lib/SecRequirement.cpp

   1 /*
   2  * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // SecRequirement - API frame for SecRequirement objects
  26 //
  27 #include "cs.h"
  28 #include "Requirements.h"
  29 #include "reqparser.h"
  30 #include "reqmaker.h"
  31 #include "reqdumper.h"
  32 #include <Security/SecCertificate.h>
  33 #include <security_utilities/cfutilities.h>
  34
  35 using namespace CodeSigning;
  36
  37
  38 //
  39 // CF-standard type code function
  40 //
  41 CFTypeID SecRequirementGetTypeID(void)
  42 {
  43         BEGIN_CSAPI
  44         return gCFObjects().Requirement.typeID;
  45     END_CSAPI1(_kCFRuntimeNotATypeID)
  46 }
  47
  48
  49 //
  50 // Create a Requirement from data
  51 //
  52 OSStatus SecRequirementCreateWithData(CFDataRef data, SecCSFlags flags,
  53         SecRequirementRef *requirementRef)
  54 {
  55         BEGIN_CSAPI
  56
  57         checkFlags(flags);
  58         Required(requirementRef) = (new SecRequirement(CFDataGetBytePtr(data), CFDataGetLength(data)))->handle();
  59
  60         END_CSAPI
  61 }
  62
  63
  64 //
  65 // Create a Requirement from data in a file
  66 //
  67 OSStatus SecRequirementCreateWithResource(CFURLRef resource, SecCSFlags flags,
  68         SecRequirementRef *requirementRef)
  69 {
  70         BEGIN_CSAPI
  71
  72         checkFlags(flags);
  73         CFRef<CFDataRef> data = cfLoadFile(resource);
  74         Required(requirementRef) =
  75                 (new SecRequirement(CFDataGetBytePtr(data), CFDataGetLength(data)))->handle();
  76
  77         END_CSAPI
  78 }
  79
  80
  81 //
  82 // Create a Requirement from source text (compiling it)
  83 //
  84 OSStatus SecRequirementCreateWithString(CFStringRef text, SecCSFlags flags,
  85         SecRequirementRef *requirementRef)
  86 {
  87         return SecRequirementCreateWithStringAndErrors(text, flags, NULL, requirementRef);
  88 }
  89
  90 OSStatus SecRequirementCreateWithStringAndErrors(CFStringRef text, SecCSFlags flags,
  91         CFErrorRef *errors, SecRequirementRef *requirementRef)
  92 {
  93         BEGIN_CSAPI
  94
  95         checkFlags(flags);
  96         Required(requirementRef) = (new SecRequirement(parseRequirement(cfString(text))))->handle();
  97
  98         END_CSAPI_ERRORS
  99 }
 100
 101
 102 //
 103 // Create a Requirement group.
 104 // This is the canonical point where "application group" is defined.
 105 //
 106 OSStatus SecRequirementCreateGroup(CFStringRef groupName, SecCertificateRef anchorRef,
 107         SecCSFlags flags, SecRequirementRef *requirementRef)
 108 {
 109         BEGIN_CSAPI
 110
 111         checkFlags(flags);
 112         Requirement::Maker maker;
 113         maker.put(opAnd);               // both of...
 114         maker.infoKey("Application-Group", cfString(groupName));
 115         if (anchorRef) {
 116                 CSSM_DATA certData;
 117                 MacOSError::check(SecCertificateGetData(anchorRef, &certData));
 118                 maker.anchor(0, certData.Data, certData.Length);
 119         } else {
 120                 maker.anchor();                 // canonical Apple anchor
 121         }
 122         Required(requirementRef) = (new SecRequirement(maker.make(), true))->handle();
 123
 124         secdebug("codesign", "created group requirement for %s", cfString(groupName).c_str());
 125
 126         END_CSAPI
 127 }
 128
 129
 130 //
 131 // Extract the stable binary from from a SecRequirementRef
 132 //
 133 OSStatus SecRequirementCopyData(SecRequirementRef requirementRef, SecCSFlags flags,
 134         CFDataRef *data)
 135 {
 136         BEGIN_CSAPI
 137
 138         const Requirement *req = SecRequirement::required(requirementRef)->requirement();
 139         checkFlags(flags);
 140         Required(data);
 141         *data = makeCFData(*req);
 142
 143         END_CSAPI
 144 }
 145
 146
 147 //
 148 // Generate source form for a SecRequirement (decompile/disassemble)
 149 //
 150 OSStatus SecRequirementCopyString(SecRequirementRef requirementRef, SecCSFlags flags,
 151         CFStringRef *text)
 152 {
 153         BEGIN_CSAPI
 154
 155         const Requirement *req = SecRequirement::required(requirementRef)->requirement();
 156         checkFlags(flags);
 157         Required(text);
 158         *text = makeCFString(Dumper::dump(req));
 159
 160         END_CSAPI
 161 }
 162