xref: /aosp_15_r20/external/cronet/crypto/apple_keychain_v2.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1*6777b538SAndroid Build Coastguard Worker // Copyright 2024 The Chromium Authors
2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be
3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file.
4*6777b538SAndroid Build Coastguard Worker 
5*6777b538SAndroid Build Coastguard Worker #ifndef CRYPTO_APPLE_KEYCHAIN_V2_H_
6*6777b538SAndroid Build Coastguard Worker #define CRYPTO_APPLE_KEYCHAIN_V2_H_
7*6777b538SAndroid Build Coastguard Worker 
8*6777b538SAndroid Build Coastguard Worker #import <CryptoTokenKit/CryptoTokenKit.h>
9*6777b538SAndroid Build Coastguard Worker #import <Foundation/Foundation.h>
10*6777b538SAndroid Build Coastguard Worker #import <LocalAuthentication/LocalAuthentication.h>
11*6777b538SAndroid Build Coastguard Worker #import <Security/Security.h>
12*6777b538SAndroid Build Coastguard Worker 
13*6777b538SAndroid Build Coastguard Worker #include "crypto/crypto_export.h"
14*6777b538SAndroid Build Coastguard Worker #include "base/apple/scoped_cftyperef.h"
15*6777b538SAndroid Build Coastguard Worker #include "base/no_destructor.h"
16*6777b538SAndroid Build Coastguard Worker 
17*6777b538SAndroid Build Coastguard Worker namespace crypto {
18*6777b538SAndroid Build Coastguard Worker 
19*6777b538SAndroid Build Coastguard Worker // AppleKeychainV2 wraps iOS-style operations from the macOS Security framework
20*6777b538SAndroid Build Coastguard Worker // to work with keys and keychain items. These functions are grouped here so
21*6777b538SAndroid Build Coastguard Worker // they can be mocked out in testing.
22*6777b538SAndroid Build Coastguard Worker class CRYPTO_EXPORT AppleKeychainV2 {
23*6777b538SAndroid Build Coastguard Worker  public:
24*6777b538SAndroid Build Coastguard Worker   static AppleKeychainV2& GetInstance();
25*6777b538SAndroid Build Coastguard Worker 
26*6777b538SAndroid Build Coastguard Worker   AppleKeychainV2(const AppleKeychainV2&) = delete;
27*6777b538SAndroid Build Coastguard Worker   AppleKeychainV2& operator=(const AppleKeychainV2&) = delete;
28*6777b538SAndroid Build Coastguard Worker 
29*6777b538SAndroid Build Coastguard Worker   // Wraps the |TKTokenWatcher.tokenIDs| property.
30*6777b538SAndroid Build Coastguard Worker   virtual NSArray* GetTokenIDs();
31*6777b538SAndroid Build Coastguard Worker 
32*6777b538SAndroid Build Coastguard Worker   // KeyCreateRandomKey wraps the |SecKeyCreateRandomKey| function.
33*6777b538SAndroid Build Coastguard Worker   virtual base::apple::ScopedCFTypeRef<SecKeyRef> KeyCreateRandomKey(
34*6777b538SAndroid Build Coastguard Worker       CFDictionaryRef params,
35*6777b538SAndroid Build Coastguard Worker       CFErrorRef* error);
36*6777b538SAndroid Build Coastguard Worker   // KeyCreateSignature wraps the |SecKeyCreateSignature| function.
37*6777b538SAndroid Build Coastguard Worker   virtual base::apple::ScopedCFTypeRef<CFDataRef> KeyCreateSignature(
38*6777b538SAndroid Build Coastguard Worker       SecKeyRef key,
39*6777b538SAndroid Build Coastguard Worker       SecKeyAlgorithm algorithm,
40*6777b538SAndroid Build Coastguard Worker       CFDataRef data,
41*6777b538SAndroid Build Coastguard Worker       CFErrorRef* error);
42*6777b538SAndroid Build Coastguard Worker   // KeyCopyPublicKey wraps the |SecKeyCopyPublicKey| function.
43*6777b538SAndroid Build Coastguard Worker   virtual base::apple::ScopedCFTypeRef<SecKeyRef> KeyCopyPublicKey(
44*6777b538SAndroid Build Coastguard Worker       SecKeyRef key);
45*6777b538SAndroid Build Coastguard Worker   // KeyCopyExternalRepresentation wraps the |SecKeyCopyExternalRepresentation|
46*6777b538SAndroid Build Coastguard Worker   // function.
47*6777b538SAndroid Build Coastguard Worker   virtual base::apple::ScopedCFTypeRef<CFDataRef> KeyCopyExternalRepresentation(
48*6777b538SAndroid Build Coastguard Worker       SecKeyRef key,
49*6777b538SAndroid Build Coastguard Worker       CFErrorRef* error);
50*6777b538SAndroid Build Coastguard Worker   // KeyCopyAttributes wraps the |SecKeyCopyAttributes| function.
51*6777b538SAndroid Build Coastguard Worker   virtual base::apple::ScopedCFTypeRef<CFDictionaryRef> KeyCopyAttributes(
52*6777b538SAndroid Build Coastguard Worker       SecKeyRef key);
53*6777b538SAndroid Build Coastguard Worker 
54*6777b538SAndroid Build Coastguard Worker   // ItemCopyMatching wraps the |SecItemCopyMatching| function.
55*6777b538SAndroid Build Coastguard Worker   virtual OSStatus ItemCopyMatching(CFDictionaryRef query, CFTypeRef* result);
56*6777b538SAndroid Build Coastguard Worker   // ItemDelete wraps the |SecItemDelete| function.
57*6777b538SAndroid Build Coastguard Worker   virtual OSStatus ItemDelete(CFDictionaryRef query);
58*6777b538SAndroid Build Coastguard Worker   // ItemDelete wraps the |SecItemUpdate| function.
59*6777b538SAndroid Build Coastguard Worker   virtual OSStatus ItemUpdate(CFDictionaryRef query,
60*6777b538SAndroid Build Coastguard Worker                               CFDictionaryRef keychain_data);
61*6777b538SAndroid Build Coastguard Worker 
62*6777b538SAndroid Build Coastguard Worker #if !BUILDFLAG(IS_IOS)
63*6777b538SAndroid Build Coastguard Worker   // TaskCopyValueForEntitlement wraps the |SecTaskCopyValueForEntitlement|
64*6777b538SAndroid Build Coastguard Worker   // function. Not available on iOS.
65*6777b538SAndroid Build Coastguard Worker   virtual base::apple::ScopedCFTypeRef<CFTypeRef> TaskCopyValueForEntitlement(
66*6777b538SAndroid Build Coastguard Worker       SecTaskRef task,
67*6777b538SAndroid Build Coastguard Worker       CFStringRef entitlement,
68*6777b538SAndroid Build Coastguard Worker       CFErrorRef* error);
69*6777b538SAndroid Build Coastguard Worker #endif  // !BUILDFLAG(IS_IOS)
70*6777b538SAndroid Build Coastguard Worker 
71*6777b538SAndroid Build Coastguard Worker   // LAContextCanEvaluatePolicy wraps LAContext's canEvaluatePolicy method.
72*6777b538SAndroid Build Coastguard Worker   virtual BOOL LAContextCanEvaluatePolicy(LAPolicy policy, NSError** error);
73*6777b538SAndroid Build Coastguard Worker 
74*6777b538SAndroid Build Coastguard Worker  protected:
75*6777b538SAndroid Build Coastguard Worker   AppleKeychainV2();
76*6777b538SAndroid Build Coastguard Worker   virtual ~AppleKeychainV2();
77*6777b538SAndroid Build Coastguard Worker 
78*6777b538SAndroid Build Coastguard Worker  protected:
79*6777b538SAndroid Build Coastguard Worker   friend class base::NoDestructor<AppleKeychainV2>;
80*6777b538SAndroid Build Coastguard Worker   friend class ScopedTouchIdTestEnvironment;
81*6777b538SAndroid Build Coastguard Worker   friend class ScopedFakeAppleKeychainV2;
82*6777b538SAndroid Build Coastguard Worker 
83*6777b538SAndroid Build Coastguard Worker   // Set an override to the singleton instance returned by |GetInstance|. The
84*6777b538SAndroid Build Coastguard Worker   // caller keeps ownership of the injected keychain and must remove the
85*6777b538SAndroid Build Coastguard Worker   // override by calling |ClearInstanceOverride| before deleting it.
86*6777b538SAndroid Build Coastguard Worker   static void SetInstanceOverride(AppleKeychainV2* keychain);
87*6777b538SAndroid Build Coastguard Worker   static void ClearInstanceOverride();
88*6777b538SAndroid Build Coastguard Worker };
89*6777b538SAndroid Build Coastguard Worker 
90*6777b538SAndroid Build Coastguard Worker }  // namespace crypto
91*6777b538SAndroid Build Coastguard Worker 
92*6777b538SAndroid Build Coastguard Worker #endif  // CRYPTO_APPLE_KEYCHAIN_V2_H_
93