[apple/security.git] / cdsa / cdsa_utilities / acl_codesigning.cpp

/*
 * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
 * 
 * The contents of this file constitute Original Code as defined in and are
 * subject to the Apple Public Source License Version 1.2 (the 'License').
 * You may not use this file except in compliance with the License. Please obtain
 * a copy of the License at http://www.apple.com/publicsource and read it before
 * using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
 * specific language governing rights and limitations under the License.
 */


//
// acl_codesigning - ACL subject for signature of calling application
//
#ifdef __MWERKS__
#define _CPP_ACL_CODESIGNING
#endif

#include <Security/acl_codesigning.h>
#include <Security/cssmdata.h>
#include <algorithm>


//
// Construct a password ACL subject.
// Note that this takes over ownership of the signature object.
//
CodeSignatureAclSubject::CodeSignatureAclSubject(CssmAllocator &alloc, 
	const Signature *signature, const void *comment, size_t commentLength)
	: AclSubject(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE),
    allocator(alloc), mSignature(signature),
	mHaveComment(true), mComment(alloc, comment, commentLength)
{ }

CodeSignatureAclSubject::CodeSignatureAclSubject(CssmAllocator &alloc, 
	const Signature *signature)
	: AclSubject(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE),
    allocator(alloc), mSignature(signature), mHaveComment(false), mComment(alloc)
{ }

CodeSignatureAclSubject::~CodeSignatureAclSubject()
{
	delete mSignature;
}

//
// Code signature credentials are validated globally - they are entirely
// a feature of "the" process (defined by the environment), and take no
// samples whatsoever.
//
bool CodeSignatureAclSubject::validate(const AclValidationContext &context) const
{
	// a suitable environment is required for a match
    if (Environment *env = context.environment<Environment>())
		return env->verifyCodeSignature(mSignature);
	else
		return false;
}


//
// Make a copy of this subject in CSSM_LIST form.
// The format is (head), (type code: Wordid), (signature data: datum), (comment: datum)
//
CssmList CodeSignatureAclSubject::toList(CssmAllocator &alloc) const
{
    // all associated data is public (no secrets)
	TypedList list(alloc, CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE,
		new(alloc) ListElement(mSignature->type()),
		new(alloc) ListElement(alloc.alloc(*mSignature)));
	if (mHaveComment)
		list += new(alloc) ListElement(alloc.alloc(mComment));
	return list;
}


//
// Create a CodeSignatureAclSubject
//
CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(const TypedList &list) const
{
    CssmAllocator &alloc = CssmAllocator::standard();
	if (list.length() == 3+1) {
		// signature type: int, signature data: datum, comment: datum
		ListElement *elem[3];
		crack(list, 3, elem, 
			CSSM_LIST_ELEMENT_WORDID, CSSM_LIST_ELEMENT_DATUM, CSSM_LIST_ELEMENT_DATUM);
		CssmData &commentData(*elem[2]);
		return new CodeSignatureAclSubject(alloc, signer.restore(*elem[0], *elem[1]), 
			commentData.data(), commentData.length());
	} else {
		// signature type: int, signature data: datum [no comment]
		ListElement *elem[2];
		crack(list, 2, elem, 
			CSSM_LIST_ELEMENT_WORDID, CSSM_LIST_ELEMENT_DATUM);
		return new CodeSignatureAclSubject(alloc, signer.restore(*elem[0], *elem[1]));
	}
}

CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(Reader &pub, Reader &priv) const
{
    CssmAllocator &alloc = CssmAllocator::standard();
	uint32 sigType; pub(sigType);
	const void *data; uint32 length; pub.countedData(data, length);
	const void *commentData; uint32 commentLength; pub.countedData(commentData, commentLength);
	return new CodeSignatureAclSubject(alloc, 
		signer.restore(sigType, data, length),
		commentData, commentLength);
}


//
// Export the subject to a memory blob
//
void CodeSignatureAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv)
{
	uint32 sigType = mSignature->type(); pub(sigType);
	pub.countedData(*mSignature);
	pub.countedData(mComment);
}

void CodeSignatureAclSubject::exportBlob(Writer &pub, Writer &priv)
{
	uint32 sigType = mSignature->type(); pub(sigType);
	pub.countedData(*mSignature);
	pub.countedData(mComment);
}


#ifdef DEBUGDUMP

void CodeSignatureAclSubject::debugDump() const
{
	Debug::dump("CodeSigning");
	if (mHaveComment) {
		Debug::dump(" comment=");
		Debug::dumpData(mComment);
	}
}

#endif //DEBUGDUMP
Commit	Line	Data
bac41a7b A	1	/*
	2	* Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* The contents of this file constitute Original Code as defined in and are
	5	* subject to the Apple Public Source License Version 1.2 (the 'License').
	6	* You may not use this file except in compliance with the License. Please obtain
	7	* a copy of the License at http://www.apple.com/publicsource and read it before
	8	* using this file.
	9	*
	10	* This Original Code and all software distributed under the License are
	11	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
	12	* OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
	13	* LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	14	* PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
	15	* specific language governing rights and limitations under the License.
	16	*/
	17
	18
	19	//
	20	// acl_codesigning - ACL subject for signature of calling application
	21	//
	22	#ifdef __MWERKS__
	23	#define _CPP_ACL_CODESIGNING
	24	#endif
	25
	26	#include <Security/acl_codesigning.h>
	27	#include <Security/cssmdata.h>
	28	#include <algorithm>
	29
	30
	31	//
	32	// Construct a password ACL subject.
	33	// Note that this takes over ownership of the signature object.
	34	//
	35	CodeSignatureAclSubject::CodeSignatureAclSubject(CssmAllocator &alloc,
	36	const Signature signature, const void comment, size_t commentLength)
	37	: AclSubject(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE),
	38	allocator(alloc), mSignature(signature),
	39	mHaveComment(true), mComment(alloc, comment, commentLength)
	40	{ }
	41
	42	CodeSignatureAclSubject::CodeSignatureAclSubject(CssmAllocator &alloc,
	43	const Signature *signature)
	44	: AclSubject(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE),
	45	allocator(alloc), mSignature(signature), mHaveComment(false), mComment(alloc)
	46	{ }
	47
	48	CodeSignatureAclSubject::~CodeSignatureAclSubject()
	49	{
	50	delete mSignature;
	51	}
	52
	53	//
	54	// Code signature credentials are validated globally - they are entirely
	55	// a feature of "the" process (defined by the environment), and take no
	56	// samples whatsoever.
	57	//
	58	bool CodeSignatureAclSubject::validate(const AclValidationContext &context) const
	59	{
	60	// a suitable environment is required for a match
	61	if (Environment *env = context.environment<Environment>())
	62	return env->verifyCodeSignature(mSignature);
	63	else
	64	return false;
65	}
66
67
68	//
69	// Make a copy of this subject in CSSM_LIST form.
70	// The format is (head), (type code: Wordid), (signature data: datum), (comment: datum)
71	//
72	CssmList CodeSignatureAclSubject::toList(CssmAllocator &alloc) const
73	{
74	// all associated data is public (no secrets)
75	TypedList list(alloc, CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE,
76	new(alloc) ListElement(mSignature->type()),
77	new(alloc) ListElement(alloc.alloc(*mSignature)));
78	if (mHaveComment)
79	list += new(alloc) ListElement(alloc.alloc(mComment));
80	return list;
81	}
82
83
84	//
85	// Create a CodeSignatureAclSubject
86	//
87	CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(const TypedList &list) const
88	{
89	CssmAllocator &alloc = CssmAllocator::standard();
90	if (list.length() == 3+1) {
91	// signature type: int, signature data: datum, comment: datum
92	ListElement *elem[3];
93	crack(list, 3, elem,
94	CSSM_LIST_ELEMENT_WORDID, CSSM_LIST_ELEMENT_DATUM, CSSM_LIST_ELEMENT_DATUM);
95	CssmData &commentData(*elem[2]);
96	return new CodeSignatureAclSubject(alloc, signer.restore(elem[0], elem[1]),
97	commentData.data(), commentData.length());
98	} else {
99	// signature type: int, signature data: datum [no comment]
100	ListElement *elem[2];
101	crack(list, 2, elem,
102	CSSM_LIST_ELEMENT_WORDID, CSSM_LIST_ELEMENT_DATUM);
103	return new CodeSignatureAclSubject(alloc, signer.restore(elem[0], elem[1]));
104	}
105	}
106
107	CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(Reader &pub, Reader &priv) const
108	{
109	CssmAllocator &alloc = CssmAllocator::standard();
110	uint32 sigType; pub(sigType);
111	const void *data; uint32 length; pub.countedData(data, length);
112	const void *commentData; uint32 commentLength; pub.countedData(commentData, commentLength);
113	return new CodeSignatureAclSubject(alloc,
114	signer.restore(sigType, data, length),
115	commentData, commentLength);
116	}
117
118
119	//
120	// Export the subject to a memory blob
121	//
122	void CodeSignatureAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv)
123	{
124	uint32 sigType = mSignature->type(); pub(sigType);
125	pub.countedData(*mSignature);
126	pub.countedData(mComment);
127	}
128
129	void CodeSignatureAclSubject::exportBlob(Writer &pub, Writer &priv)
130	{
131	uint32 sigType = mSignature->type(); pub(sigType);
132	pub.countedData(*mSignature);
133	pub.countedData(mComment);
134	}
135
136
137	#ifdef DEBUGDUMP
138
139	void CodeSignatureAclSubject::debugDump() const
140	{
141	Debug::dump("CodeSigning");
142	if (mHaveComment) {
143	Debug::dump(" comment=");
144	Debug::dumpData(mComment);
145	}
146	}
147
148	#endif //DEBUGDUMP