libsecurity_codesigning-55037.15.tar.gz

[apple/libsecurity_codesigning.git] / lib / requirement.cpp

diff --git a/lib/requirement.cpp b/lib/requirement.cpp
index f4b294ab74336f647329765f29fcc1e8594909aa..cc52729181b67dc20c76b627f0024092ab2ec602 100644 (file)
--- a/lib/requirement.cpp
+++ b/lib/requirement.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved.
+ * Copyright (c) 2006-2012 Apple Inc. All Rights Reserved.
  * 
  * @APPLE_LICENSE_HEADER_START@
  * 
@@ -26,6 +26,7 @@
 //
 #include "requirement.h"
 #include "reqinterp.h"
+#include "codesigning_dtrace.h"
 #include <security_utilities/errors.h>
 #include <security_utilities/unix++.h>
 #include <security_utilities/logging.h>
@@ -56,7 +57,8 @@ const char *const Requirement::typeNames[] = {
        "host",
        "guest",
        "designated",
-       "library"
+       "library",
+       "plugin",
 };
 
 
@@ -65,13 +67,24 @@ const char *const Requirement::typeNames[] = {
 //
 void Requirement::validate(const Requirement::Context &ctx, OSStatus failure /* = errSecCSReqFailed */) const
 {
+       if (!this->validates(ctx, failure))
+               MacOSError::throwMe(failure);
+}
+
+bool Requirement::validates(const Requirement::Context &ctx, OSStatus failure /* = errSecCSReqFailed */) const
+{
+       CODESIGN_EVAL_REQINT_START((void*)this, this->length());
        switch (kind()) {
        case exprForm:
-               if (!Requirement::Interpreter(this, &ctx).evaluate())
-                       MacOSError::throwMe(failure);
-               return;
+               if (Requirement::Interpreter(this, &ctx).evaluate()) {
+                       CODESIGN_EVAL_REQINT_END(this, 0);
+                       return true;
+               } else {
+                       CODESIGN_EVAL_REQINT_END(this, failure);
+                       return false;
+               }
        default:
-               secdebug("reqval", "unrecognized requirement kind %d", kind());
+               CODESIGN_EVAL_REQINT_END(this, errSecCSReqUnsupported);
                MacOSError::throwMe(errSecCSReqUnsupported);
        }
 }
@@ -89,6 +102,8 @@ SecCertificateRef Requirement::Context::cert(int ix) const
        if (certs) {
                if (ix < 0)
                        ix += certCount();
+               if (ix >= CFArrayGetCount(certs))
+                   return NULL;
                if (CFTypeRef element = CFArrayGetValueAtIndex(certs, ix))
                        return SecCertificateRef(element);
        }
@@ -141,7 +156,6 @@ const SHA1::Digest &Requirement::testAppleAnchorHash()
 #endif //TEST_APPLE_ANCHOR
 
 
-
 //
 // Debug dump support
 //