Clean up security_wrappers.cc/.h

It was introduced by https://codereview.chromium.org/10344009 for keychain reauthorization, now that keychain reauthorization was removed by https://codereview.chromium.org/183713003 we no longer need most of it. BUG=411926 Review URL: https://codereview.chromium.org/558233002 Cr-Commit-Position: refs/heads/master@{#294187}

Clean up security_wrappers.cc/.h
It was introduced by https://codereview.chromium.org/10344009 for keychain reauthorization, now that keychain reauthorization was removed by https://codereview.chromium.org/183713003 we no longer need most of it. BUG=411926 Review URL: https://codereview.chromium.org/558233002 Cr-Commit-Position: refs/heads/master@{#294187}
a80fc361 · jiangj · Commit bot · 97b60ee3 · a80fc361 · a80fc361
Commit a80fc361 authored Sep 10, 2014 by jiangj Committed by Commit bot Sep 10, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 582 deletions

chrome/browser/mac/security_wrappers.cc chrome/browser/mac/security_wrappers.cc +2 -377

chrome/browser/mac/security_wrappers.h chrome/browser/mac/security_wrappers.h +2 -205

No files found.
--- a/chrome/browser/mac/security_wrappers.cc
+++ b/chrome/browser/mac/security_wrappers.cc
@@ -4,14 +4,9 @@
 #include "chrome/browser/mac/security_wrappers.h"
-#include "base/mac/foundation_util.h"
+#include <Security/Security.h>
-#include "base/mac/mac_logging.h"
-extern "C" {
+#include "base/mac/mac_logging.h"
-OSStatus SecTrustedApplicationCopyRequirement(
-    SecTrustedApplicationRef application,
-    SecRequirementRef* requirement);
-}  // extern "C"
 namespace chrome {
@@ -37,374 +32,4 @@ ScopedSecKeychainSetUserInteractionAllowed::
  }
 }
-CrSKeychainItemAndAccess::CrSKeychainItemAndAccess(SecKeychainItemRef item,
-                                                   SecAccessRef access)
-    : item_(item),
-      access_(access) {
-  // These CFRetain calls aren't leaks. They're balanced by an implicit
-  // CFRelease at destruction because the fields are of type ScopedCFTypeRef.
-  // These fields are retained on construction (unlike the typical
-  // ScopedCFTypeRef pattern) because this class is intended for use as an STL
-  // type adapter to keep two related objects together, and thus must
-  // implement proper reference counting in the methods required for STL
-  // container use. This class and is not intended to act as a scoper for the
-  // underlying objects in user code. For that, just use ScopedCFTypeRef.
-  CFRetain(item_);
-  CFRetain(access_);
-}
-CrSKeychainItemAndAccess::CrSKeychainItemAndAccess(
-    const CrSKeychainItemAndAccess& that)
-    : item_(that.item_.get()),
-      access_(that.access_.get()) {
-  // See the comment above in the two-argument constructor.
-  CFRetain(item_);
-  CFRetain(access_);
-}
-CrSKeychainItemAndAccess::~CrSKeychainItemAndAccess() {
-}
-void CrSKeychainItemAndAccess::operator=(const CrSKeychainItemAndAccess& that) {
-  // See the comment above in the two-argument constructor.
-  CFRetain(that.item_);
-  item_.reset(that.item_);
-  CFRetain(that.access_);
-  access_.reset(that.access_);
-}
-CrSACLSimpleContents::CrSACLSimpleContents() {
-}
-CrSACLSimpleContents::~CrSACLSimpleContents() {
-}
-ScopedSecKeychainAttributeInfo::ScopedSecKeychainAttributeInfo(
-    SecKeychainAttributeInfo* attribute_info)
-    : attribute_info_(attribute_info) {
-}
-ScopedSecKeychainAttributeInfo::~ScopedSecKeychainAttributeInfo() {
-  OSStatus status = SecKeychainFreeAttributeInfo(attribute_info_);
-  if (status != errSecSuccess) {
-    OSSTATUS_LOG(ERROR, status);
-  }
-}
-ScopedCrSKeychainItemAttributesAndData::ScopedCrSKeychainItemAttributesAndData(
-    CrSKeychainItemAttributesAndData* attributes_and_data)
-    : attributes_and_data_(attributes_and_data) {
-}
-ScopedCrSKeychainItemAttributesAndData::
-    ~ScopedCrSKeychainItemAttributesAndData() {
-  if (attributes_and_data_.get()) {
-    CrSKeychainItemFreeAttributesAndData(
-        attributes_and_data_->attribute_list, attributes_and_data_->data);
-  }
-}
-SecKeychainSearchRef CrSKeychainSearchCreateFromAttributes(
-    CFTypeRef keychain_or_array,
-    SecItemClass item_class,
-    const SecKeychainAttributeList* attribute_list) {
-  SecKeychainSearchRef search;
-  OSStatus status = SecKeychainSearchCreateFromAttributes(keychain_or_array,
-                                                          item_class,
-                                                          attribute_list,
-                                                          &search);
-  if (status != errSecSuccess) {
-    OSSTATUS_LOG(ERROR, status);
-    return NULL;
-  }
-  return search;
-}
-SecKeychainItemRef CrSKeychainSearchCopyNext(SecKeychainSearchRef search) {
-  if (!search) {
-    return NULL;
-  }
-  SecKeychainItemRef item;
-  OSStatus status = SecKeychainSearchCopyNext(search, &item);
-  if (status != errSecSuccess) {
-    if (status != errSecItemNotFound) {
-      OSSTATUS_LOG(ERROR, status);
-    }
-    return NULL;
-  }
-  return item;
-}
-void CrSKeychainItemFreeAttributesAndData(
-    SecKeychainAttributeList* attribute_list,
-    void* data) {
-  OSStatus status = SecKeychainItemFreeAttributesAndData(attribute_list, data);
-  if (status != errSecSuccess) {
-    OSSTATUS_LOG(ERROR, status);
-  }
-}
-bool CrSKeychainItemTestAccess(SecKeychainItemRef item) {
-  UInt32 length;
-  void* data;
-  OSStatus status = SecKeychainItemCopyAttributesAndData(item,
-                                                         NULL,
-                                                         NULL,
-                                                         NULL,
-                                                         &length,
-                                                         &data);
-  if (status != errSecSuccess) {
-    if (status != errSecAuthFailed) {
-      OSSTATUS_LOG(ERROR, status);
-    }
-    return false;
-  }
-  CrSKeychainItemFreeAttributesAndData(NULL, data);
-  return true;
-}
-SecAccessRef CrSKeychainItemCopyAccess(SecKeychainItemRef item) {
-  SecAccessRef access;
-  OSStatus status = SecKeychainItemCopyAccess(item, &access);
-  if (status != errSecSuccess) {
-    if (status != errSecNoAccessForItem && status != errSecAuthFailed) {
-      OSSTATUS_LOG(ERROR, status);
-    }
-    return NULL;
-  }
-  return access;
-}
-CFArrayRef CrSAccessCopyACLList(SecAccessRef access) {
-  if (!access) {
-    return NULL;
-  }
-  CFArrayRef acl_list;
-  OSStatus status = SecAccessCopyACLList(access, &acl_list);
-  if (status != errSecSuccess) {
-    OSSTATUS_LOG(ERROR, status);
-    return NULL;
-  }
-  return acl_list;
-}
-CrSACLSimpleContents* CrSACLCopySimpleContents(SecACLRef acl) {
-  if (!acl) {
-    return NULL;
-  }
-  scoped_ptr<CrSACLSimpleContents> acl_simple_contents(
-      new CrSACLSimpleContents());
-  CFArrayRef application_list;
-  CFStringRef description;
-  OSStatus status =
-      SecACLCopySimpleContents(acl,
-                               &application_list,
-                               &description,
-                               &acl_simple_contents->prompt_selector);
-  if (status != errSecSuccess) {
-    if (status != errSecACLNotSimple) {
-      OSSTATUS_LOG(ERROR, status);
-    }
-    return NULL;
-  }
-  acl_simple_contents->application_list.reset(application_list);
-  acl_simple_contents->description.reset(description);
-  return acl_simple_contents.release();
-}
-SecRequirementRef CrSTrustedApplicationCopyRequirement(
-    SecTrustedApplicationRef application) {
-  if (!application) {
-    return NULL;
-  }
-  SecRequirementRef requirement;
-  OSStatus status = SecTrustedApplicationCopyRequirement(application,
-                                                         &requirement);
-  if (status != errSecSuccess) {
-    OSSTATUS_LOG(ERROR, status);
-    return NULL;
-  }
-  return requirement;
-}
-CFStringRef CrSRequirementCopyString(SecRequirementRef requirement,
-                                     SecCSFlags flags) {
-  if (!requirement) {
-    return NULL;
-  }
-  CFStringRef requirement_string;
-  OSStatus status = SecRequirementCopyString(requirement,
-                                             flags,
-                                             &requirement_string);
-  if (status != errSecSuccess) {
-    OSSTATUS_LOG(ERROR, status);
-    return NULL;
-  }
-  return requirement_string;
-}
-SecTrustedApplicationRef CrSTrustedApplicationCreateFromPath(const char* path) {
-  SecTrustedApplicationRef application;
-  OSStatus status = SecTrustedApplicationCreateFromPath(path, &application);
-  if (status != errSecSuccess) {
-    OSSTATUS_LOG(ERROR, status);
-    return NULL;
-  }
-  return application;
-}
-bool CrSACLSetSimpleContents(SecACLRef acl,
-                             const CrSACLSimpleContents& acl_simple_contents) {
-  OSStatus status =
-      SecACLSetSimpleContents(acl,
-                              acl_simple_contents.application_list,
-                              acl_simple_contents.description,
-                              &acl_simple_contents.prompt_selector);
-  if (status != errSecSuccess) {
-    OSSTATUS_LOG(ERROR, status);
-    return false;
-  }
-  return true;
-}
-SecKeychainRef CrSKeychainItemCopyKeychain(SecKeychainItemRef item) {
-  SecKeychainRef keychain;
-  OSStatus status = SecKeychainItemCopyKeychain(item, &keychain);
-  if (status != errSecSuccess) {
-    OSSTATUS_LOG(ERROR, status);
-    return NULL;
-  }
-  return keychain;
-}
-SecKeychainAttributeInfo* CrSKeychainAttributeInfoForItemID(
-    SecKeychainRef keychain,
-    UInt32 item_id) {
-  SecKeychainAttributeInfo* attribute_info;
-  OSStatus status = SecKeychainAttributeInfoForItemID(keychain,
-                                                      item_id,
-                                                      &attribute_info);
-  if (status != errSecSuccess) {
-    OSSTATUS_LOG(ERROR, status);
-    return NULL;
-  }
-  return attribute_info;
-}
-CrSKeychainItemAttributesAndData* CrSKeychainItemCopyAttributesAndData(
-    SecKeychainRef keychain,
-    SecKeychainItemRef item) {
-  ScopedCrSKeychainItemAttributesAndData attributes_and_data(
-      new CrSKeychainItemAttributesAndData());
-  OSStatus status =
-      SecKeychainItemCopyAttributesAndData(item,
-                                           NULL,
-                                           attributes_and_data.item_class_ptr(),
-                                           NULL,
-                                           NULL,
-                                           NULL);
-  if (status != errSecSuccess) {
-    OSSTATUS_LOG(ERROR, status);
-    return NULL;
-  }
-  // This looks really weird, but it's right. See 10.7.3
-  // libsecurity_keychain-55044 lib/SecItem.cpp
-  // _CreateAttributesDictionaryFromKeyItem and 10.7.3 SecurityTool-55002
-  // keychain_utilities.c print_keychain_item_attributes.
-  UInt32 item_id;
-  switch (attributes_and_data.item_class()) {
-    case kSecInternetPasswordItemClass:
-      item_id = CSSM_DL_DB_RECORD_INTERNET_PASSWORD;
-      break;
-    case kSecGenericPasswordItemClass:
-      item_id = CSSM_DL_DB_RECORD_GENERIC_PASSWORD;
-      break;
-    // kSecInternetPasswordItemClass is marked as deprecated in the 10.9 sdk,
-    // but the files in libsecurity_keychain from 10.7 referenced above still
-    // use it. Also see rdar://14281375 /
-    // http://openradar.appspot.com/radar?id=3143412 .
-#pragma clang diagnostic push
-#pragma clang diagnostic ignored "-Wdeprecated-declarations"
-    case kSecAppleSharePasswordItemClass:
-#pragma clang diagnostic pop
-      item_id = CSSM_DL_DB_RECORD_APPLESHARE_PASSWORD;
-      break;
-    default:
-      item_id = attributes_and_data.item_class();
-      break;
-  }
-  ScopedSecKeychainAttributeInfo attribute_info(
-      CrSKeychainAttributeInfoForItemID(keychain, item_id));
-  if (!attribute_info) {
-    return NULL;
-  }
-  status = SecKeychainItemCopyAttributesAndData(
-      item,
-      attribute_info,
-      attributes_and_data.item_class_ptr(),
-      attributes_and_data.attribute_list_ptr(),
-      attributes_and_data.length_ptr(),
-      attributes_and_data.data_ptr());
-  if (status != errSecSuccess) {
-    OSSTATUS_LOG(ERROR, status);
-    return NULL;
-  }
-  return attributes_and_data.release();
-}
-bool CrSKeychainItemDelete(SecKeychainItemRef item) {
-  OSStatus status = SecKeychainItemDelete(item);
-  if (status != errSecSuccess) {
-    OSSTATUS_LOG(ERROR, status);
-    return false;
-  }
-  return true;
-}
-SecKeychainItemRef CrSKeychainItemCreateFromContent(
-    const CrSKeychainItemAttributesAndData& attributes_and_data,
-    SecKeychainRef keychain,
-    SecAccessRef access) {
-  SecKeychainItemRef item;
-  OSStatus status =
-      SecKeychainItemCreateFromContent(attributes_and_data.item_class,
-                                       attributes_and_data.attribute_list,
-                                       attributes_and_data.length,
-                                       attributes_and_data.data,
-                                       keychain,
-                                       access,
-                                       &item);
-  if (status != errSecSuccess) {
-    OSSTATUS_LOG(ERROR, status);
-    return NULL;
-  }
-  return item;
-}
 }  // namespace chrome
--- a/chrome/browser/mac/security_wrappers.h
+++ b/chrome/browser/mac/security_wrappers.h
@@ -5,12 +5,9 @@
 #ifndef CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_
 #define CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_
-#include <Security/Security.h>
+#include <CoreFoundation/CFBase.h>
-#include <Security/SecRequirement.h>
-#include "base/basictypes.h"
+#include "base/macros.h"
-#include "base/mac/scoped_cftyperef.h"
-#include "base/memory/scoped_ptr.h"
 namespace chrome {
@@ -27,206 +24,6 @@ class ScopedSecKeychainSetUserInteractionAllowed {
  DISALLOW_COPY_AND_ASSIGN(ScopedSecKeychainSetUserInteractionAllowed);
 };
-// Holds a paired SecKeychainItemRef and SecAccessRef, maintaining the
-// association between the two, and managing their ownership by retaining
-// the SecKeychainItemRef and SecAccessRef elements placed into a
-// CrSKeychainItemAndAccess object. Suitable for use
-// in standard C++ containers.
-class CrSKeychainItemAndAccess {
- public:
-  CrSKeychainItemAndAccess(SecKeychainItemRef item, SecAccessRef access);
-  CrSKeychainItemAndAccess(const CrSKeychainItemAndAccess& that);
-  ~CrSKeychainItemAndAccess();
-  void operator=(const CrSKeychainItemAndAccess& that);
-  SecKeychainItemRef item() const { return item_; }
-  SecAccessRef access() const { return access_; }
- private:
-  base::ScopedCFTypeRef<SecKeychainItemRef> item_;
-  base::ScopedCFTypeRef<SecAccessRef> access_;
-};
-// Holds the return value from CrSACLCopySimpleContents and an argument to
-// CrSACLSetSimpleContents, managing ownership. Used in those wrappers to keep
-// logically grouped data together.
-struct CrSACLSimpleContents {
-  CrSACLSimpleContents();
-  ~CrSACLSimpleContents();
-  base::ScopedCFTypeRef<CFArrayRef> application_list;
-  base::ScopedCFTypeRef<CFStringRef> description;
-  CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR prompt_selector;
-};
-// Holds a SecKeychainAttributeInfo*, calling SecKeychainFreeAttributeInfo on
-// destruction.
-class ScopedSecKeychainAttributeInfo {
- public:
-  explicit ScopedSecKeychainAttributeInfo(
-      SecKeychainAttributeInfo* attribute_info);
-  ~ScopedSecKeychainAttributeInfo();
-  operator SecKeychainAttributeInfo*() const {
-    return attribute_info_;
-  }
- private:
-  SecKeychainAttributeInfo* attribute_info_;
-};
-// Holds the return value from CrSKeychainItemCopyAttributesAndData and an
-// argument to CrSKeychainItemCreateFromContent. Used in those wrappers to
-// keep logically grouped data together.
-struct CrSKeychainItemAttributesAndData {
-  SecItemClass item_class;
-  SecKeychainAttributeList* attribute_list;
-  UInt32 length;
-  void* data;
-};
-// Holds a CrSKeychainItemAttributesAndData*, calling
-// CrSKeychainItemFreeAttributesAndData and freeing the owned
-// CrSKeychainItemAttributesAndData* on destruction.
-class ScopedCrSKeychainItemAttributesAndData {
- public:
-  ScopedCrSKeychainItemAttributesAndData(
-      CrSKeychainItemAttributesAndData* attributes_and_data);
-  ~ScopedCrSKeychainItemAttributesAndData();
-  CrSKeychainItemAttributesAndData* get() const {
-    return attributes_and_data_.get();
-  }
-  CrSKeychainItemAttributesAndData* release() {
-    return attributes_and_data_.release();
-  }
-  SecItemClass item_class() const {
-    return attributes_and_data_->item_class;
-  }
-  SecItemClass* item_class_ptr() const {
-    return &attributes_and_data_->item_class;
-  }
-  SecKeychainAttributeList* attribute_list() const {
-    return attributes_and_data_->attribute_list;
-  }
-  SecKeychainAttributeList** attribute_list_ptr() const {
-    return &attributes_and_data_->attribute_list;
-  }
-  UInt32 length() const {
-    return attributes_and_data_->length;
-  }
-  UInt32* length_ptr() const {
-    return &attributes_and_data_->length;
-  }
-  void* data() const {
-    return attributes_and_data_->data;
-  }
-  void** data_ptr() const {
-    return &attributes_and_data_->data;
-  }
- private:
-  scoped_ptr<CrSKeychainItemAttributesAndData> attributes_and_data_;
-};
-// Wraps SecKeychainSearchCreateFromAttributes, returning NULL on error and a
-// SecKeychainSearchRef owned by the caller on success.
-SecKeychainSearchRef CrSKeychainSearchCreateFromAttributes(
-    CFTypeRef keychain_or_array,
-    SecItemClass item_class,
-    const SecKeychainAttributeList* attribute_list);
-// Wraps SecKeychainSearchCopyNext, tolerating a NULL argument (resulting in
-// a NULL return value but nothing logged), returning NULL on error and a
-// SecKeychainItemRef owned by the caller on success.
-SecKeychainItemRef CrSKeychainSearchCopyNext(SecKeychainSearchRef search);
-// Wraps SecKeychainItemFreeAttributesAndData.
-void CrSKeychainItemFreeAttributesAndData(
-    SecKeychainAttributeList* attribute_list,
-    void* data);
-// Tests access to |item| by calling SecKeychainItemCopyAttributesAndData,
-// taking care to properly free any returned data. Returns true if access to
-// |item| is authorized. errSecAuthFailed is considered an "expected" error
-// for which nothing will be logged, although false will be returned.
-bool CrSKeychainItemTestAccess(SecKeychainItemRef item);
-// Wraps SecKeychainItemCopyAccess, returning NULL on error and a SecAccessRef
-// owned by the caller on success. errSecNoAccessForItem and errSecAuthFailed
-// are considered "expected" errors for which nothing will be logged, although
-// NULL will be returned.
-SecAccessRef CrSKeychainItemCopyAccess(SecKeychainItemRef item);
-// Wraps SecAccessCopyACLList, returning NULL on error and a CFArrayRef owned
-// by the caller on success.
-CFArrayRef CrSAccessCopyACLList(SecAccessRef access);
-// Wraps SecACLCopySimpleContents, returning NULL on error and a
-// CrSACLSimpleContents* owned by the caller on success. errSecACLNotSimple is
-// considered an "expected" error for which nothing will be logged, although
-// NULL will be returned.
-CrSACLSimpleContents* CrSACLCopySimpleContents(SecACLRef acl);
-// Wraps SecTrustedApplicationCopyRequirement, tolerating a NULL argument
-// (resulting in a NULL return value but nothing logged) and returning NULL on
-// error or a SecRequirementRef owned by the caller on success.
-SecRequirementRef CrSTrustedApplicationCopyRequirement(
-    SecTrustedApplicationRef application);
-// Wraps SecRequirementCopyString, tolerating a NULL argument (resulting in
-// a NULL return value but nothing logged) and returning NULL on error or a
-// CFStringRef owned by the caller on success.
-CFStringRef CrSRequirementCopyString(SecRequirementRef requirement,
-                                     SecCSFlags flags);
-// Wraps SecTrustedApplicationCreateFromPath, returning NULL on error or a
-// SecTrustedApplicationRef owned by the caller on success.
-SecTrustedApplicationRef CrSTrustedApplicationCreateFromPath(const char* path);
-// Wraps SecACLSetSimpleContents, adapting it to the CrSACLSimpleContents
-// argument, returning false on error or true on success.
-bool CrSACLSetSimpleContents(SecACLRef acl,
-                             const CrSACLSimpleContents& acl_simple_contents);
-// Wraps SecKeychainItemCopyKeychain, returning NULL on error or a
-// SecKeychainRef owned by the caller on success.
-SecKeychainRef CrSKeychainItemCopyKeychain(SecKeychainItemRef item);
-// Wraps SecKeychainAttributeInfoForItemID, returning NULL on error or a
-// SecKeychainAttributeInfo* owned by the caller on success.
-SecKeychainAttributeInfo* CrSKeychainAttributeInfoForItemID(
-    SecKeychainRef keychain,
-    UInt32 item_id);
-// Wraps SecKeychainItemCopyAttributesAndData, returning NULL on error or a
-// CrSKeychainItemAttributesAndData* owned by the caller on success.
-CrSKeychainItemAttributesAndData* CrSKeychainItemCopyAttributesAndData(
-    SecKeychainRef keychain,
-    SecKeychainItemRef item);
-// Wraps SecKeychainItemDelete, returning false on error or true on success.
-bool CrSKeychainItemDelete(SecKeychainItemRef item);
-// Wraps SecKeychainItemCreateFromContent, adapting it to the
-// CrSKeychainItemAttributesAndData argument, returning NULL on error or a
-// SecKeychainItemRef owned by the caller on success.
-SecKeychainItemRef CrSKeychainItemCreateFromContent(
-    const CrSKeychainItemAttributesAndData& attributes_and_data,
-    SecKeychainRef keychain,
-    SecAccessRef access);
 }  // namespace chrome
 #endif  // CHROME_BROWSER_MAC_SECURITY_WRAPPERS_H_