libsecurity_codesigning-55037.15.tar.gz

[apple/libsecurity_codesigning.git] / lib / SecCode.cpp

diff --git a/lib/SecCode.cpp b/lib/SecCode.cpp
index d9524052a28dacd43b1cb2e5b42ce09d8460792d..f5b300f6dc9ae15e815f5c125375ecfab6de198c 100644 (file)
--- a/lib/SecCode.cpp
+++ b/lib/SecCode.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved.
+ * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
  * 
  * @APPLE_LICENSE_HEADER_START@
  * 
@@ -39,14 +39,17 @@ using namespace CodeSigning;
 //
 // CFError user info keys
 //
+const CFStringRef kSecCFErrorArchitecture =            CFSTR("SecCSArchitecture");
 const CFStringRef kSecCFErrorPattern =                 CFSTR("SecCSPattern");
 const CFStringRef kSecCFErrorResourceSeal =            CFSTR("SecCSResourceSeal");
-const CFStringRef kSecCFErrorResourceAdded =   CFSTR("SecCSResourceAdded");
+const CFStringRef kSecCFErrorResourceAdded =           CFSTR("SecCSResourceAdded");
 const CFStringRef kSecCFErrorResourceAltered = CFSTR("SecCSResourceAltered");
 const CFStringRef kSecCFErrorResourceMissing = CFSTR("SecCSResourceMissing");
-const CFStringRef kSecCFErrorInfoPlist =               CFSTR("SecCSInfoPlist");
+const CFStringRef kSecCFErrorInfoPlist =                       CFSTR("SecCSInfoPlist");
 const CFStringRef kSecCFErrorGuestAttributes = CFSTR("SecCSGuestAttributes");
 const CFStringRef kSecCFErrorRequirementSyntax = CFSTR("SecRequirementSyntax");
+const CFStringRef kSecCFErrorPath =                            CFSTR("SecComponentPath");
+
 
 //
 // CF-standard type code functions
@@ -69,7 +72,7 @@ OSStatus SecCodeCopySelf(SecCSFlags flags, SecCodeRef *selfRef)
        checkFlags(flags);
        CFRef<CFMutableDictionaryRef> attributes = makeCFMutableDictionary(1,
                kSecGuestAttributePid, CFTempNumber(getpid()).get());
-       Required(selfRef) = SecCode::autoLocateGuest(attributes, flags)->handle(false);
+       CodeSigning::Required(selfRef) = SecCode::autoLocateGuest(attributes, flags)->handle(false);
        
        END_CSAPI
 }
@@ -83,7 +86,7 @@ OSStatus SecCodeGetStatus(SecCodeRef codeRef, SecCSFlags flags, SecCodeStatus *s
        BEGIN_CSAPI
        
        checkFlags(flags);
-       Required(status) = SecCode::required(codeRef)->status();
+       CodeSigning::Required(status) = SecCode::required(codeRef)->status();
        
        END_CSAPI
 }
@@ -113,7 +116,7 @@ OSStatus SecCodeCopyStaticCode(SecCodeRef codeRef, SecCSFlags flags, SecStaticCo
        
        checkFlags(flags);
        SecPointer<SecStaticCode> staticCode = SecCode::required(codeRef)->staticCode();
-       Required(staticCodeRef) = staticCode ? staticCode->handle() : NULL;
+       CodeSigning::Required(staticCodeRef) = staticCode ? staticCode->handle() : NULL;
 
        END_CSAPI
 }
@@ -128,7 +131,7 @@ OSStatus SecCodeCopyHost(SecCodeRef guestRef, SecCSFlags flags, SecCodeRef *host
        
        checkFlags(flags);
        SecPointer<SecCode> host = SecCode::required(guestRef)->host();
-       Required(hostRef) = host ? host->handle() : NULL;
+       CodeSigning::Required(hostRef) = host ? host->handle() : NULL;
 
        END_CSAPI
 }
@@ -152,11 +155,11 @@ OSStatus SecCodeCopyGuestWithAttributes(SecCodeRef hostRef,
        checkFlags(flags);
        if (hostRef) {
                if (SecCode *guest = SecCode::required(hostRef)->locateGuest(attributes))
-                       Required(guestRef) = guest->handle(false);
+                       CodeSigning::Required(guestRef) = guest->handle(false);
                else
                        return errSecCSNoSuchCode;
        } else
-               Required(guestRef) = SecCode::autoLocateGuest(attributes, flags)->handle(false);
+               CodeSigning::Required(guestRef) = SecCode::autoLocateGuest(attributes, flags)->handle(false);
        
        END_CSAPI
 }
@@ -171,7 +174,7 @@ OSStatus SecCodeCreateWithPID(pid_t pid, SecCSFlags flags, SecCodeRef *processRe
        
        checkFlags(flags);
        if (SecCode *guest = KernelCode::active()->locateGuest(CFTemp<CFDictionaryRef>("{%O=%d}", kSecGuestAttributePid, pid)))
-               Required(processRef) = guest->handle(false);
+               CodeSigning::Required(processRef) = guest->handle(false);
        else
                return errSecCSNoSuchCode;
        
@@ -194,11 +197,12 @@ OSStatus SecCodeCheckValidityWithErrors(SecCodeRef codeRef, SecCSFlags flags,
        BEGIN_CSAPI
        
        checkFlags(flags,
-               kSecCSConsiderExpiration);
+                 kSecCSConsiderExpiration
+               | kSecCSEnforceRevocationChecks);
        SecPointer<SecCode> code = SecCode::required(codeRef);
        code->checkValidity(flags);
        if (const SecRequirement *req = SecRequirement::optional(requirementRef))
-               code->staticCode()->validateRequirements(req->requirement(), errSecCSReqFailed);
+               code->staticCode()->validateRequirement(req->requirement(), errSecCSReqFailed);
 
        END_CSAPI_ERRORS
 }
@@ -217,7 +221,9 @@ const CFStringRef kSecCodeInfoChangedFiles =        CFSTR("changed-files");
 const CFStringRef kSecCodeInfoCMS =                            CFSTR("cms");
 const CFStringRef kSecCodeInfoDesignatedRequirement = CFSTR("designated-requirement");
 const CFStringRef kSecCodeInfoEntitlements =   CFSTR("entitlements");
+const CFStringRef kSecCodeInfoEntitlementsDict =       CFSTR("entitlements-dict");
 const CFStringRef kSecCodeInfoFormat =                 CFSTR("format");
+const CFStringRef kSecCodeInfoDigestAlgorithm =        CFSTR("digest-algorithm");
 const CFStringRef kSecCodeInfoIdentifier =             CFSTR("identifier");
 const CFStringRef kSecCodeInfoImplicitDesignatedRequirement = CFSTR("implicit-requirement");
 const CFStringRef kSecCodeInfoMainExecutable = CFSTR("main-executable");
@@ -227,6 +233,7 @@ const CFStringRef kSecCodeInfoRequirementData =     CFSTR("requirement-data");
 const CFStringRef kSecCodeInfoSource =                 CFSTR("source");
 const CFStringRef kSecCodeInfoStatus =                 CFSTR("status");
 const CFStringRef kSecCodeInfoTime =                   CFSTR("signing-time");
+const CFStringRef kSecCodeInfoTimestamp =              CFSTR("signing-timestamp");
 const CFStringRef kSecCodeInfoTrust =                  CFSTR("trust");
 const CFStringRef kSecCodeInfoUnique =                 CFSTR("unique");
 
@@ -252,10 +259,9 @@ OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flag
        
        if (flags & kSecCSDynamicInformation)
                if (SecPointer<SecCode> dcode = SecStaticCode::optionalDynamic(codeRef))
-                       info = cfmake<CFDictionaryRef>("{+%O,%O=%u}", info.get(),
-                               kSecCodeInfoStatus, dcode->status());
+                       info.take(cfmake<CFDictionaryRef>("{+%O,%O=%u}", info.get(), kSecCodeInfoStatus, dcode->status()));
        
-       Required(infoRef) = info.yield();
+       CodeSigning::Required(infoRef) = info.yield();
        
        END_CSAPI
 }