[apple/security.git] / OSX / libsecurity_codesigning / lib / SecCode.cpp

/*
 * Copyright (c) 2006-2015 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

//
// SecCode - API frame for SecCode objects.
//
// Note that some SecCode* functions take SecStaticCodeRef arguments in order to
// accept either static or dynamic code references, operating on the respective
// StaticCode. Those functions are in SecStaticCode.cpp, not here, despite their name.
//
#include "cs.h"
#include "Code.h"
#include "cskernel.h"
#include <security_utilities/cfmunge.h>
#include <security_utilities/logging.h>

using namespace CodeSigning;


//
// CFError user info keys
//
const CFStringRef kSecCFErrorArchitecture =		CFSTR("SecCSArchitecture");
const CFStringRef kSecCFErrorPattern =			CFSTR("SecCSPattern");
const CFStringRef kSecCFErrorResourceSeal =		CFSTR("SecCSResourceSeal");
const CFStringRef kSecCFErrorResourceAdded =		CFSTR("SecCSResourceAdded");
const CFStringRef kSecCFErrorResourceAltered =	CFSTR("SecCSResourceAltered");
const CFStringRef kSecCFErrorResourceMissing =	CFSTR("SecCSResourceMissing");
const CFStringRef kSecCFErrorResourceSideband =	CFSTR("SecCSResourceHasSidebandData");
const CFStringRef kSecCFErrorInfoPlist =			CFSTR("SecCSInfoPlist");
const CFStringRef kSecCFErrorGuestAttributes =	CFSTR("SecCSGuestAttributes");
const CFStringRef kSecCFErrorRequirementSyntax = CFSTR("SecRequirementSyntax");
const CFStringRef kSecCFErrorPath =				CFSTR("SecComponentPath");


//
// CF-standard type code functions
//
CFTypeID SecCodeGetTypeID(void)
{
	BEGIN_CSAPI
	return gCFObjects().Code.typeID;
    END_CSAPI1(_kCFRuntimeNotATypeID)
}


//
// Get a reference to the calling code.
//
OSStatus SecCodeCopySelf(SecCSFlags flags, SecCodeRef *selfRef)
{
	BEGIN_CSAPI

	checkFlags(flags);
	CFRef<CFMutableDictionaryRef> attributes = makeCFMutableDictionary(1,
		kSecGuestAttributePid, CFTempNumber(getpid()).get());
	CodeSigning::Required(selfRef) = SecCode::autoLocateGuest(attributes, flags)->handle(false);

	END_CSAPI
}


//
// Get the dynamic status of a code.
//
OSStatus SecCodeGetStatus(SecCodeRef codeRef, SecCSFlags flags, SecCodeStatus *status)
{
	BEGIN_CSAPI

	checkFlags(flags);
	CodeSigning::Required(status) = SecCode::required(codeRef)->status();

	END_CSAPI
}


//
// Change the dynamic status of a code
//
OSStatus SecCodeSetStatus(SecCodeRef codeRef, SecCodeStatusOperation operation,
	CFDictionaryRef arguments, SecCSFlags flags)
{
	BEGIN_CSAPI

	checkFlags(flags);
	SecCode::required(codeRef)->status(operation, arguments);

	END_CSAPI
}


//
// Get the StaticCode for an Code
//
OSStatus SecCodeCopyStaticCode(SecCodeRef codeRef, SecCSFlags flags, SecStaticCodeRef *staticCodeRef)
{
	BEGIN_CSAPI

	checkFlags(flags, kSecCSUseAllArchitectures);
	SecPointer<SecStaticCode> staticCode = SecCode::required(codeRef)->staticCode();
	if (flags & kSecCSUseAllArchitectures)
		if (Universal* macho = staticCode->diskRep()->mainExecutableImage())	// Mach-O main executable
			if (macho->narrowed()) {
				// create a new StaticCode comprising the whole fat file
				RefPointer<DiskRep> rep = DiskRep::bestGuess(staticCode->diskRep()->mainExecutablePath());
				staticCode = new SecStaticCode(rep);
			}
	CodeSigning::Required(staticCodeRef) = staticCode ? staticCode->handle() : NULL;

	END_CSAPI
}


//
// Get the host for an Code
//
OSStatus SecCodeCopyHost(SecCodeRef guestRef, SecCSFlags flags, SecCodeRef *hostRef)
{
	BEGIN_CSAPI

	checkFlags(flags);
	SecPointer<SecCode> host = SecCode::required(guestRef)->host();
	CodeSigning::Required(hostRef) = host ? host->handle() : NULL;

	END_CSAPI
}


//
// Find a guest by attribute(s)
//
const CFStringRef kSecGuestAttributeCanonical =		CFSTR("canonical");
const CFStringRef kSecGuestAttributeHash =			CFSTR("codedirectory-hash");
const CFStringRef kSecGuestAttributeMachPort =		CFSTR("mach-port");
const CFStringRef kSecGuestAttributePid =			CFSTR("pid");
const CFStringRef kSecGuestAttributeAudit =			CFSTR("audit");
const CFStringRef kSecGuestAttributeDynamicCode =	CFSTR("dynamicCode");
const CFStringRef kSecGuestAttributeDynamicCodeInfoPlist = CFSTR("dynamicCodeInfoPlist");
const CFStringRef kSecGuestAttributeArchitecture =	CFSTR("architecture");
const CFStringRef kSecGuestAttributeSubarchitecture = CFSTR("subarchitecture");

OSStatus SecCodeCopyGuestWithAttributes(SecCodeRef hostRef,
	CFDictionaryRef attributes,	SecCSFlags flags, SecCodeRef *guestRef)
{
	BEGIN_CSAPI

	checkFlags(flags);
	if (hostRef) {
		if (SecCode *guest = SecCode::required(hostRef)->locateGuest(attributes))
			CodeSigning::Required(guestRef) = guest->handle(false);
		else
			return errSecCSNoSuchCode;
	} else
		CodeSigning::Required(guestRef) = SecCode::autoLocateGuest(attributes, flags)->handle(false);

	END_CSAPI
}


//
// Shorthand for getting the SecCodeRef for a UNIX process
//
OSStatus SecCodeCreateWithPID(pid_t pid, SecCSFlags flags, SecCodeRef *processRef)
{
	BEGIN_CSAPI

	checkFlags(flags);
	if (SecCode *guest = KernelCode::active()->locateGuest(CFTemp<CFDictionaryRef>("{%O=%d}", kSecGuestAttributePid, pid)))
		CodeSigning::Required(processRef) = guest->handle(false);
	else
		return errSecCSNoSuchCode;

	END_CSAPI
}


//
// Check validity of an Code
//
OSStatus SecCodeCheckValidity(SecCodeRef codeRef, SecCSFlags flags,
	SecRequirementRef requirementRef)
{
	return SecCodeCheckValidityWithErrors(codeRef, flags, requirementRef, NULL);
}

OSStatus SecCodeCheckValidityWithErrors(SecCodeRef codeRef, SecCSFlags flags,
	SecRequirementRef requirementRef, CFErrorRef *errors)
{
	BEGIN_CSAPI

	checkFlags(flags,
		  kSecCSConsiderExpiration
		| kSecCSStrictValidate
		| kSecCSRestrictSidebandData
		| kSecCSEnforceRevocationChecks);
	SecPointer<SecCode> code = SecCode::required(codeRef);
	code->checkValidity(flags);
	if (const SecRequirement *req = SecRequirement::optional(requirementRef))
		code->staticCode()->validateRequirement(req->requirement(), errSecCSReqFailed);

	END_CSAPI_ERRORS
}


//
// Collect suitably laundered information about the code signature of a SecStaticCode
// and return it as a CFDictionary.
//
// This API contracts to return a few pieces of information even for unsigned
// code. This means that a SecStaticCodeRef is usable as a basic indentifier
// (i.e. handle) for any code out there.
//
const CFStringRef kSecCodeInfoCertificates =	CFSTR("certificates");
const CFStringRef kSecCodeInfoChangedFiles =	CFSTR("changed-files");
const CFStringRef kSecCodeInfoCMS =				CFSTR("cms");
const CFStringRef kSecCodeInfoDesignatedRequirement = CFSTR("designated-requirement");
const CFStringRef kSecCodeInfoEntitlements =	CFSTR("entitlements");
const CFStringRef kSecCodeInfoEntitlementsDict =	CFSTR("entitlements-dict");
const CFStringRef kSecCodeInfoFlags =			CFSTR("flags");
const CFStringRef kSecCodeInfoFormat =			CFSTR("format");
const CFStringRef kSecCodeInfoDigestAlgorithm =	CFSTR("digest-algorithm");
const CFStringRef kSecCodeInfoDigestAlgorithms = CFSTR("digest-algorithms");
const CFStringRef kSecCodeInfoPlatformIdentifier = CFSTR("platform-identifier");
const CFStringRef kSecCodeInfoIdentifier =		CFSTR("identifier");
const CFStringRef kSecCodeInfoImplicitDesignatedRequirement = CFSTR("implicit-requirement");
const CFStringRef kSecCodeInfoMainExecutable =	CFSTR("main-executable");
const CFStringRef kSecCodeInfoPList =			CFSTR("info-plist");
const CFStringRef kSecCodeInfoRequirements =	CFSTR("requirements");
const CFStringRef kSecCodeInfoRequirementData =	CFSTR("requirement-data");
const CFStringRef kSecCodeInfoSource =			CFSTR("source");
const CFStringRef kSecCodeInfoStatus =			CFSTR("status");
const CFStringRef kSecCodeInfoTeamIdentifier =  CFSTR("teamid");
const CFStringRef kSecCodeInfoTime =			CFSTR("signing-time");
const CFStringRef kSecCodeInfoTimestamp =		CFSTR("signing-timestamp");
const CFStringRef kSecCodeInfoTrust =			CFSTR("trust");
const CFStringRef kSecCodeInfoUnique =			CFSTR("unique");
const CFStringRef kSecCodeInfoCdHashes =        CFSTR("cdhashes");


const CFStringRef kSecCodeInfoCodeDirectory =	CFSTR("CodeDirectory");
const CFStringRef kSecCodeInfoCodeOffset =		CFSTR("CodeOffset");
const CFStringRef kSecCodeInfoDiskRepInfo =     CFSTR("DiskRepInfo");
const CFStringRef kSecCodeInfoResourceDirectory = CFSTR("ResourceDirectory");

/* DiskInfoRepInfo types */
const CFStringRef kSecCodeInfoDiskRepOSPlatform =          CFSTR("OSPlatform");
const CFStringRef kSecCodeInfoDiskRepOSVersionMin =        CFSTR("OSVersionMin");
const CFStringRef kSecCodeInfoDiskRepOSSDKVersion =        CFSTR("SDKVersion");
const CFStringRef kSecCodeInfoDiskRepNoLibraryValidation = CFSTR("NoLibraryValidation");


OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flags,
	CFDictionaryRef *infoRef)
{
	BEGIN_CSAPI

	checkFlags(flags,
		  kSecCSInternalInformation
		| kSecCSSigningInformation
		| kSecCSRequirementInformation
		| kSecCSDynamicInformation
		| kSecCSContentInformation
        | kSecCSSkipResourceDirectory);

	SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(codeRef);
	CFRef<CFDictionaryRef> info = code->signingInformation(flags);

	if (flags & kSecCSDynamicInformation)
		if (SecPointer<SecCode> dcode = SecStaticCode::optionalDynamic(codeRef))
			info.take(cfmake<CFDictionaryRef>("{+%O,%O=%u}", info.get(), kSecCodeInfoStatus, dcode->status()));

	CodeSigning::Required(infoRef) = info.yield();

	END_CSAPI
}
Commit	Line	Data
b1ab9ed8	1	/*
5c19dc3a A	2	* Copyright (c) 2006-2015 Apple Inc. All Rights Reserved.
5c19dc3a A	3	*
b1ab9ed8	4	* @APPLE_LICENSE_HEADER_START@
5c19dc3a	5	*
b1ab9ed8 A	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
5c19dc3a	12	*
b1ab9ed8 A	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
5c19dc3a	20	*
b1ab9ed8 A	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	//
	25	// SecCode - API frame for SecCode objects.
	26	//
	27	// Note that some SecCode* functions take SecStaticCodeRef arguments in order to
	28	// accept either static or dynamic code references, operating on the respective
	29	// StaticCode. Those functions are in SecStaticCode.cpp, not here, despite their name.
	30	//
	31	#include "cs.h"
	32	#include "Code.h"
	33	#include "cskernel.h"
	34	#include <security_utilities/cfmunge.h>
5c19dc3a	35	#include <security_utilities/logging.h>
b1ab9ed8 A	36
	37	using namespace CodeSigning;
	38
	39
	40	//
	41	// CFError user info keys
	42	//
	43	const CFStringRef kSecCFErrorArchitecture = CFSTR("SecCSArchitecture");
	44	const CFStringRef kSecCFErrorPattern = CFSTR("SecCSPattern");
	45	const CFStringRef kSecCFErrorResourceSeal = CFSTR("SecCSResourceSeal");
	46	const CFStringRef kSecCFErrorResourceAdded = CFSTR("SecCSResourceAdded");
	47	const CFStringRef kSecCFErrorResourceAltered = CFSTR("SecCSResourceAltered");
	48	const CFStringRef kSecCFErrorResourceMissing = CFSTR("SecCSResourceMissing");
fa7225c8	49	const CFStringRef kSecCFErrorResourceSideband = CFSTR("SecCSResourceHasSidebandData");
b1ab9ed8 A	50	const CFStringRef kSecCFErrorInfoPlist = CFSTR("SecCSInfoPlist");
	51	const CFStringRef kSecCFErrorGuestAttributes = CFSTR("SecCSGuestAttributes");
	52	const CFStringRef kSecCFErrorRequirementSyntax = CFSTR("SecRequirementSyntax");
	53	const CFStringRef kSecCFErrorPath = CFSTR("SecComponentPath");
	54
	55
	56	//
	57	// CF-standard type code functions
	58	//
	59	CFTypeID SecCodeGetTypeID(void)
	60	{
	61	BEGIN_CSAPI
	62	return gCFObjects().Code.typeID;
	63	END_CSAPI1(_kCFRuntimeNotATypeID)
	64	}
	65
	66
	67	//
	68	// Get a reference to the calling code.
	69	//
	70	OSStatus SecCodeCopySelf(SecCSFlags flags, SecCodeRef *selfRef)
	71	{
	72	BEGIN_CSAPI
5c19dc3a	73
b1ab9ed8 A	74	checkFlags(flags);
	75	CFRef<CFMutableDictionaryRef> attributes = makeCFMutableDictionary(1,
	76	kSecGuestAttributePid, CFTempNumber(getpid()).get());
	77	CodeSigning::Required(selfRef) = SecCode::autoLocateGuest(attributes, flags)->handle(false);
5c19dc3a	78
b1ab9ed8 A	79	END_CSAPI
	80	}
	81
	82
	83	//
	84	// Get the dynamic status of a code.
	85	//
	86	OSStatus SecCodeGetStatus(SecCodeRef codeRef, SecCSFlags flags, SecCodeStatus *status)
	87	{
	88	BEGIN_CSAPI
5c19dc3a	89
b1ab9ed8 A	90	checkFlags(flags);
b1ab9ed8 A	91	CodeSigning::Required(status) = SecCode::required(codeRef)->status();
5c19dc3a	92
b1ab9ed8 A	93	END_CSAPI
	94	}
	95
	96
	97	//
	98	// Change the dynamic status of a code
	99	//
	100	OSStatus SecCodeSetStatus(SecCodeRef codeRef, SecCodeStatusOperation operation,
	101	CFDictionaryRef arguments, SecCSFlags flags)
	102	{
	103	BEGIN_CSAPI
5c19dc3a	104
b1ab9ed8 A	105	checkFlags(flags);
b1ab9ed8 A	106	SecCode::required(codeRef)->status(operation, arguments);
5c19dc3a	107
b1ab9ed8 A	108	END_CSAPI
	109	}
	110
	111
	112	//
	113	// Get the StaticCode for an Code
	114	//
	115	OSStatus SecCodeCopyStaticCode(SecCodeRef codeRef, SecCSFlags flags, SecStaticCodeRef *staticCodeRef)
	116	{
	117	BEGIN_CSAPI
5c19dc3a	118
427c49bc	119	checkFlags(flags, kSecCSUseAllArchitectures);
b1ab9ed8	120	SecPointer<SecStaticCode> staticCode = SecCode::required(codeRef)->staticCode();
427c49bc A	121	if (flags & kSecCSUseAllArchitectures)
	122	if (Universal* macho = staticCode->diskRep()->mainExecutableImage()) // Mach-O main executable
	123	if (macho->narrowed()) {
	124	// create a new StaticCode comprising the whole fat file
	125	RefPointer<DiskRep> rep = DiskRep::bestGuess(staticCode->diskRep()->mainExecutablePath());
	126	staticCode = new SecStaticCode(rep);
	127	}
b1ab9ed8 A	128	CodeSigning::Required(staticCodeRef) = staticCode ? staticCode->handle() : NULL;
	129
	130	END_CSAPI
	131	}
	132
	133
	134	//
	135	// Get the host for an Code
	136	//
	137	OSStatus SecCodeCopyHost(SecCodeRef guestRef, SecCSFlags flags, SecCodeRef *hostRef)
	138	{
	139	BEGIN_CSAPI
5c19dc3a	140
b1ab9ed8 A	141	checkFlags(flags);
	142	SecPointer<SecCode> host = SecCode::required(guestRef)->host();
	143	CodeSigning::Required(hostRef) = host ? host->handle() : NULL;
	144
	145	END_CSAPI
	146	}
	147
	148
	149	//
	150	// Find a guest by attribute(s)
	151	//
	152	const CFStringRef kSecGuestAttributeCanonical = CFSTR("canonical");
	153	const CFStringRef kSecGuestAttributeHash = CFSTR("codedirectory-hash");
	154	const CFStringRef kSecGuestAttributeMachPort = CFSTR("mach-port");
	155	const CFStringRef kSecGuestAttributePid = CFSTR("pid");
fa7225c8 A	156	const CFStringRef kSecGuestAttributeAudit = CFSTR("audit");
	157	const CFStringRef kSecGuestAttributeDynamicCode = CFSTR("dynamicCode");
	158	const CFStringRef kSecGuestAttributeDynamicCodeInfoPlist = CFSTR("dynamicCodeInfoPlist");
b1ab9ed8 A	159	const CFStringRef kSecGuestAttributeArchitecture = CFSTR("architecture");
	160	const CFStringRef kSecGuestAttributeSubarchitecture = CFSTR("subarchitecture");
	161
	162	OSStatus SecCodeCopyGuestWithAttributes(SecCodeRef hostRef,
	163	CFDictionaryRef attributes, SecCSFlags flags, SecCodeRef *guestRef)
	164	{
	165	BEGIN_CSAPI
5c19dc3a	166
b1ab9ed8 A	167	checkFlags(flags);
	168	if (hostRef) {
	169	if (SecCode *guest = SecCode::required(hostRef)->locateGuest(attributes))
	170	CodeSigning::Required(guestRef) = guest->handle(false);
	171	else
	172	return errSecCSNoSuchCode;
	173	} else
	174	CodeSigning::Required(guestRef) = SecCode::autoLocateGuest(attributes, flags)->handle(false);
5c19dc3a	175
b1ab9ed8 A	176	END_CSAPI
	177	}
	178
	179
	180	//
	181	// Shorthand for getting the SecCodeRef for a UNIX process
	182	//
	183	OSStatus SecCodeCreateWithPID(pid_t pid, SecCSFlags flags, SecCodeRef *processRef)
	184	{
	185	BEGIN_CSAPI
5c19dc3a	186
b1ab9ed8 A	187	checkFlags(flags);
	188	if (SecCode *guest = KernelCode::active()->locateGuest(CFTemp<CFDictionaryRef>("{%O=%d}", kSecGuestAttributePid, pid)))
	189	CodeSigning::Required(processRef) = guest->handle(false);
	190	else
	191	return errSecCSNoSuchCode;
5c19dc3a	192
b1ab9ed8 A	193	END_CSAPI
	194	}
	195
	196
	197	//
	198	// Check validity of an Code
	199	//
	200	OSStatus SecCodeCheckValidity(SecCodeRef codeRef, SecCSFlags flags,
	201	SecRequirementRef requirementRef)
	202	{
	203	return SecCodeCheckValidityWithErrors(codeRef, flags, requirementRef, NULL);
	204	}
	205
	206	OSStatus SecCodeCheckValidityWithErrors(SecCodeRef codeRef, SecCSFlags flags,
	207	SecRequirementRef requirementRef, CFErrorRef *errors)
	208	{
	209	BEGIN_CSAPI
5c19dc3a	210
b1ab9ed8 A	211	checkFlags(flags,
b1ab9ed8 A	212	kSecCSConsiderExpiration
e3d460c9	213	\| kSecCSStrictValidate
fa7225c8	214	\| kSecCSRestrictSidebandData
b1ab9ed8 A	215	\| kSecCSEnforceRevocationChecks);
	216	SecPointer<SecCode> code = SecCode::required(codeRef);
	217	code->checkValidity(flags);
	218	if (const SecRequirement *req = SecRequirement::optional(requirementRef))
	219	code->staticCode()->validateRequirement(req->requirement(), errSecCSReqFailed);
	220
	221	END_CSAPI_ERRORS
	222	}
	223
	224
	225	//
	226	// Collect suitably laundered information about the code signature of a SecStaticCode
	227	// and return it as a CFDictionary.
	228	//
	229	// This API contracts to return a few pieces of information even for unsigned
	230	// code. This means that a SecStaticCodeRef is usable as a basic indentifier
	231	// (i.e. handle) for any code out there.
	232	//
	233	const CFStringRef kSecCodeInfoCertificates = CFSTR("certificates");
	234	const CFStringRef kSecCodeInfoChangedFiles = CFSTR("changed-files");
	235	const CFStringRef kSecCodeInfoCMS = CFSTR("cms");
	236	const CFStringRef kSecCodeInfoDesignatedRequirement = CFSTR("designated-requirement");
	237	const CFStringRef kSecCodeInfoEntitlements = CFSTR("entitlements");
	238	const CFStringRef kSecCodeInfoEntitlementsDict = CFSTR("entitlements-dict");
427c49bc	239	const CFStringRef kSecCodeInfoFlags = CFSTR("flags");
b1ab9ed8 A	240	const CFStringRef kSecCodeInfoFormat = CFSTR("format");
b1ab9ed8 A	241	const CFStringRef kSecCodeInfoDigestAlgorithm = CFSTR("digest-algorithm");
e3d460c9	242	const CFStringRef kSecCodeInfoDigestAlgorithms = CFSTR("digest-algorithms");
5c19dc3a	243	const CFStringRef kSecCodeInfoPlatformIdentifier = CFSTR("platform-identifier");
b1ab9ed8 A	244	const CFStringRef kSecCodeInfoIdentifier = CFSTR("identifier");
	245	const CFStringRef kSecCodeInfoImplicitDesignatedRequirement = CFSTR("implicit-requirement");
	246	const CFStringRef kSecCodeInfoMainExecutable = CFSTR("main-executable");
	247	const CFStringRef kSecCodeInfoPList = CFSTR("info-plist");
	248	const CFStringRef kSecCodeInfoRequirements = CFSTR("requirements");
	249	const CFStringRef kSecCodeInfoRequirementData = CFSTR("requirement-data");
	250	const CFStringRef kSecCodeInfoSource = CFSTR("source");
	251	const CFStringRef kSecCodeInfoStatus = CFSTR("status");
420ff9d9	252	const CFStringRef kSecCodeInfoTeamIdentifier = CFSTR("teamid");
b1ab9ed8 A	253	const CFStringRef kSecCodeInfoTime = CFSTR("signing-time");
	254	const CFStringRef kSecCodeInfoTimestamp = CFSTR("signing-timestamp");
	255	const CFStringRef kSecCodeInfoTrust = CFSTR("trust");
	256	const CFStringRef kSecCodeInfoUnique = CFSTR("unique");
e3d460c9 A	257	const CFStringRef kSecCodeInfoCdHashes = CFSTR("cdhashes");
e3d460c9 A	258
b1ab9ed8 A	259
	260	const CFStringRef kSecCodeInfoCodeDirectory = CFSTR("CodeDirectory");
	261	const CFStringRef kSecCodeInfoCodeOffset = CFSTR("CodeOffset");
fa7225c8	262	const CFStringRef kSecCodeInfoDiskRepInfo = CFSTR("DiskRepInfo");
b1ab9ed8 A	263	const CFStringRef kSecCodeInfoResourceDirectory = CFSTR("ResourceDirectory");
b1ab9ed8 A	264
fa7225c8 A	265	/* DiskInfoRepInfo types */
	266	const CFStringRef kSecCodeInfoDiskRepOSPlatform = CFSTR("OSPlatform");
	267	const CFStringRef kSecCodeInfoDiskRepOSVersionMin = CFSTR("OSVersionMin");
	268	const CFStringRef kSecCodeInfoDiskRepOSSDKVersion = CFSTR("SDKVersion");
	269	const CFStringRef kSecCodeInfoDiskRepNoLibraryValidation = CFSTR("NoLibraryValidation");
	270
b1ab9ed8 A	271
	272	OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flags,
	273	CFDictionaryRef *infoRef)
	274	{
	275	BEGIN_CSAPI
5c19dc3a	276
b1ab9ed8 A	277	checkFlags(flags,
	278	kSecCSInternalInformation
	279	\| kSecCSSigningInformation
	280	\| kSecCSRequirementInformation
	281	\| kSecCSDynamicInformation
866f8763 A	282	\| kSecCSContentInformation
866f8763 A	283	\| kSecCSSkipResourceDirectory);
5c19dc3a	284
b1ab9ed8 A	285	SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(codeRef);
b1ab9ed8 A	286	CFRef<CFDictionaryRef> info = code->signingInformation(flags);
5c19dc3a	287
b1ab9ed8 A	288	if (flags & kSecCSDynamicInformation)
	289	if (SecPointer<SecCode> dcode = SecStaticCode::optionalDynamic(codeRef))
	290	info.take(cfmake<CFDictionaryRef>("{+%O,%O=%u}", info.get(), kSecCodeInfoStatus, dcode->status()));
5c19dc3a	291
b1ab9ed8	292	CodeSigning::Required(infoRef) = info.yield();
5c19dc3a	293
b1ab9ed8 A	294	END_CSAPI
b1ab9ed8 A	295	}