Sailfish Secrets
API DocumentationStoreSecretRequest Class
(Sailfish::Secrets::StoreSecretRequest)Allows a client request that the system secrets service securely store a secret More...
| Header: | #include <Secrets/storesecretrequest.h> |
| Inherits: | Sailfish::Secrets::Request |
Public Types
| enum | SecretStorageType { CollectionSecret, StandaloneDeviceLockSecret, StandaloneCustomLockSecret } |
Properties
|
|
- 3 properties inherited from Sailfish::Secrets::Request
Public Functions
| StoreSecretRequest(QObject *parent = Q_NULLPTR) | |
| ~StoreSecretRequest() | |
| Sailfish::Secrets::SecretManager::AccessControlMode | accessControlMode() const |
| QString | authenticationPluginName() const |
| Sailfish::Secrets::SecretManager::CustomLockUnlockSemantic | customLockUnlockSemantic() const |
| Sailfish::Secrets::SecretManager::DeviceLockUnlockSemantic | deviceLockUnlockSemantic() const |
| QString | encryptionPluginName() const |
| InteractionParameters | interactionParameters() const |
| Sailfish::Secrets::Secret | secret() const |
| SecretStorageType | secretStorageType() const |
| void | setAccessControlMode(Sailfish::Secrets::SecretManager::AccessControlMode mode) |
| void | setAuthenticationPluginName(const QString &pluginName) |
| void | setCustomLockUnlockSemantic(Sailfish::Secrets::SecretManager::CustomLockUnlockSemantic semantic) |
| void | setDeviceLockUnlockSemantic(Sailfish::Secrets::SecretManager::DeviceLockUnlockSemantic semantic) |
| void | setEncryptionPluginName(const QString &pluginName) |
| void | setInteractionParameters(const InteractionParameters ¶ms) |
| void | setSecret(const Sailfish::Secrets::Secret &secret) |
| void | setSecretStorageType(SecretStorageType type) |
| void | setUserInteractionMode(Sailfish::Secrets::SecretManager::UserInteractionMode mode) |
| Sailfish::Secrets::SecretManager::UserInteractionMode | userInteractionMode() const |
Reimplemented Public Functions
| virtual Sailfish::Secrets::SecretManager * | manager() const |
| virtual Sailfish::Secrets::Result | result() const |
| virtual void | setManager(Sailfish::Secrets::SecretManager *manager) |
| virtual void | startRequest() |
| virtual Sailfish::Secrets::Request::Status | status() const |
| virtual void | waitForFinished() |
- 6 public functions inherited from Sailfish::Secrets::Request
Signals
| void | accessControlModeChanged() |
| void | authenticationPluginNameChanged() |
| void | customLockUnlockSemanticChanged() |
| void | deviceLockUnlockSemanticChanged() |
| void | encryptionPluginNameChanged() |
| void | interactionParametersChanged() |
| void | secretChanged() |
| void | secretStorageTypeChanged() |
| void | userInteractionModeChanged() |
- 3 signals inherited from Sailfish::Secrets::Request
Detailed Description
Allows a client request that the system secrets service securely store a secret
This class allows clients to request the Secrets service to store a secret (either in a particular collection or as a standalone secret) in a particular storage plugin.
Note that the filter data defined in the secret will be encrypted prior to storage only if the secret is stored in a collection and that collection is stored by an EncryptedStoragePlugin; otherwise, only the identifier and data will be stored in encrypted form.
If the calling application is the creator of the collection specified in the secret's identifier, or alternatively if the user has granted the application permission to modify that collection and either there are no special access controls associated with the particular secret or the secret does not yet exist, then the Secrets service will instruct the storage plugin to store the secret into the collection.
If the application is not the creator of the collection and the user has not yet been asked if the application should have permission to modify the collection, or if the secret already exists and has specific access controls associated with it but the user has not yet been asked whether the application should have permission to modify the secret, then a system-mediated access control UI flow may be triggered to obtain the user's permission (unless the given userInteractionMode is PreventInteraction in which case the request will fail).
Alternatively, if the secret is a standalone secret, and a standalone secret with that identifier already exists and was created by another application, but the accessControlMode is OwnerOnlyMode, the request will fail, as applications are not able to steal ownership from other applications.
If the collection uses an encryption key derived from the system device-lock, then the value will be able to be stored without any other UI flow being required; however, if the collection uses an encryption key derived from a custom lock, then the custom lock authentication key will be obtained from the user via an authentication flow determined by the authentication plugin used for that collection (which may support ApplicationInteraction if the collection is an application-specific collection using an ApplicationSpecificAuthentication plugin, but otherwise will be a system-mediated UI flow, unless the userInteractionMode specified is PreventInteraction in which case the request will fail).
If the secret is a standalone secret protected by a custom-lock rather than the system device-lock, then an authentication flow will be required in order to retrieve a custom lock code or passphrase from the user.
An example of storing a secret into a pre-existing collection is as follows:
// Define the secret.
Sailfish::Secrets::Secret exampleSecret(
Sailfish::Secrets::Secret::Identifier(
QLatin1String("ExampleSecret"),
QLatin1String("ExampleCollection"),
Sailfish::Secrets::SecretManager::DefaultEncryptedStoragePluginName));
exampleSecret.setData("Some secret data");
exampleSecret.setType(Sailfish::Secrets::Secret::TypeBlob);
exampleSecret.setFilterData(QLatin1String("domain"),
QLatin1String("sailfishos.org"));
exampleSecret.setFilterData(QLatin1String("example"),
QLatin1String("true"));
// Request that the secret be securely stored.
Sailfish::Secrets::SecretManager sm;
Sailfish::Secrets::StoreSecretRequest ssr;
ssr.setManager(&sm);
ssr.setSecretStorageType(Sailfish::Secrets::StoreSecretRequest::CollectionSecret);
ssr.setUserInteractionMode(Sailfish::Secrets::SecretManager::SystemInteraction);
ssr.setSecret(exampleSecret);
ssr.startRequest(); // status() will change to Finished when completeAn example of storing a standalone secret protected by the device lock is:
// Define a standalone secret (no collection name specified in the identifier)
Sailfish::Secrets::Secret standaloneSecret(
Sailfish::Secrets::Secret::Identifier(
QStringLiteral("StandaloneSecret"),
QString(),
Sailfish::Secrets::SecretManager::DefaultEncryptedStoragePluginName));
standaloneSecret.setData("Example secret data");
standaloneSecret.setType(Secret::TypeBlob);
standaloneSecret.setFilterData(QLatin1String("domain"),
QLatin1String("sailfishos.org"));
standaloneSecret.setFilterData(QLatin1String("example"),
QLatin1String("true"));
// Request that the secret be stored by the default storage plugin
Sailfish::Secrets::SecretManager sm;
Sailfish::Secrets::StoreSecretRequest ssr;
ssr.setManager(&sm);
ssr.setSecretStorageType(StoreSecretRequest::StandaloneDeviceLockSecret);
ssr.setDeviceLockUnlockSemantic(Sailfish::Secrets::SecretManager::DeviceLockKeepUnlocked);
ssr.setAccessControlMode(Sailfish::Secrets::SecretManager::OwnerOnlyMode);
ssr.setEncryptionPluginName(Sailfish::Secrets::SecretManager::DefaultEncryptionPluginName);
ssr.setUserInteractionMode(Sailfish::Secrets::SecretManager::SystemInteraction);
ssr.setSecret(standaloneSecret);
ssr.startRequest(); // status() will change to Finished when completeAn example of storing a secret into a pre-existing collection, where the secret data is requested securely from the user by the secrets service prior to storage, follows:
// Define the secret data request prompt parameters.
Sailfish::Secrets::InteractionParameters uiParams;
uiParams.setInputType(Sailfish::Secrets::InteractionParameters::AlphaNumericInput);
uiParams.setEchoMode(Sailfish::Secrets::InteractionParameters::NormalEcho);
// Define the secret. Note that it contains metadata only.
Sailfish::Secrets::Secret exampleSecret(
Sailfish::Secrets::Secret::Identifier(
QLatin1String("ExampleSecret"),
QLatin1String("ExampleCollection"),
Sailfish::Secrets::SecretManager::DefaultEncryptedStoragePluginName));
exampleSecret.setType(Sailfish::Secrets::Secret::TypeBlob);
exampleSecret.setFilterData(QLatin1String("domain"),
QLatin1String("sailfishos.org"));
exampleSecret.setFilterData(QLatin1String("example"),
QLatin1String("true"));
// Request that the secret be securely stored.
Sailfish::Secrets::SecretManager sm;
Sailfish::Secrets::StoreSecretRequest ssr;
ssr.setManager(&sm);
ssr.setInteractionParameters(uiParams);
ssr.setSecretStorageType(Sailfish::Secrets::StoreSecretRequest::CollectionSecret);
ssr.setUserInteractionMode(Sailfish::Secrets::SecretManager::SystemInteraction);
ssr.setSecret(exampleSecret);
ssr.startRequest(); // status() will change to Finished when completeProperty Documentation
accessControlMode : Sailfish::Secrets::SecretManager::AccessControlMode
Access functions:
| Sailfish::Secrets::SecretManager::AccessControlMode | accessControlMode() const |
| void | setAccessControlMode(Sailfish::Secrets::SecretManager::AccessControlMode mode) |
Notifier signal:
| void | accessControlModeChanged() |
authenticationPluginName : QString
Access functions:
| QString | authenticationPluginName() const |
| void | setAuthenticationPluginName(const QString &pluginName) |
Notifier signal:
| void | authenticationPluginNameChanged() |
customLockUnlockSemantic : Sailfish::Secrets::SecretManager::CustomLockUnlockSemantic
Access functions:
| Sailfish::Secrets::SecretManager::CustomLockUnlockSemantic | customLockUnlockSemantic() const |
| void | setCustomLockUnlockSemantic(Sailfish::Secrets::SecretManager::CustomLockUnlockSemantic semantic) |
Notifier signal:
| void | customLockUnlockSemanticChanged() |
deviceLockUnlockSemantic : Sailfish::Secrets::SecretManager::DeviceLockUnlockSemantic
Access functions:
| Sailfish::Secrets::SecretManager::DeviceLockUnlockSemantic | deviceLockUnlockSemantic() const |
| void | setDeviceLockUnlockSemantic(Sailfish::Secrets::SecretManager::DeviceLockUnlockSemantic semantic) |
Notifier signal:
| void | deviceLockUnlockSemanticChanged() |
encryptionPluginName : QString
Access functions:
| QString | encryptionPluginName() const |
| void | setEncryptionPluginName(const QString &pluginName) |
Notifier signal:
| void | encryptionPluginNameChanged() |
interactionParameters : Sailfish::Secrets::InteractionParameters
Access functions:
| InteractionParameters | interactionParameters() const |
| void | setInteractionParameters(const InteractionParameters ¶ms) |
Notifier signal:
| void | interactionParametersChanged() |
secret : Sailfish::Secrets::Secret
Access functions:
| Sailfish::Secrets::Secret | secret() const |
| void | setSecret(const Sailfish::Secrets::Secret &secret) |
Notifier signal:
| void | secretChanged() |
secretStorageType : SecretStorageType
Access functions:
| SecretStorageType | secretStorageType() const |
| void | setSecretStorageType(SecretStorageType type) |
Notifier signal:
| void | secretStorageTypeChanged() |
userInteractionMode : Sailfish::Secrets::SecretManager::UserInteractionMode
Access functions:
| Sailfish::Secrets::SecretManager::UserInteractionMode | userInteractionMode() const |
| void | setUserInteractionMode(Sailfish::Secrets::SecretManager::UserInteractionMode mode) |
Notifier signal:
| void | userInteractionModeChanged() |
Member Function Documentation
StoreSecretRequest::StoreSecretRequest(QObject *parent = Q_NULLPTR)
Constructs a new StoreSecretRequest object with the given parent.
StoreSecretRequest::~StoreSecretRequest()
Destroys the StoreSecretRequest
Sailfish::Secrets::SecretManager::AccessControlMode StoreSecretRequest::accessControlMode() const
Returns the access control mode which will be enforced for the secret
Note: Getter function for property accessControlMode.
See also setAccessControlMode().
QString StoreSecretRequest::authenticationPluginName() const
Returns the name of the authentication plugin which the client wishes to use to authenticate the user (in order to unlock the secret)
Note: Getter function for property authenticationPluginName.
See also setAuthenticationPluginName().
Sailfish::Secrets::SecretManager::CustomLockUnlockSemantic StoreSecretRequest::customLockUnlockSemantic() const
Returns the unlock semantic which will apply to the secret if it is protected by a custom lock.
Note: Getter function for property customLockUnlockSemantic.
See also setCustomLockUnlockSemantic().
Sailfish::Secrets::SecretManager::DeviceLockUnlockSemantic StoreSecretRequest::deviceLockUnlockSemantic() const
Returns the unlock semantic which will apply to the secret if it is protected by the device lock.
Note: Getter function for property deviceLockUnlockSemantic.
See also setDeviceLockUnlockSemantic().
QString StoreSecretRequest::encryptionPluginName() const
Returns the name of the encryption plugin which the client wishes to use to encrypt the standalone secret
Note: Getter function for property encryptionPluginName.
See also setEncryptionPluginName().
InteractionParameters StoreSecretRequest::interactionParameters() const
Returns the user input parameters which should be used when requesting the secret data from the user
If the user input parameters are not valid, the secret data which is contained within the secret() will be stored. If the user input parameters are valid, then the secret data which is contained within the secret() will be overwritten prior to storage with the data retrieved from the user.
Note: specifying user input parameters implies that system-mediated user interaction flows are allowed by the calling application.
Note: Getter function for property interactionParameters.
See also setInteractionParameters().
[virtual] Sailfish::Secrets::SecretManager *StoreSecretRequest::manager() const
See also setManager().
[virtual] Sailfish::Secrets::Result StoreSecretRequest::result() const
Sailfish::Secrets::Secret StoreSecretRequest::secret() const
Returns the secret which the client wishes to store securely
Note: Getter function for property secret.
See also setSecret().
SecretStorageType StoreSecretRequest::secretStorageType() const
Returns the type of storage which will apply to the stored secret
A secret whose storage type is StoreSecretRequest::CollectionSecret will be stored in the collection whose name is specified in the secret's identifier's Sailfish::Secrets::Secret::Identifier::collectionName() field. The collection will have either a custom lock or device lock depending on the semantics defined for it when it was created.
A secret whose storage type is StoreSecretRequest::StandaloneCustomLockSecret will be individually encrypted with the custom lock code, and then the encrypted version will be stored in a standalone, unencrypted collection.
A secret whose storage type is StoreSecretRequest::StandaloneDeviceLockSecret will be individually encrypted with the device lock code, and then the encrypted version will be stored in a standalone, unencrypted collection.
Note: Getter function for property secretStorageType.
See also setSecretStorageType().
void StoreSecretRequest::setAuthenticationPluginName(const QString &pluginName)
Sets the name of the authentication plugin which the client wishes to use to authenticate the user (in order to unlock the secret) to pluginName
Note: this will only apply to secrets whose secretStorageType() is StoreSecretRequest::StandaloneCustomLockSecret.
Note: Setter function for property authenticationPluginName.
See also authenticationPluginName().
void StoreSecretRequest::setEncryptionPluginName(const QString &pluginName)
Sets the name of the encryption plugin which the client wishes to use to encrypt the standalone secret to pluginName
Note: this will only apply to secrets whose secretStorageType() is StoreSecretRequest::StandaloneCustomLockSecret or StoreSecretRequest::StandaloneDeviceLockSecret.
Note: Setter function for property encryptionPluginName.
See also encryptionPluginName().
void StoreSecretRequest::setInteractionParameters(const InteractionParameters ¶ms)
Sets the user input parameters which should be used when requesting the secret data from the user to params
If the user input parameters are not valid, the secret data which is contained within the secret() will be stored. If the user input parameters are valid, then the secret data which is contained within the secret() will be overwritten prior to storage with the data retrieved from the user.
Note: specifying user input parameters implies that system-mediated user interaction flows are allowed by the calling application.
Note: Setter function for property interactionParameters.
See also interactionParameters().
[virtual] void StoreSecretRequest::setManager(Sailfish::Secrets::SecretManager *manager)
See also manager().
void StoreSecretRequest::setSecretStorageType(SecretStorageType type)
Sets the type of storage which will apply to the stored secret to type
Note: Setter function for property secretStorageType.
See also secretStorageType().
[virtual] void StoreSecretRequest::startRequest()
[virtual] Sailfish::Secrets::Request::Status StoreSecretRequest::status() const
Sailfish::Secrets::SecretManager::UserInteractionMode StoreSecretRequest::userInteractionMode() const
Returns the user interaction mode required when storing the secret (e.g. if a custom lock code must be requested from the user)
Note: Getter function for property userInteractionMode.
See also setUserInteractionMode().