespace crypto {
51*6777b538SAndroid Build Coastguard Worker 
52*6777b538SAndroid Build Coastguard Worker AppleKeychain::AppleKeychain() = default;
53*6777b538SAndroid Build Coastguard Worker 
54*6777b538SAndroid Build Coastguard Worker AppleKeychain::~AppleKeychain() = default;
55*6777b538SAndroid Build Coastguard Worker 
FindGenericPassword(UInt32 service_name_length,const char * service_name,UInt32 account_name_length,const char * account_name,UInt32 * password_length,void ** password_data,AppleSecKeychainItemRef * item) const56*6777b538SAndroid Build Coastguard Worker OSStatus AppleKeychain::FindGenericPassword(
57*6777b538SAndroid Build Coastguard Worker     UInt32 service_name_length,
58*6777b538SAndroid Build Coastguard Worker     const char* service_name,
59*6777b538SAndroid Build Coastguard Worker     UInt32 account_name_length,
60*6777b538SAndroid Build Coastguard Worker     const char* account_name,
61*6777b538SAndroid Build Coastguard Worker     UInt32* password_length,
62*6777b538SAndroid Build Coastguard Worker     void** password_data,
63*6777b538SAndroid Build Coastguard Worker     AppleSecKeychainItemRef* item) const {
64*6777b538SAndroid Build Coastguard Worker   base::AutoLock lock(GetMacSecurityServicesLock());
65*6777b538SAndroid Build Coastguard Worker   return SecKeychainFindGenericPassword(
66*6777b538SAndroid Build Coastguard Worker       nullptr, service_name_length, service_name, account_name_length,
67*6777b538SAndroid Build Coastguard Worker       account_name, password_length, password_data, item);
68*6777b538SAndroid Build Coastguard Worker }
69*6777b538SAndroid Build Coastguard Worker 
ItemFreeContent(void * data) const70*6777b538SAndroid Build Coastguard Worker OSStatus AppleKeychain::ItemFreeContent(void* data) const {
71*6777b538SAndroid Build Coastguard Worker   base::AutoLock lock(GetMacSecurityServicesLock());
72*6777b538SAndroid Build Coastguard Worker   return SecKeychainItemFreeContent(nullptr, data);
73*6777b538SAndroid Build Coastguard Worker }
74*6777b538SAndroid Build Coastguard Worker 
AddGenericPassword(UInt32 service_name_length,const char * service_name,UInt32 account_name_length,const char * account_name,UInt32 password_length,const void * password_data,AppleSecKeychainItemRef * item) const75*6777b538SAndroid Build Coastguard Worker OSStatus AppleKeychain::AddGenericPassword(
76*6777b538SAndroid Build Coastguard Worker     UInt32 service_name_length,
77*6777b538SAndroid Build Coastguard Worker     const char* service_name,
78*6777b538SAndroid Build Coastguard Worker     UInt32 account_name_length,
79*6777b538SAndroid Build Coastguard Worker     const char* account_name,
80*6777b538SAndroid Build Coastguard Worker     UInt32 password_length,
81*6777b538SAndroid Build Coastguard Worker     const void* password_data,
82*6777b538SAndroid Build Coastguard Worker     AppleSecKeychainItemRef* item) const {
83*6777b538SAndroid Build Coastguard Worker   base::AutoLock lock(GetMacSecurityServicesLock());
84*6777b538SAndroid Build Coastguard Worker   return SecKeychainAddGenericPassword(
85*6777b538SAndroid Build Coastguard Worker       nullptr, service_name_length, service_name, account_name_length,
86*6777b538SAndroid Build Coastguard Worker       account_name, password_length, password_data, item);
87*6777b538SAndroid Build Coastguard Worker }
88*6777b538SAndroid Build Coastguard Worker 
ItemDelete(AppleSecKeychainItemRef item) const89*6777b538SAndroid Build Coastguard Worker OSStatus AppleKeychain::ItemDelete(AppleSecKeychainItemRef item) const {
90*6777b538SAndroid Build Coastguard Worker   base::AutoLock lock(GetMacSecurityServicesLock());
91*6777b538SAndroid Build Coastguard Worker   return SecKeychainItemDelete(item);
92*6777b538SAndroid Build Coastguard Worker }
93*6777b538SAndroid Build Coastguard Worker 
ScopedKeychainUserInteractionAllowed(Boolean allowed,OSStatus * status)94*6777b538SAndroid Build Coastguard Worker ScopedKeychainUserInteractionAllowed::ScopedKeychainUserInteractionAllowed(
95*6777b538SAndroid Build Coastguard Worker     Boolean allowed,
96*6777b538SAndroid Build Coastguard Worker     OSStatus* status) {
97*6777b538SAndroid Build Coastguard Worker   Boolean was_allowed;
98*6777b538SAndroid Build Coastguard Worker   OptionalOutParameter<OSStatus> local_status(
99*6777b538SAndroid Build Coastguard Worker       status, SecKeychainGetUserInteractionAllowed(&was_allowed));
100*6777b538SAndroid Build Coastguard Worker   if (local_status != noErr) {
101*6777b538SAndroid Build Coastguard Worker     return;
102*6777b538SAndroid Build Coastguard Worker   }
103*6777b538SAndroid Build Coastguard Worker 
104*6777b538SAndroid Build Coastguard Worker   local_status = SecKeychainSetUserInteractionAllowed(allowed);
105*6777b538SAndroid Build Coastguard Worker   if (local_status != noErr) {
106*6777b538SAndroid Build Coastguard Worker     return;
107*6777b538SAndroid Build Coastguard Worker   }
108*6777b538SAndroid Build Coastguard Worker 
109*6777b538SAndroid Build Coastguard Worker   was_allowed_ = was_allowed;
110*6777b538SAndroid Build Coastguard Worker }
111*6777b538SAndroid Build Coastguard Worker 
~ScopedKeychainUserInteractionAllowed()112*6777b538SAndroid Build Coastguard Worker ScopedKeychainUserInteractionAllowed::~ScopedKeychainUserInteractionAllowed() {
113*6777b538SAndroid Build Coastguard Worker   if (was_allowed_) {
114*6777b538SAndroid Build Coastguard Worker     SecKeychainSetUserInteractionAllowed(*was_allowed_);
115*6777b538SAndroid Build Coastguard Worker   }
116*6777b538SAndroid Build Coastguard Worker }
117*6777b538SAndroid Build Coastguard Worker 
118*6777b538SAndroid Build Coastguard Worker #pragma clang diagnostic pop
119*6777b538SAndroid Build Coastguard Worker 
120*6777b538SAndroid Build Coastguard Worker }  // namespace crypto
121