本文整理汇总了C++中Keychain类的典型用法代码示例。如果您正苦于以下问题:C++ Keychain类的具体用法?C++ Keychain怎么用?C++ Keychain使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Keychain类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: dictData
Item ItemImpl::makeFromPersistentReference(const CFDataRef persistentRef, bool *isIdentityRef)
{
CssmData dictData((void*)::CFDataGetBytePtr(persistentRef), ::CFDataGetLength(persistentRef));
NameValueDictionary dict(dictData);
Keychain keychain;
Item item = (ItemImpl *) NULL;
if (isIdentityRef) {
*isIdentityRef = (dict.FindByName(IDENTITY_KEY) != 0) ? true : false;
}
// make sure we have a database identifier
if (dict.FindByName(SSUID_KEY) != 0)
{
DLDbIdentifier dlDbIdentifier = NameValueDictionary::MakeDLDbIdentifierFromNameValueDictionary(dict);
DLDbIdentifier newDlDbIdentifier(dlDbIdentifier.ssuid(),
DLDbListCFPref::ExpandTildesInPath(dlDbIdentifier.dbName()).c_str(),
dlDbIdentifier.dbLocation());
keychain = globals().storageManager.keychain(newDlDbIdentifier);
const NameValuePair* aDictItem = dict.FindByName(ITEM_KEY);
if (aDictItem && keychain)
{
PrimaryKey primaryKey(aDictItem->Value());
item = keychain->item(primaryKey);
}
}
KCThrowIf_( !item, errSecItemNotFound );
return item;
}示例2: SecKeychainItemCreateFromContent
OSStatus
SecKeychainItemCreateFromContent(SecItemClass itemClass, SecKeychainAttributeList *attrList,
UInt32 length, const void *data, SecKeychainRef keychainRef,
SecAccessRef initialAccess, SecKeychainItemRef *itemRef)
{
BEGIN_SECAPI
KCThrowParamErrIf_(length!=0 && data==NULL);
Item item(itemClass, attrList, length, data);
if (initialAccess) {
item->setAccess(Access::required(initialAccess));
}
Keychain keychain = nil;
try
{
keychain = Keychain::optional(keychainRef);
if ( !keychain->exists() )
{
MacOSError::throwMe(errSecNoSuchKeychain); // Might be deleted or not available at this time.
}
}
catch(...)
{
keychain = globals().storageManager.defaultKeychainUI(item);
}
keychain->add(item);
if (itemRef) {
*itemRef = item->handle();
}
END_SECAPI
}示例3: SecKeychainItemDelete
OSStatus
SecKeychainItemDelete(SecKeychainItemRef itemRef)
{
BEGIN_SECKCITEMAPI
Item item = ItemImpl::required(__itemImplRef);
Keychain keychain = item->keychain();
// item must be persistent.
KCThrowIf_( !keychain, errSecInvalidItemRef );
/*
* Before deleting the item, delete any existing Extended Attributes.
*/
OSStatus ortn;
CFArrayRef attrNames = NULL;
ortn = SecKeychainItemCopyAllExtendedAttributes(__itemImplRef, &attrNames, NULL);
if(ortn == errSecSuccess) {
CFIndex numAttrs = CFArrayGetCount(attrNames);
for(CFIndex dex=0; dex<numAttrs; dex++) {
CFStringRef attrName = (CFStringRef)CFArrayGetValueAtIndex(attrNames, dex);
/* setting value to NULL ==> delete */
SecKeychainItemSetExtendedAttribute(__itemImplRef, attrName, NULL);
}
}
/* now delete the item */
keychain->deleteItem( item );
END_SECKCITEMAPI
}示例4: populateAttributes
//
// Add item to keychain
//
PrimaryKey UnlockReferralItem::add(Keychain &keychain)
{
StLock<Mutex>_(mMutex);
// If we already have a Keychain we can't be added.
if (mKeychain)
MacOSError::throwMe(errSecDuplicateItem);
populateAttributes();
CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType();
Db db(keychain->database());
// add the item to the (regular) db
try
{
mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get());
secdebug("usertrust", "%p inserted", this);
}
catch (const CssmError &e)
{
if (e.osStatus() != CSSMERR_DL_INVALID_RECORDTYPE)
throw;
// Create the referral relation and try again.
secdebug("usertrust", "adding schema relation for user trusts");
#if 0
db->createRelation(CSSM_DL_DB_RECORD_UNLOCK_REFERRAL,
"CSSM_DL_DB_RECORD_UNLOCK_REFERRAL",
Schema::UnlockReferralSchemaAttributeCount,
Schema::UnlockReferralSchemaAttributeList,
Schema::UnlockReferralSchemaIndexCount,
Schema::UnlockReferralSchemaIndexList);
keychain->keychainSchema()->didCreateRelation(
CSSM_DL_DB_RECORD_UNLOCK_REFERRAL,
"CSSM_DL_DB_RECORD_UNLOCK_REFERRAL",
Schema::UnlockReferralSchemaAttributeCount,
Schema::UnlockReferralSchemaAttributeList,
Schema::UnlockReferralSchemaIndexCount,
Schema::UnlockReferralSchemaIndexList);
#endif
//keychain->resetSchema();
mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get());
secdebug("usertrust", "%p inserted now", this);
}
mPrimaryKey = keychain->makePrimaryKey(recordType, mUniqueId);
mKeychain = keychain;
return mPrimaryKey;
}示例5: SecKeychainItemCopyKeychain
OSStatus
SecKeychainItemCopyKeychain(SecKeychainItemRef itemRef, SecKeychainRef* keychainRef)
{
BEGIN_SECKCITEMAPI
// make sure this item has a keychain
Keychain kc = ItemImpl::required(__itemImplRef)->keychain();
if (kc == NULL)
{
MacOSError::throwMe(errSecNoSuchKeychain);
}
Required(keychainRef) = kc->handle();
END_SECKCITEMAPI
}示例6: populateAttributes
PrimaryKey
Certificate::add(Keychain &keychain)
{
StLock<Mutex>_(mMutex);
// If we already have a Keychain we can't be added.
if (mKeychain)
MacOSError::throwMe(errSecDuplicateItem);
populateAttributes();
CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType();
Db db(keychain->database());
// add the item to the (regular) db
try
{
mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get());
}
catch (const CssmError &e)
{
if (e.osStatus() != CSSMERR_DL_INVALID_RECORDTYPE)
throw;
// Create the cert relation and try again.
db->createRelation(CSSM_DL_DB_RECORD_X509_CERTIFICATE,
"CSSM_DL_DB_RECORD_X509_CERTIFICATE",
Schema::X509CertificateSchemaAttributeCount,
Schema::X509CertificateSchemaAttributeList,
Schema::X509CertificateSchemaIndexCount,
Schema::X509CertificateSchemaIndexList);
keychain->keychainSchema()->didCreateRelation(
CSSM_DL_DB_RECORD_X509_CERTIFICATE,
"CSSM_DL_DB_RECORD_X509_CERTIFICATE",
Schema::X509CertificateSchemaAttributeCount,
Schema::X509CertificateSchemaAttributeList,
Schema::X509CertificateSchemaIndexCount,
Schema::X509CertificateSchemaIndexList);
mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get());
}
mPrimaryKey = keychain->makePrimaryKey(recordType, mUniqueId);
mKeychain = keychain;
return mPrimaryKey;
}示例7: _
//
// Retrieve the trust setting for a (certificate, policy) pair.
//
SecTrustUserSetting TrustStore::find(Certificate *cert, Policy *policy,
StorageManager::KeychainList &keychainList)
{
StLock<Mutex> _(mMutex);
if (Item item = findItem(cert, policy, keychainList)) {
// Make sure that the certificate is available in some keychain,
// to provide a basis for editing the trust setting that we're returning.
if (cert->keychain() == NULL) {
if (cert->findInKeychain(keychainList) == NULL) {
Keychain defaultKeychain = Keychain::optional(NULL);
if (Keychain location = item->keychain()) {
try {
cert->copyTo(location); // add cert to the trust item's keychain
} catch (...) {
secdebug("trusteval", "failed to add certificate %p to keychain \"%s\"",
cert, location->name());
try {
if (&*location != &*defaultKeychain)
cert->copyTo(defaultKeychain); // try the default (if it's not the same)
} catch (...) {
// unable to add the certificate
secdebug("trusteval", "failed to add certificate %p to keychain \"%s\"",
cert, defaultKeychain->name());
}
}
}
}
}
CssmDataContainer data;
item->getData(data);
if (data.length() != sizeof(TrustData))
MacOSError::throwMe(errSecInvalidTrustSetting);
TrustData &trust = *data.interpretedAs<TrustData>();
if (trust.version != UserTrustItem::currentVersion)
MacOSError::throwMe(errSecInvalidTrustSetting);
return trust.trust;
} else {
return kSecTrustResultUnspecified;
}
}示例8: item
Item
Certificate::copyTo(const Keychain &keychain, Access *newAccess)
{
StLock<Mutex>_(mMutex);
/* Certs can't have access controls. */
if (newAccess)
MacOSError::throwMe(errSecNoAccessForItem);
Item item(new Certificate(data(), type(), encoding()));
keychain->add(item);
return item;
}示例9: PostKeychainEvent
void KCEventNotifier::PostKeychainEvent(SecKeychainEvent whichEvent, const Keychain &keychain, const Item &kcItem)
{
DLDbIdentifier dlDbIdentifier;
PrimaryKey primaryKey;
if (keychain)
dlDbIdentifier = keychain->dlDbIdentifier();
if (kcItem)
primaryKey = kcItem->primaryKey();
PostKeychainEvent(whichEvent, dlDbIdentifier, primaryKey);
}示例10: item
Item
ItemImpl::copyTo(const Keychain &keychain, Access *newAccess)
{
StLock<Mutex>_(mMutex);
Item item(*this);
if (newAccess)
item->setAccess(newAccess);
else
{
/* Attempt to copy the access from the current item to the newly created one. */
SSGroup myGroup = group();
if (myGroup)
{
SecPointer<Access> access = new Access(*myGroup);
item->setAccess(access);
}
}
keychain->addCopy(item);
return item;
}示例11: _SecIdentityAddPreferenceItemWithName
static
OSStatus _SecIdentityAddPreferenceItemWithName(
SecKeychainRef keychainRef,
SecIdentityRef identityRef,
CFStringRef idString,
SecKeychainItemRef *itemRef)
{
// this is NOT exported, and called only from SecIdentityAddPreferenceItem (below), so no BEGIN/END macros here;
// caller must handle exceptions
if (!identityRef || !idString)
return errSecParam;
SecPointer<Certificate> cert(Identity::required(identityRef)->certificate());
Item item(kSecGenericPasswordItemClass, 'aapl', 0, NULL, false);
sint32 keyUsage = 0;
// determine the account attribute
//
// This attribute must be synthesized from certificate label + pref item type + key usage,
// as only the account and service attributes can make a generic keychain item unique.
// For 'iprf' type items (but not 'cprf'), we append a trailing space. This insures that
// we can save a certificate preference if an identity preference already exists for the
// given service name, and vice-versa.
// If the key usage is 0 (i.e. the normal case), we omit the appended key usage string.
//
CFStringRef labelStr = nil;
cert->inferLabel(false, &labelStr);
if (!labelStr) {
return errSecDataTooLarge; // data is "in a format which cannot be displayed"
}
CFIndex accountUTF8Len = CFStringGetMaximumSizeForEncoding(CFStringGetLength(labelStr), kCFStringEncodingUTF8) + 1;
const char *templateStr = "%s [key usage 0x%X]";
const int keyUsageMaxStrLen = 8;
accountUTF8Len += strlen(templateStr) + keyUsageMaxStrLen;
char accountUTF8[accountUTF8Len];
if (!CFStringGetCString(labelStr, accountUTF8, accountUTF8Len-1, kCFStringEncodingUTF8))
accountUTF8[0] = (char)'\0';
if (keyUsage)
snprintf(accountUTF8, accountUTF8Len-1, templateStr, accountUTF8, keyUsage);
snprintf(accountUTF8, accountUTF8Len-1, "%s ", accountUTF8);
CssmData account(const_cast<char *>(accountUTF8), strlen(accountUTF8));
CFRelease(labelStr);
// service attribute (name provided by the caller)
CFIndex serviceUTF8Len = CFStringGetMaximumSizeForEncoding(CFStringGetLength(idString), kCFStringEncodingUTF8) + 1;;
char serviceUTF8[serviceUTF8Len];
if (!CFStringGetCString(idString, serviceUTF8, serviceUTF8Len-1, kCFStringEncodingUTF8))
serviceUTF8[0] = (char)'\0';
CssmData service(const_cast<char *>(serviceUTF8), strlen(serviceUTF8));
// set item attribute values
item->setAttribute(Schema::attributeInfo(kSecServiceItemAttr), service);
item->setAttribute(Schema::attributeInfo(kSecLabelItemAttr), service);
item->setAttribute(Schema::attributeInfo(kSecTypeItemAttr), (FourCharCode)'iprf');
item->setAttribute(Schema::attributeInfo(kSecAccountItemAttr), account);
item->setAttribute(Schema::attributeInfo(kSecScriptCodeItemAttr), keyUsage);
// generic attribute (store persistent certificate reference)
CFDataRef pItemRef = nil;
OSStatus status = SecKeychainItemCreatePersistentReference((SecKeychainItemRef)cert->handle(), &pItemRef);
if (!pItemRef)
status = errSecInvalidItemRef;
if (status)
return status;
const UInt8 *dataPtr = CFDataGetBytePtr(pItemRef);
CFIndex dataLen = CFDataGetLength(pItemRef);
CssmData pref(const_cast<void *>(reinterpret_cast<const void *>(dataPtr)), dataLen);
item->setAttribute(Schema::attributeInfo(kSecGenericItemAttr), pref);
CFRelease(pItemRef);
Keychain keychain = nil;
try {
keychain = Keychain::optional(keychainRef);
if (!keychain->exists())
MacOSError::throwMe(errSecNoSuchKeychain); // Might be deleted or not available at this time.
}
catch(...) {
keychain = globals().storageManager.defaultKeychainUI(item);
}
try {
keychain->add(item);
}
catch (const MacOSError &err) {
if (err.osStatus() != errSecDuplicateItem)
throw; // if item already exists, fall through to update
}
item->update();
if (itemRef)
*itemRef = item->handle();
return status;
}示例12: SecIdentitySetPreference
OSStatus SecIdentitySetPreference(
SecIdentityRef identity,
CFStringRef name,
CSSM_KEYUSE keyUsage)
{
if (!name) {
return errSecParam;
}
if (!identity) {
// treat NULL identity as a request to clear the preference
// (note: if keyUsage is 0, this clears all key usage prefs for name)
return SecIdentityDeletePreferenceItemWithNameAndKeyUsage(NULL, name, keyUsage);
}
BEGIN_SECAPI
SecPointer<Certificate> certificate(Identity::required(identity)->certificate());
// determine the account attribute
//
// This attribute must be synthesized from certificate label + pref item type + key usage,
// as only the account and service attributes can make a generic keychain item unique.
// For 'iprf' type items (but not 'cprf'), we append a trailing space. This insures that
// we can save a certificate preference if an identity preference already exists for the
// given service name, and vice-versa.
// If the key usage is 0 (i.e. the normal case), we omit the appended key usage string.
//
CFStringRef labelStr = nil;
certificate->inferLabel(false, &labelStr);
if (!labelStr) {
MacOSError::throwMe(errSecDataTooLarge); // data is "in a format which cannot be displayed"
}
CFIndex accountUTF8Len = CFStringGetMaximumSizeForEncoding(CFStringGetLength(labelStr), kCFStringEncodingUTF8) + 1;
const char *templateStr = "%s [key usage 0x%X]";
const int keyUsageMaxStrLen = 8;
accountUTF8Len += strlen(templateStr) + keyUsageMaxStrLen;
char accountUTF8[accountUTF8Len];
if (!CFStringGetCString(labelStr, accountUTF8, accountUTF8Len-1, kCFStringEncodingUTF8))
accountUTF8[0] = (char)'\0';
if (keyUsage)
snprintf(accountUTF8, accountUTF8Len-1, templateStr, accountUTF8, keyUsage);
snprintf(accountUTF8, accountUTF8Len-1, "%s ", accountUTF8);
CssmData account(const_cast<char *>(accountUTF8), strlen(accountUTF8));
CFRelease(labelStr);
// service attribute (name provided by the caller)
CFIndex serviceUTF8Len = CFStringGetMaximumSizeForEncoding(CFStringGetLength(name), kCFStringEncodingUTF8) + 1;;
char serviceUTF8[serviceUTF8Len];
if (!CFStringGetCString(name, serviceUTF8, serviceUTF8Len-1, kCFStringEncodingUTF8))
serviceUTF8[0] = (char)'\0';
CssmData service(const_cast<char *>(serviceUTF8), strlen(serviceUTF8));
// look for existing identity preference item, in case this is an update
StorageManager::KeychainList keychains;
globals().storageManager.getSearchList(keychains);
KCCursor cursor(keychains, kSecGenericPasswordItemClass, NULL);
FourCharCode itemType = 'iprf';
cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecServiceItemAttr), service);
cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecTypeItemAttr), itemType);
if (keyUsage) {
cursor->add(CSSM_DB_EQUAL, Schema::attributeInfo(kSecScriptCodeItemAttr), (sint32)keyUsage);
}
Item item(kSecGenericPasswordItemClass, 'aapl', 0, NULL, false);
bool add = (!cursor->next(item));
// at this point, we either have a new item to add or an existing item to update
// set item attribute values
item->setAttribute(Schema::attributeInfo(kSecServiceItemAttr), service);
item->setAttribute(Schema::attributeInfo(kSecTypeItemAttr), itemType);
item->setAttribute(Schema::attributeInfo(kSecAccountItemAttr), account);
item->setAttribute(Schema::attributeInfo(kSecScriptCodeItemAttr), (sint32)keyUsage);
item->setAttribute(Schema::attributeInfo(kSecLabelItemAttr), service);
// generic attribute (store persistent certificate reference)
CFDataRef pItemRef = nil;
certificate->copyPersistentReference(pItemRef);
if (!pItemRef) {
MacOSError::throwMe(errSecInvalidItemRef);
}
const UInt8 *dataPtr = CFDataGetBytePtr(pItemRef);
CFIndex dataLen = CFDataGetLength(pItemRef);
CssmData pref(const_cast<void *>(reinterpret_cast<const void *>(dataPtr)), dataLen);
item->setAttribute(Schema::attributeInfo(kSecGenericItemAttr), pref);
CFRelease(pItemRef);
if (add) {
Keychain keychain = nil;
try {
keychain = globals().storageManager.defaultKeychain();
if (!keychain->exists())
MacOSError::throwMe(errSecNoSuchKeychain); // Might be deleted or not available at this time.
}
catch(...) {
keychain = globals().storageManager.defaultKeychainUI(item);
}
try {
keychain->add(item);
}
//.........这里部分代码省略.........
示例13: appleCsp
SecPointer<KeyItem>
KeyItem::generateWithAttributes(const SecKeychainAttributeList *attrList,
Keychain keychain,
CSSM_ALGORITHMS algorithm,
uint32 keySizeInBits,
CSSM_CC_HANDLE contextHandle,
CSSM_KEYUSE keyUsage,
uint32 keyAttr,
SecPointer<Access> initialAccess)
{
CssmClient::CSP appleCsp(gGuidAppleCSP);
CssmClient::CSP csp(NULL);
SSDb ssDb(NULL);
uint8 labelBytes[20];
CssmData label(labelBytes, sizeof(labelBytes));
bool freeKey = false;
bool deleteContext = false;
const CSSM_DATA *plabel = NULL;
if (keychain)
{
if (!(keychain->database()->dl()->subserviceMask() & CSSM_SERVICE_CSP))
MacOSError::throwMe(errSecInvalidKeychain);
SSDbImpl* impl = dynamic_cast<SSDbImpl *>(&(*keychain->database()));
if (impl == NULL)
{
CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER);
}
ssDb = SSDb(impl);
csp = keychain->csp();
// Generate a random label to use initially
CssmClient::Random random(appleCsp, CSSM_ALGID_APPLE_YARROW);
random.generate(label, label.Length);
plabel = &label;
}
else
{
// Not a persistent key so create it in the regular csp
csp = appleCsp;
}
// Create a Access::Maker for the initial owner of the private key.
ResourceControlContext *prcc = NULL, rcc;
const AccessCredentials *cred = NULL;
Access::Maker maker;
if (keychain && initialAccess)
{
memset(&rcc, 0, sizeof(rcc));
// @@@ Potentially provide a credential argument which allows us to generate keys in the csp.
// Currently the CSP lets anyone do this, but we might restrict this in the future, e.g. a smartcard
// could require out-of-band pin entry before a key can be generated.
maker.initialOwner(rcc);
// Create the cred we need to manipulate the keys until we actually set a new access control for them.
cred = maker.cred();
prcc = &rcc;
}
CSSM_KEY cssmKey;
CSSM_CC_HANDLE ccHandle = 0;
Item keyItem;
try
{
CSSM_RETURN status;
if (contextHandle)
ccHandle = contextHandle;
else
{
status = CSSM_CSP_CreateKeyGenContext(csp->handle(), algorithm, keySizeInBits, NULL, NULL, NULL, NULL, NULL, &ccHandle);
if (status)
CssmError::throwMe(status);
deleteContext = true;
}
if (ssDb)
{
CSSM_DL_DB_HANDLE dldbHandle = ssDb->handle();
CSSM_DL_DB_HANDLE_PTR dldbHandlePtr = &dldbHandle;
CSSM_CONTEXT_ATTRIBUTE contextAttributes = { CSSM_ATTRIBUTE_DL_DB_HANDLE, sizeof(dldbHandle), { (char *)dldbHandlePtr } };
status = CSSM_UpdateContextAttributes(ccHandle, 1, &contextAttributes);
if (status)
CssmError::throwMe(status);
keyAttr |= CSSM_KEYATTR_PERMANENT;
}
// Generate the key
status = CSSM_GenerateKey(ccHandle, keyUsage, keyAttr, plabel, prcc, &cssmKey);
if (status)
CssmError::throwMe(status);
if (ssDb)
{
freeKey = true;
// Find the key we just generated in the DL and get a SecKeyRef
// so we can specify the label attribute(s) and initial ACL.
//.........这里部分代码省略.........
示例14: ssDb
void
KeyItem::importPair(
Keychain keychain,
const CSSM_KEY &publicWrappedKey,
const CSSM_KEY &privateWrappedKey,
SecPointer<Access> initialAccess,
SecPointer<KeyItem> &outPublicKey,
SecPointer<KeyItem> &outPrivateKey)
{
bool freePublicKey = false;
bool freePrivateKey = false;
bool deleteContext = false;
if (!(keychain->database()->dl()->subserviceMask() & CSSM_SERVICE_CSP))
MacOSError::throwMe(errSecInvalidKeychain);
SSDbImpl* impl = dynamic_cast<SSDbImpl *>(&(*keychain->database()));
if (impl == NULL)
{
CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER);
}
SSDb ssDb(impl);
CssmClient::CSP csp(keychain->csp());
CssmClient::CSP appleCsp(gGuidAppleCSP);
// Create a Access::Maker for the initial owner of the private key.
ResourceControlContext rcc;
memset(&rcc, 0, sizeof(rcc));
Access::Maker maker(Allocator::standard(), Access::Maker::kAnyMakerType);
// @@@ Potentially provide a credential argument which allows us to unwrap keys in the csp.
// Currently the CSP lets anyone do this, but we might restrict this in the future, e.g.
// a smartcard could require out of band pin entry before a key can be generated.
maker.initialOwner(rcc);
// Create the cred we need to manipulate the keys until we actually set a new access control for them.
const AccessCredentials *cred = maker.cred();
CSSM_KEY publicCssmKey, privateCssmKey;
memset(&publicCssmKey, 0, sizeof(publicCssmKey));
memset(&privateCssmKey, 0, sizeof(privateCssmKey));
CSSM_CC_HANDLE ccHandle = 0;
Item publicKeyItem, privateKeyItem;
try
{
CSSM_RETURN status;
// Calculate the hash of the public key using the appleCSP.
CssmClient::PassThrough passThrough(appleCsp);
void *outData;
CssmData *cssmData;
/* Given a CSSM_KEY_PTR in any format, obtain the SHA-1 hash of the
* associated key blob.
* Key is specified in CSSM_CSP_CreatePassThroughContext.
* Hash is allocated bythe CSP, in the App's memory, and returned
* in *outData. */
passThrough.key(&publicWrappedKey);
passThrough(CSSM_APPLECSP_KEYDIGEST, NULL, &outData);
cssmData = reinterpret_cast<CssmData *>(outData);
CssmData &pubKeyHash = *cssmData;
status = CSSM_CSP_CreateSymmetricContext(csp->handle(), publicWrappedKey.KeyHeader.WrapAlgorithmId, CSSM_ALGMODE_NONE, NULL, NULL, NULL, CSSM_PADDING_NONE, NULL, &ccHandle);
if (status)
CssmError::throwMe(status);
deleteContext = true;
CSSM_DL_DB_HANDLE dldbHandle = ssDb->handle();
CSSM_DL_DB_HANDLE_PTR dldbHandlePtr = &dldbHandle;
CSSM_CONTEXT_ATTRIBUTE contextAttributes = { CSSM_ATTRIBUTE_DL_DB_HANDLE, sizeof(dldbHandle), { (char *)dldbHandlePtr } };
status = CSSM_UpdateContextAttributes(ccHandle, 1, &contextAttributes);
if (status)
CssmError::throwMe(status);
// Unwrap the the keys
CSSM_DATA descriptiveData = {0, NULL};
status = CSSM_UnwrapKey(
ccHandle,
NULL,
&publicWrappedKey,
publicWrappedKey.KeyHeader.KeyUsage,
publicWrappedKey.KeyHeader.KeyAttr | CSSM_KEYATTR_PERMANENT,
&pubKeyHash,
&rcc,
&publicCssmKey,
&descriptiveData);
if (status)
CssmError::throwMe(status);
freePublicKey = true;
if (descriptiveData.Data != NULL)
free (descriptiveData.Data);
status = CSSM_UnwrapKey(
ccHandle,
NULL,
&privateWrappedKey,
//.........这里部分代码省略.........
示例15: GetCurrentMacLongDateTime
PrimaryKey ItemImpl::addWithCopyInfo (Keychain &keychain, bool isCopy)
{
StLock<Mutex>_(mMutex);
// If we already have a Keychain we can't be added.
if (mKeychain)
MacOSError::throwMe(errSecDuplicateItem);
// If we don't have any attributes we can't be added.
// (this might occur if attempting to add the item twice, since our attributes
// and data are set to NULL at the end of this function.)
if (!mDbAttributes.get())
MacOSError::throwMe(errSecDuplicateItem);
CSSM_DB_RECORDTYPE recordType = mDbAttributes->recordType();
// update the creation and update dates on the new item
if (!isCopy)
{
KeychainSchema schema = keychain->keychainSchema();
SInt64 date;
GetCurrentMacLongDateTime(date);
if (schema->hasAttribute(recordType, kSecCreationDateItemAttr))
{
setAttribute(schema->attributeInfoFor(recordType, kSecCreationDateItemAttr), date);
}
if (schema->hasAttribute(recordType, kSecModDateItemAttr))
{
setAttribute(schema->attributeInfoFor(recordType, kSecModDateItemAttr), date);
}
}
// If the label (PrintName) attribute isn't specified, set a default label.
if (!mDoNotEncrypt && !mDbAttributes->find(Schema::attributeInfo(kSecLabelItemAttr)))
{
// if doNotEncrypt was set all of the attributes are wrapped in the data blob. Don't calculate here.
CssmDbAttributeData *label = NULL;
switch (recordType)
{
case CSSM_DL_DB_RECORD_GENERIC_PASSWORD:
label = mDbAttributes->find(Schema::attributeInfo(kSecServiceItemAttr));
break;
case CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD:
case CSSM_DL_DB_RECORD_INTERNET_PASSWORD:
label = mDbAttributes->find(Schema::attributeInfo(kSecServerItemAttr));
// if AppleShare server name wasn't specified, try the server address
if (!label) label = mDbAttributes->find(Schema::attributeInfo(kSecAddressItemAttr));
break;
default:
break;
}
// if all else fails, use the account name.
if (!label)
label = mDbAttributes->find(Schema::attributeInfo(kSecAccountItemAttr));
if (label && label->size())
setAttribute (Schema::attributeInfo(kSecLabelItemAttr), label->at<CssmData>(0));
}
// get the attributes that are part of the primary key
const CssmAutoDbRecordAttributeInfo &primaryKeyInfos =
keychain->primaryKeyInfosFor(recordType);
// make sure each primary key element has a value in the item, otherwise
// the database will complain. we make a set of the provided attribute infos
// to avoid O(N^2) behavior.
DbAttributes *attributes = mDbAttributes.get();
typedef set<CssmDbAttributeInfo> InfoSet;
InfoSet infoSet;
if (!mDoNotEncrypt)
{
// make a set of all the attributes in the key
for (uint32 i = 0; i < attributes->size(); i++)
infoSet.insert(attributes->at(i).Info);
for (uint32 i = 0; i < primaryKeyInfos.size(); i++) { // check to make sure all required attributes are in the key
InfoSet::const_iterator it = infoSet.find(primaryKeyInfos.at(i));
if (it == infoSet.end()) { // not in the key? add the default
// we need to add a default value to the item attributes
attributes->add(primaryKeyInfos.at(i), defaultAttributeValue(primaryKeyInfos.at(i)));
}
}
}
Db db(keychain->database());
if (mDoNotEncrypt)
{
mUniqueId = db->insertWithoutEncryption (recordType, NULL, mData.get());
}
else if (useSecureStorage(db))
{
// Add the item to the secure storage db
SSDbImpl* impl = dynamic_cast<SSDbImpl *>(&(*db));
if (impl == NULL)
{
//.........这里部分代码省略.........