1/*
2 * Copyright (c) 2004,2011,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24//
25// defaultcreds - default computations for keychain open credentials
26//
27#ifndef _SECURITY_DEFAULTCREDS_H
28#define _SECURITY_DEFAULTCREDS_H
29
30#include "SecBase.h"
31#include <security_cdsa_utilities/cssmcred.h>
32#include <security_utilities/trackingallocator.h>
33#include <security_cdsa_client/dlclient.h>
34#include <security_cdsa_client/dl_standard.h>
35#include <vector>
36#include <set>
37
38
39namespace Security {
40namespace KeychainCore {
41
42
43class Keychain;
44class KeychainImpl;
45class Item;
46
47
48//
49// DefaultCredentials is a self-constructing AccessCredentials variant
50// that performs the magic "where are ways to unlock this keychain?" search.
51//
52class DefaultCredentials : public TrackingAllocator, public AutoCredentials {
53public:
54	DefaultCredentials(KeychainImpl *kcImpl, Allocator &alloc = Allocator::standard());
55
56	bool operator () (CssmClient::Db database);
57
58	void clear();
59
60private:
61	typedef vector<Keychain> KeychainList;
62
63	void keyReferral(const CssmClient::UnlockReferralRecord &ref);
64	bool unlockKey(const CssmClient::UnlockReferralRecord &ref, const KeychainList &list);
65
66	KeychainList fallbackSearchList(const DLDbIdentifier &ident);
67
68private:
69	bool mMade;						// we did it already
70	set<Item> mNeededItems;			// Items we need to keep around for unlock use
71	KeychainImpl *mKeychainImpl;
72};
73
74
75} // end namespace KeychainCore
76} // end namespace Security
77
78#endif // !_SECURITY_DEFAULTCREDS_H
79