lib/SecCodeSigner.h

   1 /*
   2  * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*!
  25         @header SecCodeSigner
  26         SecCodeSigner represents an object that signs code.
  27 */
  28 #ifndef _H_SECCODESIGNER
  29 #define _H_SECCODESIGNER
  30
  31 #ifdef __cplusplus
  32 extern "C" {
  33 #endif
  34
  35 #include <Security/CSCommon.h>
  36
  37 /*!
  38         @typedef SecCodeSignerRef
  39         This is the type of a reference to a code requirement.
  40 */
  41 typedef struct __SecCodeSigner *SecCodeSignerRef;       /* code signing object */
  42
  43
  44 /*!
  45         @function SecCodeGetTypeID
  46         Returns the type identifier of all SecCode instances.
  47 */
  48 CFTypeID SecCodeSignerGetTypeID(void);
  49
  50
  51 /*!
  52         @constant kSecCodeSignerIdentity A SecIdentityRef describing the signing identity
  53                 to use for signing code. This is a mandatory parameter.
  54         @constant kSecCodeSignerDetached If present, a detached code signature is generated.
  55                 If absent, code signature data is written into the target code (which must
  56                 be writable). The value is a CFURL identifying the file that is replaced with
  57                 the detached signature data.
  58         @constant kSecCodeSignerRequirements Internal code requirements.
  59         @constant kSecCodeSignerFlags Signature flags.
  60  */
  61 extern const CFStringRef kSecCodeSignerApplicationData;
  62 extern const CFStringRef kSecCodeSignerDetached;
  63 extern const CFStringRef kSecCodeSignerDryRun;
  64 extern const CFStringRef kSecCodeSignerEntitlements;
  65 extern const CFStringRef kSecCodeSignerFlags;
  66 extern const CFStringRef kSecCodeSignerIdentifier;
  67 extern const CFStringRef kSecCodeSignerIdentifierPrefix;
  68 extern const CFStringRef kSecCodeSignerIdentity;
  69 extern const CFStringRef kSecCodeSignerPageSize;
  70 extern const CFStringRef kSecCodeSignerRequirements;
  71 extern const CFStringRef kSecCodeSignerResourceRules;
  72 extern const CFStringRef kSecCodeSignerSigningTime;
  73
  74
  75 /*!
  76         @function SecCodeSignerCreate
  77         Create a (new) SecCodeSigner object to be used for signing code.
  78
  79         @param parameters An optional CFDictionary containing parameters that influence
  80                 signing operations with the newly created SecCodeSigner. If NULL, defaults
  81                 are applied to all parameters; note however that some parameters do not have
  82                 useful defaults, and will need to be set before signing is attempted.
  83         @param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior.
  84         @param staticCode On successful return, a SecStaticCode object reference representing
  85         the file system origin of the given SecCode. On error, unchanged.
  86         @result Upon success, noErr. Upon error, an OSStatus value documented in
  87         CSCommon.h or certain other Security framework headers.
  88 */
  89 OSStatus SecCodeSignerCreate(CFDictionaryRef parameters, SecCSFlags flags,
  90         SecCodeSignerRef *signer);
  91
  92
  93 /*!
  94         @function SecCodeSignerAddSignature
  95         Create a code signature and add it to the StaticCode object being signed.
  96
  97         @param signer A SecCodeSigner object containing all the information required
  98         to sign code.
  99         @param code A valid SecStaticCode object reference representing code files
 100         on disk. This code will be signed, and will ordinarily be modified to contain
 101         the resulting signature data.
 102         @param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior.
 103         @param errors An optional pointer to a CFErrorRef variable. If the call fails
 104         (and something other than noErr is returned), and this argument is non-NULL,
 105         a CFErrorRef is stored there further describing the nature and circumstances
 106         of the failure. The caller must CFRelease() this error object when done with it.
 107         @result Upon success, noErr. Upon error, an OSStatus value documented in
 108         CSCommon.h or certain other Security framework headers.
 109 */
 110 OSStatus SecCodeSignerAddSignature(SecCodeSignerRef signer,
 111         SecStaticCodeRef code, SecCSFlags flags);
 112
 113 OSStatus SecCodeSignerAddSignatureWithErrors(SecCodeSignerRef signer,
 114         SecStaticCodeRef code, SecCSFlags flags, CFErrorRef *errors);
 115
 116
 117 #ifdef __cplusplus
 118 }
 119 #endif
 120
 121 #endif //_H_SECCODESIGNER