OS X Keychain integration
From Open Source@Seneca
OS X Keychain
The goal of this project is to enable Firefox to use the Keychain service available in Mac OS X in order to store saved passwords for consistency and ease of use.
- Keychain Services Reference
- Mac OS X Security
- BugZilla Reference
- How to approach the problem:
- Analyze the existing code for Keychain support in the Camino browser.
- Review the existing Keychain support code in the Firefox codebase which was originally added by Apple.
- Understand how wallet works and how passwords are stored in Firefox. Thereby learning how to interject our Keychain piece in the middle.
- Clarify our objective in terms of what our main focus will be in this project. ie (Full keychain support w/o wallet, keychain support + wallet at its side, etc...)
- September 16, 2006 - Dave is looking into getting Mac hardware access for this, and should know soon. Also, you want to ping mento for this, not stuart. mento is in #seneca.
- I have tried to contact stuart on irc who idles both #seneca and #camino. I think he will be the go to guy if we have any questions in regards to OS X related Mozilla stuff. He should be able to point us to the right direction.
- September 22, 2006 - Moe and Phil ventured through the firefox code and found some implementations of the osx keychain that were disabled. We enabled those options and Moe will recompile the code over night so we can further our tests tomorrow.
- September 23, 2006 - Moe tested his newly built firefox with the osx options enabled, but nothing happened. Both Phil and Moe then continued to look through the firefox code and located various instances of logic towards Apple's keychain.
- September 30, 2006 - We have been informed by one of the Camino team members that they are no longer supporting keychain manager in their next version of Camino. As far as this project is concerned we have decided to also follow their move into avoiding the keychain manager and use keychain service calls for our purpose.
- September 30, 2006 - Phil continued looking through existing Firefox code to further understand the current wallet and existing keychain implementations. The following data files were found and analyised:
42 rememberButtonText = &Remember 43 notNowButtonText = &Not Now 44 neverForSiteButtonText = Ne&ver for This Site
- October 7th, 2006 - Moe and Phil ventured through the nsPasswordManager.cpp file and tried to decipher its contents. We then began setting up our svn that Andrew created for us.
- October 14th, 2006 - We located an application (http://homepage.mac.com/agerson/examples/keychain/) today that utilizes the various features of Apple’s keychain API. This application allowed us to understand how the API works, even though it’s coded in objective-c. We then created a branch of our Mozilla 220.127.116.11 trunk and created our keychain integration files.
- Let the coding begin!
- October 21st, 2006 - We began writing simple code to create and retrieve keychain items. Before we implement test code into our Firefox build, we decided to create the C files on there own first, then integrate later. Our main goals today are:
- Create keychain items
- Retrieve keychain items
- Output to standard output.
- Bug Fix: That application we found contained a bug that would prevent it from saving the keychain item description to Apple's keychain. Using our newbie objective-c skills, we located and fixed the problem.
- We added the method createKeychainItem(), which creates a keychain item based on the passed in parameters.
- Began writing logic to retrieve the username and password in the keychain item.
- November 11th, 2006 - The following events occurred today:
- Moe determined that two functions within the keychain reference API already create and retrieve internet passwords. The functions for saving and retriving a keychain item were created.
- Phil began locating a starting point to fork their objects into the FF code: nsFormFillController.cpp
- After working on MAC1 for more then 15 minutes, the screen froze. After three more tries with no success, all work had to be moved onto MAC2. Currently, MAC2 has a issue with its display that is VERY distracting to the user. The desktop background had to be changed to black to somewhat resolve the issue.
- A problem occurred when the intel build from Moe's mac was placed on MAC2 (G4). Moe had to reinstall xcode so that universal binaries could be supported.
- November 21st, 2006 - Currently waiting for assistance on implementing our keychain code into the Mozilla tree. There is an issue that also affects our project regarding the usage of Security.framework and protypes.h. Bug #360583 is currently investigating this issue.
- December 3rd, 2006 - Phil decided to implement our working code on friday into the current Firefox build. Thanks to MAC1 crashing, a network cable missing from MAC2, and the orange Firefox build for Mac OS X, I didnt accomplish anything.
- December 8th, 2006 - Both MAC1 and MAC2 have been fixed. Myself and Moe began hacking our Keychain code into the Mozilla tree, through the nsPasswordManager.cpp file. This file is primarily used by Firefox to record and retrieve passwords from a flat file system. As we were implementing the code, we realized that FF wont build unless the security framework was included into the build process. Venturing into IRC produced the following results:
- We have to include the -framework Security into the build process where ever we are linking in the tree.
- We were unsuccessful with our first attempt at building Firefox, with the our keychain code:
c++ -o nsPasswordManager.o -c -DMOZILLA_INTERNAL_API -DOSTYPE=\"Darwin8.8.2\" -DOSARCH=\"Darwin\" -DBUILD_ID=0000000000 -I../../../../dist/include/necko -I../../../../dist/include/xpcom -I../../../../dist/include/string -I../../../../dist/include/windowwatcher -I../../../../dist/include/uriloader -I../../../../dist/include/pref -I../../../../dist/include/intl -I../../../../dist/include/dom -I../../../../dist/include/content -I../../../../dist/include/layout -I../../../../dist/include/widget -I../../../../dist/include/autocomplete -I../../../../dist/include/pipnss -I../../../../dist/include/unicharutil -I../../../../dist/include -I../../../../dist/include/passwordmgr -I../../../../dist/include/nspr -DMOZ_PNG_READ -DMOZ_PNG_WRITE -I../../../../dist/sdk/include -mdynamic-no-pic -fno-rtti -fno-exceptions -Wall -Wconversion -Wpointer-arith -Wcast-align -Woverloaded-virtual -Wsynth -Wno-ctor-dtor-privacy -Wno-non-virtual-dtor -Wno-long-long -fpascal-strings -no-cpp-precomp -fno-common -fshort-wchar -I/Developer/Headers/FlatCarbon -pipe -DNDEBUG -DTRIMMED -O -DMOZILLA_CLIENT -include ../../../../mozilla-config.h -Wp,-MD,.deps/nsPasswordManager.pp /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp In file included from /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp:39: /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.h:52:28: error: CoreFoundation.h: No such file or directory /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.h:53:22: error: Security.h: No such file or directory /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.h:146: error: 'SecProtocolType' has not been declared /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.h:146: error: 'SecAuthenticationType' has not been declared /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.h:151: error: 'SecProtocolType' has not been declared /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.h:151: error: 'SecAuthenticationType' has not been declared /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.h:159: error: ISO C++ forbids declaration of 'keychain' with no type /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.h:159: error: expected ';' before '*' token /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp: In destructor 'virtual nsPasswordManager::~nsPasswordManager()': /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp:225: error: 'inst' was not declared in this scope /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp: In member function 'int nsPasswordManager::ChangeInternetPassword(OpaqueSecKeychainItemRef*, int, const char*, int, const void*)': /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp:2125: error: 'kSecAccountItemAttr' was not declared in this scope /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp:2128: error: 'SecKeychainItemModifyAttributesAndData' was not declared in this scope /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp:2132: error: 'SecKeychainItemModifyAttributesAndData' was not declared in this scope /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp: At global scope: /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp:2144: error: 'SecProtocolType' has not been declared /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp:2144: error: 'SecAuthenticationType' has not been declared /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp: In member function 'int nsPasswordManager::RetrieveInternetPassword(OpaqueSecKeychainRef*, int, const char*, int, const char*, int, const char*, int, int, int, UInt32*, void**, OpaqueSecKeychainItemRef**)': /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp:2149: error: 'SecKeychainFindInternetPassword' was not declared in this scope /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp: At global scope: /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp:2162: error: 'SecProtocolType' has not been declared /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp:2164: error: 'SecAuthenticationType' has not been declared /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp: In member function 'int nsPasswordManager::AddInternetPassword(OpaqueSecKeychainRef*, int, const char*, int, const char*, int, const char*, int, const char*, int, int, int, int, const void*, OpaqueSecKeychainItemRef**)': /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp:2171: error: 'SecKeychainAddInternetPassword' was not declared in this scope /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp: In static member function 'static nsPasswordManager* nsPasswordManager::getInstance()': /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp:2177: error: 'inst' was not declared in this scope /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp:2180: error: 'inst' was not declared in this scope /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp: At global scope: /Users/philly/keychain/osxkeychain/trunk/mozilla/toolkit/components/passwordmgr/base/nsPasswordManager.cpp:2184: error: 'nsPasswordManager* nsPasswordManager::inst' is not a static member of 'class nsPasswordManager' make: *** [nsPasswordManager.o] Error 1 make: *** [libs] Error 2 make: *** [libs] Error 2 make: *** [libs_tier_toolkit] Error 2 make: *** [tier_toolkit] Error 2 make: *** [default] Error 2 make: *** [build] Error 2
- Our custom keychain class is now fully commented and available for online viewing. A test main is provided as well as the Xcode project for those who are interesting in compiling the code.
- The following chat was recorded, discussing a new MoCo involvement in the OS X Keychain integration project:
20:29 <dolske> ping? 20:31 <dolske> I saw to mention you're working on adding a build flag, and adding the "os x security framework"? 20:33 <philly> yeah 20:34 <philly> whats up? 20:36 <dolske> What exactly does the latter (OS X) part mean? 20:37 <philly> im working on a project that will add os x keychain support to firefox 20:37 <philly> were trying to get the security framework 20:37 <dolske> ah, that's what I suspected. :-) 20:37 <philly> into the build. 20:38 <dolske> One of the new MoCo guys was startign to look at that too, and I'm starting to whack passwordmgr with a big stick. 20:39 <philly> yeah.. thats basically what were doing 20:39 <philly> we have working code that add's and retreives keychain items from the keychain manager 20:41 <philly> we have had working code for a while now, but dont know the moz tree well enough to implement the code. 20:41 <philly> so its a lot of trial and error 20:41 <dolske> You may want to ping Collin Barrett (cbarrett) so you're not duplicating work. 20:41 <philly> will do 20:42 <dolske> Although I think he's not actually starting for a couple of weeks, so I don't know how much he's around. 20:43 <philly> i'll give me a shout as soon as i see him.. thanks for the info 20:43 <philly> s/me/him/ 20:43 <dolske> Looks like firstname.lastname@example.org is his current email. 20:44 <dolske> Also... Did you get the build flag added? I'm about to do the same, and was wondering what was involved. :-) 20:45 <philly> we located flag: -framework Security 20:46 <philly> there could be more 20:47 <dolske> Oh, I thought you were looking at a --enable-moz-foo type flag. 20:47 <philly> yeah.. we dont know if we found the right one 20:48 <philly> i was talking to some of the camino guys about flags 20:48 <dolske> ah. 20:49 <philly> im not sure if those flags are apart of the camino build though.. it appears they know nothing about the ff build process 20:49 <philly> im a student at seneca college btw.. we have a project page for this 20:49 <dolske> heh, that seems to be a common problem. :-) 20:50 <philly> http://zenit.senecac.on.ca/wiki/index.php/OS_X_Keychain_integration 20:50 <dolske> ah, cool. 20:51 <dolske> oh, Camino already supports Keychain? Hmpf. 20:51 <philly> yeah.. but its not using the latest security framework from apple 20:51 <dolske> ...but they're dropping it? hmm. 20:51 <philly> so they're gonna pull it out 20:51 <philly> otherwise 20:51 <philly> we would be copying some code.. :) 20:51 <dolske> ah, "why" was my next question. 20:52 <dolske> I wonder if they can't use a newer framework because they want to support older OS X versions? 20:53 <philly> hmm.. i never thought of that 20:53 <dolske> I think FF3 will currently require 10.2 (with 10.3 recommended) 20:56 <philly> yeah.. i think 10.2 is the base for the latest framework 20:56 <philly> there is also a patch that you have to apply 20:57 <philly> bug 360583 21:12 -!- dolske [email@example.com ] has quit [Quit: dolske]
Currently, our latest developments into the integration of Apple's Keychain manager into Firefox can be downloaded by a zipped file or through svn.
This file contains the:
- C++ code that was written to save and retrieve items from the Keychain Manager in OS X.
- Xcode project file ready to be compiled.
- A patch is also included depicting our latest efforts in integrating the code into the Mozilla Tree.
The repository contains a snapshot of the latest Mozilla tree (captured on Dec 5th, 2006). Use the following command to download our latest code efforts.
svn co svn://cdot.senecac.on.ca/osxkeychain/trunk/