Rename MacKeychain to AppleKeychain

crypto/apple_keychain_ios.mm

Index: crypto/apple_keychain_ios.mm
diff --git a/crypto/apple_keychain_ios.mm b/crypto/apple_keychain_ios.mm
new file mode 100644
index 0000000000000000000000000000000000000000..87b0b0a3279e6a76d9145d3d8c0cc7c1f0faee63
--- /dev/null
+++ b/crypto/apple_keychain_ios.mm
@@ -0,0 +1,178 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "crypto/apple_keychain.h"
+
+#import <Foundation/Foundation.h>
+
+#include "base/mac/foundation_util.h"
+#include "base/mac/scoped_cftyperef.h"
+#include "base/memory/scoped_nsobject.h"
+
+namespace {
+
+enum KeychainAction {
+kKeychainActionCreate,
+kKeychainActionUpdate

[Ryan Sleevi, 2012/08/23 22:22:58]

nit: indent two spaces.

[msarda, 2012/08/27 14:24:07]

Done.

+};
+
+// Creates a dictionary that can be used to query the keystore.
+// Ownership follows the Create rule.
+CFDictionaryRef CreateGenericPasswordQuery(UInt32 serviceNameLength,
+                                           const char* serviceName,
+                                           UInt32 accountNameLength,
+                                           const char* accountName) {
+  CFMutableDictionaryRef query = CFDictionaryCreateMutable(NULL, 5,
+      &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);

[Ryan Sleevi, 2012/08/23 22:22:58]

super minor tiny nit:

Because of the second parameter (capacity), I think it might be a little more
readable/obvious to wrap at the open paren

CFDictionaryCreateMutable(
    NULL, 5, &...);

Also line 60. It took me a few glances when quickly scanning to notice they were
different pre-allocated sizes.

[msarda, 2012/08/27 14:24:07]

It does not fit (line has 81 characters). I have re-indented - let me know if
this is better.

On 2012/08/23 22:22:58, Ryan Sleevi wrote:

+  // Type of element is generic password.
+  CFDictionarySetValue(query, kSecClass, kSecClassGenericPassword);
+
+  // Set the service name.
+  scoped_nsobject<NSString> service_name_ns(
+      [[NSString alloc] initWithBytes:serviceName
+                                length:serviceNameLength
+                              encoding:NSUTF8StringEncoding]);
+  CFDictionarySetValue(query, kSecAttrService, service_name_ns);
+
+  // Set the account name.
+  scoped_nsobject<NSString> account_name_ns(
+      [[NSString alloc] initWithBytes:accountName
+                                length:accountNameLength
+                              encoding:NSUTF8StringEncoding]);
+  CFDictionarySetValue(query, kSecAttrAccount, account_name_ns);
+
+  // Use the proper search constants, return only the data of the first match.
+  CFDictionarySetValue(query, kSecMatchLimit, kSecMatchLimitOne);
+  CFDictionarySetValue(query, kSecReturnData, kCFBooleanTrue);
+  return query;
+}
+
+// Creates a dictionary conatining the data to save into the keychain.
+// Ownership follows the Create rule.
+CFDictionaryRef CreateKeychainData(UInt32 serviceNameLength,
+                                   const char* serviceName,
+                                   UInt32 accountNameLength,
+                                   const char* accountName,
+                                   UInt32 passwordLength,
+                                   const void* passwordData,
+                                   KeychainAction action) {
+  CFMutableDictionaryRef keychain_data = CFDictionaryCreateMutable(NULL, 0,
+      &kCFTypeDictionaryKeyCallBacks, &kCFTypeDictionaryValueCallBacks);
+
+  // Set the password.
+  NSData* password = [NSData dataWithBytes:passwordData length:passwordLength];
+  CFDictionarySetValue(keychain_data, kSecValueData, password);
+
+  // If this is a creation, the structural information must be defined.
+  if (action == kKeychainActionCreate) {
+    // Set the type of the data.
+    CFDictionarySetValue(keychain_data, kSecClass, kSecClassGenericPassword);
+
+    // Only allow access when the device has been unlocked.
+    CFDictionarySetValue(keychain_data,
+                         kSecAttrAccessible,
+                         kSecAttrAccessibleWhenUnlocked);
+
+    // Set the service name.
+    scoped_nsobject<NSString> service_name_ns(
+        [[NSString alloc] initWithBytes:serviceName
+                                  length:serviceNameLength
+                                encoding:NSUTF8StringEncoding]);
+    CFDictionarySetValue(keychain_data, kSecAttrService, service_name_ns);
+
+    // Set the account name.
+    scoped_nsobject<NSString> account_name_ns(
+        [[NSString alloc] initWithBytes:accountName
+                                  length:accountNameLength
+                                encoding:NSUTF8StringEncoding]);
+    CFDictionarySetValue(keychain_data, kSecAttrAccount, account_name_ns);
+  }
+
+  return keychain_data;
+}
+
+}  // namespace
+
+namespace crypto {
+
+AppleKeychain::AppleKeychain() {}
+
+AppleKeychain::~AppleKeychain() {}
+
+OSStatus AppleKeychain::ItemFreeContent(SecKeychainAttributeList* attrList,
+                                        void* data) const {
+  free(data);

[Ryan Sleevi, 2012/08/23 22:22:58]

nit?
if (data) 
  free(data)

[stuartmorgan, 2012/08/24 06:56:03]

free is NULL-safe.

[msarda, 2012/08/27 14:24:07]

Kept as is following on Stuart's comment.

On 2012/08/24 06:56:03, stuartmorgan wrote:

+  return noErr;
+}
+
+OSStatus AppleKeychain::AddGenericPassword(SecKeychainRef keychain,
+                                           UInt32 serviceNameLength,
+                                           const char* serviceName,
+                                           UInt32 accountNameLength,
+                                           const char* accountName,
+                                           UInt32 passwordLength,
+                                           const void* passwordData,
+                                           SecKeychainItemRef* itemRef) const {
+  base::mac::ScopedCFTypeRef<CFDictionaryRef> query(
+      CreateGenericPasswordQuery(serviceNameLength,
+                                 serviceName,
+                                 accountNameLength,
+                                 accountName));
+  // Check that there is not already a password.
+  OSStatus status = SecItemCopyMatching((CFDictionaryRef)query, NULL);
+  if (status == errSecItemNotFound) {
+    // A new entry must be created.
+    base::mac::ScopedCFTypeRef<CFDictionaryRef> keychain_data(
+        CreateKeychainData(serviceNameLength,
+                           serviceName,
+                           accountNameLength,
+                           accountName,
+                           passwordLength,
+                           passwordData,
+                           kKeychainActionCreate));
+    status = SecItemAdd(keychain_data, NULL);
+  } else if (status == noErr) {
+    // The entry must be updated.
+    base::mac::ScopedCFTypeRef<CFDictionaryRef> keychain_data(
+        CreateKeychainData(serviceNameLength,
+                           serviceName,
+                           accountNameLength,
+                           accountName,
+                           passwordLength,
+                           passwordData,
+                           kKeychainActionUpdate));
+    status = SecItemUpdate(query, keychain_data);
+  }
+
+  return status;
+}
+
+OSStatus AppleKeychain::FindGenericPassword(CFTypeRef keychainOrArray,
+                                            UInt32 serviceNameLength,
+                                            const char* serviceName,
+                                            UInt32 accountNameLength,
+                                            const char* accountName,
+                                            UInt32* passwordLength,
+                                            void** passwordData,
+                                            SecKeychainItemRef* itemRef) const {
+  base::mac::ScopedCFTypeRef<CFDictionaryRef> query(
+      CreateGenericPasswordQuery(serviceNameLength,
+                                 serviceName,
+                                 accountNameLength,
+                                 accountName));
+
+  CFTypeRef result = NULL;
+  OSStatus status = SecItemCopyMatching(query, &result);
+  if (status == noErr) {
+    NSData* data = base::mac::CFToNSCast(base::mac::CFCast<CFDataRef>(result));
+    NSUInteger length = [data length];
+    *passwordData = malloc(length);

[Ryan Sleevi, 2012/08/23 22:22:58]

nit: Should you make sure to set *passwordData = NULL when status != noErr ?

[stuartmorgan, 2012/08/24 06:56:03]

The docs for the function this mimics doesn't say, so it couldn't hurt.

Actually, something I missed before: technically it's valid to pass NULL for
passwordLength and passwordData, if you don't want that data, so we should
handle that case (I doubt we'd ever do it, but we should not crash if someone
calls the function in a way the original function can safely be called).

[msarda, 2012/08/27 14:24:07]

Done.

+    [data getBytes:*passwordData length:length];
+    *passwordLength = length;
+    CFRelease(result);
+  }
+  return status;
+}
+
+}  // namespace crypto