lib/CodeSigner.h

   1 /*
   2  * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // CodeSigner - SecCodeSigner API objects
  26 //
  27 #ifndef _H_CODESIGNER
  28 #define _H_CODESIGNER
  29
  30 #include "cs.h"
  31 #include "StaticCode.h"
  32 #include "cdbuilder.h"
  33 #include <Security/SecIdentity.h>
  34 #include <security_utilities/utilities.h>
  35
  36 namespace Security {
  37 namespace CodeSigning {
  38
  39
  40 //
  41 // A SecCode object represents running code in the system. It must be subclassed
  42 // to implement a particular notion of code.
  43 //
  44 class SecCodeSigner : public SecCFObject {
  45         NOCOPY(SecCodeSigner)
  46 public:
  47         SECCFFUNCTIONS(SecCodeSigner, SecCodeSignerRef, errSecCSInvalidObjectRef, gCFObjects().CodeSigner)
  48
  49         SecCodeSigner();
  50     virtual ~SecCodeSigner() throw();
  51
  52         void parameters(CFDictionaryRef args);  // parse and set parameters
  53         bool valid() const { return mSigner; }
  54
  55         void sign(SecStaticCode *code, SecCSFlags flags);
  56
  57         void returnDetachedSignature(BlobCore *blob);
  58
  59 public:
  60         class Parser;
  61         class Signer;
  62
  63 private:
  64         // parsed parameter set
  65         CFRef<SecIdentityRef> mSigner;  // signing identity
  66         CFRef<CFTypeRef> mDetached;             // detached-signing information (NULL => attached)
  67         CFRef<CFDictionaryRef> mResourceRules; // explicit resource collection rules (override)
  68         CFRef<CFDateRef> mSigningTime;  // signing time desired (kCFNull for none)
  69         CFRef<CFDataRef> mApplicationData; // contents of application slot
  70         CFRef<CFDataRef> mEntitlementData; // entitlement configuration data
  71         const Requirements *mRequirements; // internal code requirements
  72         size_t mCMSSize;                                // size estimate for CMS blob
  73         uint32_t mCdFlags;                              // CodeDirectory flags
  74         bool mCdFlagsGiven;                             // CodeDirectory flags were specified
  75         std::string mIdentifier;                // unique identifier override
  76         std::string mIdentifierPrefix;  // prefix for un-dotted default identifiers
  77         bool mNoMachO;                                  // override to perform non-Mach-O signing
  78         bool mDryRun;                                   // dry run (do not change target)
  79         CFRef<CFNumberRef> mPageSize;   // main executable page size
  80 };
  81
  82
  83 } // end namespace CodeSigning
  84 } // end namespace Security
  85
  86 #endif // !_H_CODESIGNER