haiku/docs/user/app/KeyStore.dox

/*
 * Copyright 2020 Haiku, Inc. All rights reserved.
 * Distributed under the terms of the MIT License.
 *
 * Authors:
 *		Niels Sascha Reedijk, niels.reedijk@gmail.com
 *
 * Corresponds to:
 *		headers/os/app/KeyStore.h	hrev45434
 *		src/kits/app/KeyStore.cpp	hrev45434
 */


 /*!
	\file KeyStore.h
	\ingroup app
	\ingroup libbe
	\brief Provides BKeyStore class.

	See the \link app_keystore overview to the Password and Key Storage API
	\endlink for an introduction to the API.
*/


/*!
	\class BKeyStore
	\ingroup app
	\ingroup libbe
	\brief The BKeyStore lets you query, retrieve and store keys in the
		system's key store.

	Instances of this object give you an easy API to interact with the system's
	\c keystore_server. This is the central service that manages storing and
	retrieving keys, as well as managing the authorizations that a user grants
	to individual applications.

	It is important to note that all calls on this object operate
	\b synchronously. This means that it should not be used during the event
	loop of a visible \ref BWindow, as this may cause drawing and interaction
	issues.

	All operations are performed in the context of a keyring. All systems have
	at least the \b Master \b keyring. Many of the methods take the name of the
	keyring as its first argument. Most of the methods in this class have an
	overloaded variant that operate on the Master keyring. If you want to
	access this keyring through the normal methods, pass an empty string as the
	identifier to the method.

	See the \link app_keystore overview to the Password and Key Storage API
	\endlink for an introduction to the API.


	\since Haiku R1
*/


/*!
	\fn BKeyStore::BKeyStore()
	\brief Create a new BKeyStore object that you can use to query, retrieve 
		and store keys in the system's key store.

	This is a cheap object to make, as it has no data associated with it. The
	recommended use is to create an instance on the stack whenever you want to
	interact with the API.

	\since Haiku R1
*/


/*!
	\fn virtual BKeyStore::~BKeyStore()
	\brief Free all resources.

	\since Haiku R1
*/

/*!
	\name Key Management
*/


//! @{


/*!
	\fn status_t BKeyStore::GetKey(BKeyType type, const char* identifier,
		BKey& key)
	\brief Query the Master keyring for for specific key.

	This is a convenience method that calls \ref GetKey(const char* keyring, BKeyType type, const char* identifier, const char* secondaryIdentifier, bool secondaryIdentifierOptional, BKey& key).

	It works on the Master \a keyring, and assumes an empty
	\a secondaryIdentifier, \a secondaryIdentifierOptional set to \c false.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::GetKey(BKeyType type, const char* identifier,
		const char* secondaryIdentifier, BKey& key)
	\brief Query the Master keyring for for specific key.

	This is a convenience method that calls \ref GetKey(const char* keyring, BKeyType type, const char* identifier, const char* secondaryIdentifier, bool secondaryIdentifierOptional, BKey& key).

	It works on the Master \a keyring, it sets \a secondaryIdentifierOptional
	to \c false, meaning it both identifiers are required to match.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::GetKey(BKeyType type, const char* identifier,
		const char* secondaryIdentifier, bool secondaryIdentifierOptional,
		BKey& key)
	\brief Query the Master keyring for for specific key.

	This is a convenience method that calls \ref GetKey(const char* keyring, BKeyType type, const char* identifier, const char* secondaryIdentifier, bool secondaryIdentifierOptional, BKey& key).

	It works on the Master \a keyring.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::GetKey(const char* keyring, BKeyType type,
		const char* identifier, BKey& key)
	\brief Query a certain \a keyring for for specific key.

	This is a convenience method that calls \ref GetKey(const char* keyring, BKeyType type, const char* identifier, const char* secondaryIdentifier, bool secondaryIdentifierOptional, BKey& key).

	The call assumes an empty \a secondaryIdentifier, and sets
	\a secondaryIdentifierOptional to \c false.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::GetKey(const char* keyring, BKeyType type,
		const char* identifier, const char* secondaryIdentifier, BKey& key)
	\brief Query a certain \a keyring for for specific key.

	This is a convenience method that calls \ref GetKey(const char* keyring, BKeyType type, const char* identifier, const char* secondaryIdentifier, bool secondaryIdentifierOptional, BKey& key).

	It sets \a secondaryIdentifierOptional to \c false, meaning it both
	identifiers are required to match.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::GetKey(const char* keyring, BKeyType type,
		const char* identifier, const char* secondaryIdentifier,
		bool secondaryIdentifierOptional, BKey& key)
	\brief Query a certain \a keyring for for specific key.

	This variation of the query function is useful when you know that a key has
	a secondary identifier, but you may not know it, or care about what it is.

	\param[in] keyring A string that identifies the keyring get the key from.
	\param[in] type The type of key to match. The type parameter is currently
		ignored and therefore does not need to match the actual type of the key
		that is stored.
	\param[in] identifier The string with the primary identifier of the key that
		you are looking for.
	\param[in] secondaryIdentifier The string with the secondary identifier of
		the key that you are looking for.
	\param[in] secondaryIdentifierOptional Use this query parameter to indicate
		if the secondary identifier has to match. When set to \a false, a
		result will be returned, even if the \a secondaryIdentifier does not
		match.
	\param[out] key A BKey object to copy the found data to. Any existing data
		in the key will be overwritten in case there is a match.

	\returns
		- \c B_OK in case the key was found and stored in \a key.
		- \c B_BAD_VALUE in case the \a keyring does not exist.
		- \c B_NOT_ALLOWED in case the user did not grant you access right to
		  this \a keyring.
		- \c B_ENTRY_NOT_FOUND in case there is no key that matches the given
		  identifier(s).
		- Any other error that indicates that there was a problem communicating
		  with the \c keystore_server.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::AddKey(const BKey& key)
	\brief Add a \a key to the Master keyring

	This is a convenience method that calls 
	\ref AddKey(const char *, const BKey&) for the \c Master keyring.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::AddKey(const char* keyring, const BKey& key)
	\brief Add a \a key to a \a keyring.

	This method will send the key to the \c keystore_server and request it to
	be stored in the database.

	A key needs to have a unique primary and secondary identifier within the
	Master keyring.

	\param keyring A string that identifies the keyring you want to add the
		key to.
	\param key The key you want to add.

	\returns
		- \c B_OK in case the \a key was succesfully added.
		- \c B_BAD_VALUE in case the \a keyring does not exist.
		- \c B_NOT_ALLOWED in case the user did not grant you access right to
		  this \a keyring.
		- \c B_NAME_IN_USE in case there already is another key with the same
		  primary and secondary identifiers.
		- Any other error that indicates that there was a problem communicating
		  with the \c keystore_server.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::RemoveKey(const BKey& key)
	\brief Remove a \a key from the Master keyring.

	This is a convenience method that calls 
	\ref RemoveKey(const char *, const BKey&) for the \c Master keyring.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::RemoveKey(const char* keyring, const BKey& key)
	\brief Remove a \a key from a \a keyring.

	This method will remove a \a key from a \a keyring. The \a key needs to
	match exactly with the key that is in the database of \c keystore_server.
	The easiest way to guarantee this, is to use the exact key you find using
	GetKey() without making any alterations.

	\param keyring A string that identifies the keyring you want to remove
		the key from.
	\param key The key you want to remove.

	\returns
		- \c B_OK in case the \a key was succesfully removed.
		- \c B_BAD_VALUE in case the \a keyring does not exist.
		- \c B_NOT_ALLOWED in case the user did not grant you access right to
		  this \a keyring.
		- \c B_ENTRY_NOT_FOUND in case there is no key that matches the given
		  identifier(s).
		- Any other error that indicates that there was a problem communicating
		  with the \c keystore_server.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::GetNextKey(uint32& cookie, BKey& key);
	\brief Iterate through the keys of the Master keyring.

	This convenience method that calls
	\ref GetNextKey(const char*, BKeyType, BKeyPurpose, uint32&, BKey&) for the
	Master keyring, with the arguments \ref BKeyType::B_KEY_TYPE_ANY for the
	type and \ref BKeyPurpose::B_KEY_PURPOSE_ANY for the purpose.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::GetNextKey(BKeyType type, BKeyPurpose purpose,
		uint32& cookie, BKey& key)
	\brief Iterate through the keys of the Master keyring.

	This convenience method calls
	\ref GetNextKey(const char*, BKeyType, BKeyPurpose, uint32&, BKey&) for the
	Master keyring.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::GetNextKey(const char* keyring, uint32& cookie,
		BKey& key)
	\brief Iterate through the keys of a \a keyring.

	This convenience method calls
	\ref GetNextKey(const char*, BKeyType, BKeyPurpose, uint32&, BKey&) with
	the arguments \ref BKeyType::B_KEY_TYPE_ANY for the type and
	\ref BKeyPurpose::B_KEY_PURPOSE_ANY for the purpose.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::GetNextKey(const char* keyring, BKeyType type,
		BKeyPurpose purpose, uint32& cookie, BKey& key)
	\brief Iterate through keys of a \a keyring.

	This method allows you to query through the key store, and iterate through
	a list of results of keys that match your query. 

	\param[in] keyring An UTF-8 string that identifies the keyring
	\param[in] type The BKeyType that identifies the type of key you are
		looking for. This may be \ref BKeyType::B_KEY_TYPE_ANY if it may be a
		key of any type.
	\param[in] purpose The BKeyPurpose that indicates the purpose of the key.
		This may be \ref BKeyPurpose::B_KEY_PURPOSE_ANY if it may be a key with
		any purpose.
	\param[out] cookie A cookie that the \c keystore_server uses to keep track
		of where you are in the list of keys. When you start the query, set the
		initial value to \c 0. After that, pass the cookie to each subsequent
		call to progress the iterator.
	\param[out] key The key that holds the data. Any existing data in the key
		will be overwritten, when a key is found that matches the criteria.

	\returns
		- \c B_OK in case the next \a key was found.
		- \c B_BAD_VALUE in case the \a keyring does not exist.
		- \c B_NOT_ALLOWED in case the user did not grant you access right to
		  this \a keyring.
		- \c B_ENTRY_NOT_FOUND in case there is no key that matches the given
		  identifier(s), or if you retrieved the last key.
		- Any other error that indicates that there was a problem communicating
		  with the \c keystore_server.

	\since Haiku R1
*/


//! @}


/*!
	\name Keyrings
*/


//! @{


/*!
	\fn status_t BKeyStore::AddKeyring(const char* keyring)
	\brief Create a new \a keyring.

	\param keyring An UTF-8 string that identifies the keyring you want to
		create.
	
	\returns
		- \c B_OK if the keyring was succesfully added.
		- \c B_NAME_IN_USE if the \a keyring already exists.
		- Any other error in case there was an unknown error in the
		  \c keystore_server, or while communicating to it.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::RemoveKeyring(const char* keyring)
	\brief Remove a \a keyring.

	\param keyring An UTF-8 string that identifies the keyring you want to
		remove.

	\returns
		- \c B_OK if the keyring was sucessfully removed.
		- \c B_ENTRY_NOT_FOUND if the keyring does not exist
		- \c B_NOT_ALLOWED when you try to remove the Master keyring.
		- Any other error in case there was an unknown error in the
		  \c keystore_server, or while communicating to it.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::GetNextKeyring(uint32& cookie, BString& keyring)
	\brief Iterate through the keyrings.

	\param[out] cookie A cookie that the \c keystore_server uses to keep track
		of where you are in the list of keyrings. When you start the query, set
		the initial value to \c 0. After that, pass the cookie to each
		subsequent call to progress the iterator.
	\param[out] keyring A BString that holds the current name of the keyring.
		For each succesful iteration, the existing contents is overwritten.

	\returns
		- \c B_OK if the iteration was succesful.
		- \c B_ENTRY_NOT_FOUND if there are no more keyrings left to iterate
		- Any other error in case there was an unknown error in the
		  \c keystore_server, or while communicating to it.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::SetUnlockKey(const char* keyring, const BKey& key)
	\brief Not implemented.

	This feature is not available in the current release of Haiku.
*/


/*!
	\fn status_t BKeyStore::RemoveUnlockKey(const char* keyring)
	\brief Not implemented.

	This feature is not available in the current release of Haiku.
*/


//! @}


/*!
	\name Master keyring (future API)
*/


//! @{


/*!
	\fn status_t BKeyStore::SetMasterUnlockKey(const BKey& key)
	\brief Not implemented.

	This feature is not available in the current release of Haiku.
*/


/*!
	\fn status_t BKeyStore::RemoveMasterUnlockKey()
	\brief Not implemented.

	This feature is not available in the current release of Haiku.
*/


/*!
	\fn status_t BKeyStore::AddKeyringToMaster(const char* keyring)
	\brief Not implemented.

	This feature is not available in the current release of Haiku.

	\see AddKeyring(const char* keyring)
*/


/*!
	\fn status_t BKeyStore::RemoveKeyringFromMaster(const char* keyring)
	\brief Not implemented.

	This feature is not available in the current release of Haiku.

	\see RemoveKeyring(const char* keyring)
*/


/*!
	\fn status_t BKeyStore::GetNextMasterKeyring(uint32& cookie,
		BString& keyring)
	\brief Not implemented.

	This feature is not available in the current release of Haiku.

	\see GetNextKeyring(uint32& cookie, BString& keyring)
*/


//! @}


/*!
	\name Locking (future API)

	In the future, locking is part of encrypting and decrypting keyrings.

	\note If you are looking at this section because you assume you need to
		check that users have the correct permissions, you are in the wrong
		place. There is no particular way to determine whether a user has
		access granted. Instead, each method of this API will return the error
		code \c B_NOT_ALLOWED if the user has not granted access. Use that in
		your control flow to determine if you have access.
*/


//! @{


/*!
	\fn bool BKeyStore::IsKeyringUnlocked(const char* keyring)
	\brief Not implemented.

	This feature is not available in the current release of Haiku.
*/


/*!
	\fn status_t BKeyStore::LockKeyring(const char* keyring)
	\brief Not implemented.

	This feature is not available in the current release of Haiku.
*/


/*!
	\fn status_t BKeyStore::LockMasterKeyring() 
	\brief Not implemented.

	This feature is not available in the current release of Haiku.
*/


//! @}


/*!
	\name Applications
*/


//! @{


/*!
	\fn status_t BKeyStore::GetNextApplication(uint32& cookie,
		BString& signature) const
	\brief Iterate through applications that currently have been granted access
		to the Master keyring.

	This is a convenience method that calls
	\ref GetNextApplication(const char* keyring, uint32& cookie,
	BString& signature) for the Master \a keyring.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::GetNextApplication(const char* keyring,
		uint32& cookie, BString& signature) const
	\brief Iterate through applications that currently have been granted access
		to the specified \a keyring.

	This method allows you to iterate through all applications that the user
	has granted access to the \a keyring, whether it is temporarily, or on a
	more permanent basis.

	\param[in] keyring A UTF-8 string that identifies the keyring that you want
		to inspect granted access to.
	\param[out] cookie A cookie that the \c keystore_server uses to keep track
		of where you are in the list of keys. When you start the query, set the
		initial value to \c 0. After that, pass the cookie to each subsequent
		call to progress the iterator.
	\param[out] signature If a next application is found, the signature will be
		stored in this parameter. Any existing string will be overwritten.

	\returns
		- \c B_OK if the next signature was found succesfully.
		- \c B_BAD_VALUE if the keyring does not exist.
		- \c B_NOT_ALLOWED in case the user did not grant you access right to
		  this \a keyring.
		- \c B_ENTRY_NOT_FOUND if there are no more applications to iterate
			through.
		- Any other error in case there was an unknown error in the
		  \c keystore_server, or while communicating to it.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::RemoveApplication(const char* signature)
	\brief Remove access for an application to the Master keyring.

	This is a convenience method that calls
	\ref RemoveApplication(const char *, const char*) for the Master
	\a keyring.

	\since Haiku R1
*/


/*!
	\fn status_t BKeyStore::RemoveApplication(const char* keyring,
		const char* signature)
	\brief Remove access for an application to a \a keyring.

	\param keyring A UTF-8 string that identifies the keyring that you want
		to inspect granted access to.
	\param signature The signature of the application that you want to revoke
		permissions to access the keyring.

	\returns
		- \c B_OK if the application's access has been revoked.
		- \c B_NOT_ALLOWED in case the user did not grant you access right to
		  this \a keyring.
		- \c B_ENTRY_NOT_FOUND if the application did not have access to this
			keyring.
		- Any other error in case there was an unknown error in the
		  \c keystore_server, or while communicating to it.

	\since Haiku R1
*/


//! @}


/*!
	\name Service Functions (future API)

	This feature is not available in the current release of Haiku.
*/


//! @{


/*!
	\fn status_t BKeyStore::GeneratePassword(BPasswordKey& password,
		size_t length, uint32 flags)
	\brief Unimplemented.

	This method is currently not implemented.
*/


/*!
	\fn float BKeyStore::PasswordStrength(const char* password)
	\brief Unimplemented

	This method is currently not implemented
*/


//! @}