#ifndef _SECURITY_KEYITEM_H_
#define _SECURITY_KEYITEM_H_
#include <security_keychain/Item.h>
#include <Security/SecKeyPriv.h>
namespace Security
{
namespace KeychainCore
{
class KeyItem : public ItemImpl
{
NOCOPY(KeyItem)
public:
SECCFFUNCTIONS_BASE(KeyItem, SecKeyRef)
static KeyItem *required(SecKeyRef ptr);
static KeyItem *optional(SecKeyRef ptr);
operator CFTypeRef() const throw();
static SecCFObject *fromSecKeyRef(CFTypeRef ref);
void attachSecKeyRef() const;
void initializeWithSecKeyRef(SecKeyRef ref);
private:
mutable SecKeyRef mWeakSecKeyRef;
private:
KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
KeyItem(const Keychain &keychain, const PrimaryKey &primaryKey);
public:
static KeyItem* make(const Keychain &keychain, const PrimaryKey &primaryKey, const CssmClient::DbUniqueRecord &uniqueId);
static KeyItem* make(const Keychain &keychain, const PrimaryKey &primaryKey);
KeyItem(KeyItem &keyItem);
KeyItem(const CssmClient::Key &key);
virtual ~KeyItem();
virtual void update();
virtual Item copyTo(const Keychain &keychain, Access *newAccess = NULL);
virtual Item importTo(const Keychain &keychain, Access *newAccess = NULL, SecKeychainAttributeList *attrList = NULL);
virtual void didModify();
CssmClient::SSDbUniqueRecord ssDbUniqueRecord();
CssmClient::Key &key();
CssmClient::CSP csp();
CssmKey::Header unverifiedKeyHeader();
const CSSM_X509_ALGORITHM_IDENTIFIER& algorithmIdentifier();
unsigned int strengthInBits(const CSSM_X509_ALGORITHM_IDENTIFIER *algid);
CssmClient::Key publicKey();
const AccessCredentials *getCredentials(
CSSM_ACL_AUTHORIZATION_TAG operation,
SecCredentialType credentialType);
bool operator == (KeyItem &other);
static void createPair(
Keychain keychain,
CSSM_ALGORITHMS algorithm,
uint32 keySizeInBits,
CSSM_CC_HANDLE contextHandle,
CSSM_KEYUSE publicKeyUsage,
uint32 publicKeyAttr,
CSSM_KEYUSE privateKeyUsage,
uint32 privateKeyAttr,
SecPointer<Access> initialAccess,
SecPointer<KeyItem> &outPublicKey,
SecPointer<KeyItem> &outPrivateKey);
static void importPair(
Keychain keychain,
const CSSM_KEY &publicCssmKey,
const CSSM_KEY &privateCssmKey,
SecPointer<Access> initialAccess,
SecPointer<KeyItem> &outPublicKey,
SecPointer<KeyItem> &outPrivateKey);
static SecPointer<KeyItem> generate(
Keychain keychain,
CSSM_ALGORITHMS algorithm,
uint32 keySizeInBits,
CSSM_CC_HANDLE contextHandle,
CSSM_KEYUSE keyUsage,
uint32 keyAttr,
SecPointer<Access> initialAccess);
static SecPointer<KeyItem> generateWithAttributes(
const SecKeychainAttributeList *attrList,
Keychain keychain,
CSSM_ALGORITHMS algorithm,
uint32 keySizeInBits,
CSSM_CC_HANDLE contextHandle,
CSSM_KEYUSE keyUsage,
uint32 keyAttr,
SecPointer<Access> initialAccess);
virtual const CssmData &itemID();
virtual CFHashCode hash();
virtual void setIntegrity(bool force = false);
virtual bool checkIntegrity();
virtual void removeIntegrity(const AccessCredentials *cred);
static void modifyUniqueId(Keychain keychain, SSDb ssDb, DbUniqueRecord& uniqueId, DbAttributes& newDbAttributes, CSSM_DB_RECORDTYPE recordType);
protected:
virtual PrimaryKey add(Keychain &keychain);
private:
CssmClient::Key unverifiedKey();
CssmClient::Key mKey;
const CSSM_X509_ALGORITHM_IDENTIFIER *algid;
CssmAutoData mPubKeyHash;
CssmClient::Key mPublicKey;
};
}
}
struct OpaqueSecKeyRef {
CFRuntimeBase _base;
const SecKeyDescriptor *key_class;
SecKeyRef cdsaKey;
Security::KeychainCore::KeyItem *key;
SecCredentialType credentialType;
};
#endif // !_SECURITY_KEYITEM_H_