• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_INTERNAL_H_
6 #define CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_INTERNAL_H_
7 
8 #include <Security/Security.h>
9 
10 #include <string>
11 #include <vector>
12 
13 #include "components/autofill/core/common/password_form.h"
14 #include "crypto/apple_keychain.h"
15 
16 using crypto::AppleKeychain;
17 
18 // Adapter that wraps a AppleKeychain and provides interaction in terms of
19 // PasswordForms instead of Keychain items.
20 class MacKeychainPasswordFormAdapter {
21  public:
22   // Creates an adapter for |keychain|. This class does not take ownership of
23   // |keychain|, so the caller must make sure that the keychain outlives the
24   // created object.
25   explicit MacKeychainPasswordFormAdapter(const AppleKeychain* keychain);
26 
27   // Returns PasswordForms for each keychain entry that could be used to fill
28   // |form|. Caller is responsible for deleting the returned forms.
29   std::vector<autofill::PasswordForm*> PasswordsFillingForm(
30       const std::string& signon_realm,
31       autofill::PasswordForm::Scheme scheme);
32 
33   // Returns the PasswordForm for the Keychain entry that matches |form| on all
34   // of the fields that uniquely identify a Keychain item, or NULL if there is
35   // no such entry.
36   // Caller is responsible for deleting the returned form.
37   autofill::PasswordForm* PasswordExactlyMatchingForm(
38       const autofill::PasswordForm& query_form);
39 
40   // Returns true if the keychain contains any items that are mergeable with
41   // |query_form|. This is different from actually extracting the passwords
42   // and checking the return count, since doing that would require reading the
43   // passwords from the keychain, thus potentially triggering authorizaiton UI,
44   // whereas this won't.
45   bool HasPasswordsMergeableWithForm(
46       const autofill::PasswordForm& query_form);
47 
48   // Returns all keychain items of types corresponding to password forms.
49   std::vector<SecKeychainItemRef> GetAllPasswordFormKeychainItems();
50 
51   // Returns password data from all keychain items of types corresponding to
52   // password forms. Caller is responsible for deleting the returned forms.
53   std::vector<autofill::PasswordForm*> GetAllPasswordFormPasswords();
54 
55   // Creates a new keychain entry from |form|, or updates the password of an
56   // existing keychain entry if there is a collision. Returns true if a keychain
57   // entry was successfully added/updated.
58   bool AddPassword(const autofill::PasswordForm& form);
59 
60   // Removes the keychain password matching |form| if any. Returns true if a
61   // keychain item was found and successfully removed.
62   bool RemovePassword(const autofill::PasswordForm& form);
63 
64   // Controls whether or not Chrome will restrict Keychain searches to items
65   // that it created. Defaults to false.
66   void SetFindsOnlyOwnedItems(bool finds_only_owned);
67 
68  private:
69   // Returns PasswordForms constructed from the given Keychain items, calling
70   // AppleKeychain::Free on all of the keychain items and clearing the vector.
71   // Caller is responsible for deleting the returned forms.
72   std::vector<autofill::PasswordForm*> ConvertKeychainItemsToForms(
73       std::vector<SecKeychainItemRef>* items);
74 
75   // Searches |keychain| for the specific keychain entry that corresponds to the
76   // given form, and returns it (or NULL if no match is found). The caller is
77   // responsible for calling AppleKeychain::Free on on the returned item.
78   SecKeychainItemRef KeychainItemForForm(
79       const autofill::PasswordForm& form);
80 
81   // Returns the Keychain items matching the given signon_realm, scheme, and
82   // optionally path and username (either of both can be NULL).
83   // The caller is responsible for calling AppleKeychain::Free on the
84   // returned items.
85   std::vector<SecKeychainItemRef> MatchingKeychainItems(
86       const std::string& signon_realm,
87       autofill::PasswordForm::Scheme scheme,
88       const char* path,
89       const char* username);
90 
91   // Returns the Keychain SecAuthenticationType type corresponding to |scheme|.
92   SecAuthenticationType AuthTypeForScheme(
93       autofill::PasswordForm::Scheme scheme);
94 
95   // Changes the password for keychain_item to |password|; returns true if the
96   // password was successfully changed.
97   bool SetKeychainItemPassword(const SecKeychainItemRef& keychain_item,
98                                const std::string& password);
99 
100   // Sets the creator code of keychain_item to creator_code; returns true if the
101   // creator code was successfully set.
102   bool SetKeychainItemCreatorCode(const SecKeychainItemRef& keychain_item,
103                                   OSType creator_code);
104 
105   // Returns the creator code to be used for a Keychain search, depending on
106   // whether this object was instructed to search only for items it created.
107   // If searches should be restricted in this way, the application-specific
108   // creator code will be returned. Otherwise, 0 will be returned, indicating
109   // a search of all items, regardless of creator.
110   OSType CreatorCodeForSearch();
111 
112   const AppleKeychain* keychain_;
113 
114   // If true, Keychain searches are restricted to items created by Chrome.
115   bool finds_only_owned_;
116 
117   DISALLOW_COPY_AND_ASSIGN(MacKeychainPasswordFormAdapter);
118 };
119 
120 namespace internal_keychain_helpers {
121 
122 // Pair of pointers to a SecKeychainItemRef and a corresponding PasswordForm.
123 typedef std::pair<SecKeychainItemRef*, autofill::PasswordForm*> ItemFormPair;
124 
125 // Sets the fields of |form| based on the keychain data from |keychain_item|.
126 // Fields that can't be determined from |keychain_item| will be unchanged. If
127 // |extract_password_data| is true, the password data will be copied from
128 // |keychain_item| in addition to its attributes, and the |blacklisted_by_user|
129 // field will be set to true for empty passwords ("" or " ").
130 // If |extract_password_data| is false, only the password attributes will be
131 // copied, and the |blacklisted_by_user| field will always be false.
132 //
133 // IMPORTANT: If |extract_password_data| is true, this function can cause the OS
134 // to trigger UI (to allow access to the keychain item if we aren't trusted for
135 // the item), and block until the UI is dismissed.
136 //
137 // If excessive prompting for access to other applications' keychain items
138 // becomes an issue, the password storage API will need to intially call this
139 // function with |extract_password_data| set to false, and retrieve the password
140 // later (accessing other fields doesn't require authorization).
141 bool FillPasswordFormFromKeychainItem(const AppleKeychain& keychain,
142                                       const SecKeychainItemRef& keychain_item,
143                                       autofill::PasswordForm* form,
144                                       bool extract_password_data);
145 
146 // Use FormMatchStrictness to configure which forms are considered a match by
147 // FormsMatchForMerge:
148 enum FormMatchStrictness {
149   STRICT_FORM_MATCH,  // Match only forms with the same scheme, signon realm and
150                       // username value.
151   FUZZY_FORM_MATCH,   // Also match cases where the first form's
152                       // original_signon_realm is nonempty and matches the
153                       // second form's signon_realm.
154 };
155 
156 // Returns true if the two given forms are suitable for merging (see
157 // MergePasswordForms).
158 bool FormsMatchForMerge(const autofill::PasswordForm& form_a,
159                         const autofill::PasswordForm& form_b,
160                         FormMatchStrictness strictness);
161 
162 // Populates merged_forms by combining the password data from keychain_forms and
163 // the metadata from database_forms, removing used entries from the two source
164 // lists.
165 //
166 // On return, database_forms and keychain_forms will have only unused
167 // entries; for database_forms that means entries for which no corresponding
168 // password can be found (and which aren't blacklist entries), and for
169 // keychain_forms its entries that weren't merged into at least one database
170 // form.
171 void MergePasswordForms(
172     std::vector<autofill::PasswordForm*>* keychain_forms,
173     std::vector<autofill::PasswordForm*>* database_forms,
174     std::vector<autofill::PasswordForm*>* merged_forms);
175 
176 // Fills in the passwords for as many of the forms in |database_forms| as
177 // possible using entries from |keychain| and returns them. On return,
178 // |database_forms| will contain only the forms for which no password was found.
179 std::vector<autofill::PasswordForm*> GetPasswordsForForms(
180     const AppleKeychain& keychain,
181     std::vector<autofill::PasswordForm*>* database_forms);
182 
183 // Loads all items in the system keychain into |keychain_items|, creates for
184 // each keychain item a corresponding PasswordForm that doesn't contain any
185 // password data, and returns the two collections as a vector of ItemFormPairs.
186 // Used by GetPasswordsForForms for optimized matching of keychain items with
187 // PasswordForms in the database.
188 // Note: Since no password data is loaded here, the resulting PasswordForms
189 // will include blacklist entries, which will have to be filtered out later.
190 // Caller owns the SecKeychainItemRefs and PasswordForms that are returned.
191 // This operation does not require OS authorization.
192 std::vector<ItemFormPair> ExtractAllKeychainItemAttributesIntoPasswordForms(
193     std::vector<SecKeychainItemRef>* keychain_items,
194     const AppleKeychain& keychain);
195 
196 // Takes a PasswordForm's signon_realm and parses it into its component parts,
197 // which are returned though the appropriate out parameters.
198 // Returns true if it can be successfully parsed, in which case all out params
199 // that are non-NULL will be set. If there is no port, port will be 0.
200 // If the return value is false, the state of the out params is undefined.
201 bool ExtractSignonRealmComponents(const std::string& signon_realm,
202                                   std::string* server, int* port,
203                                   bool* is_secure,
204                                   std::string* security_domain);
205 
206 // Returns true if the signon_realm of |query_form| can be successfully parsed
207 // by ExtractSignonRealmComponents, and if |query_form| matches |other_form|.
208 bool FormIsValidAndMatchesOtherForm(const autofill::PasswordForm& query_form,
209                                     const autofill::PasswordForm& other_form);
210 
211 // Returns PasswordForms populated with password data for each keychain entry
212 // in |item_form_pairs| that could be merged with |query_form|.
213 // Caller is responsible for deleting the returned forms.
214 std::vector<autofill::PasswordForm*> ExtractPasswordsMergeableWithForm(
215     const AppleKeychain& keychain,
216     const std::vector<ItemFormPair>& item_form_pairs,
217     const autofill::PasswordForm& query_form);
218 
219 }  // namespace internal_keychain_helpers
220 
221 #endif  // CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_INTERNAL_H_
222