keychain-commit Mailing List for Keychain Framework (Page 4)
Status: Abandoned
Brought to you by:
wadetregaskis
You can subscribe to this list here.
2007 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(65) |
Nov
|
Dec
(15) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2008 |
Jan
(2) |
Feb
|
Mar
(5) |
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2009 |
Jan
(7) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: <wad...@us...> - 2007-10-15 04:02:10
|
Revision: 389 http://keychain.svn.sourceforge.net/keychain/?rev=389&view=rev Author: wadetregaskis Date: 2007-10-14 21:02:14 -0700 (Sun, 14 Oct 2007) Log Message: ----------- * General clean-up - correcting use of CSSM_OK where noErr is more appropriate, etc. * Ensured every method correctly sets _error. Modified Paths: -------------- trunk/Frameworks/Keychain/Keychain/Keychain.m Modified: trunk/Frameworks/Keychain/Keychain/Keychain.m =================================================================== --- trunk/Frameworks/Keychain/Keychain/Keychain.m 2007-10-14 07:26:36 UTC (rev 388) +++ trunk/Frameworks/Keychain/Keychain/Keychain.m 2007-10-15 04:02:14 UTC (rev 389) @@ -237,7 +237,7 @@ if (self = [super init]) { CFRetain(keych); _keychain = keych; - _error = CSSM_OK; + _error = noErr; } } } else { @@ -296,7 +296,7 @@ self = [existingObject retain]; } else { if (self = [super init]) { - _error = CSSM_OK; + _error = noErr; } } } @@ -324,7 +324,7 @@ self = [existingObject retain]; } else { if (self = [super init]) { - _error = CSSM_OK; + _error = noErr; } } } @@ -343,7 +343,7 @@ _error = SecKeychainGetPath(_keychain, &length, buffer); - if ((_error == 0) && (length > 0)) { + if ((noErr == _error) && (length > 0)) { return [NSString stringWithCString:buffer length:length]; } else { PSYSLOGND(LOG_ERR, @"Unable to retrieve keychain %p's path, error %@.\n", self, OSStatusAsString(_error)); @@ -394,7 +394,7 @@ } } - if (CSSM_OK != _error) { + if (noErr != _error) { PSYSLOG(LOG_ERR, @"Unable to unlock keychain with password, error %@.\n", OSStatusAsString(_error)); return NO; @@ -417,7 +417,7 @@ _error = SecKeychainGetStatus(_keychain, &result); - if (CSSM_OK != _error) { + if (noErr != _error) { PSYSLOGND(LOG_ERR, @"Unable to determine if keychain %p is unlocked, error %@.\n", self, OSStatusAsString(_error)); PDEBUG(@"SecKeychainGetStatus(%p, %p) returned error %@.\n", _keychain, &result, OSStatusAsString(_error)); @@ -432,7 +432,7 @@ _error = SecKeychainGetStatus(_keychain, &result); - if (CSSM_OK != _error) { + if (noErr != _error) { PSYSLOGND(LOG_ERR, @"Unable to determine if keychain %p is read-only, error %@.\n", self, OSStatusAsString(_error)); PDEBUG(@"SecKeychainGetStatus(%p, %p) returned error %@.\n", _keychain, &result, OSStatusAsString(_error)); @@ -447,7 +447,7 @@ _error = SecKeychainGetStatus(_keychain, &result); - if (CSSM_OK != _error) { + if (noErr != _error) { PSYSLOGND(LOG_ERR, @"Unable to determine if keychain %p is writable, error %@.\n", self, OSStatusAsString(_error)); PDEBUG(@"SecKeychainGetStatus(%p, %p) returned error %@.\n", _keychain, &result, OSStatusAsString(_error)); @@ -462,7 +462,7 @@ _error = SecKeychainCopySettings(_keychain, &settings); - if (CSSM_OK == _error) { + if (noErr == _error) { settings.version = version; _error = SecKeychainSetSettings(_keychain, &settings); @@ -482,7 +482,7 @@ _error = SecKeychainCopySettings(_keychain, &settings); - if (CSSM_OK == _error) { + if (noErr == _error) { return settings.version; } else { PSYSLOGND(LOG_ERR, @"Unable to determine version of keychain %p, error %@.\n", self, OSStatusAsString(_error)); @@ -497,7 +497,7 @@ _error = SecKeychainCopySettings(_keychain, &settings); - if (CSSM_OK == _error) { + if (noErr == _error) { settings.lockOnSleep = lockOnSleep; _error = SecKeychainSetSettings(_keychain, &settings); @@ -517,7 +517,7 @@ _error = SecKeychainCopySettings(_keychain, &settings); - if (CSSM_OK == _error) { + if (noErr == _error) { return settings.lockOnSleep; } else { PSYSLOGND(LOG_ERR, @"Unable to determine lock-on-sleep setting of keychain %p, error %@.\n", self, OSStatusAsString(_error)); @@ -532,7 +532,7 @@ _error = SecKeychainCopySettings(_keychain, &settings); - if (CSSM_OK == _error) { + if (noErr == _error) { settings.useLockInterval = lockAfterInterval; _error = SecKeychainSetSettings(_keychain, &settings); @@ -552,7 +552,7 @@ _error = SecKeychainCopySettings(_keychain, &settings); - if (CSSM_OK == _error) { + if (noErr == _error) { return settings.useLockInterval; } else { PSYSLOGND(LOG_ERR, @"Unable to determine lock-after-interval setting of keychain %p, error %@.\n", self, OSStatusAsString(_error)); @@ -567,7 +567,7 @@ _error = SecKeychainCopySettings(_keychain, &settings); - if (CSSM_OK == _error) { + if (noErr == _error) { settings.lockInterval = interval; _error = SecKeychainSetSettings(_keychain, &settings); @@ -587,7 +587,7 @@ _error = SecKeychainCopySettings(_keychain, &settings); - if (CSSM_OK == _error) { + if (noErr == _error) { return settings.lockInterval; } else { PSYSLOGND(LOG_ERR, @"Unable to determine interval of keychain %p, error %@.\n", self, OSStatusAsString(_error)); @@ -603,7 +603,7 @@ _error = SecKeychainItemCreateCopy([item keychainItemRef], _keychain, [[item access] accessRef], &result); - if ((CSSM_OK == _error) && result) { + if ((noErr == _error) && result) { CFRelease(result); } else { PSYSLOGND(LOG_ERR, @"Unable to add item %p to keychain %p, error %@.\n", item, self, OSStatusAsString(_error)); @@ -614,7 +614,7 @@ _error = EINVAL; } - return (CSSM_OK == _error); + return (noErr == _error); } - (KeychainItem*)addNewItemWithClass:(SecItemClass)itemClass access:(Access*)initialAccess { @@ -624,7 +624,7 @@ _error = SecKeychainItemCreateFromContent(itemClass, &attributes, 0, nil, _keychain, accessRef, &keychainItem); - if (CSSM_OK == _error) { + if (noErr == _error) { return [KeychainItem keychainItemWithKeychainItemRef:keychainItem]; } else { PSYSLOGND(LOG_ERR, @"Unable to add new item of class %@, error %@.\n", nameOfKeychainItemClassConstant(itemClass), OSStatusAsString(_error)); @@ -650,8 +650,9 @@ SecExternalItemType type = kSecItemTypeCertificate; CFArrayRef resultRawArray = NULL;// = CFArrayCreateMutable(kCFAllocatorDefault, 0, &kCFTypeArrayCallBacks); SecKeychainRef keychain = [self keychainRef]; - - _error = SecKeychainItemImport((CFDataRef)[certificate data], + NSData *certificateData = [certificate data]; + + _error = SecKeychainItemImport((CFDataRef)certificateData, NULL, &format, &type, @@ -662,41 +663,25 @@ if (noErr == _error) { NSArray *resultArray = (NSArray*)resultRawArray; - - if (1 == [resultArray count]) { - SecKeychainItemRef itemRef = (SecKeychainItemRef)[resultArray lastObject]; - /*SecKeychainAttributeList attributes; - SecKeychainAttribute attribute; - - attributes.count = 1; - attributes.attr = &attribute; - - attribute.tag = kSecLabelItemAttr; - attribute.data = (void*)[name UTF8String]; - attribute.length = strlen(attribute.data); - - //PDEBUG(@"Imported certificate = %@", [[Certificate certificateWithCertificateRef:(SecCertificateRef)itemRef] description]); - - _error = SecKeychainItemModifyAttributesAndData(itemRef, - &attributes, - 0, - NULL); - - if (noErr == _error) { - PDEBUG(@"All good! :D\n"); - - result = [KeychainItem keychainItemWithKeychainItemRef:itemRef]; - } else { - PSYSLOGND(LOG_ERR, @"Unable to add print name to newly added certificate, error %@.\n", CSSMErrorAsString(_error)); - PDEBUG(@"SecKeychainItemModifyAttributesAndData(%p, %p, 0, NULL) returned error %@.\n", itemRef, &attributes, CSSMErrorAsString(_error)); - }*/ - - result = [KeychainItem keychainItemWithKeychainItemRef:itemRef]; + unsigned int numberOfResults = [resultArray count]; + + if (0 < numberOfResults) { + if (1 < numberOfResults) { + PSYSLOGND(LOG_WARNING, @"More than one keychain item created during import of certificate - attempting to handle as best as possible, but this is not a well supported case.\n"); + PDEBUG(@"SecKeychainItemImport(%p, NULL, %p [%@], %p [%@], 0, NULL, %p, %p) returned more than one item: %@\n", certificateData, &format, nameOfExternalFormatConstant(format), &type, nameOfExternalItemTypeConstant(type), keychain, &resultRawArray, [resultArray description]); + } + + NSEnumerator *resultEnumerator = [resultArray objectEnumerator]; + SecKeychainItemRef itemRef; + + while (itemRef = (SecKeychainItemRef)[resultEnumerator nextObject]) { + result = [KeychainItem keychainItemWithKeychainItemRef:itemRef]; - [result setLabel:name]; + [result setLabel:name]; + } } else { - PSYSLOGND(LOG_ERR, @"Unexpected result after import of certificate.\n"); - PDEBUG(@"Array returned by SecKeychainItemImport is abnormal: %@\n", [resultArray description]); + PSYSLOGND(LOG_ERR, @"No keychain items created by import of certificate.\n"); + PDEBUG(@"SecKeychainItemImport(%p, NULL, %p [%@], %p [%@], 0, NULL, %p, %p) returned nil or empty array: %@\n", certificateData, &format, nameOfExternalFormatConstant(format), &type, nameOfExternalItemTypeConstant(type), keychain, &resultRawArray, [resultArray description]); } CFRelease(resultRawArray); @@ -733,7 +718,9 @@ const CSSM_KEYHEADER *keyHeader = NULL; KeychainItem *result = nil; - if (noErr == SecKeychainGetDLDBHandle(_keychain, &DLDBHandle)) { + _error = SecKeychainGetDLDBHandle(_keychain, &DLDBHandle); + + if (noErr == _error) { SecKeychainAttributeList attributeList; SecKeychainAttribute attribute[8]; @@ -1069,16 +1056,19 @@ CFRelease(searchRef); } - _error = CSSM_DL_FreeUniqueRecord(DLDBHandle, recordPtr); + CSSM_RETURN _freeError = CSSM_DL_FreeUniqueRecord(DLDBHandle, recordPtr); - if (CSSM_OK != _error) { - PDEBUG(@"CSSM_DL_FreeUniqueRecord(%"PRIdldbHandle", %p) returned error %@.\n", DLDBHandle, recordPtr, CSSMErrorAsString(_error)); + if (CSSM_OK != _freeError) { + PDEBUG(@"CSSM_DL_FreeUniqueRecord(%"PRIdldbHandle", %p) returned error %@.\n", DLDBHandle, recordPtr, CSSMErrorAsString(_freeError)); } } else { PSYSLOGND(LOG_ERR, @"Unable to insert key into keychain, error %@.\n", CSSMErrorAsString(_error)); PDEBUG(@"CSSM_DL_DataInsert(%"PRIdldbHandle", %"PRIu32", %p, %p, %p) returned error %@.\n", DLDBHandle, recType, &recordAttrs, &([key CSSMKey]->KeyData), &recordPtr, CSSMErrorAsString(_error)); } - } + } else { + PSYSLOGND(LOG_ERR, @"Unable to get DLDB handle in order to add key, error %@.\n", CSSMErrorAsString(_error)); + PDEBUG(@"SecKeychainGetDLDBHandle(%p, %p [%"PRIdldbHandle"]) returned error %@.\n", _keychain, &DLDBHandle, DLDBHandle, CSSMErrorAsString(_error)); + } return result; } @@ -1178,10 +1168,10 @@ _error = SecKeychainFindGenericPassword(_keychain, serviceStringLength, serviceString, accountStringLength, accountString, NULL, NULL, &existingItem); - if (CSSM_OK == _error) { + if (noErr == _error) { _error = SecKeychainItemModifyContent(existingItem, NULL, passwordStringLength, (void*)passwordString); - if (CSSM_OK == _error) { + if (noErr == _error) { result = [KeychainItem keychainItemWithKeychainItemRef:existingItem]; } else { PSYSLOGND(LOG_ERR, @"Unable to modify existing entry, error %@.\n", OSStatusAsString(_error)); @@ -1230,10 +1220,10 @@ _error = SecKeychainFindInternetPassword(_keychain, serverStringLength, serverString, domainStringLength, domainString, accountStringLength, accountString, pathStringLength, pathString, port, protocol, authType, NULL, NULL, &existingItem); - if (CSSM_OK == _error) { + if (noErr == _error) { _error = SecKeychainItemModifyAttributesAndData(existingItem, NULL, passwordStringLength, passwordString); - if (CSSM_OK == _error) { + if (noErr == _error) { result = [KeychainItem keychainItemWithKeychainItemRef:existingItem]; } else { PSYSLOGND(LOG_ERR, @"Unable to modify existing entry, error %@.\n", OSStatusAsString(_error)); @@ -1297,8 +1287,12 @@ CSSM_QUERY query = {CSSM_DL_DB_RECORD_ANY, CSSM_DB_NONE, 0, NULL, {CSSM_QUERY_TIMELIMIT_NONE, CSSM_QUERY_SIZELIMIT_NONE}, 0}; CSSM_DATA data = {0, NULL}; - if (CSSM_OK == (_error = SecKeychainGetDLDBHandle(_keychain, &dbHandle))) { - if (CSSM_OK == (_error = CSSM_DL_DataGetFirst(dbHandle, &query, &resultsHandle, &attr, &data, &recordID))) { + _error = SecKeychainGetDLDBHandle(_keychain, &dbHandle); + + if (noErr == _error) { + _error = CSSM_DL_DataGetFirst(dbHandle, &query, &resultsHandle, &attr, &data, &recordID); + + if (CSSM_OK == _error) { do { switch (attr.DataRecordType) { case CSSM_DL_DB_RECORD_CERT: @@ -1386,14 +1380,20 @@ - (NSString*)passwordForGenericService:(NSString*)service forAccount:(NSString*)account { char *passData; UInt32 passLength; + + const char *serviceString = [service UTF8String]; + const char *accountString = [account UTF8String]; + + uint32_t serviceStringLength = ((nil != service) ? strlen(serviceString) : 0); + uint32_t accountStringLength = ((nil != account) ? strlen(accountString) : 0); - _error = SecKeychainFindGenericPassword(_keychain, (service ? strlen([service UTF8String]) : 0), [service UTF8String], (account ? strlen([account UTF8String]) : 0), [account UTF8String], &passLength, (void**)&passData, NULL); + _error = SecKeychainFindGenericPassword(_keychain, serviceStringLength, serviceString, accountStringLength, accountString, &passLength, (void**)&passData, NULL); - if (CSSM_OK == _error) { + if (noErr == _error) { return [[[NSString alloc] initWithCStringNoCopy:passData length:passLength freeWhenDone:YES] autorelease]; } else { PSYSLOGND(LOG_ERR, @"Unable to find generic password, error %@.\n", OSStatusAsString(_error)); - PDEBUG(@"SecKeychainFindGenericPassword(%p, %u, \"%@\", %u, \"%@\", %p, %p, NULL) returned error %@.\n", _keychain, (service ? strlen([service UTF8String]) : 0), service, (account ? strlen([account UTF8String]) : 0), account, &passLength, &passData, OSStatusAsString(_error)); + PDEBUG(@"SecKeychainFindGenericPassword(%p, %u, \"%@\", %u, \"%@\", %p, %p, NULL) returned error %@.\n", _keychain, serviceStringLength, service, accountStringLength, account, &passLength, &passData, OSStatusAsString(_error)); return nil; } @@ -1432,7 +1432,7 @@ (void**)&passData, NULL); - if (CSSM_OK == _error) { + if (noErr == _error) { return [[[NSString alloc] initWithCStringNoCopy:passData length:passLength freeWhenDone:YES] autorelease]; } else { PSYSLOGND(LOG_ERR, @"Unable to find internet password, error %@.\n", OSStatusAsString(_error)); @@ -1467,7 +1467,7 @@ _error = SecKeychainFindGenericPassword(_keychain, (service ? strlen([service UTF8String]) : 0), [service UTF8String], (account ? strlen([account UTF8String]) : 0), [account UTF8String], NULL, NULL, &result); - if ((_error == CSSM_OK) && result) { + if ((noErr == _error) && result) { keychainItem = [KeychainItem keychainItemWithKeychainItemRef:result]; CFRelease(result); } else { @@ -1511,7 +1511,7 @@ NULL, &result); - if ((_error == CSSM_OK) && result) { + if ((noErr == _error) && result) { keychainItem = [KeychainItem keychainItemWithKeychainItemRef:result]; CFRelease(result); } else { @@ -1546,13 +1546,13 @@ _error = SecIdentitySearchCreate(_keychain, use, &search); - if ((_error == CSSM_OK) && search) { - while ((CSSM_OK == (_error = SecIdentitySearchCopyNext(search, &result))) && result) { + if ((noErr == _error) && search) { + while ((noErr == (_error = SecIdentitySearchCopyNext(search, &result))) && result) { [results addObject:[Identity identityWithIdentityRef:result]]; CFRelease(result); } - if ((CSSM_OK != _error) && (errSecItemNotFound != _error)) { + if ((noErr != _error) && (errSecItemNotFound != _error)) { PSYSLOGND(LOG_ERR, @"Unable to search for identities for use %@, error %@.\n", descriptionOfKeyUsage(use), OSStatusAsString(_error)); PDEBUG(@"SecIdentitySearchCopyNext(%p, %p) returned error %@.\n", _keychain, &search, OSStatusAsString(_error)); } @@ -1618,7 +1618,7 @@ _error = SecKeyCreatePair(_keychain, alg, size, nil, pubUse, pubAttr, privUse, privAttr, [acc accessRef], &pubResult, &privResult); - if ((_error == CSSM_OK) && pubResult && privResult) { + if ((noErr == _error) && pubResult && privResult) { res = [NSArray arrayWithObjects:[Key keyWithKeyRef:pubResult module:[self CSPModule]], [Key keyWithKeyRef:privResult module:[self CSPModule]], nil]; CFRelease(pubResult); @@ -1636,7 +1636,7 @@ - (void)setAccess:(Access*)access { _error = SecKeychainSetAccess(_keychain, [access accessRef]); - if (CSSM_OK != _error) { + if (noErr != _error) { PSYSLOGND(LOG_ERR, @"Unable to set keychain %p's access to %p, error %@.\n", self, access, OSStatusAsString(_error)); PDEBUG(@"SecKeychainSetAccess(%p, %p) returned error %@.\n", _keychain, [access accessRef], OSStatusAsString(_error)); } @@ -1648,7 +1648,7 @@ _error = SecKeychainCopyAccess(_keychain, &result); - if ((_error == CSSM_OK) && result) { + if ((noErr == _error) && result) { res = [Access accessWithAccessRef:result]; CFRelease(result); @@ -1666,7 +1666,7 @@ _error = SecKeychainGetCSPHandle(_keychain, &cspHandle); - if (CSSM_OK != _error) { + if (noErr != _error) { PSYSLOGND(LOG_ERR, @"Unable to retrieve keychain's CSP handle, error %@.\n", OSStatusAsString(_error)); PDEBUG(@"SecKeychainGetCSPHandle(%p, %p) returned error %@.\n", _keychain, &cspHandle, OSStatusAsString(_error)); @@ -1681,7 +1681,7 @@ _error = SecKeychainGetDLDBHandle(_keychain, &dldbHandle); - if (CSSM_OK != _error) { + if (noErr != _error) { PSYSLOGND(LOG_ERR, @"Unable to retrieve keychain's DLDB handle, error %@.\n", OSStatusAsString(_error)); PDEBUG(@"SecKeychainGetDLDBHandle(%p, %p) returned error %@.\n", _keychain, &dldbHandle, OSStatusAsString(_error)); @@ -1703,7 +1703,7 @@ _error = SecKeychainDelete(_keychain); - if (_error == CSSM_OK) { + if (noErr == _error) { _keychain = NULL; } else { PSYSLOGND(LOG_ERR, @"Unable to delete keychain %p, error %@.\n", self, OSStatusAsString(_error)); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-14 07:26:32
|
Revision: 388 http://keychain.svn.sourceforge.net/keychain/?rev=388&view=rev Author: wadetregaskis Date: 2007-10-14 00:26:36 -0700 (Sun, 14 Oct 2007) Log Message: ----------- * Added test_trustStrings() to cover the recent CSSMUtils additions for CSSM_ACL_AUTHORIZATION_TAG. Modified Paths: -------------- trunk/Frameworks/Keychain/Testers/StringsTester.m Modified: trunk/Frameworks/Keychain/Testers/StringsTester.m =================================================================== --- trunk/Frameworks/Keychain/Testers/StringsTester.m 2007-10-13 22:37:21 UTC (rev 387) +++ trunk/Frameworks/Keychain/Testers/StringsTester.m 2007-10-14 07:26:36 UTC (rev 388) @@ -368,7 +368,51 @@ END_TEST(); } +void test_trustStrings(void) { + NSString *result; + + START_TEST("Trust"); + + result = nameOfAuthorization(CSSM_ACL_AUTHORIZATION_LOGIN); + + TEST(nil != result, "nameOfAuthorization(CSSM_ACL_AUTHORIZATION_LOGIN) returns result [Authorization Tag Names.strings]"); + + if (nil != result) { + TEST_NOTE("\tResult is: %s", [result UTF8String]); + TEST([result isEqualToString:@"Login"], "\tResult is as expected"); + } + + result = nameOfAuthorizationConstant(CSSM_ACL_AUTHORIZATION_GENKEY); + + TEST(nil != result, "nameOfAuthorizationConstant(CSSM_ACL_AUTHORIZATION_GENKEY) returns result [Authorization Tag Constants.strings]"); + + if (nil != result) { + TEST_NOTE("\tResult is: %s", [result UTF8String]); + TEST([result isEqualToString:@"CSSM_ACL_AUTHORIZATION_GENKEY"], "\tResult is as expected"); + } + + result = descriptionOfAuthorizations([NSArray arrayWithObjects:[NSNumber numberWithInt:CSSM_ACL_AUTHORIZATION_SIGN], [NSNumber numberWithInt:CSSM_ACL_AUTHORIZATION_ENCRYPT], [NSNumber numberWithInt:CSSM_ACL_AUTHORIZATION_DECRYPT], nil]); + + TEST(nil != result, "descriptionOfAuthorizations({CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_ENCRYPT, CSSM_ACL_AUTHORIZATION_DECRYPT}) returns result [Authorization Tag Names.strings]"); + + if (nil != result) { + TEST_NOTE("\tResult is: %s", [result UTF8String]); + TEST([result isEqualToString:@"Signing, Encryption & Decryption"], "\tResult is as expected"); + } + + result = descriptionOfAuthorizationsUsingConstants([NSArray arrayWithObjects:[NSNumber numberWithInt:CSSM_ACL_AUTHORIZATION_DB_READ], [NSNumber numberWithInt:CSSM_ACL_AUTHORIZATION_DB_INSERT], [NSNumber numberWithInt:CSSM_ACL_AUTHORIZATION_DB_MODIFY], [NSNumber numberWithInt:CSSM_ACL_AUTHORIZATION_DB_DELETE], nil]); + + TEST(nil != result, "descriptionOfAuthorizations({CSSM_ACL_AUTHORIZATION_DB_READ, CSSM_ACL_AUTHORIZATION_DB_INSERT, CSSM_ACL_AUTHORIZATION_DB_MODIFY, CSSM_ACL_AUTHORIZATION_DB_DELETE}) returns result [Authorization Tag Names.strings]"); + + if (nil != result) { + TEST_NOTE("\tResult is: %s", [result UTF8String]); + TEST([result isEqualToString:@"CSSM_ACL_AUTHORIZATION_DB_READ, CSSM_ACL_AUTHORIZATION_DB_INSERT, CSSM_ACL_AUTHORIZATION_DB_MODIFY & CSSM_ACL_AUTHORIZATION_DB_DELETE"], "\tResult is as expected"); + } + + END_TEST(); +} + #pragma mark SecurityUtils.h void test_OSStatusStrings(void) { @@ -536,6 +580,7 @@ test_GUIDStrings(); test_KeyStrings(); test_OIDStrings(); + test_trustStrings(); // SecurityUtils.h test_OSStatusStrings(); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-13 22:37:16
|
Revision: 387 http://keychain.svn.sourceforge.net/keychain/?rev=387&view=rev Author: wadetregaskis Date: 2007-10-13 15:37:21 -0700 (Sat, 13 Oct 2007) Log Message: ----------- * Added 'Authorization Tag Names.strings' and 'Authorization Tag Constants.strings' to the project and the Keychain target. Modified Paths: -------------- trunk/Frameworks/Keychain/Keychain.xcodeproj/project.pbxproj Modified: trunk/Frameworks/Keychain/Keychain.xcodeproj/project.pbxproj =================================================================== --- trunk/Frameworks/Keychain/Keychain.xcodeproj/project.pbxproj 2007-10-13 22:36:29 UTC (rev 386) +++ trunk/Frameworks/Keychain/Keychain.xcodeproj/project.pbxproj 2007-10-13 22:37:21 UTC (rev 387) @@ -208,6 +208,8 @@ 75A0754009438F8F008B9D9E /* Keychain.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 75A0750209438F8E008B9D9E /* Keychain.framework */; }; 75C6E8F20A3BDCD8009201FB /* Keychain.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 75A0750209438F8E008B9D9E /* Keychain.framework */; }; 75C6E9040A3BDD1A009201FB /* KeychainSearchTester.m in Sources */ = {isa = PBXBuildFile; fileRef = 75C6E9030A3BDD1A009201FB /* KeychainSearchTester.m */; }; + 75D25AA60CC1643600C8B443 /* Authorization Tag Constants.strings in Resources */ = {isa = PBXBuildFile; fileRef = 75D25AA20CC1643600C8B443 /* Authorization Tag Constants.strings */; }; + 75D25AA70CC1643600C8B443 /* Authorization Tag Names.strings in Resources */ = {isa = PBXBuildFile; fileRef = 75D25AA40CC1643600C8B443 /* Authorization Tag Names.strings */; }; /* End PBXBuildFile section */ /* Begin PBXBuildStyle section */ @@ -548,6 +550,8 @@ 75C6E8F70A3BDCD8009201FB /* KeychainSearchTester */ = {isa = PBXFileReference; explicitFileType = "compiled.mach-o.executable"; includeInIndex = 0; path = KeychainSearchTester; sourceTree = BUILT_PRODUCTS_DIR; }; 75C6E9030A3BDD1A009201FB /* KeychainSearchTester.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = KeychainSearchTester.m; path = Testers/KeychainSearchTester.m; sourceTree = "<group>"; }; 75D1B95E08A8E74200D77A20 /* MDSProber.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = MDSProber.m; path = Testers/MDSProber.m; sourceTree = "<group>"; }; + 75D25AA30CC1643600C8B443 /* English */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.strings; name = English; path = "English.lproj/Authorization Tag Constants.strings"; sourceTree = "<group>"; }; + 75D25AA50CC1643600C8B443 /* English */ = {isa = PBXFileReference; fileEncoding = 30; lastKnownFileType = text.plist.strings; name = English; path = "English.lproj/Authorization Tag Names.strings"; sourceTree = "<group>"; }; 75EE821C0837443E00D8CF7B /* CSSMUtilsTester.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = CSSMUtilsTester.m; path = Testers/CSSMUtilsTester.m; sourceTree = "<group>"; }; F566C81003E0D92B015C51F3 /* Security.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = Security.framework; path = /System/Library/Frameworks/Security.framework; sourceTree = "<absolute>"; }; F58080CA03EB75D701B6B625 /* CoreFoundation.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = CoreFoundation.framework; path = /System/Library/Frameworks/CoreFoundation.framework; sourceTree = "<absolute>"; }; @@ -852,6 +856,8 @@ 757A98380CB98BF300513299 /* Algorithm Names.strings */, 757A983A0CB98BF300513299 /* Authentication Type Constants.strings */, 757A983C0CB98BF300513299 /* Authentication Type Names.strings */, + 75D25AA20CC1643600C8B443 /* Authorization Tag Constants.strings */, + 75D25AA40CC1643600C8B443 /* Authorization Tag Names.strings */, 757A983E0CB98BF300513299 /* BER Code Constants.strings */, 757A98400CB98BF300513299 /* BER Code Names.strings */, 757A98420CB98BF300513299 /* Certificate Encoding Constants.strings */, @@ -1263,6 +1269,8 @@ 757A98D30CB98BF300513299 /* Algorithm Names.strings in Resources */, 757A98D40CB98BF300513299 /* Authentication Type Constants.strings in Resources */, 757A98D50CB98BF300513299 /* Authentication Type Names.strings in Resources */, + 75D25AA60CC1643600C8B443 /* Authorization Tag Constants.strings in Resources */, + 75D25AA70CC1643600C8B443 /* Authorization Tag Names.strings in Resources */, 757A98D60CB98BF300513299 /* BER Code Constants.strings in Resources */, 757A98D70CB98BF300513299 /* BER Code Names.strings in Resources */, 757A98D80CB98BF300513299 /* Certificate Encoding Constants.strings in Resources */, @@ -1929,6 +1937,22 @@ name = "Protocol Type Short Names.strings"; sourceTree = "<group>"; }; + 75D25AA20CC1643600C8B443 /* Authorization Tag Constants.strings */ = { + isa = PBXVariantGroup; + children = ( + 75D25AA30CC1643600C8B443 /* English */, + ); + name = "Authorization Tag Constants.strings"; + sourceTree = "<group>"; + }; + 75D25AA40CC1643600C8B443 /* Authorization Tag Names.strings */ = { + isa = PBXVariantGroup; + children = ( + 75D25AA50CC1643600C8B443 /* English */, + ); + name = "Authorization Tag Names.strings"; + sourceTree = "<group>"; + }; /* End PBXVariantGroup section */ /* Begin XCBuildConfiguration section */ This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-13 22:36:26
|
Revision: 386 http://keychain.svn.sourceforge.net/keychain/?rev=386&view=rev Author: wadetregaskis Date: 2007-10-13 15:36:29 -0700 (Sat, 13 Oct 2007) Log Message: ----------- * Added '*.pbxuser' and '*.mode1*' to svn:ignore. Property Changed: ---------------- trunk/Applications/Keychain Demo/Keychain Demo.xcodeproj/ Property changes on: trunk/Applications/Keychain Demo/Keychain Demo.xcodeproj ___________________________________________________________________ Name: svn:ignore + *.mode1* *.pbxuser This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-13 22:35:43
|
Revision: 385 http://keychain.svn.sourceforge.net/keychain/?rev=385&view=rev Author: wadetregaskis Date: 2007-10-13 15:35:46 -0700 (Sat, 13 Oct 2007) Log Message: ----------- * Added '*~.nib' to svn:ignore. Property Changed: ---------------- trunk/Applications/Keychain Demo/English.lproj/ Property changes on: trunk/Applications/Keychain Demo/English.lproj ___________________________________________________________________ Name: svn:ignore + *~.nib This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-13 22:34:18
|
Revision: 384 http://keychain.svn.sourceforge.net/keychain/?rev=384&view=rev Author: wadetregaskis Date: 2007-10-13 15:34:21 -0700 (Sat, 13 Oct 2007) Log Message: ----------- * Added 'build' to svn:ignore. Property Changed: ---------------- trunk/Applications/Keychain Demo/ Property changes on: trunk/Applications/Keychain Demo ___________________________________________________________________ Name: svn:ignore + build This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-13 22:33:27
|
Revision: 383 http://keychain.svn.sourceforge.net/keychain/?rev=383&view=rev Author: wadetregaskis Date: 2007-10-13 15:33:31 -0700 (Sat, 13 Oct 2007) Log Message: ----------- * Added in some of the machinery for the Keychain Demo app to handle ACLs and whatnot for each item - it can now determine roughly whether a password is required for access, and now lists which applications have unquestioned access and for what actions. Modified Paths: -------------- trunk/Applications/Keychain Demo/demoController.h trunk/Applications/Keychain Demo/demoController.m Modified: trunk/Applications/Keychain Demo/demoController.h =================================================================== --- trunk/Applications/Keychain Demo/demoController.h 2007-10-13 22:32:09 UTC (rev 382) +++ trunk/Applications/Keychain Demo/demoController.h 2007-10-13 22:33:31 UTC (rev 383) @@ -15,6 +15,10 @@ IBOutlet id data; IBOutlet id list; IBOutlet id lockButton; + + IBOutlet NSMatrix *accessOptions; + IBOutlet NSButton *requirePasswordForAccess; + IBOutlet NSTableView *alwaysPermittedApplications; Keychain *keychain; NSMutableArray *chain; @@ -23,9 +27,7 @@ - (IBAction)lockUnlock:(id)sender; - (IBAction)showData:(id)sender; -- (void)awakeFromNib; +- (IBAction)changedAccessOptions:(id)sender; +- (IBAction)toggleRequirePasswordForAccess:(id)sender; -- (int)numberOfRowsInTableView:(NSTableView *)aTableView; -- (id)tableView:(NSTableView *)aTableView objectValueForTableColumn:(NSTableColumn *)aTableColumn row:(int)rowIndex; - @end Modified: trunk/Applications/Keychain Demo/demoController.m =================================================================== --- trunk/Applications/Keychain Demo/demoController.m 2007-10-13 22:32:09 UTC (rev 382) +++ trunk/Applications/Keychain Demo/demoController.m 2007-10-13 22:33:31 UTC (rev 383) @@ -14,10 +14,6 @@ @implementation demoController -- (void)tableViewSelectionDidChange:(NSNotification *)aNotification { - [[data textStorage] setAttributedString:[[[NSAttributedString alloc] initWithString:@""] autorelease]]; -} - - (IBAction)lockUnlock:(id)sender { if ([[lockButton title] isEqualToString:@"Lock"]) { [keychain lock]; @@ -32,20 +28,96 @@ } } +- (KeychainItem*)_selectedItem { + if ([list selectedRow] >= 0) { + return [chain objectAtIndex:[list selectedRow]]; + } else { + return nil; + } +} + - (IBAction)showData:(id)sender { - KeychainItem *selected; + KeychainItem *selected = [self _selectedItem]; - if ([list selectedRow] >= 0) { - selected = [chain objectAtIndex:[list selectedRow]]; - + if (nil != selected) { if ([selected isCertificate]) { [[data textStorage] setAttributedString:[[[NSAttributedString alloc] initWithString:[[selected certificate] description]] autorelease]]; } else { [[data textStorage] setAttributedString:[[[NSAttributedString alloc] initWithString:[selected dataAsString]] autorelease]]; } - } + } else { + NSBeep(); + } } + + +- (void)_updateDrawerForSelectedItem { + [[data textStorage] setAttributedString:[[[NSAttributedString alloc] initWithString:@""] autorelease]]; + + KeychainItem *selected = [self _selectedItem]; + + if (nil != selected) { + Access *access = [selected access]; + + NSCellStateValue state = -10000; // Not a valid state; magic value. + + NSEnumerator *ACLEnumerator = [[access accessControlLists] objectEnumerator]; + AccessControlList *currentACL; + BOOL currentRequiresPassphrase; + + while (currentACL = [ACLEnumerator nextObject]) { + currentRequiresPassphrase = [currentACL requiresPassphrase]; + + if (-10000 == state) { + state = (currentRequiresPassphrase ? NSOnState : NSOffState); + } else if ((currentRequiresPassphrase && (NSOffState == state)) || (!currentRequiresPassphrase && (NSOnState == state))) { + state = NSMixedState; + } + } + + [requirePasswordForAccess setState:state]; + } + + [alwaysPermittedApplications noteNumberOfRowsChanged]; +} + +- (IBAction)changedAccessOptions:(id)sender { + KeychainItem *selected = [self _selectedItem]; + + if (nil != selected) { + Access *access = [selected access]; + + NSBeep(); + +// NSEnumerator *ACLEnumerator = [[access accessControlLists] objectEnumerator]; +// AccessControlList *currentACL; +// +// while (currentACL = [ACLEnumerator nextObject]) { +// [currentACL setRequiresPassphrase:(NSOnState == [sender state])]; +// } + } else { + NSBeep(); + } +} + +- (IBAction)toggleRequirePasswordForAccess:(id)sender { + KeychainItem *selected = [self _selectedItem]; + + if (nil != selected) { + Access *access = [selected access]; + + NSEnumerator *ACLEnumerator = [[access accessControlLists] objectEnumerator]; + AccessControlList *currentACL; + + while (currentACL = [ACLEnumerator nextObject]) { + [currentACL setRequiresPassphrase:(NSOnState == [sender state])]; + } + } else { + NSBeep(); + } +} + - (void)keychainLocked:(NSNotification*)notification { [lockButton setTitle:@"Unlock"]; } @@ -103,80 +175,136 @@ } - (int)numberOfRowsInTableView:(NSTableView *)aTableView { - return [chain count]; + if (alwaysPermittedApplications == aTableView) { + KeychainItem *selected = [self _selectedItem]; + + if (nil != selected) { + NSEnumerator *ACLEnumerator = [[[selected access] accessControlLists] objectEnumerator]; + AccessControlList *currentACL; + int count = 0; + + while (currentACL = [ACLEnumerator nextObject]) { + count += [[currentACL applications] count]; + } + + return count; + } else { + return 0; + } + } else { + return [chain count]; + } } -- (id)tableView:(NSTableView *)aTableView objectValueForTableColumn:(NSTableColumn *)aTableColumn row:(int)rowIndex { - KeychainItem *current = [chain objectAtIndex:rowIndex]; - NSString *identifier = [aTableColumn identifier]; +- (id)tableView:(NSTableView*)aTableView objectValueForTableColumn:(NSTableColumn*)aTableColumn row:(int)rowIndex { + if (alwaysPermittedApplications == aTableView) { + KeychainItem *selected = [self _selectedItem]; + id result = nil; + + if (nil != selected) { + NSEnumerator *ACLEnumerator = [[[selected access] accessControlLists] objectEnumerator]; + AccessControlList *currentACL; + int skipped = 0; + NSArray *currentApplications; + unsigned int currentApplicationsCount; + + while (currentACL = [ACLEnumerator nextObject]) { + currentApplications = [currentACL applications]; + currentApplicationsCount = [currentApplications count]; + + if ((0 == currentApplicationsCount) || ((skipped + currentApplicationsCount) <= rowIndex)) { + skipped += currentApplicationsCount; + } else { + NSString *columnIdentifier = [aTableColumn identifier]; + + if ([columnIdentifier isEqualToString:@"Path"]) { + result = [(TrustedApplication*)[currentApplications objectAtIndex:(rowIndex - skipped)] path]; + } else if ([columnIdentifier isEqualToString:@"Permissions"]) { + result = descriptionOfAuthorizations([currentACL authorizations]); + } + + break; + } + } + } + + return result; + } else { + KeychainItem *current = [chain objectAtIndex:rowIndex]; + NSString *identifier = [aTableColumn identifier]; - if ([identifier isEqualToString:@"Created"]) { - return [[current creationDate] descriptionWithCalendarFormat:@"%I:%M %p %a %e %b, %Y"]; - } else if ([identifier isEqualToString:@"Modified"]) { - return [[current modificationDate] descriptionWithCalendarFormat:@"%I:%M %p %a %e %b, %Y"]; - } else if ([identifier isEqualToString:@"Description"]) { - return [current description]; - } else if ([identifier isEqualToString:@"Comment"]) { - return [current comment]; - } else if ([identifier isEqualToString:@"Creator"]) { - return [current creator]; - } else if ([identifier isEqualToString:@"Type"]) { - return [current type]; - } else if ([identifier isEqualToString:@"Label"]) { - return [current label]; - } else if ([identifier isEqualToString:@"Visible"]) { - return [current isVisible] ? @"Yes" : @"No"; - } else if ([identifier isEqualToString:@"Valid"]) { - return [current passwordIsValid] ? @"Yes" : @"No"; - } else if ([identifier isEqualToString:@"Has Custom Icon"]) { - return [current hasCustomIcon] ? @"Yes" : @"No"; - } else if ([identifier isEqualToString:@"Alias"]) { - return [current isAlias] ? @"Yes" : @"No"; - } else if ([identifier isEqualToString:@"Account"]) { - return [current account]; - } else if ([identifier isEqualToString:@"Service"]) { - return [current service]; - } else if ([identifier isEqualToString:@"Attribute"]) { - return [current userDefinedAttribute]; - } else if ([identifier isEqualToString:@"Domain"]) { - return [current domain]; - } else if ([identifier isEqualToString:@"Server"]) { - return [current server]; - } else if ([identifier isEqualToString:@"Authentication Type"]) { - return nameOfAuthenticationType([current authenticationType]); - } else if ([identifier isEqualToString:@"Port"]) { - if ([current port] != 0) { - return [NSNumber numberWithUnsignedInt:[current port]]; - } else { - return nil; - } - } else if ([identifier isEqualToString:@"Path"]) { - return [current path]; - } else if ([identifier isEqualToString:@"AppleShare Volume"]) { - return [current appleShareVolume]; - } else if ([identifier isEqualToString:@"AppleShare Address"]) { - return [current appleShareAddress]; - } else if ([identifier isEqualToString:@"AppleShare Signature"]) { - return [current appleShareSignatureData]; - } else if ([identifier isEqualToString:@"Protocol"]) { - return shortNameOfProtocol([current protocol]); - } else if ([identifier isEqualToString:@"Certificate Type"]) { - return nameOfCertificateType([current certificateType]); - } else if ([identifier isEqualToString:@"Certificate Encoding"]) { - return nameOfCertificateEncoding([current certificateEncoding]); - } else if ([identifier isEqualToString:@"CRL Type"]) { - return nameOfCRLType([current CRLtype]); - } else if ([identifier isEqualToString:@"CRL Encoding"]) { - return nameOfCRLEncoding([current CRLencoding]); - } else if ([identifier isEqualToString:@"Kind"]) { - return [current kindString]; - } else if ([identifier isEqualToString:@"Type Description"]) { - return [current typeDescription]; - } else { - return nil; - } + if ([identifier isEqualToString:@"Created"]) { + return [[current creationDate] descriptionWithCalendarFormat:@"%I:%M %p %a %e %b, %Y"]; + } else if ([identifier isEqualToString:@"Modified"]) { + return [[current modificationDate] descriptionWithCalendarFormat:@"%I:%M %p %a %e %b, %Y"]; + } else if ([identifier isEqualToString:@"Description"]) { + return [current description]; + } else if ([identifier isEqualToString:@"Comment"]) { + return [current comment]; + } else if ([identifier isEqualToString:@"Creator"]) { + return [current creator]; + } else if ([identifier isEqualToString:@"Type"]) { + return [current type]; + } else if ([identifier isEqualToString:@"Label"]) { + return [current label]; + } else if ([identifier isEqualToString:@"Visible"]) { + return [current isVisible] ? @"Yes" : @"No"; + } else if ([identifier isEqualToString:@"Valid"]) { + return [current passwordIsValid] ? @"Yes" : @"No"; + } else if ([identifier isEqualToString:@"Has Custom Icon"]) { + return [current hasCustomIcon] ? @"Yes" : @"No"; + } else if ([identifier isEqualToString:@"Alias"]) { + return [current alias]; + } else if ([identifier isEqualToString:@"Account"]) { + return [current account]; + } else if ([identifier isEqualToString:@"Service"]) { + return [current service]; + } else if ([identifier isEqualToString:@"Attribute"]) { + return [current userDefinedAttribute]; + } else if ([identifier isEqualToString:@"Domain"]) { + return [current domain]; + } else if ([identifier isEqualToString:@"Server"]) { + return [current server]; + } else if ([identifier isEqualToString:@"Authentication Type"]) { + return nameOfAuthenticationType([current authenticationType]); + } else if ([identifier isEqualToString:@"Port"]) { + if ([current port] != 0) { + return [NSNumber numberWithUnsignedInt:[current port]]; + } else { + return nil; + } + } else if ([identifier isEqualToString:@"Path"]) { + return [current path]; + } else if ([identifier isEqualToString:@"AppleShare Volume"]) { + return [current appleShareVolume]; + } else if ([identifier isEqualToString:@"AppleShare Address"]) { + return [current appleShareAddress]; + } else if ([identifier isEqualToString:@"AppleShare Signature"]) { + return [current appleShareSignatureData]; + } else if ([identifier isEqualToString:@"Protocol"]) { + return shortNameOfProtocol([current protocol]); + } else if ([identifier isEqualToString:@"Certificate Type"]) { + return nameOfCertificateType([current certificateType]); + } else if ([identifier isEqualToString:@"Certificate Encoding"]) { + return nameOfCertificateEncoding([current certificateEncoding]); + } else if ([identifier isEqualToString:@"CRL Type"]) { + return nameOfCRLType([current CRLType]); + } else if ([identifier isEqualToString:@"CRL Encoding"]) { + return nameOfCRLEncoding([current CRLEncoding]); + } else if ([identifier isEqualToString:@"Kind"]) { + return nameOfKeychainItemClass([current kind]); + } else if ([identifier isEqualToString:@"Type Description"]) { + return [current typeDescription]; + } else { + return nil; + } + } } +- (void)tableViewSelectionDidChange:(NSNotification *)aNotification { + [self _updateDrawerForSelectedItem]; +} + - (void)dealloc { [[NSNotificationCenter defaultCenter] removeObserver:self]; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-13 22:32:05
|
Revision: 382 http://keychain.svn.sourceforge.net/keychain/?rev=382&view=rev Author: wadetregaskis Date: 2007-10-13 15:32:09 -0700 (Sat, 13 Oct 2007) Log Message: ----------- * Fixed nib (seems it got corrupted in some way by the CVS -> SVN migration). * Added extra GUI to info drawer to show access settings & properties of the selected item. Modified Paths: -------------- trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/classes.nib trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/info.nib trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/objects.nib Modified: trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/classes.nib =================================================================== (Binary files differ) Modified: trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/info.nib =================================================================== (Binary files differ) Modified: trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/objects.nib =================================================================== (Binary files differ) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-13 22:31:24
|
Revision: 381 http://keychain.svn.sourceforge.net/keychain/?rev=381&view=rev Author: wadetregaskis Date: 2007-10-13 15:31:29 -0700 (Sat, 13 Oct 2007) Log Message: ----------- * Removed 'svn:eol-style' property, which is preventing me actually committing modified versions. #%@! SVN. Property Changed: ---------------- trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/classes.nib trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/info.nib trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/objects.nib Property changes on: trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/classes.nib ___________________________________________________________________ Name: svn:eol-style - native Property changes on: trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/info.nib ___________________________________________________________________ Name: svn:eol-style - native Property changes on: trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/objects.nib ___________________________________________________________________ Name: svn:eol-style - native This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-13 22:29:23
|
Revision: 380 http://keychain.svn.sourceforge.net/keychain/?rev=380&view=rev Author: wadetregaskis Date: 2007-10-13 15:29:27 -0700 (Sat, 13 Oct 2007) Log Message: ----------- * Changed nib files' MIME type to 'application/octet-stream'. Property Changed: ---------------- trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/classes.nib trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/info.nib trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/objects.nib Property changes on: trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/classes.nib ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Property changes on: trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/info.nib ___________________________________________________________________ Name: svn:mime-type + application/octet-stream Property changes on: trunk/Applications/Keychain Demo/English.lproj/MainMenu.nib/objects.nib ___________________________________________________________________ Name: svn:mime-type + application/octet-stream This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-13 22:21:02
|
Revision: 379 http://keychain.svn.sourceforge.net/keychain/?rev=379&view=rev Author: wadetregaskis Date: 2007-10-13 15:21:03 -0700 (Sat, 13 Oct 2007) Log Message: ----------- * Changed the NSData -> NSString method used in NSStringFromNSData(). The new approach now just converts up to the first NULL byte in the given data, rather than trying to do the whole NSData (which is both wrong and resulted, in the old method, in nil being returned). Modified Paths: -------------- trunk/Frameworks/Keychain/Utilities/UtilitySupport.m Modified: trunk/Frameworks/Keychain/Utilities/UtilitySupport.m =================================================================== --- trunk/Frameworks/Keychain/Utilities/UtilitySupport.m 2007-10-13 22:19:28 UTC (rev 378) +++ trunk/Frameworks/Keychain/Utilities/UtilitySupport.m 2007-10-13 22:21:03 UTC (rev 379) @@ -232,7 +232,21 @@ NSString* NSStringFromNSData(NSData *data) { if (nil != data) { - return [[[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding] autorelease]; + //NSString *result = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding]; + + // We use the following instead of the simple, single line above for one very good reason: the line above will fail for some data's that contain random bytes after the NULL terminator. So, to get around this somewhat odd behaviour of NSString, we go through an explicitly define the length of the string based on the position of the delimiter. + + const char *bytes = [data bytes]; + unsigned int bytesLength = strlen(bytes); + + NSString *result = [[NSString alloc] initWithBytes:bytes length:bytesLength encoding:NSUTF8StringEncoding]; + + if (nil == result) { + PSYSLOG(LOG_ERR, @"Cannot interpret the data \"%@\" in UTF-8 encoding.", data); + return nil; + } else { + return [result autorelease]; + } } else { PDEBUG(@"Invalid parameter - 'data' is nil."); return nil; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-13 22:19:24
|
Revision: 378 http://keychain.svn.sourceforge.net/keychain/?rev=378&view=rev Author: wadetregaskis Date: 2007-10-13 15:19:28 -0700 (Sat, 13 Oct 2007) Log Message: ----------- * Added descriptionOfAuthorizations(), descriptionOfAuthorizationsUsingConstants(), nameOfAuthorization() and nameOfAuthorizationConstant(), and their associated strings files 'Authorization Tag Names.strings' and 'Authorization Tag Constants.strings'. Modified Paths: -------------- trunk/Frameworks/Keychain/CDSA/CSSMUtils.h trunk/Frameworks/Keychain/CDSA/CSSMUtils.m Added Paths: ----------- trunk/Frameworks/Keychain/Resources/English.lproj/Authorization Tag Constants.strings trunk/Frameworks/Keychain/Resources/English.lproj/Authorization Tag Names.strings Modified: trunk/Frameworks/Keychain/CDSA/CSSMUtils.h =================================================================== --- trunk/Frameworks/Keychain/CDSA/CSSMUtils.h 2007-10-13 22:18:08 UTC (rev 377) +++ trunk/Frameworks/Keychain/CDSA/CSSMUtils.h 2007-10-13 22:19:28 UTC (rev 378) @@ -320,6 +320,38 @@ NSString* descriptionOfKeyUsage(CSSM_KEYUSE use); +/*! @function descriptionOfAuthorizations + @abstract Returns a description (using human-readable names) of all the authorizations in the given array. + @discussion The description is a human-readable list of comma-separated names for each authorization constant (aside from the last delimiter, which is an ampersand instead). For example, the array {CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_ENCRYPT, CSSM_ACL_AUTHORIZATION_DECRYPT} would yield (localised) "Signing, Encryption & Decryption". + @param authorizations An NSArray containing zero or more NSNumbers, each containing an CSSM_ACL_AUTHORIZATION_TAG as its integer value. + @result Returns a descriptive string (which may be empty if the given array is empty), or nil if an error occurs. */ + +NSString* descriptionOfAuthorizations(NSArray *authorizations); + +/*! @function descriptionOfAuthorizations + @abstract Returns a description (using constants) of all the authorizations in the given array. + @discussion The description is a list of comma-separated constants for each authorization constant (aside from the last delimiter, which is an ampersand instead). For example, the array {CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_ENCRYPT, CSSM_ACL_AUTHORIZATION_DECRYPT} would yield (localised) "CSSM_ACL_AUTHORIZATION_SIGN, CSSM_ACL_AUTHORIZATION_ENCRYPT & CSSM_ACL_AUTHORIZATION_DECRYPT". + @param authorizations An NSArray containing zero or more NSNumbers, each containing an CSSM_ACL_AUTHORIZATION_TAG as its integer value. + @result Returns a descriptive string (which may be empty if the given array is empty), or nil if an error occurs. */ + +NSString* descriptionOfAuthorizationsUsingConstants(NSArray *authorizations); + +/*! @function nameOfAuthorization + @abstract Returns the human-readable name of a given authorization. + @discussion The names returned are simple, short & human-readable. e.g. the authorization CSSM_ACL_AUTHORIZATION_SIGN returns "Signing". The names may be localised. + @param authorization The authorization. + @result Returns the name of the given authorization, or (localised) "Unknown (X)" - where X is the authorization as an integer value - if an unknown authorization is provided. */ + +NSString* nameOfAuthorization(CSSM_ACL_AUTHORIZATION_TAG authorization); + +/*! @function nameOfAuthorizationConstant + @abstract Returns the constant corresponding to the given authorization. + @discussion The constants are defined in cssmtype.h, in Apple's Security framework. + @param authorization The authorization. + @result Returns the constant corresponding to the given authorization, or (localised) "Unknown (X)" - where X is the authorization as an integer value - if an unknown authorization is provided. */ + +NSString* nameOfAuthorizationConstant(CSSM_ACL_AUTHORIZATION_TAG authorization); + /*! @function subjectPublicKeyAsString @abstract Returns a given public key in a [relatively] human-readable form. @discussion The result states the algorithm used with the public key, and the raw data of the public key itself. It is human-readable in so far as the key data is rendered in hex form, but since the keys are typically very long, it is rarely of much use to a normal end-user. Useful for debugging to manually compare two public keys. Modified: trunk/Frameworks/Keychain/CDSA/CSSMUtils.m =================================================================== --- trunk/Frameworks/Keychain/CDSA/CSSMUtils.m 2007-10-13 22:18:08 UTC (rev 377) +++ trunk/Frameworks/Keychain/CDSA/CSSMUtils.m 2007-10-13 22:19:28 UTC (rev 378) @@ -659,6 +659,58 @@ return localizedNameOfBitMapValue(use, @"Key Usage Names", nil, nil, @", ", @"Unknown (0x%08x)"); } +NSString* descriptionOfAuthorizations(NSArray *authorizations) { + NSMutableString *result = [NSMutableString string]; + unsigned int authorizationsCount = [authorizations count]; + unsigned int i; + + if (0 < authorizationsCount) { + [result appendString:nameOfAuthorization((CSSM_ACL_AUTHORIZATION_TAG)[[authorizations objectAtIndex:0] intValue])]; + + if (1 < authorizationsCount) { + for (i = 1; i < (authorizationsCount - 1); ++i) { + [result appendString:@", "]; + [result appendString:nameOfAuthorization((CSSM_ACL_AUTHORIZATION_TAG)[[authorizations objectAtIndex:i] intValue])]; + } + + [result appendString:@" & "]; + [result appendString:nameOfAuthorization((CSSM_ACL_AUTHORIZATION_TAG)[[authorizations objectAtIndex:(authorizationsCount - 1)] intValue])]; + } + } + + return result; +} + +NSString* descriptionOfAuthorizationsUsingConstants(NSArray *authorizations) { + NSMutableString *result = [NSMutableString string]; + unsigned int authorizationsCount = [authorizations count]; + unsigned int i; + + if (0 < authorizationsCount) { + [result appendString:nameOfAuthorizationConstant((CSSM_ACL_AUTHORIZATION_TAG)[[authorizations objectAtIndex:0] intValue])]; + + if (1 < authorizationsCount) { + for (i = 1; i < (authorizationsCount - 1); ++i) { + [result appendString:@", "]; + [result appendString:nameOfAuthorizationConstant((CSSM_ACL_AUTHORIZATION_TAG)[[authorizations objectAtIndex:i] intValue])]; + } + + [result appendString:@" & "]; + [result appendString:nameOfAuthorizationConstant((CSSM_ACL_AUTHORIZATION_TAG)[[authorizations objectAtIndex:(authorizationsCount - 1)] intValue])]; + } + } + + return result; +} + +NSString* nameOfAuthorization(CSSM_ACL_AUTHORIZATION_TAG authorization) { + return localizedStringWithFallback([NSString stringWithFormat:@"%d", (int)authorization], @"Authorization Tag Names"); +} + +NSString* nameOfAuthorizationConstant(CSSM_ACL_AUTHORIZATION_TAG authorization) { + return localizedStringWithFallback([NSString stringWithFormat:@"%d", (int)authorization], @"Authorization Tag Constants"); +} + NSString* nameOfAlgorithmMode(CSSM_ENCRYPT_MODE mode) { return localizedStringWithFallback([NSString stringWithFormat:@"%u", mode], @"Algorithm Mode Names"); } Added: trunk/Frameworks/Keychain/Resources/English.lproj/Authorization Tag Constants.strings =================================================================== --- trunk/Frameworks/Keychain/Resources/English.lproj/Authorization Tag Constants.strings (rev 0) +++ trunk/Frameworks/Keychain/Resources/English.lproj/Authorization Tag Constants.strings 2007-10-13 22:19:28 UTC (rev 378) @@ -0,0 +1,29 @@ +/* Authorization Tag Constants. */ + +/* The key is the value as defined in cssmtype.h in Apple's Security framework. Last updated for 10.4.10. */ +/* The value is the constant corresponding to the code. */ + + +1 = "CSSM_ACL_AUTHORIZATION_ANY"; + +/* Defined authorization tag values for CSPs */ +57 = "CSSM_ACL_AUTHORIZATION_LOGIN"; +41 = "CSSM_ACL_AUTHORIZATION_GENKEY"; +25 = "CSSM_ACL_AUTHORIZATION_DELETE"; +38 = "CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED"; +37 = "CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR"; +48 = "CSSM_ACL_AUTHORIZATION_IMPORT_WRAPPED"; +47 = "CSSM_ACL_AUTHORIZATION_IMPORT_CLEAR"; +115 = "CSSM_ACL_AUTHORIZATION_SIGN"; +35 = "CSSM_ACL_AUTHORIZATION_ENCRYPT"; +24 = "CSSM_ACL_AUTHORIZATION_DECRYPT"; +59 = "CSSM_ACL_AUTHORIZATION_MAC"; +28 = "CSSM_ACL_AUTHORIZATION_DERIVE"; + +/* Defined authorization tag values for DLs */ +22 = "CSSM_ACL_AUTHORIZATION_DBS_CREATE"; +23 = "CSSM_ACL_AUTHORIZATION_DBS_DELETE"; +21 = "CSSM_ACL_AUTHORIZATION_DB_READ"; +19 = "CSSM_ACL_AUTHORIZATION_DB_INSERT"; +20 = "CSSM_ACL_AUTHORIZATION_DB_MODIFY"; +17 = "CSSM_ACL_AUTHORIZATION_DB_DELETE"; Added: trunk/Frameworks/Keychain/Resources/English.lproj/Authorization Tag Names.strings =================================================================== --- trunk/Frameworks/Keychain/Resources/English.lproj/Authorization Tag Names.strings (rev 0) +++ trunk/Frameworks/Keychain/Resources/English.lproj/Authorization Tag Names.strings 2007-10-13 22:19:28 UTC (rev 378) @@ -0,0 +1,29 @@ +/* Authorization Tag Names. */ + +/* The key is the value as defined in cssmtype.h in Apple's Security framework. Last updated for 10.4.10. */ +/* The value is the human-readable name of the code. This may be localised. */ + + +1 = "Anything"; + +/* Defined authorization tag values for CSPs */ +57 = "Login"; +41 = "Key generation"; +25 = "Deletion"; +38 = "Exporting wrapped"; +37 = "Exporting clear"; +48 = "Importing wrapped"; +47 = "Importing clear"; +115 = "Signing"; +35 = "Encryption"; +24 = "Decryption"; +59 = "MACing"; +28 = "Key derivation"; + +/* Defined authorization tag values for DLs */ +22 = "Database creation"; +23 = "Database deletion"; +21 = "Database entry reading"; +19 = "Database entry insertion"; +20 = "Database entry modification"; +17 = "Database entry deletion"; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-13 22:18:05
|
Revision: 377 http://keychain.svn.sourceforge.net/keychain/?rev=377&view=rev Author: wadetregaskis Date: 2007-10-13 15:18:08 -0700 (Sat, 13 Oct 2007) Log Message: ----------- * -[KeychainItem access] no longer logs when the operation fails because the receiver has no access associated with it (this is not a failure case). Modified Paths: -------------- trunk/Frameworks/Keychain/Keychain/KeychainItem.m Modified: trunk/Frameworks/Keychain/Keychain/KeychainItem.m =================================================================== --- trunk/Frameworks/Keychain/Keychain/KeychainItem.m 2007-10-13 22:17:06 UTC (rev 376) +++ trunk/Frameworks/Keychain/Keychain/KeychainItem.m 2007-10-13 22:18:08 UTC (rev 377) @@ -1004,9 +1004,11 @@ CFRelease(result); } } else { - PSYSLOGND(LOG_ERR, @"Unable to get KeychainItem's access - error %@.\n", OSStatusAsString(_error)); - PDEBUG(@"SecKeychainItemCopyAccess(%p, %p) returned error %@.\n", _keychainItem, &result, OSStatusAsString(_error)); - } + if (errSecNoAccessForItem != _error) { + PSYSLOGND(LOG_ERR, @"Unable to get KeychainItem's access - error %@.\n", OSStatusAsString(_error)); + PDEBUG(@"SecKeychainItemCopyAccess(%p, %p) returned error %@.\n", _keychainItem, &result, OSStatusAsString(_error)); + } + } return res; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-13 22:17:02
|
Revision: 376 http://keychain.svn.sourceforge.net/keychain/?rev=376&view=rev Author: wadetregaskis Date: 2007-10-13 15:17:06 -0700 (Sat, 13 Oct 2007) Log Message: ----------- * Added -[AccessControlList setAuthorizations:] and -[AccessControlList authorizations]. * Fixed -[AccessControlList setAuthorizesAction:to:] and -[AccessControlList authorizesAction:] so that they now call SecACLGetAuthorizations correctly, thus they now both a) don't crash and b) work. Modified Paths: -------------- trunk/Frameworks/Keychain/Keychain/AccessControlList.h trunk/Frameworks/Keychain/Keychain/AccessControlList.m Modified: trunk/Frameworks/Keychain/Keychain/AccessControlList.h =================================================================== --- trunk/Frameworks/Keychain/Keychain/AccessControlList.h 2007-10-13 22:15:30 UTC (rev 375) +++ trunk/Frameworks/Keychain/Keychain/AccessControlList.h 2007-10-13 22:17:06 UTC (rev 376) @@ -134,6 +134,14 @@ - (BOOL)requiresPassphrase; +/*! @method setAuthorizations: + @abstract Sets the authorizations the receiver provides. + @discussion While there are many scenarios where you may want to use this (in particular, if you want to clear all authorisations), if you can you should use more specific methods (such as setAuthorizesAction:to:, or one of the many related convenience methods). This is simply to aid future proofing. + @param authorizations An array of zero or more NSNumbers, who's value is an CSSM_ACL_AUTHORIZATION_TAG. + @result Returns YES if the operation was successful, NO otherwise. You can retrieve an error code using lastError. */ + +- (BOOL)setAuthorizations:(NSArray*)authorizations; + /*! @method setAuthorizesAction:to @abstract Sets whether or not the receiver authorizes a particular action. @param action The action type. @@ -246,6 +254,13 @@ - (BOOL)setAuthorizesDerivingKeys:(BOOL)value; +/*! @method authorizations + @abstract Returns the authorizations the receiver provides. + @discussion While there are legitimate scenarios where you would need this method (e.g. you want to get an exhaustive list of the authorisations, whatever they are), if you have a more specific need that permits the use of authorizesAction: or any of its convenience methods, you should use those - simply to aid future proofing. + @result Returns an NSArray containing zero or more NSNumbers, where each NSNumber contains a CSSM_ACL_AUTHORIZATION_TAG as its integer value. Returns nil if an error occurs (you can retrieve the corresponding error code in this case using lastError). */ + +- (NSArray*)authorizations; + /*! @method authorizesAction: @abstract Returns whether or not the receiver provides authorization for a particular action. @param action The action in question. Modified: trunk/Frameworks/Keychain/Keychain/AccessControlList.m =================================================================== --- trunk/Frameworks/Keychain/Keychain/AccessControlList.m 2007-10-13 22:15:30 UTC (rev 375) +++ trunk/Frameworks/Keychain/Keychain/AccessControlList.m 2007-10-13 22:17:06 UTC (rev 376) @@ -395,55 +395,90 @@ } } +- (BOOL)setAuthorizations:(NSArray*)authorizations { + unsigned int authorizationsCount = [authorizations count]; + CSSM_ACL_AUTHORIZATION_TAG *auths = ((0 < authorizationsCount) ? malloc(sizeof(CSSM_ACL_AUTHORIZATION_TAG) * authorizationsCount) : NULL); + uint32_t i; + + for (i = 0; i < authorizationsCount; ++i) { + auths[i] = [[authorizations objectAtIndex:i] intValue]; + } + + error = SecACLSetAuthorizations(ACL, auths, authorizationsCount); + + if (NULL != auths) { + free(auths); + } + + if (noErr != error) { + PSYSLOGND(LOG_ERR, @"Unable to set new authorisations, error %@.", OSStatusAsString(error)); + PDEBUG(@"SecACLSetAuthorizations(%p, %p, %"PRIu32") returned error %@.", ACL, auths, authorizationsCount, OSStatusAsString(error)); + } + + return (noErr == error); +} + - (BOOL)setAuthorizesAction:(CSSM_ACL_AUTHORIZATION_TAG)action to:(BOOL)value { - UInt32 i, count, newCount = 0; - CSSM_ACL_AUTHORIZATION_TAG *current = NULL, *changed = NULL; + UInt32 i, capacity = 10, count, newCount = 0; + CSSM_ACL_AUTHORIZATION_TAG *currentAuths = NULL, *newAuths = NULL; BOOL alreadySet = NO; - error = SecACLGetAuthorizations(ACL, current, &count); + do { + capacity *= 2; + count = capacity; + currentAuths = reallocf(currentAuths, sizeof(CSSM_ACL_AUTHORIZATION_TAG) * count); + + error = SecACLGetAuthorizations(ACL, currentAuths, &count); + } while (errSecBufferTooSmall == error); if (noErr == error) { for (i = 0; i < count; ++i) { - if (current[i] == action) { + if (currentAuths[i] == action) { alreadySet = YES; break; } } if (value && !alreadySet) { - changed = malloc(sizeof(CSSM_ACL_AUTHORIZATION_TAG) * (count + 1)); + newAuths = malloc(sizeof(CSSM_ACL_AUTHORIZATION_TAG) * (count + 1)); - for (i = 0; i < count; ++i) { - changed[i] = current[i]; - } + memcpy(newAuths, currentAuths, sizeof(CSSM_ACL_AUTHORIZATION_TAG) * count); - changed[++i] = action; + newAuths[count] = action; newCount = count + 1; } else if (!value && alreadySet) { - changed = malloc(sizeof(CSSM_ACL_AUTHORIZATION_TAG) * (count - 1)); + newAuths = malloc(sizeof(CSSM_ACL_AUTHORIZATION_TAG) * (count - 1)); for (i = 0; i < count; ++i) { - if (current[i] != action) { - changed[newCount++] = current[i]; + if (currentAuths[i] != action) { + newAuths[newCount++] = currentAuths[i]; } } } else { - changed = current; + newAuths = currentAuths; newCount = count; } - error = SecACLSetAuthorizations(ACL, changed, newCount); + error = SecACLSetAuthorizations(ACL, newAuths, newCount); if (noErr != error) { PSYSLOGND(LOG_ERR, @"Unable to apply changed authorisations, error %@.", OSStatusAsString(error)); - PDEBUG(@"SecACLSetAuthorizations(%p, %p, %"PRIu32") returned error %@.", ACL, changed, newCount, OSStatusAsString(error)); + PDEBUG(@"SecACLSetAuthorizations(%p, %p, %"PRIu32") returned error %@.", ACL, newAuths, newCount, OSStatusAsString(error)); } + + if ((NULL != newAuths) && (newAuths != currentAuths)) { + free(newAuths); + } } else { PSYSLOGND(LOG_ERR, @"Unable to get existing authorisations [in order to modify them], error %@.", OSStatusAsString(error)); - PDEBUG(@"SecACLGetAuthorizations(%p, %p, %p) returned error %@.", ACL, current, &count, OSStatusAsString(error)); + PDEBUG(@"SecACLGetAuthorizations(%p, %p, %p [%u->%u]) returned error %@.", ACL, currentAuths, &count, capacity, count, OSStatusAsString(error)); } + if (NULL != currentAuths) { + free(currentAuths); + } + return (noErr == error); } @@ -499,24 +534,63 @@ return [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_DERIVE to:value]; } +- (NSArray*)authorizations { + UInt32 i, capacity = 10, count; + CSSM_ACL_AUTHORIZATION_TAG *auths = NULL; + NSMutableArray *result = nil; + + do { + capacity *= 2; + count = capacity; + auths = reallocf(auths, sizeof(CSSM_ACL_AUTHORIZATION_TAG) * count); + + error = SecACLGetAuthorizations(ACL, auths, &count); + } while (errSecBufferTooSmall == error); + + if (noErr == error) { + result = [NSMutableArray arrayWithCapacity:count]; + + for (i = 0; i < count; ++i) { + [result addObject:[NSNumber numberWithInt:auths[i]]]; + } + } else { + PSYSLOGND(LOG_ERR, @"Unable to get authorisations, error %@.", OSStatusAsString(error)); + PDEBUG(@"SecACLGetAuthorizations(%p, %p, %p [%u->%u]) returned error %@.", ACL, auths, &count, capacity, count, OSStatusAsString(error)); + } + + return result; +} + - (BOOL)authorizesAction:(CSSM_ACL_AUTHORIZATION_TAG)action { - UInt32 i, count; - CSSM_ACL_AUTHORIZATION_TAG *results = NULL; - - error = SecACLGetAuthorizations(ACL, results, &count); - + UInt32 i, capacity = 10, count; + CSSM_ACL_AUTHORIZATION_TAG *auths = NULL; + BOOL result = NO; + + do { + capacity *= 2; + count = capacity; + auths = reallocf(auths, sizeof(CSSM_ACL_AUTHORIZATION_TAG) * count); + + error = SecACLGetAuthorizations(ACL, auths, &count); + } while (errSecBufferTooSmall == error); + if (noErr == error) { for (i = 0; i < count; ++i) { - if (results[i] == action) { - return YES; + if (auths[i] == action) { + result = YES; + break; } } } else { PSYSLOGND(LOG_ERR, @"Unable to get authorisations, error %@.", OSStatusAsString(error)); - PDEBUG(@"SecACLGetAuthorizations(%p, %p, %p) returned error %@.", ACL, results, &count, OSStatusAsString(error)); + PDEBUG(@"SecACLGetAuthorizations(%p, %p, %p [%u->%u]) returned error %@.", ACL, auths, &count, capacity, count, OSStatusAsString(error)); } - return NO; + if (NULL != auths) { + free(auths); + } + + return result; } - (BOOL)authorizesEverything { This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-13 22:15:26
|
Revision: 375 http://keychain.svn.sourceforge.net/keychain/?rev=375&view=rev Author: wadetregaskis Date: 2007-10-13 15:15:30 -0700 (Sat, 13 Oct 2007) Log Message: ----------- * Added -[TrustedApplication path]. Modified Paths: -------------- trunk/Frameworks/Keychain/Keychain/TrustedApplication.h trunk/Frameworks/Keychain/Keychain/TrustedApplication.m Modified: trunk/Frameworks/Keychain/Keychain/TrustedApplication.h =================================================================== --- trunk/Frameworks/Keychain/Keychain/TrustedApplication.h 2007-10-07 23:59:43 UTC (rev 374) +++ trunk/Frameworks/Keychain/Keychain/TrustedApplication.h 2007-10-13 22:15:30 UTC (rev 375) @@ -84,6 +84,12 @@ - (NSData*)data; +/*! @method path + @abstract Returns the path of the receiver on disk. + @result Returns the path of the receiver on disk. */ + +- (NSString*)path; + /*! @method lastError @abstract Returns the last error that occured for the receiver. @discussion The set of error codes encompasses those returned by Sec* functions - refer to the Security framework documentation for a list. At present there are no other error codes defined for Access instances. Modified: trunk/Frameworks/Keychain/Keychain/TrustedApplication.m =================================================================== --- trunk/Frameworks/Keychain/Keychain/TrustedApplication.m 2007-10-07 23:59:43 UTC (rev 374) +++ trunk/Frameworks/Keychain/Keychain/TrustedApplication.m 2007-10-13 22:15:30 UTC (rev 375) @@ -13,7 +13,9 @@ #import "TrustedApplication.h" +#import <Keychain/UtilitySupport.h> + @implementation TrustedApplication + (TrustedApplication*)trustedApplicationWithPath:(NSString*)path { @@ -83,6 +85,10 @@ } } +- (NSString*)path { + return NSStringFromNSData([self data]); +} + - (int)lastError { return error; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-07 23:59:39
|
Revision: 374 http://keychain.svn.sourceforge.net/keychain/?rev=374&view=rev Author: wadetregaskis Date: 2007-10-07 16:59:43 -0700 (Sun, 07 Oct 2007) Log Message: ----------- * Added various things to svn:ignore (e.g. 'build', *.pbxuser in the project folder, etc). Property Changed: ---------------- trunk/Frameworks/Keychain/ trunk/Frameworks/Keychain/Documentation/ trunk/Frameworks/Keychain/Keychain.xcodeproj/ Property changes on: trunk/Frameworks/Keychain ___________________________________________________________________ Name: svn:ignore + build Property changes on: trunk/Frameworks/Keychain/Documentation ___________________________________________________________________ Name: svn:ignore + Private Public Property changes on: trunk/Frameworks/Keychain/Keychain.xcodeproj ___________________________________________________________________ Name: svn:ignore + *.pbxuser *.mode* This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-07 23:50:20
|
Revision: 373 http://keychain.svn.sourceforge.net/keychain/?rev=373&view=rev Author: wadetregaskis Date: 2007-10-07 16:50:24 -0700 (Sun, 07 Oct 2007) Log Message: ----------- * Rearranged all the source files both in the project file and on disk, so that things are a wee bit more organised now. This probably won't be the exact, final arrangement, but now that we're in SVN we have the option of moving things as necessary. (Yay!) * Had to tweak various things, particularly regarding #import, so that it would work with the new layout. Now I remember why I used the flat layout to begin within. * Updated the documentation generation to generate the public docs off the release headers. Modified Paths: -------------- trunk/Frameworks/Keychain/CDSA/CSSMACLEntry.m trunk/Frameworks/Keychain/CDSA/CSSMManagedModule.m trunk/Frameworks/Keychain/CDSA/CSSMModule.m trunk/Frameworks/Keychain/CDSA/CSSMOpenDataStore.m trunk/Frameworks/Keychain/CDSA/MDS.m trunk/Frameworks/Keychain/Cryptography/Streams/ChainedOutputStream.m trunk/Frameworks/Keychain/Cryptography/Streams/DigestOutputStream.m trunk/Frameworks/Keychain/FrameworkDebug.xcconfig trunk/Frameworks/Keychain/FrameworkRelease.xcconfig trunk/Frameworks/Keychain/Keychain.xcodeproj/project.pbxproj Added Paths: ----------- trunk/Frameworks/Keychain/CDSA/CSSMControl.h trunk/Frameworks/Keychain/CDSA/CSSMControl.m trunk/Frameworks/Keychain/CDSA/CSSMControlInternal.h trunk/Frameworks/Keychain/CDSA/CSSMDefaults.h trunk/Frameworks/Keychain/CDSA/CSSMDefaults.m trunk/Frameworks/Keychain/CDSA/CSSMInfo.h trunk/Frameworks/Keychain/CDSA/CSSMInfo.m trunk/Frameworks/Keychain/CDSA/CSSMTypes.h trunk/Frameworks/Keychain/CDSA/CSSMUtils.h trunk/Frameworks/Keychain/CDSA/CSSMUtils.m trunk/Frameworks/Keychain/Certificates/ trunk/Frameworks/Keychain/Certificates/ABPersonAdditions.h trunk/Frameworks/Keychain/Certificates/ABPersonAdditions.m trunk/Frameworks/Keychain/Certificates/Certificate.h trunk/Frameworks/Keychain/Certificates/Certificate.m trunk/Frameworks/Keychain/Certificates/CertificateBundle.h trunk/Frameworks/Keychain/Certificates/CertificateBundle.m trunk/Frameworks/Keychain/Certificates/CertificateExtensions.h trunk/Frameworks/Keychain/Certificates/CertificateExtensions.m trunk/Frameworks/Keychain/Certificates/CertificateGeneration.h trunk/Frameworks/Keychain/Certificates/CertificateGeneration.m trunk/Frameworks/Keychain/Certificates/Policy.h trunk/Frameworks/Keychain/Certificates/Policy.m trunk/Frameworks/Keychain/Certificates/Trust.h trunk/Frameworks/Keychain/Certificates/Trust.m trunk/Frameworks/Keychain/Cryptography/ trunk/Frameworks/Keychain/Cryptography/FileUtilities.h trunk/Frameworks/Keychain/Cryptography/FileUtilities.m trunk/Frameworks/Keychain/Cryptography/Key.h trunk/Frameworks/Keychain/Cryptography/Key.m trunk/Frameworks/Keychain/Cryptography/KeychainUtils.h trunk/Frameworks/Keychain/Cryptography/KeychainUtils.m trunk/Frameworks/Keychain/Cryptography/MutableKey.h trunk/Frameworks/Keychain/Cryptography/MutableKey.m trunk/Frameworks/Keychain/Cryptography/NSDataAdditions.h trunk/Frameworks/Keychain/Cryptography/NSDataAdditions.m trunk/Frameworks/Keychain/Cryptography/Streams/ trunk/Frameworks/Keychain/Documentation/ trunk/Frameworks/Keychain/Documentation/Generate Documentation.command trunk/Frameworks/Keychain/Documentation/Keychain.hdoc trunk/Frameworks/Keychain/Documentation/KeychainInternal.hdoc trunk/Frameworks/Keychain/Documentation/Publish Documentation.command trunk/Frameworks/Keychain/Hashcash/ trunk/Frameworks/Keychain/Hashcash/Hashcash.h trunk/Frameworks/Keychain/Hashcash/Hashcash.m trunk/Frameworks/Keychain/Keychain/ trunk/Frameworks/Keychain/Keychain/Access.h trunk/Frameworks/Keychain/Keychain/Access.m trunk/Frameworks/Keychain/Keychain/AccessControlList.h trunk/Frameworks/Keychain/Keychain/AccessControlList.m trunk/Frameworks/Keychain/Keychain/Identity.h trunk/Frameworks/Keychain/Keychain/Identity.m trunk/Frameworks/Keychain/Keychain/Keychain.h trunk/Frameworks/Keychain/Keychain/Keychain.m trunk/Frameworks/Keychain/Keychain/KeychainItem.h trunk/Frameworks/Keychain/Keychain/KeychainItem.m trunk/Frameworks/Keychain/Keychain/KeychainSearch.h trunk/Frameworks/Keychain/Keychain/KeychainSearch.m trunk/Frameworks/Keychain/Keychain/TrustedApplication.h trunk/Frameworks/Keychain/Keychain/TrustedApplication.m trunk/Frameworks/Keychain/Resources/ trunk/Frameworks/Keychain/Resources/English.lproj/ trunk/Frameworks/Keychain/Resources/Info-Keychain.plist trunk/Frameworks/Keychain/SKeyPlus/ trunk/Frameworks/Keychain/SKeyPlus/SKeyPlus.h trunk/Frameworks/Keychain/SKeyPlus/SKeyPlus.m trunk/Frameworks/Keychain/Utilities/ trunk/Frameworks/Keychain/Utilities/CompilerIndependence.h trunk/Frameworks/Keychain/Utilities/LocalisationUtils.h trunk/Frameworks/Keychain/Utilities/LocalisationUtils.m trunk/Frameworks/Keychain/Utilities/Logging.h trunk/Frameworks/Keychain/Utilities/Logging.m trunk/Frameworks/Keychain/Utilities/MultiThreading.h trunk/Frameworks/Keychain/Utilities/MultiThreading.m trunk/Frameworks/Keychain/Utilities/MultiThreadingInternal.h trunk/Frameworks/Keychain/Utilities/NSCachedObject.h trunk/Frameworks/Keychain/Utilities/NSCachedObject.m trunk/Frameworks/Keychain/Utilities/NSCalendarDateAdditions.h trunk/Frameworks/Keychain/Utilities/NSCalendarDateAdditions.m trunk/Frameworks/Keychain/Utilities/SecurityUtils.h trunk/Frameworks/Keychain/Utilities/SecurityUtils.m trunk/Frameworks/Keychain/Utilities/UtilitySupport.h trunk/Frameworks/Keychain/Utilities/UtilitySupport.m trunk/Frameworks/Keychain/X509/ trunk/Frameworks/Keychain/X509/x509.h trunk/Frameworks/Keychain/X509/x509.m Removed Paths: ------------- trunk/Frameworks/Keychain/ABPersonAdditions.h trunk/Frameworks/Keychain/ABPersonAdditions.m trunk/Frameworks/Keychain/Access.h trunk/Frameworks/Keychain/Access.m trunk/Frameworks/Keychain/AccessControlList.h trunk/Frameworks/Keychain/AccessControlList.m trunk/Frameworks/Keychain/CSSMControl.h trunk/Frameworks/Keychain/CSSMControl.m trunk/Frameworks/Keychain/CSSMControlInternal.h trunk/Frameworks/Keychain/CSSMDefaults.h trunk/Frameworks/Keychain/CSSMDefaults.m trunk/Frameworks/Keychain/CSSMInfo.h trunk/Frameworks/Keychain/CSSMInfo.m trunk/Frameworks/Keychain/CSSMTypes.h trunk/Frameworks/Keychain/CSSMUtils.h trunk/Frameworks/Keychain/CSSMUtils.m trunk/Frameworks/Keychain/Certificate.h trunk/Frameworks/Keychain/Certificate.m trunk/Frameworks/Keychain/CertificateBundle.h trunk/Frameworks/Keychain/CertificateBundle.m trunk/Frameworks/Keychain/CertificateExtensions.h trunk/Frameworks/Keychain/CertificateExtensions.m trunk/Frameworks/Keychain/CertificateGeneration.h trunk/Frameworks/Keychain/CertificateGeneration.m trunk/Frameworks/Keychain/CompilerIndependence.h trunk/Frameworks/Keychain/English.lproj/ trunk/Frameworks/Keychain/FileUtilities.h trunk/Frameworks/Keychain/FileUtilities.m trunk/Frameworks/Keychain/Generate Documentation.command trunk/Frameworks/Keychain/Hashcash.h trunk/Frameworks/Keychain/Hashcash.m trunk/Frameworks/Keychain/Identity.h trunk/Frameworks/Keychain/Identity.m trunk/Frameworks/Keychain/Info-Keychain.plist trunk/Frameworks/Keychain/Key.h trunk/Frameworks/Keychain/Key.m trunk/Frameworks/Keychain/Keychain.h trunk/Frameworks/Keychain/Keychain.hdoc trunk/Frameworks/Keychain/Keychain.m trunk/Frameworks/Keychain/KeychainInternal.hdoc trunk/Frameworks/Keychain/KeychainItem.h trunk/Frameworks/Keychain/KeychainItem.m trunk/Frameworks/Keychain/KeychainSearch.h trunk/Frameworks/Keychain/KeychainSearch.m trunk/Frameworks/Keychain/KeychainUtils.h trunk/Frameworks/Keychain/KeychainUtils.m trunk/Frameworks/Keychain/LocalisationUtils.h trunk/Frameworks/Keychain/LocalisationUtils.m trunk/Frameworks/Keychain/Logging.h trunk/Frameworks/Keychain/Logging.m trunk/Frameworks/Keychain/MultiThreading.h trunk/Frameworks/Keychain/MultiThreading.m trunk/Frameworks/Keychain/MultiThreadingInternal.h trunk/Frameworks/Keychain/MutableKey.h trunk/Frameworks/Keychain/MutableKey.m trunk/Frameworks/Keychain/NSCachedObject.h trunk/Frameworks/Keychain/NSCachedObject.m trunk/Frameworks/Keychain/NSCalendarDateAdditions.h trunk/Frameworks/Keychain/NSCalendarDateAdditions.m trunk/Frameworks/Keychain/NSDataAdditions.h trunk/Frameworks/Keychain/NSDataAdditions.m trunk/Frameworks/Keychain/NSDataAdditionsCanonicalOld.mm trunk/Frameworks/Keychain/Policy.h trunk/Frameworks/Keychain/Policy.m trunk/Frameworks/Keychain/Publish Documentation.command trunk/Frameworks/Keychain/SKeyPlus.h trunk/Frameworks/Keychain/SKeyPlus.m trunk/Frameworks/Keychain/SecurityUtils.h trunk/Frameworks/Keychain/SecurityUtils.m trunk/Frameworks/Keychain/Streams/ trunk/Frameworks/Keychain/Trust.h trunk/Frameworks/Keychain/Trust.m trunk/Frameworks/Keychain/TrustedApplication.h trunk/Frameworks/Keychain/TrustedApplication.m trunk/Frameworks/Keychain/UtilitySupport.h trunk/Frameworks/Keychain/UtilitySupport.m trunk/Frameworks/Keychain/x509.h trunk/Frameworks/Keychain/x509.m Deleted: trunk/Frameworks/Keychain/ABPersonAdditions.h =================================================================== --- trunk/Frameworks/Keychain/ABPersonAdditions.h 2007-10-07 21:22:42 UTC (rev 372) +++ trunk/Frameworks/Keychain/ABPersonAdditions.h 2007-10-07 23:50:24 UTC (rev 373) @@ -1,78 +0,0 @@ -// -// ABPersonAdditions.h -// Keychain -// -// Created by Wade Tregaskis on Fri Nov 14 2003. -// -// Copyright (c) 2003 - 2007, Wade Tregaskis. All rights reserved. -// Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: -// * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -// * Neither the name of Wade Tregaskis nor the names of any other contributors may be used to endorse or promote products derived from this software without specific prior written permission. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -#import <Foundation/Foundation.h> -#import <AddressBook/AddressBook.h> -#import <Keychain/Certificate.h> - - -extern NSString* const kABCertificateProperty; // Certificate(s) (multi-data) - depreciated -extern NSString* const kABCertificateRefProperty; // Certificate ref(s) (multi-date) - extern NSString* const kABCertificateWorkLabel; // Home certificate - extern NSString* const kABCertificateHomeLabel; // Work certificate - extern NSString* const kABCertificatePortableLabel; // Portable certificate - - -/*! @category ABPerson (KeychainFramework) - @abstract Extensions to the ABPerson class from the AddressBook framework, for dealing with certificates associated with address book entries. - @discussion This category extends the ABPerson class so that ABPersons may have certificates associated with them. The current implementation is potentially obsolete, however, and it is recommended you avoid using this API for the moment if you can. If you wish to see it updated and validated, please submit a support request or bug report at http://sourceforge.net/projects/keychain/. */ - -// XXX: I seem to remember being told by the Security guys that this was a bad way to do things... I think the official way of associating certificates with AddressBook entries is simply by name or somesuch... need to find out for sure, and update this. - -@interface ABPerson (KeychainFramework) - -/*! @method primaryCertificates - @abstract Returns the certificate(s) designated as primary for the receiver. - @discussion See the Address Book documentation for information regarding primary and non-primary attributes. - - This method works in two steps. In the first, it tries to locate certificates in the current user's default keychain(s) based on public key references stored in the Address Book (in the receiver). It then falls back to looking for any certificates actually embedded into the Address Book, for the receiver. This latter step is only for backwards compatibility and should not be used nor relied on. See the documentation for addRawCertificate:label:primary: for more information. - - If no primary is designated, or an error occurs, nil is returned. If there is only one entry, it is returned as the presumed primary. - @result Nil if nothing found or an error occurs, otherwise an array of one or more certificates relating to the receiver. */ - -- (NSArray*)primaryCertificates; - -/*! @method certificates - @abstract Returns all the certificate(s) for the receiver. - @discussion This method works in two steps. In the first, it tries to locate certificates in the current user's default keychain(s) based on public key references stored in the Address Book (in the receiver). It then falls back to looking for any certificates actually embedded into the Address Book, for the receiver. This latter step is only for backwards compatibility and should not be used nor relied on. See the documentation for addRawCertificate:label:primary: for more information. - @result Nil if nothing found or an error occurs, otherwise an array of one or more certificates relating to the receiver. */ - -- (NSArray*)certificates; - -/*! @method addRawCertificate: - @abstract Adds a certificate to the receiver by embedding it in the Address Book. - @discussion This method actually adds the given certificate into the Address Book, as raw data. It can thus be reliably retrieved at any point in time, as there are no further dependencies. However, this has the disadvantage that it fills the Address Book with large amounts of data, which is both unprotected and inaccessible to other security programs, whom may not use the Address Book. Thus, use of this method is depreciated - use the addCertificate:label:primary: method instead. - @param certificate The certificate to add (embed). - @param label The label to give to the entry. - @param primary YES if the given certificate should be made the primary, NO otherwise. - @result YES if the add was successful, NO otherwise. */ - -- (BOOL)addRawCertificate:(Certificate*)certificate label:(NSString*)label primary:(BOOL)primary; - -/*! @method addCertificate: - @abstract Adds a certificate (by reference) the receiver. - @discussion This method actually adds a reference to the public key in the given certificate, to the ultimate effect that the given certificate may be retrieved at some later date by matching the public key hashes. - - In end user terms, all you need do is call this method for each certificate you wish to add, and then make sure the certificate is available somewhere appropriate - e.g. in one of the current user's keychains. The primaryCertificates and certificates methods will then deal with the details with regards to locating these again. - - Note that because a reference to the public key is kept, not the particular certificate in itself, after adding just one certificate with a given public key, all certificates for that public key will then be returned by the relevant methods. This is considered a feature by design, since it makes sense on a practical level. If you have any concerns with this, submit a bug or feature request, detailing what you find improper about this behaviour. - - Also note that there is no problem with adding multiple certificates for the same public key. Only one reference to that particular public key will be added, as you would expect, and all adds will be successful. - @param certificate The certificate to add (by reference). - @param label The label to give to the given certificate. Note that this is actually the label for the public key, in a sense. If a public key reference already exists, but under a different label, then a new duplicate entry will be added with the given label. This makes sense, since your "Friends" and "Family" certificates, for example, might be the same, while you still reserve a separate set for "Work". - @param primary YES if the given certificate should be made the primary for the receiver, NO otherwise. - @result YES if the certificate was added successfully (or was effectively already there), NO otherwise. */ - -- (BOOL)addCertificate:(Certificate*)certificate label:(NSString*)label primary:(BOOL)primary; - -@end Deleted: trunk/Frameworks/Keychain/ABPersonAdditions.m =================================================================== --- trunk/Frameworks/Keychain/ABPersonAdditions.m 2007-10-07 21:22:42 UTC (rev 372) +++ trunk/Frameworks/Keychain/ABPersonAdditions.m 2007-10-07 23:50:24 UTC (rev 373) @@ -1,229 +0,0 @@ -// -// ABPersonAdditions.m -// Keychain -// -// Created by Wade Tregaskis on Fri Nov 14 2003. -// -// Copyright (c) 2003 - 2007, Wade Tregaskis. All rights reserved. -// Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: -// * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -// * Neither the name of Wade Tregaskis nor the names of any other contributors may be used to endorse or promote products derived from this software without specific prior written permission. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -#import "ABPersonAdditions.h" - -#import <Keychain/NSDataAdditions.h> -#import <Keychain/KeychainSearch.h> - - -/*! @const kABCertificateProperty - @discussion An address book type identifying a property as being a certificate of some sort. The certificate is included as the data, in raw form. */ - -NSString * const kABCertificateProperty = @"kABCertificateProperty"; - -/*! @const kABCertificateRefProperty - @discussion An address book type identifying a property as being a certificate reference of some sort. This reference is usually in the form of some sort of hash of the original certificate, by which the original can be located in some other database (e.g. a keychain). */ - -NSString * const kABCertificateRefProperty = @"kABCertificateRefProperty"; - -/*! @const kABCertificatePortableLabel - @discussion An address book label given to certificates which are specified as being portable and context insensitive. */ - -NSString * const kABCertificatePortableLabel = @"portable"; - -/*! @const kABCertificateWorkLabel - @discussion An address book label given to certificates which are specified as work related. */ - -#define kABCertificateWorkLabel kABWorkLabel - -/*! @const kABCertificateHomeLabel - @discussion An address book label given to certificates which are specified as personal or home related. */ - -#define kABCertificateHomeLabel kABHomeLabel - - -@implementation ABPerson (KeychainFramework) - -Certificate* certFromAlmostRawData(NSData *rawData) { - int type, encoding; - - if (rawData) { - memcpy(&type, [rawData bytes], sizeof(int)); - memcpy(&encoding, [rawData bytes] + sizeof(int), sizeof(int)); - - return [Certificate certificateWithData:[rawData subdataWithRange:NSMakeRange(2 * sizeof(int), [rawData length] - (2 * sizeof(int)))] type:type encoding:encoding]; - } else { - return nil; - } -} - -- (NSArray*)primaryCertificates { - id certList; - int primaryCert; - - certList = [self valueForProperty:kABCertificateRefProperty]; - - if (certList) { - if ([certList isKindOfClass:[ABMultiValue class]]) { - primaryCert = [certList indexForIdentifier:[certList primaryIdentifier]]; - - if (primaryCert != NSNotFound) { - return FindCertificatesMatchingPublicKeyHash([certList valueAtIndex:primaryCert]); - } - } else if ([certList isKindOfClass:[NSData class]]) { - return FindCertificatesMatchingPublicKeyHash(certList); - } - } else { - certList = [self valueForProperty:kABCertificateProperty]; - - if (certList) { - if ([certList isKindOfClass:[ABMultiValue class]]) { - primaryCert = [certList indexForIdentifier:[certList primaryIdentifier]]; - - if (primaryCert != NSNotFound) { - return [NSArray arrayWithObject:certFromAlmostRawData([certList valueAtIndex:primaryCert])]; - } - } else if ([certList isKindOfClass:[NSData class]]) { - return [NSArray arrayWithObject:certFromAlmostRawData(certList)]; - } - } - } - - return nil; -} - -- (NSArray*)certificates { - NSMutableArray *certs = [NSMutableArray arrayWithCapacity:5]; - id certList, theCert; - int i; - - certList = [self valueForProperty:kABCertificateRefProperty]; - - if (certList) { - if ([certList isKindOfClass:[ABMultiValue class]]) { - for (i = [certList count] - 1; i >= 0; --i) { - theCert = [certList valueAtIndex:i]; - - if (theCert && [theCert isKindOfClass:[NSData class]]) { - theCert = FindCertificatesMatchingPublicKeyHash(theCert); - - if (theCert) { - [certs addObjectsFromArray:theCert]; - } - } - } - } else if ([certList isKindOfClass:[NSData class]]) { - theCert = FindCertificatesMatchingPublicKeyHash(certList); - - if (theCert) { - [certs addObjectsFromArray:theCert]; - } - } - } - - certList = [self valueForProperty:kABCertificateProperty]; - - if (certList) { - if ([certList isKindOfClass:[ABMultiValue class]]) { - for (i = [certList count] - 1; i >= 0; --i) { - theCert = [certList valueAtIndex:i]; - - if (theCert && [theCert isKindOfClass:[NSData class]]) { - theCert = certFromAlmostRawData(theCert); - - if (theCert) { - [certs addObject:theCert]; - } - } - } - } else if ([certList isKindOfClass:[NSData class]]) { - theCert = certFromAlmostRawData(certList); - - if (theCert) { - [certs addObject:theCert]; - } - } - } - - return certs; -} - -- (BOOL)addRawCertificate:(Certificate*)certificate label:(NSString*)label primary:(BOOL)primary { - id certList; - ABMutableMultiValue *valueList; - char *bytes; - int byteLength; - NSData *certData; - int i; - - certList = [self valueForProperty:kABCertificateProperty]; - - if (!certList) { - valueList = [[[ABMutableMultiValue alloc] init] autorelease]; - } else if ([certList isKindOfClass:[ABMutableMultiValue class]]) { - valueList = certList; - } else if ([certList isKindOfClass:[NSData class]]) { - valueList = [[[ABMutableMultiValue alloc] init] autorelease]; - - if (nil == [valueList addValue:certList withLabel:kABCertificatePortableLabel]) { - return NO; - } - } else { - return NO; - } - - certData = [certificate data]; - byteLength = [certData length] + (2 * sizeof(int)); - bytes = malloc(byteLength); - - i = [[certificate keychainItem] certificateType]; - memcpy(bytes, &i, sizeof(int)); - i = [[certificate keychainItem] certificateEncoding]; - memcpy(bytes + sizeof(int), &i, sizeof(int)); - - [certData getBytes:(bytes + (2 * sizeof(int)))]; - - if (nil == [valueList insertValue:[NSData dataWithBytesNoCopy:bytes length:byteLength freeWhenDone:YES] withLabel:label atIndex:0]) { - return NO; - } - - if (primary) { - [valueList setPrimaryIdentifier:0]; - } - - return [self setValue:valueList forProperty:kABCertificateProperty]; -} - -- (BOOL)addCertificate:(Certificate*)certificate label:(NSString*)label primary:(BOOL)primary { - id certList; - ABMutableMultiValue *valueList; - - certList = [self valueForProperty:kABCertificateRefProperty]; - - if (!certList) { - valueList = [[[ABMutableMultiValue alloc] init] autorelease]; - } else if ([certList isKindOfClass:[ABMutableMultiValue class]]) { - valueList = certList; - } else if ([certList isKindOfClass:[NSData class]]) { - valueList = [[[ABMutableMultiValue alloc] init] autorelease]; - - if (nil == [valueList addValue:certList withLabel:kABCertificatePortableLabel]) { - return NO; - } - } else { - return NO; - } - - if (nil == [valueList insertValue:[[certificate publicKey] keyHash] withLabel:label atIndex:0]) { - return NO; - } - - if (primary) { - [valueList setPrimaryIdentifier:0]; - } - - return [self setValue:valueList forProperty:kABCertificateRefProperty]; -} - -@end Deleted: trunk/Frameworks/Keychain/Access.h =================================================================== --- trunk/Frameworks/Keychain/Access.h 2007-10-07 21:22:42 UTC (rev 372) +++ trunk/Frameworks/Keychain/Access.h 2007-10-07 23:50:24 UTC (rev 373) @@ -1,200 +0,0 @@ -// -// Access.h -// Keychain -// -// Created by Wade Tregaskis on Fri Jan 24 2003. -// -// Copyright (c) 2003 - 2007, Wade Tregaskis. All rights reserved. -// Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: -// * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -// * Neither the name of Wade Tregaskis nor the names of any other contributors may be used to endorse or promote products derived from this software without specific prior written permission. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -#import <Keychain/NSCachedObject.h> -#import <Foundation/Foundation.h> -#import <Security/Security.h> -#import <Keychain/AccessControlList.h> - - -/*! @class Access - @abstract Groups a number of AccessControlList instances under a common name and usage. - @discussion An Access instance groups together a number of AccessControlList instances, which can then be applied together to control access to resources. Generally, it represents the collective access controls to an object. The Access itself has no knowledge of what object(s) it applies to; it is merely the mechanism, not policy. -*/ - -@interface Access : NSCachedObject { - SecAccessRef access; - int error; -} - -// Q) Why isn't there a mechanism to retrieve the name after creation? -// A) That would be too easy. - -/*! @method accessWithName: - @abstract Creates and returns an empty Access with the name provided. - @param name The name of the new Access instance. - @result Returns the new instance, or nil if an error occurs. */ - -+ (Access*)accessWithName:(NSString*)name; - -/*! @method accessWithName:applications: - @abstract Creates and returns an empty Access with the name & applications provided. - @param name The name of the new Access instance. - @param apps The applications for the new Access instance. - @result Returns the new instance, or nil if an error occurs. */ - -+ (Access*)accessWithName:(NSString*)name applications:(NSArray*)apps; - -/*! @method accessWithAccessRef: - @abstract Creates and returns an Access instance derived from a SecAccessRef. - @discussion Creates and returns an Access instance derived [and linked to] the SecAccessRef provided. Changes to the SecAccessRef will reflect in the returned instance, and vice versa. Note that instances created from SecAccessRef's are cached, meaning successive calls to this method with the same SecAccessRef will return the same unique instance. - @param acc The SecAccessRef from which to derive the Access instance. - @result Returns the existing instance for this SecAccessRef, if one exists, or creates and returns a new instance if not. Returns nil if an error occurs. */ - -+ (Access*)accessWithAccessRef:(SecAccessRef)acc; - -/*! @method initWithName:applications: - @abstract Initialises an Access instance with the name & applications provided. - @discussion Unlike the initWithAccessRef method, this does not cache each copy created. This means you can have multiple instances with the same name, and you can't get a reference to any unique instance by name using this method, as you may be tempted to try doing. If an error occurs, nil is returned. - @param name The name to be given to the Access instance. - @param apps The list of zero or more SecTrustedApplicationRef or TrustedApplication's to add to the new Access. If this is nil the current application is added by default. - @result Returns the receiver if successful, otherwise the receiver is released and nil is returned. */ - -- (Access*)initWithName:(NSString*)name applications:(NSArray*)apps; - -/*! @method initWithAccessRef: - @abstract Initialises an Access instance around the SecAccessRef provided - @discussion This initializer keeps a cache of each unique instance it creates, so that initializing several objects using the same SecAccessRef will return the same unique instance. Thus, it may not return itself. If an error occurs, nil is returned. - @param acc The SecAccessRef with which to initialize the Access instance. The receiver retains a copy of this reference. - @result If an Access instance already exists for this SecAccessRef, then it is returned instead of the receiver. If no existing instance exists, the receiver is initialized with the SecAccessRef and returned. If an error occurs, the receiver is released and nil is returned. */ - -- (Access*)initWithAccessRef:(SecAccessRef)acc; - -/*! @method init - @abstract Initialises an empty Access instance for the current application. - @discussion Returns an empty Access instance with only the current application in it's trusted list. The new instance is by default named "Unnamed". - @result Returns the receiver is successful, otherwise the receiver is released and nil is return. */ - -- (Access*)init; - -/*! @method accessControlLists - @abstract Returns the AccessControlList's which are a part of the receiver. - @result An NSArray containing all the AccessControlList's which are part of the receiver. */ - -- (NSArray*)accessControlLists; - -/*! @method accessControlListsForAction: - @abstract Returns all AccessControlList's which authorize the action specified. - @param action The action type. - @result Returns an NSArray containing one or more AccessControlList's. May return nil or an empty NSArray if no matches are found. */ - -- (NSArray*)accessControlListsForAction:(CSSM_ACL_AUTHORIZATION_TAG)action; - -/*! @method accessControlListsForEverything - @abstract Returns all AccessControlList's which authorize Everything. - @discussion This is merely a convenience method which itself calls accessControlListsForAction. This is not the same as the accessControlLists method. There exists a specific 'Everything' action, which is separate from and not a set of all other actions. So an AccessControlList may authorize any action, but that does not mean to say it authorizes 'Everything'. - @result As for accessControlListsForAction. */ - -- (NSArray*)accessControlListsForEverything; - -/*! @method accessControlListsForLogin - @abstract Returns all AccessControlList's which authorize a login operation or usage. - @discussion This is merely a convenience method which itself calls accessControlListsForAction. - @result As for accessControlListsForAction. */ - -- (NSArray*)accessControlListsForLogin; - -/*! @method accessControlListsForGeneratingKeys - @abstract Returns all AccessControlList's which authorize key generation. - @discussion This is merely a convenience method which itself calls accessControlListsForAction. - @result As for accessControlListsForAction. */ - -- (NSArray*)accessControlListsForGeneratingKeys; - -/*! @method accessControlListsForDeletion - @abstract Returns all AccessControlList's which authorize deletion and removal operations. - @discussion This is merely a convenience method which itself calls accessControlListsForAction. - @result As for accessControlListsForAction. */ - -- (NSArray*)accessControlListsForDeletion; - -/*! @method accessControlListsForExportingWrapped - @abstract Returns all AccessControlList's which authorize exporting keys in wrapped form. - @discussion This is merely a convenience method which itself calls accessControlListsForAction. Note that this authorization covers wrapping a key with another key. Exporting in the clear, also known as null wrapping, requires a separate authorization - @result As for accessControlListsForAction. */ - -- (NSArray*)accessControlListsForExportingWrapped; - -/*! @method accessControlListsForExportingClear - @abstract Returns all AccessControlList's which authorize exporting keys in clear form (null wrapped). - @discussion This is merely a convenience method which itself calls accessControlListsForAction. Note that this authorization does not cover or grant the ability to wrap keys with other keys. - @result As for accessControlListsForAction. */ - -- (NSArray*)accessControlListsForExportingClear; - -/*! @method accessControlListsForImportingWrapped - @abstract Returns all AccessControlList's which authorize importing wrapped keys. - @discussion This is merely a convenience method which itself calls accessControlListsForAction. Note that this authorization covers importing keys wrapped with other keys. Importing clear (null wrapped) keys requires a separate authorization - @result As for accessControlListsForAction. */ - -- (NSArray*)accessControlListsForImportingWrapped; - -/*! @method accessControlListsForImportingClear - @abstract Returns all AccessControlList's which authorize importing clear keys (null wrapped). - @discussion This is merely a convenience method which itself calls accessControlListsForAction. Note that this authorization does not cover or grant the ability to import keys wrapped with other keys - @result As for accessControlListsForAction. */ - -- (NSArray*)accessControlListsForImportingClear; - -/*! @method accessControlListsForSigning - @abstract Returns all AccessControlList's which authorize signing and verifying operations. - @discussion This is merely a convenience method which itself calls accessControlListsForAction. - @result As for accessControlListsForAction. */ - -- (NSArray*)accessControlListsForSigning; - -/*! @method accessControlListsForEncrypting - @abstract Returns all AccessControlList's which authorize encryption operations. - @discussion This is merely a convenience method which itself calls accessControlListsForAction. - @result As for accessControlListsForAction. */ - -- (NSArray*)accessControlListsForEncrypting; - -/*! @method accessControlListsForDecrypting - @abstract Returns all AccessControlList's which authorize decryption operations. - @discussion This is merely a convenience method which itself calls accessControlListsForAction. - @result As for accessControlListsForAction. */ - -- (NSArray*)accessControlListsForDecrypting; - -/*! @method accessControlListsForMACGeneration - @abstract Returns all AccessControlList's which authorize MAC generation and verification. - @discussion This is merely a convenience method which itself calls accessControlListsForAction. - @result As for accessControlListsForAction. */ - -- (NSArray*)accessControlListsForMACGeneration; - -/*! @method accessControlListsForDerivingKeys - @abstract Returns all AccessControlList's which authorize key derivation. - @discussion This is merely a convenience method which itself calls accessControlListsForAction. - @result As for accessControlListsForAction. */ - -- (NSArray*)accessControlListsForDerivingKeys; - -/*! @method lastError - @abstract Returns the last error that occured for the receiver. - @discussion The set of error codes encompasses those returned by Sec* functions - refer to the Security framework documentation for a list. At present there are no other error codes defined for Access instances. - - Please note that this error code is local to the receiver only, and not any sort of shared global value. - @result The last error that occured, or zero if the last operation was successful. */ - -- (int)lastError; - -/*! @method accessRef - @abstract Returns the SecAccessRef the receiver is based on. - @discussion If the receiver was created from a SecAccessRef, it is this original reference that is returned. Otherwise, a SecAccessRef is created and returned. - @result The SecAccessRef for the receiver. You should retain this if you wish to use it beyond the lifetime of the receiver. */ - -- (SecAccessRef)accessRef; - -@end Deleted: trunk/Frameworks/Keychain/Access.m =================================================================== --- trunk/Frameworks/Keychain/Access.m 2007-10-07 21:22:42 UTC (rev 372) +++ trunk/Frameworks/Keychain/Access.m 2007-10-07 23:50:24 UTC (rev 373) @@ -1,208 +0,0 @@ -// -// Access.m -// Keychain -// -// Created by Wade Tregaskis on Fri Jan 24 2003. -// -// Copyright (c) 2003 - 2007, Wade Tregaskis. All rights reserved. -// Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: -// * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -// * Neither the name of Wade Tregaskis nor the names of any other contributors may be used to endorse or promote products derived from this software without specific prior written permission. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -#import "Access.h" - - -@implementation Access - -+ (Access*)accessWithName:(NSString*)name { - return [[[[self class] alloc] initWithName:name applications:nil] autorelease]; -} - -+ (Access*)accessWithName:(NSString*)name applications:(NSArray*)apps { - return [[[[self class] alloc] initWithName:name applications:apps] autorelease]; -} - -+ (Access*)accessWithAccessRef:(SecAccessRef)acc { - return [[[[self class] alloc] initWithAccessRef:acc] autorelease]; -} - -- (Access*)initWithName:(NSString*)name applications:(NSArray*)apps { - if (self = [super init]) { - CFMutableArrayRef convertedArray = NULL; - CFTypeID trustedApplicationType = SecTrustedApplicationGetTypeID(); - - if (apps) { - convertedArray = CFArrayCreateMutable(NULL, 0, NULL); - - if (convertedArray) { - NSEnumerator *enumerator = [apps objectEnumerator]; - id current; - - while (current = [enumerator nextObject]) { - if ([current isKindOfClass:[TrustedApplication class]]) { - CFArrayAppendValue(convertedArray, [current trustedApplicationRef]); - } else if (CFGetTypeID(current) == trustedApplicationType) { - CFArrayAppendValue(convertedArray, current); - } - } - } else { - return nil; - } - } - - error = SecAccessCreate((CFStringRef)name, convertedArray, &access); // Don't know whether name is permitted to be NULL, so make no assumptions - - if (convertedArray) { - CFRelease(convertedArray); - } - - return self; - } else { - [self release]; - - return nil; - } -} - -- (Access*)initWithAccessRef:(SecAccessRef)acc { - if (acc && (self = [super init])) { - Access *existingObject; - - existingObject = [[self class] instanceWithKey:(id)acc from:@selector(accessRef) simpleKey:NO]; - - if (existingObject) { - [self release]; - - return [existingObject retain]; - } else { - CFRetain(acc); - access = acc; - - return self; - } - } else { - [self release]; - - return nil; - } -} - -- (Access*)init { - return [self initWithName:@"Unnamed" applications:NULL]; -} - -- (NSArray*)accessControlLists { - CFArrayRef results; - NSMutableArray *finalResults = nil; - NSEnumerator *enumerator; - SecACLRef current; - - error = SecAccessCopyACLList(access, &results); - - if ((error == 0) && results) { - enumerator = [(NSArray*)results objectEnumerator]; - finalResults = [NSMutableArray arrayWithCapacity:CFArrayGetCount(results)]; - - while (current = (SecACLRef)[enumerator nextObject]) { - [finalResults addObject:[AccessControlList accessControlListWithACLRef:current]]; - } - - CFRelease(results); - } - - return finalResults; -} - -- (NSArray*)accessControlListsForAction:(CSSM_ACL_AUTHORIZATION_TAG)action { - CFArrayRef results; - NSMutableArray *finalResults = nil; - NSEnumerator *enumerator; - SecACLRef current; - - error = SecAccessCopySelectedACLList(access, action, &results); - - if ((error == 0) && results) { - enumerator = [(NSArray*)results objectEnumerator]; - finalResults = [NSMutableArray arrayWithCapacity:CFArrayGetCount(results)]; - - while (current = (SecACLRef)[enumerator nextObject]) { - [finalResults addObject:[AccessControlList accessControlListWithACLRef:current]]; - } - - CFRelease(results); - } - - return finalResults; -} - -- (NSArray*)accessControlListsForEverything { - return [self accessControlListsForAction:CSSM_ACL_AUTHORIZATION_ANY]; -} - -- (NSArray*)accessControlListsForLogin { - return [self accessControlListsForAction:CSSM_ACL_AUTHORIZATION_LOGIN]; -} - -- (NSArray*)accessControlListsForGeneratingKeys { - return [self accessControlListsForAction:CSSM_ACL_AUTHORIZATION_GENKEY]; -} - -- (NSArray*)accessControlListsForDeletion { - return [self accessControlListsForAction:CSSM_ACL_AUTHORIZATION_DELETE]; -} - -- (NSArray*)accessControlListsForExportingWrapped { - return [self accessControlListsForAction:CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED]; -} - -- (NSArray*)accessControlListsForExportingClear { - return [self accessControlListsForAction:CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR]; -} - -- (NSArray*)accessControlListsForImportingWrapped { - return [self accessControlListsForAction:CSSM_ACL_AUTHORIZATION_IMPORT_WRAPPED]; -} - -- (NSArray*)accessControlListsForImportingClear { - return [self accessControlListsForAction:CSSM_ACL_AUTHORIZATION_IMPORT_CLEAR]; -} - -- (NSArray*)accessControlListsForSigning { - return [self accessControlListsForAction:CSSM_ACL_AUTHORIZATION_SIGN]; -} - -- (NSArray*)accessControlListsForEncrypting { - return [self accessControlListsForAction:CSSM_ACL_AUTHORIZATION_ENCRYPT]; -} - -- (NSArray*)accessControlListsForDecrypting { - return [self accessControlListsForAction:CSSM_ACL_AUTHORIZATION_DECRYPT]; -} - -- (NSArray*)accessControlListsForMACGeneration { - return [self accessControlListsForAction:CSSM_ACL_AUTHORIZATION_MAC]; -} - -- (NSArray*)accessControlListsForDerivingKeys { - return [self accessControlListsForAction:CSSM_ACL_AUTHORIZATION_DERIVE]; -} - -- (int)lastError { - return error; -} - -- (SecAccessRef)accessRef { - return access; -} - -- (void)dealloc { - if (access) { - CFRelease(access); - } - - [super dealloc]; -} - -@end Deleted: trunk/Frameworks/Keychain/AccessControlList.h =================================================================== --- trunk/Frameworks/Keychain/AccessControlList.h 2007-10-07 21:22:42 UTC (rev 372) +++ trunk/Frameworks/Keychain/AccessControlList.h 2007-10-07 23:50:24 UTC (rev 373) @@ -1,370 +0,0 @@ -// -// AccessControlList.h -// Keychain -// -// Created by Wade Tregaskis on Fri Jan 24 2003. -// -// Copyright (c) 2003 - 2007, Wade Tregaskis. All rights reserved. -// Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: -// * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. -// * Neither the name of Wade Tregaskis nor the names of any other contributors may be used to endorse or promote products derived from this software without specific prior written permission. -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -#import <Keychain/NSCachedObject.h> -#import <Foundation/Foundation.h> -#import <Security/Security.h> -#import <Security/SecACL.h> -#import <Keychain/TrustedApplication.h> - - -// We're inherited by the Access class, yet we use it ourselves, so we need to forward declare it. We still get warnings, unfortunately. Just ignore these. -@class Access; - - -/*! @class AccessControlList - @abstract Defines a set of authorizations for a set of applications - @discussion An AccessControlList contains a list of authorizations, of various pre-defined types, and a list of TrustedApplication's to which these authorizations apply. AccessControlList's are usually grouped together, as appropriate, under an Access instance. */ - -@interface AccessControlList : NSCachedObject { - SecACLRef ACL; - int error; -} - -/*! @method accessControlListNamed:fromAccess:forApplications:requiringPassphrase: - @abstract Creates and returns a named AccessControlList as a member of the provided Access instance, for the list of TrustedApplication's provided. - @discussion It may seem a tad inflexible to require an AccessControlList to be created for an already-existing Access instance. I totally agree - email the developers at Apple for writing their underlying Security framework in this way. - @param name The name of the resulting AccessControlList. This may be changed at a later date, and should not necessarily be used to uniquely identify an instance. - @param acc The Access to which the resulting AccessControlList will automatically be added. This cannot be nil. - @param applications A list of trusted applications to which the receiver will apply, as any mixture of TrustedApplications, SecTrustedApplicationRefs and NSStrings (specifying the path to the application). This argument may be empty, in which case no applications are trusted, or nil, in which case the receiver will trust all applications. - @param requiringPassphrase If YES, the current users keychain passphrase must be provided to apply the authorizations in this list. If NO, the authorizations are always available and in effect. - @result Returns the newly created AccessControlList instance, or nil if an error occurs. */ - -+ (AccessControlList*)accessControlListNamed:(NSString*)name fromAccess:(Access*)acc forApplications:(NSArray*)applications requiringPassphrase:(BOOL)reqPass; - -/*! @method accessControlListWithACLRef: - @abstract Creates and returns an AccessControlList derived from the SecACLRef provided - @discussion The returned instance acts as a wrapper around the SecACLRef. Any changes to the SecACLRef will reflect in the AccessControlList instance, and vice versa. The returned instance retains a copy of the SecACLRef for the duration of it's life. - - Note that this method caches each unique object, such that additional calls with the same SecACLRef will return the existing AccessControlList for that particular SecACLRef, not new instances - @param AC The SecACLRef from which to derive the result - @result An AccessControlList representing and wrapping around the SecACLRef provided */ - -+ (AccessControlList*)accessControlListWithACLRef:(SecACLRef)AC; - -/*! @method initWithName:fromAccess:forApplications:requiringPassphrase: - @abstract Initializes an AccessControlList with the provided name, representing the supplied TrustedApplication's (if any), and added automatically to the Access instance provided. - @discussion It may seem a tad inflexible to always require an AccessControlList to be added to an already-existing Access instance. I totally agree - email the developers at Apple for writing their underlying Security framework in this way. - @param name The name to be given to the receiver. This may be changed at a later date, and should not necessarily be used to uniquely identify an instance. XXX: should we allow this to be nil? - @param acc The Access to which the receiver will automatically be added. This cannot be nil. - @param applications A list of trusted applications to which the receiver will apply, as any mixture of TrustedApplications, SecTrustedApplicationRefs and NSStrings (specifying the path to the application). This argument may be empty, in which case no applications are trusted, or nil, in which case the receiver will trust all applications. - @param requiringPassphrase If YES, the current users keychain passphrase must be provided to apply the authorizations in this list. If NO, the authorizations are always available and in effect. - @result Returns the initialized receiver, or nil if an error occurs. */ - -- (AccessControlList*)initWithName:(NSString*)name fromAccess:(Access*)acc forApplications:(NSArray*)applications requiringPassphrase:(BOOL)reqPass; - -/*! @method initWithACLRef: - @abstract Initializes the receiver around the SecACLRef provided. - @discussion This initializer keeps a cache of each unique instance it creates, so that initializing several objects using the same SecAccessRef will return the same unique instance. Thus, it may not return itself. If an error occurs, nil is returned. - @param AC The SecACLRef to wrap around. - @result If an instance already exists for the provided SecACLRef, the receiver is released and the existing instance returned. Otherwise, the receiver is initialized appropriate. Returns nil if an error occurs. */ - -- (AccessControlList*)initWithACLRef:(SecACLRef)AC; - -/*! @method init - @abstract Reject initialiser. - @discussion You cannot initialise an AccessControlList using "init" - use one of the other initialisation methods. - @result This method always releases the receiver and returns nil. */ - -- (AccessControlList*)init; - -/*! @method setApplications: - @abstract Sets the list of trusted applications the receiver governs. If "applications" is nil, all applications will be trusted. If it is an empty array, no applications will be trusted. - @param applications An NSArray containing any mix of TrustedApplications, SecTrustedApplicationRefs or NSStrings (specifying a path to an application). - @result Returns YES if the list was successfully set, NO otherwise. You can retrieve an error code using lastError. */ - -- (BOOL)setApplications:(NSArray*)applications; - -/*! @method addApplication: - @abstract Adds the given application to the list of trusted applications the receiver governs. - @param application An instance of a TrustedApplications, a SecTrustedApplicationRef or an NSString (specifying a path to an application). Should not be nil. - @result Returns YES if the application was successfully added, NO otherwise (including if 'application' is nil). You can retrieve an error code using lastError. */ - -- (BOOL)addApplication:(id)application; - -/*! @method removeApplication: - @abstract Removes the given application from the list of trusted applications the receiver governs. If the given application is not in the receiver's list, nothing is changed and this method returns YES. - @param application An instance of a TrustedApplications, a SecTrustedApplicationRef or an NSString (specifying a path to an application). Should not be nil. - @result Returns YES if the application was successfully removed (or wasn't a member of the receiver to begin with), NO otherwise. If the receiver is set to trust any application (i.e. its application list is nil), this method returns NO (XXX: and what's lastError set to?). You can retrieve an error code using lastError. */ - -- (BOOL)removeApplication:(id)application; - -/*! @method setName: - @abstract Sets the name of the receiver to the value given. - @param name The new name to be given to the receiver. May be an empty string, but should not be nil. - @result Returns YES if the name was successfully changed, NO otherwise. You can retrieve an error code using lastError. */ - -- (BOOL)setName:(NSString*)name; - -/*! @method setRequiresPassphrase: - @abstract Sets whether or not the receiver requires the user's authorization to be used. - @discussion If this is set to YES, the user must provided their authorization (by entering their keychain password) in order to the receiver's authorizations to be applied. - @param reqPass Whether or not the user's authorization is required. - @result Returns YES if the setting was applied successfully, NO otherwise. You can retrieve an error code using lastError. */ - -- (BOOL)setRequiresPassphrase:(BOOL)reqPass; - -/*! @method applications - @abstract Returns the list of trusted applications the receiver governs. - @discussion The returned list is not mutable. If you wish to change it, you can use either the addApplication:/removeApplication: methods, or create a mutable copy, change it as desired, and then apply it using setApplications:. - @result An NSArray containing 0 or more TrustedApplication's. If empty, no applications are trusted. If nil is returned, check if an error occurred using @link lastError lastError@/link - if it did not, the receiver applies to any and all applications. */ // TODO: this API sucks; using nil as a return with two possible meanings. Need to find a better way - return NSNull instead of nil for the trusts all applications case? - -- (NSArray*)applications; - -/*! @method name - @abstract Returns the name of the receiver. - @discussion An AccessControlList's name is not inherantly a unique identifier of that particular instance. Be aware of this, and avoid making such dangerous assumptions. - @result The name of the receiver (which may be an empty string if it has no name), or nil if an error occurs. You can retrieve an error code using lastError. */ - -- (NSString*)name; - -/*! @method requiresPassphrase - @abstract Returns whether or not the current user's permission is required in order for the receiver to apply it's authorizations. - @discussion If this is YES, the user must provided their permission (and authenticate against their keychain password) before the receiver can apply it's authorizations. - @result Whether or not the user's permission is currently required. In the case of an error, returns NO - check lastError to determine if an error occurred. */ - -- (BOOL)requiresPassphrase; - -/*! @method setAuthorizesAction:to - @abstract Sets whether or not the receiver authorizes a particular action. - @param action The action type. - @param to Whether or not the receiver should authorize the action. - @result Returns YES if successful, NO otherwise. You can retrieve an error code using lastError. */ - -- (BOOL)setAuthorizesAction... [truncated message content] |
From: <wad...@us...> - 2007-10-07 21:22:39
|
Revision: 372 http://keychain.svn.sourceforge.net/keychain/?rev=372&view=rev Author: wadetregaskis Date: 2007-10-07 14:22:42 -0700 (Sun, 07 Oct 2007) Log Message: ----------- * Removed declaration of '-[AccessControlList init]' from header since it's not a valid initialiser. * Now return BOOL from many AccessControlList methods to indicate success or otherwise. * Added -[AccessControlList addApplication:] and -[AccessControlList removeApplication:]. * Added additional error logging to some AccessControlList methods. * Updated documentation. Modified Paths: -------------- trunk/Frameworks/Keychain/AccessControlList.h trunk/Frameworks/Keychain/AccessControlList.m Modified: trunk/Frameworks/Keychain/AccessControlList.h =================================================================== --- trunk/Frameworks/Keychain/AccessControlList.h 2007-10-07 21:08:08 UTC (rev 371) +++ trunk/Frameworks/Keychain/AccessControlList.h 2007-10-07 21:22:42 UTC (rev 372) @@ -55,7 +55,7 @@ /*! @method initWithName:fromAccess:forApplications:requiringPassphrase: @abstract Initializes an AccessControlList with the provided name, representing the supplied TrustedApplication's (if any), and added automatically to the Access instance provided. @discussion It may seem a tad inflexible to always require an AccessControlList to be added to an already-existing Access instance. I totally agree - email the developers at Apple for writing their underlying Security framework in this way. - @param name The name to be given to the receiver. This may be changed at a later date, and should not necessarily be used to uniquely identify an instance. + @param name The name to be given to the receiver. This may be changed at a later date, and should not necessarily be used to uniquely identify an instance. XXX: should we allow this to be nil? @param acc The Access to which the receiver will automatically be added. This cannot be nil. @param applications A list of trusted applications to which the receiver will apply, as any mixture of TrustedApplications, SecTrustedApplicationRefs and NSStrings (specifying the path to the application). This argument may be empty, in which case no applications are trusted, or nil, in which case the receiver will trust all applications. @param requiringPassphrase If YES, the current users keychain passphrase must be provided to apply the authorizations in this list. If NO, the authorizations are always available and in effect. @@ -79,26 +79,44 @@ - (AccessControlList*)init; /*! @method setApplications: - @abstract Sets the list of trusted applications the receiver governs. If "applications" is NULL, all applications will be trusted. If it is an empty array, no applications will be trusted. - @param applications An NSArray containing any mix of TrustedApplications, SecTrustedApplicationRefs or NSStrings (specifying a path to an application). */ + @abstract Sets the list of trusted applications the receiver governs. If "applications" is nil, all applications will be trusted. If it is an empty array, no applications will be trusted. + @param applications An NSArray containing any mix of TrustedApplications, SecTrustedApplicationRefs or NSStrings (specifying a path to an application). + @result Returns YES if the list was successfully set, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setApplications:(NSArray*)applications; +- (BOOL)setApplications:(NSArray*)applications; +/*! @method addApplication: + @abstract Adds the given application to the list of trusted applications the receiver governs. + @param application An instance of a TrustedApplications, a SecTrustedApplicationRef or an NSString (specifying a path to an application). Should not be nil. + @result Returns YES if the application was successfully added, NO otherwise (including if 'application' is nil). You can retrieve an error code using lastError. */ + +- (BOOL)addApplication:(id)application; + +/*! @method removeApplication: + @abstract Removes the given application from the list of trusted applications the receiver governs. If the given application is not in the receiver's list, nothing is changed and this method returns YES. + @param application An instance of a TrustedApplications, a SecTrustedApplicationRef or an NSString (specifying a path to an application). Should not be nil. + @result Returns YES if the application was successfully removed (or wasn't a member of the receiver to begin with), NO otherwise. If the receiver is set to trust any application (i.e. its application list is nil), this method returns NO (XXX: and what's lastError set to?). You can retrieve an error code using lastError. */ + +- (BOOL)removeApplication:(id)application; + /*! @method setName: @abstract Sets the name of the receiver to the value given. - @param name The new name to be given to the receiver. */ + @param name The new name to be given to the receiver. May be an empty string, but should not be nil. + @result Returns YES if the name was successfully changed, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setName:(NSString*)name; +- (BOOL)setName:(NSString*)name; /*! @method setRequiresPassphrase: @abstract Sets whether or not the receiver requires the user's authorization to be used. @discussion If this is set to YES, the user must provided their authorization (by entering their keychain password) in order to the receiver's authorizations to be applied. - @param reqPass Whether or not the user's authorization is required. */ + @param reqPass Whether or not the user's authorization is required. + @result Returns YES if the setting was applied successfully, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setRequiresPassphrase:(BOOL)reqPass; +- (BOOL)setRequiresPassphrase:(BOOL)reqPass; /*! @method applications @abstract Returns the list of trusted applications the receiver governs. + @discussion The returned list is not mutable. If you wish to change it, you can use either the addApplication:/removeApplication: methods, or create a mutable copy, change it as desired, and then apply it using setApplications:. @result An NSArray containing 0 or more TrustedApplication's. If empty, no applications are trusted. If nil is returned, check if an error occurred using @link lastError lastError@/link - if it did not, the receiver applies to any and all applications. */ // TODO: this API sucks; using nil as a return with two possible meanings. Need to find a better way - return NSNull instead of nil for the trusts all applications case? - (NSArray*)applications; @@ -106,210 +124,224 @@ /*! @method name @abstract Returns the name of the receiver. @discussion An AccessControlList's name is not inherantly a unique identifier of that particular instance. Be aware of this, and avoid making such dangerous assumptions. - @result The name of the receiver. */ + @result The name of the receiver (which may be an empty string if it has no name), or nil if an error occurs. You can retrieve an error code using lastError. */ - (NSString*)name; /*! @method requiresPassphrase @abstract Returns whether or not the current user's permission is required in order for the receiver to apply it's authorizations. @discussion If this is YES, the user must provided their permission (and authenticate against their keychain password) before the receiver can apply it's authorizations. - @result Whether or not the user's permission is currently required. */ + @result Whether or not the user's permission is currently required. In the case of an error, returns NO - check lastError to determine if an error occurred. */ - (BOOL)requiresPassphrase; /*! @method setAuthorizesAction:to @abstract Sets whether or not the receiver authorizes a particular action. @param action The action type. - @param to Whether or not the receiver should authorize the action. */ + @param to Whether or not the receiver should authorize the action. + @result Returns YES if successful, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setAuthorizesAction:(CSSM_ACL_AUTHORIZATION_TAG)action to:(BOOL)value; +- (BOOL)setAuthorizesAction:(CSSM_ACL_AUTHORIZATION_TAG)action to:(BOOL)value; /*! @method setAuthorizesEverything @abstract Sets whether the receiver authorizes Everything. @discussion This is merely a convenience method, which itself calls setAuthorizesAction:to:. Note that 'Everything' here is a separate and distinct action in it's own right - it is not an encompassing set of all available actions. - @param value Whether or not the receiver should authorize Everything. */ + @param value Whether or not the receiver should authorize Everything. + @result Returnes YES if successful, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setAuthorizesEverything:(BOOL)value; +- (BOOL)setAuthorizesEverything:(BOOL)value; /*! @method setAuthorizesLogin @abstract Sets whether the receiver authorizes login operations and usage. @discussion This is merely a convenience method, which itself calls setAuthorizesAction:to:. - @param value Whether or not the receiver should authorize login operations and usage. */ + @param value Whether or not the receiver should authorize login operations and usage. + @result Returnes YES if successful, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setAuthorizesLogin:(BOOL)value; +- (BOOL)setAuthorizesLogin:(BOOL)value; /*! @method setAuthorizesGeneratingKeys @abstract Sets whether the receiver authorizes key generation. @discussion This is merely a convenience method, which itself calls setAuthorizesAction:to:. - @param value Whether or not the receiver should authorize key generation. */ + @param value Whether or not the receiver should authorize key generation. + @result Returnes YES if successful, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setAuthorizesGeneratingKeys:(BOOL)value; +- (BOOL)setAuthorizesGeneratingKeys:(BOOL)value; /*! @method setAuthorizesDeletion @abstract Sets whether the receiver authorizes deletion and removal operations. @discussion This is merely a convenience method, which itself calls setAuthorizesAction:to:. - @param value Whether or not the receiver should authorize deletion and removal. */ + @param value Whether or not the receiver should authorize deletion and removal. + @result Returnes YES if successful, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setAuthorizesDeletion:(BOOL)value; +- (BOOL)setAuthorizesDeletion:(BOOL)value; /*! @method setAuthorizesExportingWrapped @abstract Sets whether the receiver authorizes exporting keys wrapped with other keys. @discussion This is merely a convenience method, which itself calls setAuthorizesAction:to:. Note that this is a distinct authorization to allowing clear (null wrapped) keys. - @param value Whether or not the receiver should authorize exporting wrapped keys */ + @param value Whether or not the receiver should authorize exporting wrapped keys. + @result Returnes YES if successful, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setAuthorizesExportingWrapped:(BOOL)value; +- (BOOL)setAuthorizesExportingWrapped:(BOOL)value; /*! @method setAuthorizesExportingClear @abstract Sets whether the receiver authorizes exporting keys in the clear (null wrapped). @discussion This is merely a convenience method, which itself calls setAuthorizesAction:to:. Note that this is a separate and distinct authorization to exporting keys wrapped with other keys. - @param value Whether or not the receiver should authorize exporting keys in the clear. */ + @param value Whether or not the receiver should authorize exporting keys in the clear. + @result Returnes YES if successful, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setAuthorizesExportingClear:(BOOL)value; +- (BOOL)setAuthorizesExportingClear:(BOOL)value; /*! @method setAuthorizesImportingWrapped @abstract Sets whether the receiver authorizes importing keys wrapped with other keys. @discussion This is merely a convenience method, which itself calls setAuthorizesAction:to:. Note that this authorization does not allow importing clear (null wrapped) keys. - @param value Whether or not the receiver should authorize importing keys wrapped with other keys. */ + @param value Whether or not the receiver should authorize importing keys wrapped with other keys. + @result Returnes YES if successful, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setAuthorizesImportingWrapped:(BOOL)value; +- (BOOL)setAuthorizesImportingWrapped:(BOOL)value; /*! @method setAuthorizesImportingClear @abstract Sets whether the receiver authorizes importing keys in the clear (null wrapped). @discussion This is merely a convenience method, which itself calls setAuthorizesAction:to:. Note that this is a distinct and separate authorization to importing keys wrapped with other keys. - @param value Whether or not the receiver should authorize importing keys in the clear. */ + @param value Whether or not the receiver should authorize importing keys in the clear. + @result Returnes YES if successful, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setAuthorizesImportingClear:(BOOL)value; +- (BOOL)setAuthorizesImportingClear:(BOOL)value; /*! @method setAuthorizesSigning @abstract Sets whether the receiver authorizes signing and verification operations. @discussion This is merely a convenience method, which itself calls setAuthorizesAction:to:. - @param value Whether or not the receiver should authorize signing and verification operations. */ + @param value Whether or not the receiver should authorize signing and verification operations. + @result Returnes YES if successful, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setAuthorizesSigning:(BOOL)value; +- (BOOL)setAuthorizesSigning:(BOOL)value; /*! @method setAuthorizesEncrypting @abstract Sets whether the receiver authorizes encryption operations. @discussion This is merely a convenience method, which itself calls setAuthorizesAction:to:. - @param value Whether or not the receiver should authorize encryption operations. */ + @param value Whether or not the receiver should authorize encryption operations. + @result Returnes YES if successful, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setAuthorizesEncrypting:(BOOL)value; +- (BOOL)setAuthorizesEncrypting:(BOOL)value; /*! @method setAuthorizesDecrypting @abstract Sets whether the receiver authorizes decryption operations. @discussion This is merely a convenience method, which itself calls setAuthorizesAction:to:. - @param value Whether or not the receiver should authorize decryption operations. */ + @param value Whether or not the receiver should authorize decryption operations. + @result Returnes YES if successful, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setAuthorizesDecrypting:(BOOL)value; +- (BOOL)setAuthorizesDecrypting:(BOOL)value; /*! @method setAuthorizesMACGeneration @abstract Sets whether the receiver authorizes MAC generation and verification. @discussion This is merely a convenience method, which itself calls setAuthorizesAction:to:. - @param value Whether or not the receiver should authorize MAC generation and verification. */ + @param value Whether or not the receiver should authorize MAC generation and verification. + @result Returnes YES if successful, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setAuthorizesMACGeneration:(BOOL)value; +- (BOOL)setAuthorizesMACGeneration:(BOOL)value; /*! @method setAuthorizesDerivingKeys @abstract Sets whether the receiver authorizes key derivation. @discussion This is merely a convenience method, which itself calls setAuthorizesAction:to:. - @param value Whether or not the receiver should authorize key derivation. */ + @param value Whether or not the receiver should authorize key derivation. + @result Returnes YES if successful, NO otherwise. You can retrieve an error code using lastError. */ -- (void)setAuthorizesDerivingKeys:(BOOL)value; +- (BOOL)setAuthorizesDerivingKeys:(BOOL)value; /*! @method authorizesAction: @abstract Returns whether or not the receiver provides authorization for a particular action. @param action The action in question. - @result Whether or not the receiver authorizes the action provided. */ + @result Whether or not the receiver authorizes the action provided. Returns NO if an error occurs - you can check for this case using lastError; it will be 0 (CSSM_OK/noErr) if the operation was successful. */ - (BOOL)authorizesAction:(CSSM_ACL_AUTHORIZATION_TAG)action; /*! @method authorizesEverything @abstract Returns whether or not the receiver provides authorization for Everything. @discussion This is merely a convenience method, which itself calls authorizesAction:. Note that 'Everything' is a specific and distinct action in itself, not merely a grouping of all available actions. - @result Whether or not the receiver provides authorization for Everything. */ + @result Whether or not the receiver provides authorization for Everything. Returns NO if an error occurs - you can check for this case using lastError; it will be 0 (CSSM_OK/noErr) if the operation was successful. */ - (BOOL)authorizesEverything; /*! @method authorizesLogin @abstract Returns whether or not the receiver provides authorization for login operations and usage. @discussion This is merely a convenience method, which itself calls authorizesAction:. - @result Whether or not the receiver provides authorization for login operations and usage. */ + @result Whether or not the receiver provides authorization for login operations and usage. Returns NO if an error occurs - you can check for this case using lastError; it will be 0 (CSSM_OK/noErr) if the operation was successful. */ - (BOOL)authorizesLogin; /*! @method authorizesGeneratingKeys @abstract Returns whether or not the receiver provides authorization for key generation. @discussion This is merely a convenience method, which itself calls authorizesAction:. - @result Whether or not the receiver provides authorization for key generation. */ + @result Whether or not the receiver provides authorization for key generation. Returns NO if an error occurs - you can check for this case using lastError; it will be 0 (CSSM_OK/noErr) if the operation was successful. */ - (BOOL)authorizesGeneratingKeys; /*! @method authorizesDeletion @abstract Returns whether or not the receiver provides authorization for deletion and removal operations. @discussion This is merely a convenience method, which itself calls authorizesAction:. - @result Whether or not the receiver provides authorization for deletion and removal operations. */ + @result Whether or not the receiver provides authorization for deletion and removal operations. Returns NO if an error occurs - you can check for this case using lastError; it will be 0 (CSSM_OK/noErr) if the operation was successful. */ - (BOOL)authorizesDeletion; /*! @method authorizesExportingWrapped @abstract Returns whether or not the receiver provides authorization for exporting keys wrapped with other keys. @discussion This is merely a convenience method, which itself calls authorizesAction:. Note that being able to export keys wrapped with other keys does not imply being able to export clear (null wrapped) keys. - @result Whether or not the receiver provides authorization for exporting keys wrapped with other keys. */ + @result Whether or not the receiver provides authorization for exporting keys wrapped with other keys. Returns NO if an error occurs - you can check for this case using lastError; it will be 0 (CSSM_OK/noErr) if the operation was successful. */ - (BOOL)authorizesExportingWrapped; /*! @method authorizesExportingClear @abstract Returns whether or not the receiver provides authorization for exporting keys in the clear (null wrapped). @discussion This is merely a convenience method, which itself calls authorizesAction:. Note that being able to export keys in the clear (null wrapped) does not imply being able to export keys wrapped with other keys. - @result Whether or not the receiver provides authorization for exporting keys in the clear. */ + @result Whether or not the receiver provides authorization for exporting keys in the clear. Returns NO if an error occurs - you can check for this case using lastError; it will be 0 (CSSM_OK/noErr) if the operation was successful. */ - (BOOL)authorizesExportingClear; /*! @method authorizesImportingWrapped @abstract Returns whether or not the receiver provides authorization for importing keys wrapped with other keys. @discussion This is merely a convenience method, which itself calls authorizesAction:. Note that being able to import keys wrapped with other keys does not imply being able to import clear (null wrapped) keys. - @result Whether or not the receiver provides authorization for importing keys wrapped with other keys. */ + @result Whether or not the receiver provides authorization for importing keys wrapped with other keys. Returns NO if an error occurs - you can check for this case using lastError; it will be 0 (CSSM_OK/noErr) if the operation was successful. */ - (BOOL)authorizesImportingWrapped; /*! @method authorizesImportingClear @abstract Returns whether or not the receiver provides authorization for importing keys in the clear (null wrapped). @discussion This is merely a convenience method, which itself calls authorizesAction:. Note that being able to import keys in the clear (null wrapped) does not imply being able to import keys wrapped with other keys. - @result Whether or not the receiver provides authorization for importing keys in the clear. */ + @result Whether or not the receiver provides authorization for importing keys in the clear. Returns NO if an error occurs - you can check for this case using lastError; it will be 0 (CSSM_OK/noErr) if the operation was successful. */ - (BOOL)authorizesImportingClear; /*! @method authorizesSigning @abstract Returns whether or not the receiver provides authorization for signing and verification operations. @discussion This is merely a convenience method, which itself calls authorizesAction:. - @result Whether or not the receiver provides authorization for signing and verification operations. */ + @result Whether or not the receiver provides authorization for signing and verification operations. Returns NO if an error occurs - you can check for this case using lastError; it will be 0 (CSSM_OK/noErr) if the operation was successful. */ - (BOOL)authorizesSigning; /*! @method authorizesEncrypting @abstract Returns whether or not the receiver provides authorization for encryption operations. @discussion This is merely a convenience method, which itself calls authorizesAction:. - @result Whether or not the receiver provides authorization for encryption operations. */ + @result Whether or not the receiver provides authorization for encryption operations. Returns NO if an error occurs - you can check for this case using lastError; it will be 0 (CSSM_OK/noErr) if the operation was successful. */ - (BOOL)authorizesEncrypting; /*! @method authorizesDecrypting @abstract Returns whether or not the receiver provides authorization for decryption operations. @discussion This is merely a convenience method, which itself calls authorizesAction:. - @result Whether or not the receiver provides authorization for decryption operations. */ + @result Whether or not the receiver provides authorization for decryption operations. Returns NO if an error occurs - you can check for this case using lastError; it will be 0 (CSSM_OK/noErr) if the operation was successful. */ - (BOOL)authorizesDecrypting; /*! @method authorizesMACGeneration @abstract Returns whether or not the receiver provides authorization for MAC generation and verification. @discussion This is merely a convenience method, which itself calls authorizesAction:. - @result Whether or not the receiver provides authorization for MAC generation and verification. */ + @result Whether or not the receiver provides authorization for MAC generation and verification. Returns NO if an error occurs - you can check for this case using lastError; it will be 0 (CSSM_OK/noErr) if the operation was successful. */ - (BOOL)authorizesMACGeneration; /*! @method authorizesDerivingKeys @abstract Returns whether or not the receiver provides authorization for key derivation. @discussion This is merely a convenience method, which itself calls authorizesAction:. - @result Whether or not the receiver provides authorization for key derivation. */ + @result Whether or not the receiver provides authorization for key derivation. Returns NO if an error occurs - you can check for this case using lastError; it will be 0 (CSSM_OK/noErr) if the operation was successful. */ - (BOOL)authorizesDerivingKeys; @@ -321,17 +353,17 @@ /*! @method lastError @abstract Returns the last error that occured for the receiver. - @discussion The set of error codes encompasses those returned by Sec* functions - refer to the Security framework documentation for a list. At present there are no other error codes defined for Access instances. + @discussion The set of error codes encompasses those returned by Sec* functions - typically OSStatus'; refer to the Security framework documentation for a list - which also includes standard Mac errors (see MacErrors.h) and CDSA error codes. Please note that this error code is local to the receiver only, and not any sort of shared global value. - @result The last error that occured, or zero if the last operation was successful. */ + @result The last error that occured, or zero (CSSM_OK/noErr) if the last operation was successful. */ -- (int)lastError; +- (OSStatus)lastError; /*! @method accessRef @abstract Returns the SecAccessRef the receiver is based on. @discussion If the receiver was created from a SecACLRef, it is this original reference that is returned. Otherwise, a SecACLRef is created and returned. - @result The SecACLRef for the receiver. You should retain this if you wish to use it beyond the lifetime of the receiver. */ + @result The SecACLRef for the receiver. You should retain this if you wish to use it beyond the lifetime of the receiver. Returns NULL if an error occurs. */ - (SecACLRef)ACLRef; Modified: trunk/Frameworks/Keychain/AccessControlList.m =================================================================== --- trunk/Frameworks/Keychain/AccessControlList.m 2007-10-07 21:08:08 UTC (rev 371) +++ trunk/Frameworks/Keychain/AccessControlList.m 2007-10-07 21:22:42 UTC (rev 372) @@ -15,6 +15,7 @@ #import "Access.h" #import "Logging.h" +#import "SecurityUtils.h" @interface AccessControlList (Internal) @@ -172,7 +173,7 @@ return result; } -- (void)setApplications:(NSArray*)applications { +- (BOOL)setApplications:(NSArray*)applications { NSArray *applicationsAsSecRefs = nil; if (nil != applications) { @@ -180,7 +181,7 @@ if (nil == applicationsAsSecRefs) { PSYSLOG(LOG_ERR, @"The given array of applications is invalid; it contains objects which cannot be converted to SecTrustedApplicationRefs. It contains: %@\n", applications); - return; + return NO; } } @@ -203,9 +204,80 @@ if (desc) { CFRelease(desc); } + + return (noErr == error); } -- (void)setName:(NSString*)name { +- (BOOL)addApplication:(id)application { + NSArray *currentApplications = [self applications]; + OSStatus err = [self lastError]; + + if (noErr = err) { + if (nil == currentApplications) { + // We already trust everything; just return YES. + return YES; + } else { + /* // XXX: Do we need to check if the given app is already in the list? Hopefully the Security framework will handle this gracefully for us. + + TrustedApplication *newApp = nil; + + if ([application isKindOfClass:[TrustedApplication class]]) { + newApp = application; + } else if ([application isKindOfClass:[NSString class]]) { + newApp = [TrustedApplication trustedApplicationWithPath:application]; + } else if (CFGetTypeID(application) == SecTrustedApplicationGetTypeID()) { + newApp = [TrustedApplication trustedApplicationWithTrustedApplicationRef:(SecTrustedApplicationRef)application]; + } else { + PSYSLOG(LOG_ERROR, @"Unknown class of object (%p) given as the 'application' - has class %@.", application, [application className]); + } + + if (nil != newApp) { */ + + return [self setApplications:[currentApplications arrayByAddingObject:application]]; + } + } else { + return NO; + } +} + +- (BOOL)removeApplication:(id)application { + if ( + NSArray *currentApplications = [self applications]; + OSStatus err = [self lastError]; + + if (noErr = err) { + if (nil == currentApplications) { + // We currently trust everything implicitly. Since we can't just magically construct a list of every application ever in existence less the one given, we fail here. + error = errSecACLNotSimple; + return NO; + } else { + TrustedApplication *targetApp = nil; + + if ([application isKindOfClass:[TrustedApplication class]]) { + targetApp = application; + } else if ([application isKindOfClass:[NSString class]]) { + targetApp = [TrustedApplication trustedApplicationWithPath:application]; + } else if (CFGetTypeID(application) == SecTrustedApplicationGetTypeID()) { + targetApp = [TrustedApplication trustedApplicationWithTrustedApplicationRef:(SecTrustedApplicationRef)application]; + } + + if (nil != targetApp) { + NSMutableArray *newApplications = [currentApplications mutableCopy]; + + [currentApplications removeObject:targetApp]; + + return [self setApplications:[newApplications autorelease]]; + } else { + PSYSLOG(LOG_ERROR, @"Unable to convert given application (%p, class %@) to a TrustedApplication.", application, [application className]); + return NO; + } + } + } else { + return NO; + } +} + +- (BOOL)setName:(NSString*)name { CFArrayRef appList = NULL; CFStringRef desc = NULL; CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR woop; @@ -223,16 +295,18 @@ if (desc) { CFRelease(desc); } + + return (noErr == error); } -- (void)setRequiresPassphrase:(BOOL)reqPass { +- (BOOL)setRequiresPassphrase:(BOOL)reqPass { CFArrayRef appList = NULL; CFStringRef desc = NULL; CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR woop; error = SecACLCopySimpleContents(ACL, &appList, &desc, &woop); - if ((error == 0) && (reqPass != (woop.flags & CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE))) { + if ((noErr == error) && (reqPass != (woop.flags & CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE))) { if (reqPass) { woop.flags |= CSSM_ACL_KEYCHAIN_PROMPT_REQUIRE_PASSPHRASE; } else { @@ -249,6 +323,8 @@ if (desc) { CFRelease(desc); } + + return (noErr == error); } - (NSArray*)applications { @@ -317,14 +393,14 @@ } } -- (void)setAuthorizesAction:(CSSM_ACL_AUTHORIZATION_TAG)action to:(BOOL)value { +- (BOOL)setAuthorizesAction:(CSSM_ACL_AUTHORIZATION_TAG)action to:(BOOL)value { UInt32 i, count, newCount = 0; CSSM_ACL_AUTHORIZATION_TAG *current = NULL, *changed = NULL; BOOL alreadySet = NO; error = SecACLGetAuthorizations(ACL, current, &count); - if (error == 0) { + if (noErr == error) { for (i = 0; i < count; ++i) { if (current[i] == action) { alreadySet = YES; @@ -356,59 +432,69 @@ } error = SecACLSetAuthorizations(ACL, changed, newCount); - } + + if (noErr != error) { + PSYSLOGND(LOG_ERROR, @"Unable to apply changed authorisations, error %@.", OSStatusAsString(error)); + PDEBUG(@"SecACLSetAuthorizations(%p, %p, %"PRIu32") returned error %@.", ACL, changed, newCount, OSStatusAsString(error)); + } + } else { + PSYSLOGND(LOG_ERROR, @"Unable to get existing authorisations [in order to modify them], error %@.", OSStatusAsString(error)); + PDEBUG(@"SecACLGetAuthorizations(%p, %p, %p) returned error %@.", ACL, current, &count, OSStatusAsString(error)); + } + + return (noErr == error); } -- (void)setAuthorizesEverything:(BOOL)value { - [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_ANY to:value]; +- (BOOL)setAuthorizesEverything:(BOOL)value { + return [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_ANY to:value]; } -- (void)setAuthorizesLogin:(BOOL)value { - [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_LOGIN to:value]; +- (BOOL)setAuthorizesLogin:(BOOL)value { + return [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_LOGIN to:value]; } -- (void)setAuthorizesGeneratingKeys:(BOOL)value { - [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_GENKEY to:value]; +- (BOOL)setAuthorizesGeneratingKeys:(BOOL)value { + return [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_GENKEY to:value]; } -- (void)setAuthorizesDeletion:(BOOL)value { - [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_DELETE to:value]; +- (BOOL)setAuthorizesDeletion:(BOOL)value { + return [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_DELETE to:value]; } -- (void)setAuthorizesExportingWrapped:(BOOL)value { - [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED to:value]; +- (BOOL)setAuthorizesExportingWrapped:(BOOL)value { + return [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_EXPORT_WRAPPED to:value]; } -- (void)setAuthorizesExportingClear:(BOOL)value { - [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR to:value]; +- (BOOL)setAuthorizesExportingClear:(BOOL)value { + return [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_EXPORT_CLEAR to:value]; } -- (void)setAuthorizesImportingWrapped:(BOOL)value { - [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_IMPORT_WRAPPED to:value]; +- (BOOL)setAuthorizesImportingWrapped:(BOOL)value { + return [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_IMPORT_WRAPPED to:value]; } -- (void)setAuthorizesImportingClear:(BOOL)value { - [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_IMPORT_CLEAR to:value]; +- (BOOL)setAuthorizesImportingClear:(BOOL)value { + return [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_IMPORT_CLEAR to:value]; } -- (void)setAuthorizesSigning:(BOOL)value { - [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_SIGN to:value]; +- (BOOL)setAuthorizesSigning:(BOOL)value { + return [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_SIGN to:value]; } -- (void)setAuthorizesEncrypting:(BOOL)value { - [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_ENCRYPT to:value]; +- (BOOL)setAuthorizesEncrypting:(BOOL)value { + return [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_ENCRYPT to:value]; } -- (void)setAuthorizesDecrypting:(BOOL)value { - [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_DECRYPT to:value]; +- (BOOL)setAuthorizesDecrypting:(BOOL)value { + return [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_DECRYPT to:value]; } -- (void)setAuthorizesMACGeneration:(BOOL)value { - [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_MAC to:value]; +- (BOOL)setAuthorizesMACGeneration:(BOOL)value { + return [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_MAC to:value]; } -- (void)setAuthorizesDerivingKeys:(BOOL)value { - [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_DERIVE to:value]; +- (BOOL)setAuthorizesDerivingKeys:(BOOL)value { + return [self setAuthorizesAction:CSSM_ACL_AUTHORIZATION_DERIVE to:value]; } - (BOOL)authorizesAction:(CSSM_ACL_AUTHORIZATION_TAG)action { @@ -417,13 +503,16 @@ error = SecACLGetAuthorizations(ACL, results, &count); - if (error == 0) { + if (noErr == error) { for (i = 0; i < count; ++i) { if (results[i] == action) { return YES; } } - } + } else { + PSYSLOGND(LOG_ERROR, @"Unable to get authorisations, error %@.", OSStatusAsString(error)); + PDEBUG(@"SecACLGetAuthorizations(%p, %p, %p) returned error %@.", ACL, results, &count, OSStatusAsString(error)); + } return NO; } @@ -484,7 +573,7 @@ error = SecACLRemove(ACL); } -- (int)lastError { +- (OSStatus)lastError { return error; } This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-07 21:08:04
|
Revision: 371 http://keychain.svn.sourceforge.net/keychain/?rev=371&view=rev Author: wadetregaskis Date: 2007-10-07 14:08:08 -0700 (Sun, 07 Oct 2007) Log Message: ----------- * Added documentation (work in progress). Modified Paths: -------------- trunk/Frameworks/Keychain/NSDataAdditions.h Modified: trunk/Frameworks/Keychain/NSDataAdditions.h =================================================================== --- trunk/Frameworks/Keychain/NSDataAdditions.h 2007-10-07 21:04:56 UTC (rev 370) +++ trunk/Frameworks/Keychain/NSDataAdditions.h 2007-10-07 21:08:08 UTC (rev 371) @@ -27,19 +27,87 @@ } #endif +/*! @category NSData (KeychainFramework) + @abstract Extensions to NSData for various cryptographic operations. + @discussion This category extends NSData to support numerous cryptographic operations, such as encryption, MAC & digest generation, signing and signature verification, conversion to a MutableKey* and so forth. */ + @interface NSData (KeychainFramework) +/*! @method encryptedDataUsingKey: + @abstract Returns the encrypted form of the receiver using the given key. + @discussion This method returns the encrypted form of the receiver using the given key, with the "default" algorith mode and padding settings for the given key's type. Default is defined as what is returned by defaultModeForAlgorithm() and defaultPaddingForAlgorithm(). If you wish to have explicit control over the algorith mode and/or padding, use encryptedDataUsingKey:mode:padding:. + @param key The key to use. May be a session or public key. Should not be nil. + @result Returns the receiver's contents encrypted by the given key, or nil if an error occurs. */ + - (NSData*)encryptedDataUsingKey:(Key*)key; + +/*! @method decryptedDataUsingKey: + @abstract Returns the decrypted form of the receiver using the given key. + @discussion This method returns the decrypted form of the receiver using the given key, with the "default" algorith mode and padding settings for the given key's type. Default is defined as what is returned by defaultModeForAlgorithm() and defaultPaddingForAlgorithm(). If you wish to have explicit control over the algorith mode and/or padding, use decryptedDataUsingKey:mode:padding:. + @param key The key to use. May be a session or private key. Should not be nil. + @result Returns the receiver's contents decrypted by the given key, or nil if an error occurs. */ + - (NSData*)decryptedDataUsingKey:(Key*)key; +/*! @method encryptedDataUsingKey:mode:padding: + @abstract Returns the encrypted form of the receiver using the given key. + @discussion This method returns the encrypted form of the receiver using the given key, with the algorith mode and padding specified. If you don't know or don't care what algorith mode and padding you use, you can use the simpler method encryptedDataUsingKey:. + @param key The key to use. May be a session or public key. Should not be nil. + @param mode The algorithm mode to use. Should be a valid algorithm mode for the given key. + @param padding The padding mode to use. Should be a valid padding mode for the given key. + @result Returns the receiver's contents encrypted by the given key, or nil if an error occurs. */ + - (NSData*)encryptedDataUsingKey:(Key*)key mode:(CSSM_ENCRYPT_MODE)mode padding:(CSSM_PADDING)padding; + +/*! @method decryptedDataUsingKey:mode:padding: + @abstract Returns the decrypted form of the receiver using the given key. + @discussion This method returns the decrypted form of the receiver using the given key, with the algorith mode and padding specified. If you don't know or don't care what algorith mode and padding you use, you can use the simpler method decryptedDataUsingKey:. Not however that these modes must be what was actually used to encrypt the data originally, otherwise the operation will fail. + @param key The key to use. May be a session or private key. Should not be nil. + @param mode The algorithm mode to use. Should be a valid algorithm mode for the given key. + @param padding The padding mode to use. Should be a valid padding mode for the given key. + @result Returns the receiver's contents decrypted by the given key, or nil if an error occurs. */ + - (NSData*)decryptedDataUsingKey:(Key*)key mode:(CSSM_ENCRYPT_MODE)mode padding:(CSSM_PADDING)padding; +/*! @method MACUsingKey: + @abstract Computes and returns the MAC of the receiver, signed by the given key. + @discussion MACs (Message Authentication Codes) are conceptually like hashes or digests, except that in addition to detecting modification of the data they also include a 'signature' from a key, which also provides authentication of the code itself (using the same key). + + Note that, despite the above conceptual description, this is distinctly not equivalent to simply calculating the digest of the data and signing or encrypting it, as separate operations. If you require verification and authentication, use MACs - don't try to do it yourself. MAC algorithms possess additional properties - see http://en.wikipedia.org/wiki/Message_authentication_code for additional information. + @param key The key to compute the MAC with. Should not be nil. + @result Returns the MAC of the receiver's contents 'signed' by the receiver, or nil if an error occurs. */ + - (NSData*)MACUsingKey:(Key*)key; + +/*! @method verifyUsingKey:MAC: + @abstract Verifies the receiver given a MAC and key. + @discussion For information about MACs, see the discussion for MACUsingKey:. + @param key The key used to generate the MAC originally. Should not be nil. + @param MAC The MAC. Should not be nil. + @result Returns YES if the receiver's contents match those of the given MAC, 'signed' by the given key. Returns NO otherwise. */ + - (BOOL)verifyUsingKey:(Key*)key MAC:(NSData*)MAC; +/*! @method signatureUsingKey: + @abstract Returns a signature of the receiver using the given private key. + @discussion The "default" digest mode for the given key's type is used, where "default" is as determined by defaultDigestForAlgorithm(). If you wish to specify the digest algorithm used, use signatureUsingKey:digest:. + @param key The private key to sign the receiver's contents with. + @result Returns the signature of the receiver's contents, as signed by the given key, or nil if an error occurs. */ + - (NSData*)signatureUsingKey:(Key*)key; + +/*! @method signatureUsingKey:digest: + @abstract Returns a signature of the receiver using the given private key and digest type. + @discussion If you don't know or don't care what digest mode is used, you may wish to use the simpler signatureUsingKey:. + @param key The private key to sign the receiver's contents with. + @param algorithm The digest mode to use. Should be a valid digest mode for the given key. + @result Returns the signature of the receiver's contents, as signed by the given key, or nil if an error occurs. */ + - (NSData*)signatureUsingKey:(Key*)key digest:(CSSM_ALGORITHMS)algorithm; + +/*! @method digestSignatureUsingKey:digest: + @abstract */ + - (NSData*)digestSignatureUsingKey:(Key*)key digest:(CSSM_ALGORITHMS)algorithm; - (BOOL)verifySignature:(NSData*)signature usingKey:(Key*)key; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |
From: <wad...@us...> - 2007-10-07 21:04:57
|
Revision: 370 http://keychain.svn.sourceforge.net/keychain/?rev=370&view=rev Author: wadetregaskis Date: 2007-10-07 14:04:56 -0700 (Sun, 07 Oct 2007) Log Message: ----------- * Removed unnecessary branches and tags. Removed Paths: ------------- branches/wade/ branches/wadetregaskis/ tags/HEAD/ tags/import/ tags/start/ This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |