[apple/security.git] / OSX / include / security_codesigning / SecCodeSigner.cpp

/*
 * Copyright (c) 2006-2012,2014 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

//
// SecCode - API frame for SecCode objects.
//
// Note that some SecCode* functions take SecStaticCodeRef arguments in order to
// accept either static or dynamic code references, operating on the respective
// StaticCode. Those functions are in SecStaticCode.cpp, not here, despite their name.
//
#include "cs.h"
#include "CodeSigner.h"
#include "cskernel.h"

using namespace CodeSigning;


//
// Parameter keys
//
const CFStringRef kSecCodeSignerApplicationData = CFSTR("application-specific");
const CFStringRef kSecCodeSignerDetached =		CFSTR("detached");
const CFStringRef kSecCodeSignerDigestAlgorithm = CFSTR("digest-algorithm");
const CFStringRef kSecCodeSignerDryRun =		CFSTR("dryrun");
const CFStringRef kSecCodeSignerEntitlements =	CFSTR("entitlements");
const CFStringRef kSecCodeSignerFlags =			CFSTR("flags");
const CFStringRef kSecCodeSignerIdentifier =	CFSTR("identifier");
const CFStringRef kSecCodeSignerIdentifierPrefix = CFSTR("identifier-prefix");
const CFStringRef kSecCodeSignerIdentity =		CFSTR("signer");
const CFStringRef kSecCodeSignerPageSize =		CFSTR("pagesize");
const CFStringRef kSecCodeSignerRequirements =	CFSTR("requirements");
const CFStringRef kSecCodeSignerResourceRules =	CFSTR("resource-rules");
const CFStringRef kSecCodeSignerSDKRoot =		CFSTR("sdkroot");
const CFStringRef kSecCodeSignerSigningTime =	CFSTR("signing-time");
const CFStringRef kSecCodeSignerRequireTimestamp = CFSTR("timestamp-required");
const CFStringRef kSecCodeSignerTimestampServer = CFSTR("timestamp-url");
const CFStringRef kSecCodeSignerTimestampAuthentication = CFSTR("timestamp-authentication");
const CFStringRef kSecCodeSignerTimestampOmitCertificates =	CFSTR("timestamp-omit-certificates");
const CFStringRef kSecCodeSignerPreserveMetadata = CFSTR("preserve-metadata");
const CFStringRef kSecCodeSignerTeamIdentifier =	CFSTR("teamidentifier");
const CFStringRef kSecCodeSignerPlatformIdentifier = CFSTR("platform-identifier");

// temporary add-back to bridge B&I build dependencies -- remove soon
const CFStringRef kSecCodeSignerTSAUse = CFSTR("timestamp-required");
const CFStringRef kSecCodeSignerTSAURL = CFSTR("timestamp-url");
const CFStringRef kSecCodeSignerTSAClientAuth = CFSTR("timestamp-authentication");
const CFStringRef kSecCodeSignerTSANoCerts =	CFSTR("timestamp-omit-certificates");


//
// CF-standard type code functions
//
CFTypeID SecCodeSignerGetTypeID(void)
{
	BEGIN_CSAPI
	return gCFObjects().CodeSigner.typeID;
    END_CSAPI1(_kCFRuntimeNotATypeID)
}


//
// Create a signer object
//
OSStatus SecCodeSignerCreate(CFDictionaryRef parameters, SecCSFlags flags,
	SecCodeSignerRef *signerRef)
{
	BEGIN_CSAPI
		
	checkFlags(flags,
		  kSecCSRemoveSignature
		| kSecCSSignPreserveSignature
		| kSecCSSignNestedCode
		| kSecCSSignOpaque
		| kSecCSSignV1
		| kSecCSSignNoV1
		| kSecCSSignBundleRoot
		| kSecCSSignStrictPreflight);
	SecPointer<SecCodeSigner> signer = new SecCodeSigner(flags);
	signer->parameters(parameters);
	CodeSigning::Required(signerRef) = signer->handle();

    END_CSAPI
}


//
// Generate a signature
//
OSStatus SecCodeSignerAddSignature(SecCodeSignerRef signerRef,
	SecStaticCodeRef codeRef, SecCSFlags flags)
{
	return SecCodeSignerAddSignatureWithErrors(signerRef, codeRef, flags, NULL);
}

OSStatus SecCodeSignerAddSignatureWithErrors(SecCodeSignerRef signerRef,
	SecStaticCodeRef codeRef, SecCSFlags flags, CFErrorRef *errors)
{
	BEGIN_CSAPI
	checkFlags(flags,
		kSecCSReportProgress
	);
	SecCodeSigner::required(signerRef)->sign(SecStaticCode::required(codeRef), flags);
    END_CSAPI_ERRORS
}
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2006-2012,2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	//
	25	// SecCode - API frame for SecCode objects.
	26	//
	27	// Note that some SecCode* functions take SecStaticCodeRef arguments in order to
	28	// accept either static or dynamic code references, operating on the respective
	29	// StaticCode. Those functions are in SecStaticCode.cpp, not here, despite their name.
	30	//
	31	#include "cs.h"
	32	#include "CodeSigner.h"
	33	#include "cskernel.h"
	34
	35	using namespace CodeSigning;
	36
	37
	38	//
	39	// Parameter keys
	40	//
	41	const CFStringRef kSecCodeSignerApplicationData = CFSTR("application-specific");
	42	const CFStringRef kSecCodeSignerDetached = CFSTR("detached");
	43	const CFStringRef kSecCodeSignerDigestAlgorithm = CFSTR("digest-algorithm");
	44	const CFStringRef kSecCodeSignerDryRun = CFSTR("dryrun");
	45	const CFStringRef kSecCodeSignerEntitlements = CFSTR("entitlements");
	46	const CFStringRef kSecCodeSignerFlags = CFSTR("flags");
	47	const CFStringRef kSecCodeSignerIdentifier = CFSTR("identifier");
	48	const CFStringRef kSecCodeSignerIdentifierPrefix = CFSTR("identifier-prefix");
	49	const CFStringRef kSecCodeSignerIdentity = CFSTR("signer");
	50	const CFStringRef kSecCodeSignerPageSize = CFSTR("pagesize");
	51	const CFStringRef kSecCodeSignerRequirements = CFSTR("requirements");
	52	const CFStringRef kSecCodeSignerResourceRules = CFSTR("resource-rules");
	53	const CFStringRef kSecCodeSignerSDKRoot = CFSTR("sdkroot");
	54	const CFStringRef kSecCodeSignerSigningTime = CFSTR("signing-time");
	55	const CFStringRef kSecCodeSignerRequireTimestamp = CFSTR("timestamp-required");
	56	const CFStringRef kSecCodeSignerTimestampServer = CFSTR("timestamp-url");
	57	const CFStringRef kSecCodeSignerTimestampAuthentication = CFSTR("timestamp-authentication");
	58	const CFStringRef kSecCodeSignerTimestampOmitCertificates = CFSTR("timestamp-omit-certificates");
427c49bc	59	const CFStringRef kSecCodeSignerPreserveMetadata = CFSTR("preserve-metadata");
420ff9d9	60	const CFStringRef kSecCodeSignerTeamIdentifier = CFSTR("teamidentifier");
5c19dc3a	61	const CFStringRef kSecCodeSignerPlatformIdentifier = CFSTR("platform-identifier");
b1ab9ed8 A	62
	63	// temporary add-back to bridge B&I build dependencies -- remove soon
	64	const CFStringRef kSecCodeSignerTSAUse = CFSTR("timestamp-required");
	65	const CFStringRef kSecCodeSignerTSAURL = CFSTR("timestamp-url");
	66	const CFStringRef kSecCodeSignerTSAClientAuth = CFSTR("timestamp-authentication");
	67	const CFStringRef kSecCodeSignerTSANoCerts = CFSTR("timestamp-omit-certificates");
	68
	69
	70	//
	71	// CF-standard type code functions
	72	//
	73	CFTypeID SecCodeSignerGetTypeID(void)
	74	{
	75	BEGIN_CSAPI
	76	return gCFObjects().CodeSigner.typeID;
	77	END_CSAPI1(_kCFRuntimeNotATypeID)
	78	}
	79
	80
	81	//
	82	// Create a signer object
	83	//
	84	OSStatus SecCodeSignerCreate(CFDictionaryRef parameters, SecCSFlags flags,
	85	SecCodeSignerRef *signerRef)
	86	{
	87	BEGIN_CSAPI
	88
427c49bc A	89	checkFlags(flags,
	90	kSecCSRemoveSignature
	91	\| kSecCSSignPreserveSignature
	92	\| kSecCSSignNestedCode
	93	\| kSecCSSignOpaque
	94	\| kSecCSSignV1
80e23899 A	95	\| kSecCSSignNoV1
	96	\| kSecCSSignBundleRoot
	97	\| kSecCSSignStrictPreflight);
b1ab9ed8 A	98	SecPointer<SecCodeSigner> signer = new SecCodeSigner(flags);
	99	signer->parameters(parameters);
	100	CodeSigning::Required(signerRef) = signer->handle();
	101
	102	END_CSAPI
	103	}
	104
	105
	106	//
	107	// Generate a signature
	108	//
	109	OSStatus SecCodeSignerAddSignature(SecCodeSignerRef signerRef,
	110	SecStaticCodeRef codeRef, SecCSFlags flags)
	111	{
	112	return SecCodeSignerAddSignatureWithErrors(signerRef, codeRef, flags, NULL);
	113	}
	114
	115	OSStatus SecCodeSignerAddSignatureWithErrors(SecCodeSignerRef signerRef,
	116	SecStaticCodeRef codeRef, SecCSFlags flags, CFErrorRef *errors)
	117	{
	118	BEGIN_CSAPI
d8f41ccd A	119	checkFlags(flags,
	120	kSecCSReportProgress
	121	);
b1ab9ed8 A	122	SecCodeSigner::required(signerRef)->sign(SecStaticCode::required(codeRef), flags);
	123	END_CSAPI_ERRORS
	124	}