lib/SecCodeSigner.h

   1 /*
   2  * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 /*!
  25         @header SecCodeSigner
  26         SecCodeSigner represents an object that signs code.
  27 */
  28 #ifndef _H_SECCODESIGNER
  29 #define _H_SECCODESIGNER
  30
  31 #ifdef __cplusplus
  32 extern "C" {
  33 #endif
  34
  35 #include <Security/CSCommon.h>
  36
  37 /*!
  38         @typedef SecCodeSignerRef
  39         This is the type of a reference to a code requirement.
  40 */
  41 typedef struct __SecCodeSigner *SecCodeSignerRef;       /* code signing object */
  42
  43
  44 /*!
  45         @function SecCodeGetTypeID
  46         Returns the type identifier of all SecCode instances.
  47 */
  48 CFTypeID SecCodeSignerGetTypeID(void);
  49
  50
  51 /*!
  52         @constant kSecCodeSignerIdentity A SecIdentityRef describing the signing identity
  53                 to use for signing code. This is a mandatory parameter.
  54         @constant kSecCodeSignerDetached If present, a detached code signature is generated.
  55                 If absent, code signature data is written into the target code (which must
  56                 be writable). The value is a CFURL identifying the file that is replaced with
  57                 the detached signature data.
  58         @constant kSecCodeSignerRequirements Internal code requirements.
  59         @constant kSecCodeSignerFlags Signature flags.
  60  */
  61 extern const CFStringRef kSecCodeSignerApplicationData;
  62 extern const CFStringRef kSecCodeSignerDetached;
  63 extern const CFStringRef kSecCodeSignerDryRun;
  64 extern const CFStringRef kSecCodeSignerFlags;
  65 extern const CFStringRef kSecCodeSignerIdentifier;
  66 extern const CFStringRef kSecCodeSignerIdentifierPrefix;
  67 extern const CFStringRef kSecCodeSignerIdentity;
  68 extern const CFStringRef kSecCodeSignerPageSize;
  69 extern const CFStringRef kSecCodeSignerRequirements;
  70 extern const CFStringRef kSecCodeSignerResourceRules;
  71 extern const CFStringRef kSecCodeSignerSigningTime;
  72
  73
  74 /*!
  75         @function SecCodeSignerCreate
  76         Create a (new) SecCodeSigner object to be used for signing code.
  77
  78         @param parameters An optional CFDictionary containing parameters that influence
  79                 signing operations with the newly created SecCodeSigner. If NULL, defaults
  80                 are applied to all parameters; note however that some parameters do not have
  81                 useful defaults, and will need to be set before signing is attempted.
  82         @param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior.
  83         @param staticCode On successful return, a SecStaticCode object reference representing
  84         the file system origin of the given SecCode. On error, unchanged.
  85         @result Upon success, noErr. Upon error, an OSStatus value documented in
  86         CSCommon.h or certain other Security framework headers.
  87 */
  88 OSStatus SecCodeSignerCreate(CFDictionaryRef parameters, SecCSFlags flags,
  89         SecCodeSignerRef *signer);
  90
  91
  92 /*!
  93         @function SecCodeSignerAddSignature
  94         Create a code signature and add it to the StaticCode object being signed.
  95
  96         @param signer A SecCodeSigner object containing all the information required
  97         to sign code.
  98         @param code A valid SecStaticCode object reference representing code files
  99         on disk. This code will be signed, and will ordinarily be modified to contain
 100         the resulting signature data.
 101         @param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior.
 102         @param errors An optional pointer to a CFErrorRef variable. If the call fails
 103         (and something other than noErr is returned), and this argument is non-NULL,
 104         a CFErrorRef is stored there further describing the nature and circumstances
 105         of the failure. The caller must CFRelease() this error object when done with it.
 106         @result Upon success, noErr. Upon error, an OSStatus value documented in
 107         CSCommon.h or certain other Security framework headers.
 108 */
 109 OSStatus SecCodeSignerAddSignature(SecCodeSignerRef signer,
 110         SecStaticCodeRef code, SecCSFlags flags);
 111
 112 OSStatus SecCodeSignerAddSignatureWithErrors(SecCodeSignerRef signer,
 113         SecStaticCodeRef code, SecCSFlags flags, CFErrorRef *errors);
 114
 115
 116 #ifdef __cplusplus
 117 }
 118 #endif
 119
 120 #endif //_H_SECCODESIGNER