1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_INTERNAL_H_
6#define CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_INTERNAL_H_
7
8#include <Security/Security.h>
9
10#include <string>
11#include <vector>
12
13#include "components/autofill/core/common/password_form.h"
14#include "crypto/apple_keychain.h"
15
16using crypto::AppleKeychain;
17
18// Adapter that wraps a AppleKeychain and provides interaction in terms of
19// PasswordForms instead of Keychain items.
20class MacKeychainPasswordFormAdapter {
21 public:
22  // Creates an adapter for |keychain|. This class does not take ownership of
23  // |keychain|, so the caller must make sure that the keychain outlives the
24  // created object.
25  explicit MacKeychainPasswordFormAdapter(const AppleKeychain* keychain);
26
27  // Returns PasswordForms for each keychain entry that could be used to fill
28  // |form|. Caller is responsible for deleting the returned forms.
29  std::vector<autofill::PasswordForm*> PasswordsFillingForm(
30      const std::string& signon_realm,
31      autofill::PasswordForm::Scheme scheme);
32
33  // Returns true if there is the Keychain entry that matches |query_form| on
34  // all of the fields that uniquely identify a Keychain item.
35  bool HasPasswordExactlyMatchingForm(const autofill::PasswordForm& query_form);
36
37  // Returns true if the keychain contains any items that are mergeable with
38  // |query_form|. This is different from actually extracting the passwords
39  // and checking the return count, since doing that would require reading the
40  // passwords from the keychain, thus potentially triggering authorizaiton UI,
41  // whereas this won't.
42  bool HasPasswordsMergeableWithForm(
43      const autofill::PasswordForm& query_form);
44
45  // Returns all keychain items of types corresponding to password forms.
46  std::vector<SecKeychainItemRef> GetAllPasswordFormKeychainItems();
47
48  // Returns password data from all keychain items of types corresponding to
49  // password forms. Caller is responsible for deleting the returned forms.
50  std::vector<autofill::PasswordForm*> GetAllPasswordFormPasswords();
51
52  // Creates a new keychain entry from |form|, or updates the password of an
53  // existing keychain entry if there is a collision. Returns true if a keychain
54  // entry was successfully added/updated.
55  bool AddPassword(const autofill::PasswordForm& form);
56
57  // Removes the keychain password matching |form| if any. Returns true if a
58  // keychain item was found and successfully removed.
59  bool RemovePassword(const autofill::PasswordForm& form);
60
61  // Controls whether or not Chrome will restrict Keychain searches to items
62  // that it created. Defaults to false.
63  void SetFindsOnlyOwnedItems(bool finds_only_owned);
64
65 private:
66  // Returns PasswordForms constructed from the given Keychain items, calling
67  // AppleKeychain::Free on all of the keychain items and clearing the vector.
68  // Caller is responsible for deleting the returned forms.
69  std::vector<autofill::PasswordForm*> ConvertKeychainItemsToForms(
70      std::vector<SecKeychainItemRef>* items);
71
72  // Searches |keychain| for the specific keychain entry that corresponds to the
73  // given form, and returns it (or NULL if no match is found). The caller is
74  // responsible for calling AppleKeychain::Free on on the returned item.
75  SecKeychainItemRef KeychainItemForForm(
76      const autofill::PasswordForm& form);
77
78  // Returns the Keychain items matching the given signon_realm, scheme, and
79  // optionally path and username (either of both can be NULL).
80  // The caller is responsible for calling AppleKeychain::Free on the
81  // returned items.
82  std::vector<SecKeychainItemRef> MatchingKeychainItems(
83      const std::string& signon_realm,
84      autofill::PasswordForm::Scheme scheme,
85      const char* path,
86      const char* username);
87
88  // Returns the Keychain SecAuthenticationType type corresponding to |scheme|.
89  SecAuthenticationType AuthTypeForScheme(
90      autofill::PasswordForm::Scheme scheme);
91
92  // Changes the password for keychain_item to |password|; returns true if the
93  // password was successfully changed.
94  bool SetKeychainItemPassword(const SecKeychainItemRef& keychain_item,
95                               const std::string& password);
96
97  // Sets the creator code of keychain_item to creator_code; returns true if the
98  // creator code was successfully set.
99  bool SetKeychainItemCreatorCode(const SecKeychainItemRef& keychain_item,
100                                  OSType creator_code);
101
102  // Returns the creator code to be used for a Keychain search, depending on
103  // whether this object was instructed to search only for items it created.
104  // If searches should be restricted in this way, the application-specific
105  // creator code will be returned. Otherwise, 0 will be returned, indicating
106  // a search of all items, regardless of creator.
107  OSType CreatorCodeForSearch();
108
109  const AppleKeychain* keychain_;
110
111  // If true, Keychain searches are restricted to items created by Chrome.
112  bool finds_only_owned_;
113
114  DISALLOW_COPY_AND_ASSIGN(MacKeychainPasswordFormAdapter);
115};
116
117namespace internal_keychain_helpers {
118
119// Pair of pointers to a SecKeychainItemRef and a corresponding PasswordForm.
120typedef std::pair<SecKeychainItemRef*, autofill::PasswordForm*> ItemFormPair;
121
122// Sets the fields of |form| based on the keychain data from |keychain_item|.
123// Fields that can't be determined from |keychain_item| will be unchanged. If
124// |extract_password_data| is true, the password data will be copied from
125// |keychain_item| in addition to its attributes, and the |blacklisted_by_user|
126// field will be set to true for empty passwords ("" or " ").
127// If |extract_password_data| is false, only the password attributes will be
128// copied, and the |blacklisted_by_user| field will always be false.
129//
130// IMPORTANT: If |extract_password_data| is true, this function can cause the OS
131// to trigger UI (to allow access to the keychain item if we aren't trusted for
132// the item), and block until the UI is dismissed.
133//
134// If excessive prompting for access to other applications' keychain items
135// becomes an issue, the password storage API will need to intially call this
136// function with |extract_password_data| set to false, and retrieve the password
137// later (accessing other fields doesn't require authorization).
138bool FillPasswordFormFromKeychainItem(const AppleKeychain& keychain,
139                                      const SecKeychainItemRef& keychain_item,
140                                      autofill::PasswordForm* form,
141                                      bool extract_password_data);
142
143// Use FormMatchStrictness to configure which forms are considered a match by
144// FormsMatchForMerge:
145enum FormMatchStrictness {
146  STRICT_FORM_MATCH,  // Match only forms with the same scheme, signon realm and
147                      // username value.
148  FUZZY_FORM_MATCH,   // Also match cases where the first form's
149                      // original_signon_realm is nonempty and matches the
150                      // second form's signon_realm.
151};
152
153// Returns true if the two given forms are suitable for merging (see
154// MergePasswordForms).
155bool FormsMatchForMerge(const autofill::PasswordForm& form_a,
156                        const autofill::PasswordForm& form_b,
157                        FormMatchStrictness strictness);
158
159// Populates merged_forms by combining the password data from keychain_forms and
160// the metadata from database_forms, removing used entries from the two source
161// lists.
162//
163// On return, database_forms and keychain_forms will have only unused
164// entries; for database_forms that means entries for which no corresponding
165// password can be found (and which aren't blacklist entries), and for
166// keychain_forms its entries that weren't merged into at least one database
167// form.
168void MergePasswordForms(
169    std::vector<autofill::PasswordForm*>* keychain_forms,
170    std::vector<autofill::PasswordForm*>* database_forms,
171    std::vector<autofill::PasswordForm*>* merged_forms);
172
173// Fills in the passwords for as many of the forms in |database_forms| as
174// possible using entries from |keychain| and returns them. On return,
175// |database_forms| will contain only the forms for which no password was found.
176std::vector<autofill::PasswordForm*> GetPasswordsForForms(
177    const AppleKeychain& keychain,
178    std::vector<autofill::PasswordForm*>* database_forms);
179
180// Loads all items in the system keychain into |keychain_items|, creates for
181// each keychain item a corresponding PasswordForm that doesn't contain any
182// password data, and returns the two collections as a vector of ItemFormPairs.
183// Used by GetPasswordsForForms for optimized matching of keychain items with
184// PasswordForms in the database.
185// Note: Since no password data is loaded here, the resulting PasswordForms
186// will include blacklist entries, which will have to be filtered out later.
187// Caller owns the SecKeychainItemRefs and PasswordForms that are returned.
188// This operation does not require OS authorization.
189std::vector<ItemFormPair> ExtractAllKeychainItemAttributesIntoPasswordForms(
190    std::vector<SecKeychainItemRef>* keychain_items,
191    const AppleKeychain& keychain);
192
193// Takes a PasswordForm's signon_realm and parses it into its component parts,
194// which are returned though the appropriate out parameters.
195// Returns true if it can be successfully parsed, in which case all out params
196// that are non-NULL will be set. If there is no port, port will be 0.
197// If the return value is false, the state of the out params is undefined.
198bool ExtractSignonRealmComponents(const std::string& signon_realm,
199                                  std::string* server,
200                                  UInt32* port,
201                                  bool* is_secure,
202                                  std::string* security_domain);
203
204// Returns true if the signon_realm of |query_form| can be successfully parsed
205// by ExtractSignonRealmComponents, and if |query_form| matches |other_form|.
206bool FormIsValidAndMatchesOtherForm(const autofill::PasswordForm& query_form,
207                                    const autofill::PasswordForm& other_form);
208
209// Returns PasswordForms populated with password data for each keychain entry
210// in |item_form_pairs| that could be merged with |query_form|.
211// Caller is responsible for deleting the returned forms.
212std::vector<autofill::PasswordForm*> ExtractPasswordsMergeableWithForm(
213    const AppleKeychain& keychain,
214    const std::vector<ItemFormPair>& item_form_pairs,
215    const autofill::PasswordForm& query_form);
216
217}  // namespace internal_keychain_helpers
218
219#endif  // CHROME_BROWSER_PASSWORD_MANAGER_PASSWORD_STORE_MAC_INTERNAL_H_
220