X-Git-Url: https://git.saurik.com/apple/libsecurity_codesigning.git/blobdiff_plain/7d31e9289af373b98c8a36838bd41fab5ad01b44..HEAD:/lib/reqinterp.h

diff --git a/lib/reqinterp.h b/lib/reqinterp.h
index 222bd17..ad1ddb8 100644
--- a/lib/reqinterp.h
+++ b/lib/reqinterp.h
@@ -29,6 +29,7 @@
 
 #include <security_codesigning/reqreader.h>
 #include <Security/SecTrustSettings.h>
+#include <security_cdsa_utilities/cssmdata.h>	// CssmOid
 
 namespace Security {
 namespace CodeSigning {
@@ -40,7 +41,7 @@ namespace CodeSigning {
 //	
 class Requirement::Interpreter : public Requirement::Reader {	
 public:
-	Interpreter(const Requirement *req, const Context *ctx);
+	Interpreter(const Requirement *req, const Context *ctx)	: Reader(req), mContext(ctx) { }
 	
 	bool evaluate();
 	
@@ -49,7 +50,11 @@ protected:
 	public:
 		Match(Interpreter &interp);		// reads match postfix from interp
 		Match(CFStringRef value, MatchOperation op) : mValue(value), mOp(op) { } // explicit
+		Match() : mValue(NULL), mOp(matchExists) { } // explict test for presence
 		bool operator () (CFTypeRef candidate) const; // match to candidate
+
+	protected:
+		bool inequality(CFTypeRef candidate, CFStringCompareFlags flags, CFComparisonResult outcome, bool negate) const;
 		
 	private:
 		CFCopyRef<CFStringRef> mValue;	// match value
@@ -58,12 +63,19 @@ protected:
 	
 protected:
 	bool infoKeyValue(const std::string &key, const Match &match);
+	bool entitlementValue(const std::string &key, const Match &match);
 	bool certFieldValue(const string &key, const Match &match, SecCertificateRef cert);
+	bool certFieldGeneric(const string &key, const Match &match, SecCertificateRef cert);
+	bool certFieldGeneric(const CssmOid &oid, const Match &match, SecCertificateRef cert);
+	bool certFieldPolicy(const string &key, const Match &match, SecCertificateRef cert);
+	bool certFieldPolicy(const CssmOid &oid, const Match &match, SecCertificateRef cert);
 	bool verifyAnchor(SecCertificateRef cert, const unsigned char *digest);
+	bool appleSigned();
+	bool appleAnchored();
 	bool trustedCerts();
 	bool trustedCert(int slot);
 	
-	SecTrustSettingsResult trustSetting(SecCertificateRef cert, bool isAnchor);
+	static SecTrustSettingsResult trustSetting(SecCertificateRef cert, bool isAnchor);
 	
 private:
 	const Context * const mContext;