[apple/libsecurity_codesigning.git] / lib / resources.h

/*
 * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

//
// resource directory construction and verification
//
#ifndef _H_RSIGN
#define _H_RSIGN

#include "renum.h"
#include "codedirectory.h"
#include <security_utilities/utilities.h>
#include <security_utilities/cfutilities.h>
#include <security_utilities/hashing.h>
#include "regex.h"
#include <CoreFoundation/CoreFoundation.h>
#include <vector>

namespace Security {
namespace CodeSigning {


//
// The builder of ResourceDirectories.
//
// Note that this *is* a ResourceEnumerate, which can enumerate
// its source directory once (only).
//
class ResourceBuilder : public ResourceEnumerator {
public:
	ResourceBuilder(const std::string &root, CFDictionaryRef rules, CodeDirectory::HashAlgorithm hashType);
	~ResourceBuilder();

	CFDictionaryRef build();

	enum Action {
		optional = 0x01,				// may be absent at runtime
		omitted = 0x02,					// do not seal even if present
		exclusion = 0x04,				// overriding exclusion (stop looking)
	};
	
	typedef unsigned int Weight;
	
public:
	class Rule : private regex_t {
	public:
		Rule(const std::string &pattern, Weight weight, uint32_t flags);
		~Rule();
		
		bool match(const char *s) const;
		
		const Weight weight;
		const uint32_t flags;
	};
	void addRule(Rule *rule) { mRules.push_back(rule); }
	void addExclusion(const std::string &pattern) { mRules.insert(mRules.begin(), new Rule(pattern, 0, exclusion)); }

	static std::string escapeRE(const std::string &s);
	
	FTSENT *next(std::string &path, Rule * &rule);	// enumerate next file and match rule

protected:
	void addRule(CFTypeRef key, CFTypeRef value);
	CFDataRef hashFile(const char *path);
	DynamicHash *getHash() const { return CodeDirectory::hashFor(this->mHashType); }
	
private:
	CFCopyRef<CFDictionaryRef> mRawRules;
	typedef std::vector<Rule *> Rules;
	Rules mRules;
	CodeDirectory::HashAlgorithm mHashType;
};


//
// The "seal" on a single resource.
//
class ResourceSeal {
public:
	ResourceSeal(CFTypeRef ref);

public:
	operator bool () const { return mHash; }
	bool operator ! () const { return mHash == NULL; }
	
	const SHA1::Byte *hash() const { return CFDataGetBytePtr(mHash); }
	bool optional() const { return mOptional; }

private:
	CFDataRef mHash;
	int mOptional;
};


} // end namespace CodeSigning
} // end namespace Security

#endif // !_H_RSIGN
Commit	Line	Data
7d31e928	1	/*
f60086fc	2	* Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
7d31e928 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	//
	25	// resource directory construction and verification
	26	//
	27	#ifndef _H_RSIGN
	28	#define _H_RSIGN
	29
7d31e928	30	#include "renum.h"
f60086fc	31	#include "codedirectory.h"
7d31e928	32	#include <security_utilities/utilities.h>
516ae477 A	33	#include <security_utilities/cfutilities.h>
516ae477 A	34	#include <security_utilities/hashing.h>
7d31e928	35	#include "regex.h"
516ae477	36	#include <CoreFoundation/CoreFoundation.h>
7d31e928 A	37	#include <vector>
	38
	39	namespace Security {
	40	namespace CodeSigning {
	41
	42
	43	//
	44	// The builder of ResourceDirectories.
	45	//
	46	// Note that this is a ResourceEnumerate, which can enumerate
	47	// its source directory once (only).
	48	//
	49	class ResourceBuilder : public ResourceEnumerator {
	50	public:
f60086fc	51	ResourceBuilder(const std::string &root, CFDictionaryRef rules, CodeDirectory::HashAlgorithm hashType);
7d31e928 A	52	~ResourceBuilder();
	53
	54	CFDictionaryRef build();
	55
	56	enum Action {
	57	optional = 0x01, // may be absent at runtime
	58	omitted = 0x02, // do not seal even if present
516ae477	59	exclusion = 0x04, // overriding exclusion (stop looking)
7d31e928 A	60	};
	61
	62	typedef unsigned int Weight;
	63
	64	public:
	65	class Rule : private regex_t {
	66	public:
	67	Rule(const std::string &pattern, Weight weight, uint32_t flags);
	68	~Rule();
	69
	70	bool match(const char *s) const;
	71
	72	const Weight weight;
	73	const uint32_t flags;
	74	};
	75	void addRule(Rule *rule) { mRules.push_back(rule); }
516ae477	76	void addExclusion(const std::string &pattern) { mRules.insert(mRules.begin(), new Rule(pattern, 0, exclusion)); }
d1c1ab47 A	77
d1c1ab47 A	78	static std::string escapeRE(const std::string &s);
7d31e928 A	79
	80	FTSENT next(std::string &path, Rule &rule); // enumerate next file and match rule
	81
	82	protected:
	83	void addRule(CFTypeRef key, CFTypeRef value);
	84	CFDataRef hashFile(const char *path);
f60086fc	85	DynamicHash *getHash() const { return CodeDirectory::hashFor(this->mHashType); }
7d31e928 A	86
	87	private:
	88	CFCopyRef<CFDictionaryRef> mRawRules;
	89	typedef std::vector<Rule *> Rules;
	90	Rules mRules;
f60086fc	91	CodeDirectory::HashAlgorithm mHashType;
7d31e928 A	92	};
	93
	94
	95	//
	96	// The "seal" on a single resource.
	97	//
	98	class ResourceSeal {
	99	public:
	100	ResourceSeal(CFTypeRef ref);
	101
	102	public:
	103	operator bool () const { return mHash; }
	104	bool operator ! () const { return mHash == NULL; }
	105
	106	const SHA1::Byte *hash() const { return CFDataGetBytePtr(mHash); }
	107	bool optional() const { return mOptional; }
	108
	109	private:
	110	CFDataRef mHash;
	111	int mOptional;
	112	};
	113
	114
	115	} // end namespace CodeSigning
	116	} // end namespace Security
	117
	118	#endif // !_H_RSIGN