本文整理汇总了C++中SecPointer::setAccess方法的典型用法代码示例。如果您正苦于以下问题:C++ SecPointer::setAccess方法的具体用法?C++ SecPointer::setAccess怎么用?C++ SecPointer::setAccess使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类SecPointer的用法示例。
在下文中一共展示了SecPointer::setAccess方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: appleCsp
//.........这里部分代码省略.........
status = CSSM_GenerateKey(ccHandle, keyUsage, keyAttr, plabel, prcc, &cssmKey);
if (status)
CssmError::throwMe(status);
if (ssDb)
{
freeKey = true;
// Find the key we just generated in the DL and get a SecKeyRef
// so we can specify the label attribute(s) and initial ACL.
// Look up key in the DLDB.
DbAttributes dbAttributes;
DbUniqueRecord uniqueId;
SSDbCursor dbCursor(ssDb, 1);
dbCursor->recordType(CSSM_DL_DB_RECORD_SYMMETRIC_KEY);
dbCursor->add(CSSM_DB_EQUAL, kInfoKeyLabel, label);
CssmClient::Key key;
if (!dbCursor->nextKey(&dbAttributes, key, uniqueId))
MacOSError::throwMe(errSecItemNotFound);
// Set the initial label, application label, and application tag (if provided)
if (attrList) {
DbAttributes newDbAttributes;
SSDbCursor otherDbCursor(ssDb, 1);
otherDbCursor->recordType(CSSM_DL_DB_RECORD_SYMMETRIC_KEY);
bool checkForDuplicates = false;
for (UInt32 index=0; index < attrList->count; index++) {
SecKeychainAttribute attr = attrList->attr[index];
CssmData attrData(attr.data, attr.length);
if (attr.tag == kSecKeyPrintName) {
newDbAttributes.add(kInfoKeyPrintName, attrData);
}
if (attr.tag == kSecKeyLabel) {
newDbAttributes.add(kInfoKeyLabel, attrData);
otherDbCursor->add(CSSM_DB_EQUAL, kInfoKeyLabel, attrData);
checkForDuplicates = true;
}
if (attr.tag == kSecKeyApplicationTag) {
newDbAttributes.add(kInfoKeyApplicationTag, attrData);
otherDbCursor->add(CSSM_DB_EQUAL, kInfoKeyApplicationTag, attrData);
checkForDuplicates = true;
}
}
DbAttributes otherDbAttributes;
DbUniqueRecord otherUniqueId;
CssmClient::Key otherKey;
if (checkForDuplicates && otherDbCursor->nextKey(&otherDbAttributes, otherKey, otherUniqueId))
MacOSError::throwMe(errSecDuplicateItem);
uniqueId->modify(CSSM_DL_DB_RECORD_SYMMETRIC_KEY, &newDbAttributes, NULL, CSSM_DB_MODIFY_ATTRIBUTE_REPLACE);
}
// Finally, fix the acl and owner of the key to the specified access control settings.
if (initialAccess)
initialAccess->setAccess(*key, maker);
// Create keychain item which will represent the key.
keyItem = keychain->item(CSSM_DL_DB_RECORD_SYMMETRIC_KEY, uniqueId);
}
else
{
CssmClient::Key tempKey(csp, cssmKey);
keyItem = new KeyItem(tempKey);
}
}
catch (...)
{
if (freeKey)
{
// Delete the key if something goes wrong so we don't end up with inaccessible keys in the database.
CSSM_FreeKey(csp->handle(), cred, &cssmKey, TRUE);
}
if (deleteContext)
CSSM_DeleteContext(ccHandle);
throw;
}
if (freeKey)
{
CSSM_FreeKey(csp->handle(), NULL, &cssmKey, FALSE);
}
if (deleteContext)
CSSM_DeleteContext(ccHandle);
if (keychain && keyItem)
keychain->postEvent(kSecAddEvent, keyItem);
KeyItem* item = dynamic_cast<KeyItem*>(&*keyItem);
if (item == NULL)
{
CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER);
}
return item;
}示例2: ssDb
//.........这里部分代码省略.........
// Look up public key in the DLDB.
DbAttributes pubDbAttributes;
DbUniqueRecord pubUniqueId;
SSDbCursor dbPubCursor(ssDb, 1);
dbPubCursor->recordType(CSSM_DL_DB_RECORD_PUBLIC_KEY);
dbPubCursor->add(CSSM_DB_EQUAL, kInfoKeyLabel, pubKeyHash);
CssmClient::Key publicKey;
if (!dbPubCursor->nextKey(&pubDbAttributes, publicKey, pubUniqueId))
MacOSError::throwMe(errSecItemNotFound);
// Look up private key in the DLDB.
DbAttributes privDbAttributes;
DbUniqueRecord privUniqueId;
SSDbCursor dbPrivCursor(ssDb, 1);
dbPrivCursor->recordType(CSSM_DL_DB_RECORD_PRIVATE_KEY);
dbPrivCursor->add(CSSM_DB_EQUAL, kInfoKeyLabel, pubKeyHash);
CssmClient::Key privateKey;
if (!dbPrivCursor->nextKey(&privDbAttributes, privateKey, privUniqueId))
MacOSError::throwMe(errSecItemNotFound);
// @@@ Not exception safe!
csp.allocator().free(cssmData->Data);
csp.allocator().free(cssmData);
auto_ptr<string>privDescription;
auto_ptr<string>pubDescription;
try {
privDescription.reset(new string(initialAccess->promptDescription()));
pubDescription.reset(new string(initialAccess->promptDescription()));
}
catch(...) {
/* this path taken if no promptDescription available, e.g., for complex ACLs */
privDescription.reset(new string("Private key"));
pubDescription.reset(new string("Public key"));
}
// Set the label of the public key to the public key hash.
// Set the PrintName of the public key to the description in the acl.
pubDbAttributes.add(kInfoKeyPrintName, *pubDescription);
pubUniqueId->modify(CSSM_DL_DB_RECORD_PUBLIC_KEY, &pubDbAttributes, NULL, CSSM_DB_MODIFY_ATTRIBUTE_REPLACE);
// Set the label of the private key to the public key hash.
// Set the PrintName of the private key to the description in the acl.
privDbAttributes.add(kInfoKeyPrintName, *privDescription);
privUniqueId->modify(CSSM_DL_DB_RECORD_PRIVATE_KEY, &privDbAttributes, NULL, CSSM_DB_MODIFY_ATTRIBUTE_REPLACE);
// Finally fix the acl and owner of the private key to the specified access control settings.
initialAccess->setAccess(*privateKey, maker);
// Make the public key acl completely open
SecPointer<Access> pubKeyAccess(new Access());
pubKeyAccess->setAccess(*publicKey, maker);
// Create keychain items which will represent the keys.
publicKeyItem = keychain->item(CSSM_DL_DB_RECORD_PUBLIC_KEY, pubUniqueId);
privateKeyItem = keychain->item(CSSM_DL_DB_RECORD_PRIVATE_KEY, privUniqueId);
KeyItem* impl = dynamic_cast<KeyItem*>(&(*publicKeyItem));
if (impl == NULL)
{
CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER);
}
outPublicKey = impl;
impl = dynamic_cast<KeyItem*>(&(*privateKeyItem));
if (impl == NULL)
{
CssmError::throwMe(CSSMERR_CSSM_INVALID_POINTER);
}
outPrivateKey = impl;
}
catch (...)
{
if (freePublicKey)
CSSM_FreeKey(csp->handle(), cred, &publicCssmKey, TRUE);
if (freePrivateKey)
CSSM_FreeKey(csp->handle(), cred, &privateCssmKey, TRUE);
if (deleteContext)
CSSM_DeleteContext(ccHandle);
throw;
}
if (freePublicKey)
CSSM_FreeKey(csp->handle(), cred, &publicCssmKey, FALSE);
if (freePrivateKey)
CSSM_FreeKey(csp->handle(), cred, &privateCssmKey, FALSE);
if (deleteContext)
CSSM_DeleteContext(ccHandle);
if (keychain && publicKeyItem && privateKeyItem)
{
KCEventNotifier::PostKeychainEvent(kSecAddEvent, keychain, publicKeyItem);
KCEventNotifier::PostKeychainEvent(kSecAddEvent, keychain, privateKeyItem);
}
}示例3: addWithCopyInfo
//.........这里部分代码省略.........
TrackingAllocator allocator(Allocator::standard());
// hhs replaced with the new aclFactory class
AclFactory aclFactory;
const AccessCredentials *nullCred = aclFactory.nullCred();
SecPointer<Access> access = mAccess;
if (!access) {
// create default access controls for the new item
CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(kSecLabelItemAttr));
string printName = data ? CssmData::overlay(data->Value[0]).toString() : "keychain item";
access = new Access(printName);
// special case for "iTools" password - allow anyone to decrypt the item
if (recordType == CSSM_DL_DB_RECORD_GENERIC_PASSWORD)
{
CssmDbAttributeData *data = mDbAttributes->find(Schema::attributeInfo(kSecServiceItemAttr));
if (data && data->Value[0].Length == 6 && !memcmp("iTools", data->Value[0].Data, 6))
{
typedef vector<SecPointer<ACL> > AclSet;
AclSet acls;
access->findAclsForRight(CSSM_ACL_AUTHORIZATION_DECRYPT, acls);
for (AclSet::const_iterator it = acls.begin(); it != acls.end(); it++)
(*it)->form(ACL::allowAllForm);
}
}
}
// Get the handle of the DL underlying this CSPDL.
CSSM_DL_DB_HANDLE dldbh;
db->passThrough(CSSM_APPLECSPDL_DB_GET_HANDLE, NULL,
reinterpret_cast<void **>(&dldbh));
// Turn off autocommit on the underlying DL and remember the old state.
CSSM_BOOL autoCommit = CSSM_TRUE;
ObjectImpl::check(CSSM_DL_PassThrough(dldbh,
CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT,
0, reinterpret_cast<void **>(&autoCommit)));
try
{
// Create a new SSGroup with temporary access controls
Access::Maker maker;
ResourceControlContext prototype;
maker.initialOwner(prototype, nullCred);
SSGroup ssGroup(ssDb, &prototype);
try
{
// Insert the record using the newly created group.
mUniqueId = ssDb->insert(recordType, mDbAttributes.get(),
mData.get(), ssGroup, maker.cred());
}
catch(...)
{
ssGroup->deleteKey(nullCred);
throw;
}
// now finalize the access controls on the group
access->setAccess(*ssGroup, maker);
mAccess = NULL; // use them and lose them
if (autoCommit)
{
// autoCommit was on so commit now that we are done and turn
// it back on.
ObjectImpl::check(CSSM_DL_PassThrough(dldbh,
CSSM_APPLEFILEDL_COMMIT, NULL, NULL));
CSSM_DL_PassThrough(dldbh, CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT,
reinterpret_cast<const void *>(autoCommit), NULL);
}
}
catch (...)
{
if (autoCommit)
{
// autoCommit was off so rollback since we failed and turn
// autoCommit back on.
CSSM_DL_PassThrough(dldbh, CSSM_APPLEFILEDL_ROLLBACK, NULL, NULL);
CSSM_DL_PassThrough(dldbh, CSSM_APPLEFILEDL_TOGGLE_AUTOCOMMIT,
reinterpret_cast<const void *>(autoCommit), NULL);
}
throw;
}
}
else
{
// add the item to the (regular) db
mUniqueId = db->insert(recordType, mDbAttributes.get(), mData.get());
}
mPrimaryKey = keychain->makePrimaryKey(recordType, mUniqueId);
mKeychain = keychain;
// Forget our data and attributes.
mData = NULL;
mDbAttributes.reset(NULL);
return mPrimaryKey;
}