search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Show clearer error when insecure URL is blocked during SAML enrollment
[chromium-blink-merge.git] / crypto / mock_apple_keychain_mac.cc
blobd586f70b3633f8db9150a54a03cefe1622f76363
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/logging.h"
6 #include "base/time/time.h"
7 #include "crypto/mock_apple_keychain.h"
8
9 namespace crypto {
10
11 // static
12 const SecKeychainSearchRef MockAppleKeychain::kDummySearchRef =
13 reinterpret_cast<SecKeychainSearchRef>(1000);
14
15 MockAppleKeychain::MockAppleKeychain()
16 : next_item_key_(0),
17 search_copy_count_(0),
18 keychain_item_copy_count_(0),
19 attribute_data_copy_count_(0),
20 find_generic_result_(noErr),
21 called_add_generic_(false),
22 password_data_count_(0) {}
23
24 void MockAppleKeychain::InitializeKeychainData(MockKeychainItemType key) const {
25 UInt32 tags[] = { kSecAccountItemAttr,
26 kSecServerItemAttr,
27 kSecPortItemAttr,
28 kSecPathItemAttr,
29 kSecProtocolItemAttr,
30 kSecAuthenticationTypeItemAttr,
31 kSecSecurityDomainItemAttr,
32 kSecCreationDateItemAttr,
33 kSecNegativeItemAttr,
34 kSecCreatorItemAttr };
35 keychain_attr_list_[key] = SecKeychainAttributeList();
36 keychain_data_[key] = KeychainPasswordData();
37 keychain_attr_list_[key].count = arraysize(tags);
38 keychain_attr_list_[key].attr = static_cast<SecKeychainAttribute*>(
39 calloc(keychain_attr_list_[key].count, sizeof(SecKeychainAttribute)));
40 for (unsigned int i = 0; i < keychain_attr_list_[key].count; ++i) {
41 keychain_attr_list_[key].attr[i].tag = tags[i];
42 size_t data_size = 0;
43 switch (tags[i]) {
44 case kSecPortItemAttr:
45 data_size = sizeof(UInt32);
46 break;
47 case kSecProtocolItemAttr:
48 data_size = sizeof(SecProtocolType);
49 break;
50 case kSecAuthenticationTypeItemAttr:
51 data_size = sizeof(SecAuthenticationType);
52 break;
53 case kSecNegativeItemAttr:
54 data_size = sizeof(Boolean);
55 break;
56 case kSecCreatorItemAttr:
57 data_size = sizeof(OSType);
58 break;
59 }
60 if (data_size > 0) {
61 keychain_attr_list_[key].attr[i].length = data_size;
62 keychain_attr_list_[key].attr[i].data = calloc(1, data_size);
63 }
64 }
65 }
66
67 MockAppleKeychain::~MockAppleKeychain() {
68 for (MockKeychainAttributesMap::iterator it = keychain_attr_list_.begin();
69 it != keychain_attr_list_.end();
70 ++it) {
71 for (unsigned int i = 0; i < it->second.count; ++i) {
72 if (it->second.attr[i].data)
73 free(it->second.attr[i].data);
74 }
75 free(it->second.attr);
76 if (keychain_data_[it->first].data)
77 free(keychain_data_[it->first].data);
78 }
79 keychain_attr_list_.clear();
80 keychain_data_.clear();
81 }
82
83 SecKeychainAttribute* MockAppleKeychain::AttributeWithTag(
84 const SecKeychainAttributeList& attribute_list,
85 UInt32 tag) {
86 int attribute_index = -1;
87 for (unsigned int i = 0; i < attribute_list.count; ++i) {
88 if (attribute_list.attr[i].tag == tag) {
89 attribute_index = i;
90 break;
91 }
92 }
93 if (attribute_index == -1) {
94 NOTREACHED() << "Unsupported attribute: " << tag;
95 return NULL;
96 }
97 return &(attribute_list.attr[attribute_index]);
98 }
99
100 void MockAppleKeychain::SetTestDataBytes(MockKeychainItemType item,
101 UInt32 tag,
102 const void* data,
103 size_t length) {
104 SecKeychainAttribute* attribute = AttributeWithTag(keychain_attr_list_[item],
105 tag);
106 attribute->length = length;
107 if (length > 0) {
108 if (attribute->data)
109 free(attribute->data);
110 attribute->data = malloc(length);
111 CHECK(attribute->data);
112 memcpy(attribute->data, data, length);
113 } else {
114 attribute->data = NULL;
115 }
116 }
117
118 void MockAppleKeychain::SetTestDataString(MockKeychainItemType item,
119 UInt32 tag,
120 const char* value) {
121 SetTestDataBytes(item, tag, value, value ? strlen(value) : 0);
122 }
123
124 void MockAppleKeychain::SetTestDataPort(MockKeychainItemType item,
125 UInt32 value) {
126 SecKeychainAttribute* attribute = AttributeWithTag(keychain_attr_list_[item],
127 kSecPortItemAttr);
128 UInt32* data = static_cast<UInt32*>(attribute->data);
129 *data = value;
130 }
131
132 void MockAppleKeychain::SetTestDataProtocol(MockKeychainItemType item,
133 SecProtocolType value) {
134 SecKeychainAttribute* attribute = AttributeWithTag(keychain_attr_list_[item],
135 kSecProtocolItemAttr);
136 SecProtocolType* data = static_cast<SecProtocolType*>(attribute->data);
137 *data = value;
138 }
139
140 void MockAppleKeychain::SetTestDataAuthType(MockKeychainItemType item,
141 SecAuthenticationType value) {
142 SecKeychainAttribute* attribute = AttributeWithTag(
143 keychain_attr_list_[item], kSecAuthenticationTypeItemAttr);
144 SecAuthenticationType* data = static_cast<SecAuthenticationType*>(
145 attribute->data);
146 *data = value;
147 }
148
149 void MockAppleKeychain::SetTestDataNegativeItem(MockKeychainItemType item,
150 Boolean value) {
151 SecKeychainAttribute* attribute = AttributeWithTag(keychain_attr_list_[item],
152 kSecNegativeItemAttr);
153 Boolean* data = static_cast<Boolean*>(attribute->data);
154 *data = value;
155 }
156
157 void MockAppleKeychain::SetTestDataCreator(MockKeychainItemType item,
158 OSType value) {
159 SecKeychainAttribute* attribute = AttributeWithTag(keychain_attr_list_[item],
160 kSecCreatorItemAttr);
161 OSType* data = static_cast<OSType*>(attribute->data);
162 *data = value;
163 }
164
165 void MockAppleKeychain::SetTestDataPasswordBytes(MockKeychainItemType item,
166 const void* data,
167 size_t length) {
168 keychain_data_[item].length = length;
169 if (length > 0) {
170 if (keychain_data_[item].data)
171 free(keychain_data_[item].data);
172 keychain_data_[item].data = malloc(length);
173 memcpy(keychain_data_[item].data, data, length);
174 } else {
175 keychain_data_[item].data = NULL;
176 }
177 }
178
179 void MockAppleKeychain::SetTestDataPasswordString(MockKeychainItemType item,
180 const char* value) {
181 SetTestDataPasswordBytes(item, value, value ? strlen(value) : 0);
182 }
183
184 OSStatus MockAppleKeychain::ItemCopyAttributesAndData(
185 SecKeychainItemRef itemRef,
186 SecKeychainAttributeInfo* info,
187 SecItemClass* itemClass,
188 SecKeychainAttributeList** attrList,
189 UInt32* length,
190 void** outData) const {
191 DCHECK(itemRef);
192 MockKeychainItemType key =
193 reinterpret_cast<MockKeychainItemType>(itemRef) - 1;
194 if (keychain_attr_list_.find(key) == keychain_attr_list_.end())
195 return errSecInvalidItemRef;
196
197 DCHECK(!itemClass); // itemClass not implemented in the Mock.
198 if (attrList)
199 *attrList = &(keychain_attr_list_[key]);
200 if (outData) {
201 *outData = keychain_data_[key].data;
202 DCHECK(length);
203 *length = keychain_data_[key].length;
204 }
205
206 ++attribute_data_copy_count_;
207 return noErr;
208 }
209
210 OSStatus MockAppleKeychain::ItemModifyAttributesAndData(
211 SecKeychainItemRef itemRef,
212 const SecKeychainAttributeList* attrList,
213 UInt32 length,
214 const void* data) const {
215 DCHECK(itemRef);
216 const char* fail_trigger = "fail_me";
217 if (length == strlen(fail_trigger) &&
218 memcmp(data, fail_trigger, length) == 0) {
219 return errSecAuthFailed;
220 }
221
222 MockKeychainItemType key =
223 reinterpret_cast<MockKeychainItemType>(itemRef) - 1;
224 if (keychain_attr_list_.find(key) == keychain_attr_list_.end())
225 return errSecInvalidItemRef;
226
227 MockAppleKeychain* mutable_this = const_cast<MockAppleKeychain*>(this);
228 if (attrList) {
229 for (UInt32 change_attr = 0; change_attr < attrList->count; ++change_attr) {
230 if (attrList->attr[change_attr].tag == kSecCreatorItemAttr) {
231 void* data = attrList->attr[change_attr].data;
232 mutable_this->SetTestDataCreator(key, *(static_cast<OSType*>(data)));
233 } else {
234 NOTIMPLEMENTED();
235 }
236 }
237 }
238 if (data)
239 mutable_this->SetTestDataPasswordBytes(key, data, length);
240 return noErr;
241 }
242
243 OSStatus MockAppleKeychain::ItemFreeAttributesAndData(
244 SecKeychainAttributeList* attrList,
245 void* data) const {
246 --attribute_data_copy_count_;
247 return noErr;
248 }
249
250 OSStatus MockAppleKeychain::ItemDelete(SecKeychainItemRef itemRef) const {
251 MockKeychainItemType key =
252 reinterpret_cast<MockKeychainItemType>(itemRef) - 1;
253
254 for (unsigned int i = 0; i < keychain_attr_list_[key].count; ++i) {
255 if (keychain_attr_list_[key].attr[i].data)
256 free(keychain_attr_list_[key].attr[i].data);
257 }
258 free(keychain_attr_list_[key].attr);
259 if (keychain_data_[key].data)
260 free(keychain_data_[key].data);
261
262 keychain_attr_list_.erase(key);
263 keychain_data_.erase(key);
264 added_via_api_.erase(key);
265 return noErr;
266 }
267
268 OSStatus MockAppleKeychain::SearchCreateFromAttributes(
269 CFTypeRef keychainOrArray,
270 SecItemClass itemClass,
271 const SecKeychainAttributeList* attrList,
272 SecKeychainSearchRef* searchRef) const {
273 // Figure out which of our mock items matches, and set up the array we'll use
274 // to generate results out of SearchCopyNext.
275 remaining_search_results_.clear();
276 for (MockKeychainAttributesMap::const_iterator it =
277 keychain_attr_list_.begin();
278 it != keychain_attr_list_.end();
279 ++it) {
280 bool mock_item_matches = true;
281 for (UInt32 search_attr = 0; search_attr < attrList->count; ++search_attr) {
282 SecKeychainAttribute* mock_attribute =
283 AttributeWithTag(it->second, attrList->attr[search_attr].tag);
284 if (mock_attribute->length != attrList->attr[search_attr].length ||
285 memcmp(mock_attribute->data, attrList->attr[search_attr].data,
286 attrList->attr[search_attr].length) != 0) {
287 mock_item_matches = false;
288 break;
289 }
290 }
291 if (mock_item_matches)
292 remaining_search_results_.push_back(it->first);
293 }
294
295 DCHECK(searchRef);
296 *searchRef = kDummySearchRef;
297 ++search_copy_count_;
298 return noErr;
299 }
300
301 bool MockAppleKeychain::AlreadyContainsInternetPassword(
302 UInt32 serverNameLength,
303 const char* serverName,
304 UInt32 securityDomainLength,
305 const char* securityDomain,
306 UInt32 accountNameLength,
307 const char* accountName,
308 UInt32 pathLength,
309 const char* path,
310 UInt16 port,
311 SecProtocolType protocol,
312 SecAuthenticationType authenticationType) const {
313 for (MockKeychainAttributesMap::const_iterator it =
314 keychain_attr_list_.begin();
315 it != keychain_attr_list_.end();
316 ++it) {
317 SecKeychainAttribute* attribute;
318 attribute = AttributeWithTag(it->second, kSecServerItemAttr);
319 if ((attribute->length != serverNameLength) ||
320 (attribute->data == NULL && *serverName != '\0') ||
321 (attribute->data != NULL && *serverName == '\0') ||
322 strncmp(serverName,
323 (const char*) attribute->data,
324 serverNameLength) != 0) {
325 continue;
326 }
327 attribute = AttributeWithTag(it->second, kSecSecurityDomainItemAttr);
328 if ((attribute->length != securityDomainLength) ||
329 (attribute->data == NULL && *securityDomain != '\0') ||
330 (attribute->data != NULL && *securityDomain == '\0') ||
331 strncmp(securityDomain,
332 (const char*) attribute->data,
333 securityDomainLength) != 0) {
334 continue;
335 }
336 attribute = AttributeWithTag(it->second, kSecAccountItemAttr);
337 if ((attribute->length != accountNameLength) ||
338 (attribute->data == NULL && *accountName != '\0') ||
339 (attribute->data != NULL && *accountName == '\0') ||
340 strncmp(accountName,
341 (const char*) attribute->data,
342 accountNameLength) != 0) {
343 continue;
344 }
345 attribute = AttributeWithTag(it->second, kSecPathItemAttr);
346 if ((attribute->length != pathLength) ||
347 (attribute->data == NULL && *path != '\0') ||
348 (attribute->data != NULL && *path == '\0') ||
349 strncmp(path,
350 (const char*) attribute->data,
351 pathLength) != 0) {
352 continue;
353 }
354 attribute = AttributeWithTag(it->second, kSecPortItemAttr);
355 if ((attribute->data == NULL) ||
356 (port != *(static_cast<UInt32*>(attribute->data)))) {
357 continue;
358 }
359 attribute = AttributeWithTag(it->second, kSecProtocolItemAttr);
360 if ((attribute->data == NULL) ||
361 (protocol != *(static_cast<SecProtocolType*>(attribute->data)))) {
362 continue;
363 }
364 attribute = AttributeWithTag(it->second, kSecAuthenticationTypeItemAttr);
365 if ((attribute->data == NULL) ||
366 (authenticationType !=
367 *(static_cast<SecAuthenticationType*>(attribute->data)))) {
368 continue;
369 }
370 // The keychain already has this item, since all fields other than the
371 // password match.
372 return true;
373 }
374 return false;
375 }
376
377 OSStatus MockAppleKeychain::AddInternetPassword(
378 SecKeychainRef keychain,
379 UInt32 serverNameLength,
380 const char* serverName,
381 UInt32 securityDomainLength,
382 const char* securityDomain,
383 UInt32 accountNameLength,
384 const char* accountName,
385 UInt32 pathLength,
386 const char* path,
387 UInt16 port,
388 SecProtocolType protocol,
389 SecAuthenticationType authenticationType,
390 UInt32 passwordLength,
391 const void* passwordData,
392 SecKeychainItemRef* itemRef) const {
393
394 // Check for the magic duplicate item trigger.
395 if (strcmp(serverName, "some.domain.com") == 0)
396 return errSecDuplicateItem;
397
398 // If the account already exists in the keychain, we don't add it.
399 if (AlreadyContainsInternetPassword(serverNameLength, serverName,
400 securityDomainLength, securityDomain,
401 accountNameLength, accountName,
402 pathLength, path,
403 port, protocol,
404 authenticationType)) {
405 return errSecDuplicateItem;
406 }
407
408 // Pick the next unused slot.
409 MockKeychainItemType key = next_item_key_++;
410
411 // Initialize keychain data storage at the target location.
412 InitializeKeychainData(key);
413
414 MockAppleKeychain* mutable_this = const_cast<MockAppleKeychain*>(this);
415 mutable_this->SetTestDataBytes(key, kSecServerItemAttr, serverName,
416 serverNameLength);
417 mutable_this->SetTestDataBytes(key, kSecSecurityDomainItemAttr,
418 securityDomain, securityDomainLength);
419 mutable_this->SetTestDataBytes(key, kSecAccountItemAttr, accountName,
420 accountNameLength);
421 mutable_this->SetTestDataBytes(key, kSecPathItemAttr, path, pathLength);
422 mutable_this->SetTestDataPort(key, port);
423 mutable_this->SetTestDataProtocol(key, protocol);
424 mutable_this->SetTestDataAuthType(key, authenticationType);
425 mutable_this->SetTestDataPasswordBytes(key, passwordData,
426 passwordLength);
427 base::Time::Exploded exploded_time;
428 base::Time::Now().UTCExplode(&exploded_time);
429 char time_string[128];
430 snprintf(time_string, sizeof(time_string), "%04d%02d%02d%02d%02d%02dZ",
431 exploded_time.year, exploded_time.month, exploded_time.day_of_month,
432 exploded_time.hour, exploded_time.minute, exploded_time.second);
433 mutable_this->SetTestDataString(key, kSecCreationDateItemAttr, time_string);
434
435 added_via_api_.insert(key);
436
437 if (itemRef) {
438 *itemRef = reinterpret_cast<SecKeychainItemRef>(key + 1);
439 ++keychain_item_copy_count_;
440 }
441 return noErr;
442 }
443
444 OSStatus MockAppleKeychain::SearchCopyNext(SecKeychainSearchRef searchRef,
445 SecKeychainItemRef* itemRef) const {
446 if (remaining_search_results_.empty())
447 return errSecItemNotFound;
448 MockKeychainItemType key = remaining_search_results_.front();
449 remaining_search_results_.erase(remaining_search_results_.begin());
450 *itemRef = reinterpret_cast<SecKeychainItemRef>(key + 1);
451 ++keychain_item_copy_count_;
452 return noErr;
453 }
454
455 void MockAppleKeychain::Free(CFTypeRef ref) const {
456 if (!ref)
457 return;
458
459 if (ref == kDummySearchRef) {
460 --search_copy_count_;
461 } else {
462 --keychain_item_copy_count_;
463 }
464 }
465
466 int MockAppleKeychain::UnfreedSearchCount() const {
467 return search_copy_count_;
468 }
469
470 int MockAppleKeychain::UnfreedKeychainItemCount() const {
471 return keychain_item_copy_count_;
472 }
473
474 int MockAppleKeychain::UnfreedAttributeDataCount() const {
475 return attribute_data_copy_count_;
476 }
477
478 bool MockAppleKeychain::CreatorCodesSetForAddedItems() const {
479 for (std::set<MockKeychainItemType>::const_iterator
480 i = added_via_api_.begin();
481 i != added_via_api_.end();
482 ++i) {
483 SecKeychainAttribute* attribute = AttributeWithTag(keychain_attr_list_[*i],
484 kSecCreatorItemAttr);
485 OSType* data = static_cast<OSType*>(attribute->data);
486 if (*data == 0)
487 return false;
488 }
489 return true;
490 }
491
492 void MockAppleKeychain::AddTestItem(const KeychainTestData& item_data) {
493 MockKeychainItemType key = next_item_key_++;
494
495 InitializeKeychainData(key);
496 SetTestDataAuthType(key, item_data.auth_type);
497 SetTestDataString(key, kSecServerItemAttr, item_data.server);
498 SetTestDataProtocol(key, item_data.protocol);
499 SetTestDataString(key, kSecPathItemAttr, item_data.path);
500 SetTestDataPort(key, item_data.port);
501 SetTestDataString(key, kSecSecurityDomainItemAttr,
502 item_data.security_domain);
503 SetTestDataString(key, kSecCreationDateItemAttr, item_data.creation_date);
504 SetTestDataString(key, kSecAccountItemAttr, item_data.username);
505 SetTestDataPasswordString(key, item_data.password);
506 SetTestDataNegativeItem(key, item_data.negative_item);
507 }
508
509 } // namespace crypto