File: nsKeychainMigrationUtils.mm

package info (click to toggle)
firefox-esr 78.15.0esr-1~deb11u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 3,301,156 kB
  • sloc: cpp: 5,665,905; javascript: 4,798,386; ansic: 2,878,233; python: 977,004; asm: 270,347; xml: 181,456; java: 111,756; sh: 72,926; makefile: 21,819; perl: 13,380; cs: 4,725; yacc: 4,565; objc: 3,026; pascal: 1,787; lex: 1,720; ada: 1,681; exp: 505; php: 436; lisp: 260; awk: 152; ruby: 103; csh: 80; sed: 53; sql: 45
file content (62 lines) | stat: -rw-r--r-- 2,511 bytes parent folder | download | duplicates (12) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "nsKeychainMigrationUtils.h"

#include <Security/Security.h>

#include "mozilla/Logging.h"

#include "nsCocoaUtils.h"
#include "nsString.h"

using namespace mozilla;

LazyLogModule gKeychainUtilsLog("keychainmigrationutils");

NS_IMPL_ISUPPORTS(nsKeychainMigrationUtils, nsIKeychainMigrationUtils)

NS_IMETHODIMP
nsKeychainMigrationUtils::GetGenericPassword(const nsACString& aServiceName,
                                             const nsACString& aAccountName, nsACString& aKey) {
  // To retrieve a secret, we create a CFDictionary of the form:
  // { class: generic password,
  //   service: the given service name
  //   account: the given account name,
  //   match limit: match one,
  //   return attributes: true,
  //   return data: true }
  // This searches for and returns the attributes and data for the secret
  // matching the given service and account names. We then extract the data
  // (i.e. the secret) and return it.
  NSDictionary* searchDictionary = @{
    (__bridge NSString*)kSecClass : (__bridge NSString*)kSecClassGenericPassword,
    (__bridge NSString*)kSecAttrService : nsCocoaUtils::ToNSString(aServiceName),
    (__bridge NSString*)kSecAttrAccount : nsCocoaUtils::ToNSString(aAccountName),
    (__bridge NSString*)kSecMatchLimit : (__bridge NSString*)kSecMatchLimitOne,
    (__bridge NSString*)kSecReturnAttributes : @YES,
    (__bridge NSString*)kSecReturnData : @YES
  };

  CFTypeRef item;
  // https://developer.apple.com/documentation/security/1398306-secitemcopymatching
  OSStatus rv = SecItemCopyMatching((__bridge CFDictionaryRef)searchDictionary, &item);
  if (rv != errSecSuccess) {
    MOZ_LOG(gKeychainUtilsLog, LogLevel::Debug, ("SecItemCopyMatching failed: %d", rv));
    return NS_ERROR_FAILURE;
  }
  NSDictionary* resultDict = [(__bridge NSDictionary*)item autorelease];
  NSData* secret = [resultDict objectForKey:(__bridge NSString*)kSecValueData];
  if (!secret) {
    MOZ_LOG(gKeychainUtilsLog, LogLevel::Debug, ("objectForKey failed"));
    return NS_ERROR_FAILURE;
  }
  if ([secret length] != 0) {
    // We assume that the data is UTF-8 encoded since that seems to be common and
    // Keychain Access shows it with that encoding.
    aKey.Assign(reinterpret_cast<const char*>([secret bytes]), [secret length]);
  }

  return NS_OK;
}