#ifndef _ACL_KEYCHAIN
#define _ACL_KEYCHAIN
#include <security_cdsa_utilities/cssmacl.h>
#include <string>
class KeychainPromptAclSubject : public SimpleAclSubject {
static const Version pumaVersion = 0; static const Version jaguarVersion = 1; static const Version currentVersion = jaguarVersion; public:
bool validates(const AclValidationContext &ctx) const;
bool validates(const AclValidationContext &baseCtx, const TypedList &sample) const;
bool validateExplicitly(const AclValidationContext &baseCtx, void (^always)()) const;
CssmList toList(Allocator &alloc) const;
bool hasAuthorizedForSystemKeychain() const;
KeychainPromptAclSubject(string description, const CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR &selector);
void exportBlob(Writer::Counter &pub, Writer::Counter &priv);
void exportBlob(Writer &pub, Writer &priv);
uint32_t selectorFlags() const { return selector.flags; }
bool selectorFlag(uint32_t flag) const { return selectorFlags() & flag; }
IFDUMP(void debugDump() const);
static uint32_t getPromptAttempts();
void addPromptAttempt();
public:
class Maker : public AclSubject::Maker {
friend class KeychainPromptAclSubject;
public:
Maker(uint32_t mode)
: AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_KEYCHAIN_PROMPT) { defaultMode = mode; }
KeychainPromptAclSubject *make(const TypedList &list) const;
KeychainPromptAclSubject *make(Version version, Reader &pub, Reader &priv) const;
private:
static uint32_t defaultMode;
};
private:
static uint32_t promptsValidated;
CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR selector; string description;
private:
static CSSM_ACL_KEYCHAIN_PROMPT_SELECTOR defaultSelector;
};
#endif //_ACL_KEYCHAIN