X-Git-Url: https://git.saurik.com/apple/libsecurity_codesigning.git/blobdiff_plain/5b2e6316f7268e59122858fb32e84a896ab43f2b..refs/heads/master:/lib/SecCodeSigner.h diff --git a/lib/SecCodeSigner.h b/lib/SecCodeSigner.h index 2e081d1..42ad089 100644 --- a/lib/SecCodeSigner.h +++ b/lib/SecCodeSigner.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006-2007 Apple Computer, Inc. All Rights Reserved. + * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved. * * @APPLE_LICENSE_HEADER_START@ * @@ -100,15 +100,45 @@ CFTypeID SecCodeSignerGetTypeID(void); @constant kSecCodeSignerResourceRules A CFDictionary containing resource scanning rules determining what resource files are sealed into the signature (and in what way). A situation-dependent default is applied if this parameter is not specified. + @constant kSecCodeSignerSDKRoot A CFURLRef indicating an alterate directory root + where signing operations should find subcomponents (libraries, frameworks, modules, etc.). + The default is the host system root "/". @constant kSecCodeSignerSigningTime Specifies what date and time is sealed into the code signature's CMS data. Can be either a CFDate object specifying a date, or the value kCFNull indicating that no date should be included in the signature. If not specified, the current date is chosen and sealed. Since an ad-hoc signature has no CMS data, this argument is ineffective for ad-hoc signing operations. + @constant kSecCodeSignerRequireTimestamp A CFBoolean indicating (if kCFBooleanTrue) that + the code signature should be certified by a timestamp authority service. This option + requires access to a timestamp server (usually over the Internet). If requested and + the timestamp server cannot be contacted or refuses service, the signing operation fails. + The timestamp value is not under the caller's control. + If the value is kCFBooleanFalse, no timestamp service is contacted and the resulting signature + has no certified timestamp. + If this key is omitted, a default is used that may vary from release to release. + Note that when signing multi-architectural ("fat") programs, each architecture will + be signed separately, and thus each architecture will have a slightly different timestamp. + @constant kSecCodeSignerTimestampServer A CFURL specifying which timestamp authority service + to contact for timestamping if requested by the kSecCodeSignerRequireTimestamp argument. + If omitted (and timestamping is performed), a system-defined default value is used, referring + to an Apple-operated timestamp service. Note that this service may not freely serve all requests. + @constant kSecCodeSignerTimestampAuthentication A SecIdentityRef describing the identity + used to authenticate to the timestamp authority server, if the server requires client-side + (SSL/TLS) authentication. This will not generally be the identity used to sign the actual + code, depending on the requirements of the timestamp authority service used. + If omitted, the timestamp server is contacted using unauthenticated HTTP requests. + @constant kSecCodeSignerTimestampOmitCertificates A CFBoolean indicating (if kCFBooleanTrue) + that the timestamp embedded in the signature, if requested, not contain the full certificate chain + of the timestamp service used. This will make for a marginally smaller signature, but may not + verify correctly unless all such certificates are available (through the keychain system) + on the verifying system. + The default is to embed enough certificates to ensure proper verification of Apple-generated + timestamp signatures. */ extern const CFStringRef kSecCodeSignerApplicationData; extern const CFStringRef kSecCodeSignerDetached; +extern const CFStringRef kSecCodeSignerDigestAlgorithm; extern const CFStringRef kSecCodeSignerDryRun; extern const CFStringRef kSecCodeSignerEntitlements; extern const CFStringRef kSecCodeSignerFlags; @@ -118,7 +148,18 @@ extern const CFStringRef kSecCodeSignerIdentity; extern const CFStringRef kSecCodeSignerPageSize; extern const CFStringRef kSecCodeSignerRequirements; extern const CFStringRef kSecCodeSignerResourceRules; +extern const CFStringRef kSecCodeSignerSDKRoot; extern const CFStringRef kSecCodeSignerSigningTime; +extern const CFStringRef kSecCodeSignerTimestampAuthentication; +extern const CFStringRef kSecCodeSignerRequireTimestamp; +extern const CFStringRef kSecCodeSignerTimestampServer; +extern const CFStringRef kSecCodeSignerTimestampOmitCertificates; + +// temporary add-back to bridge B&I build dependencies -- remove soon +extern const CFStringRef kSecCodeSignerTSAUse; +extern const CFStringRef kSecCodeSignerTSAURL; +extern const CFStringRef kSecCodeSignerTSAClientAuth; +extern const CFStringRef kSecCodeSignerTSANoCerts; /*!