lib/reqinterp.h

   1 /*
   2  * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // reqinterp - Requirement language (exprOp) interpreter
  26 //
  27 #ifndef _H_REQINTERP
  28 #define _H_REQINTERP
  29
  30 #include <security_codesigning/reqreader.h>
  31 #include <Security/SecTrustSettings.h>
  32
  33 namespace Security {
  34 namespace CodeSigning {
  35
  36
  37 //
  38 // An interpreter for exprForm-type requirements.
  39 // This is a simple Polish Notation stack evaluator.
  40 //
  41 class Requirement::Interpreter : public Requirement::Reader {
  42 public:
  43         Interpreter(const Requirement *req, const Context *ctx);
  44
  45         bool evaluate();
  46
  47 protected:
  48         class Match {
  49         public:
  50                 Match(Interpreter &interp);             // reads match postfix from interp
  51                 Match(CFStringRef value, MatchOperation op) : mValue(value), mOp(op) { } // explicit
  52                 bool operator () (CFTypeRef candidate) const; // match to candidate
  53
  54         private:
  55                 CFCopyRef<CFStringRef> mValue;  // match value
  56                 MatchOperation mOp;                             // type of match
  57         };
  58
  59 protected:
  60         bool infoKeyValue(const std::string &key, const Match &match);
  61         bool certFieldValue(const string &key, const Match &match, SecCertificateRef cert);
  62         bool verifyAnchor(SecCertificateRef cert, const unsigned char *digest);
  63         bool appleSigned();
  64         bool trustedCerts();
  65         bool trustedCert(int slot);
  66
  67         SecTrustSettingsResult trustSetting(SecCertificateRef cert, bool isAnchor);
  68
  69 private:
  70         const Context * const mContext;
  71 };
  72
  73
  74 }       // CodeSigning
  75 }       // Security
  76
  77 #endif //_H_REQINTERP