]> git.saurik.com Git - apple/security.git/blame - libsecurity_codesigning/lib/SecCodeSigner.cpp
Security-55179.13.tar.gz
[apple/security.git] / libsecurity_codesigning / lib / SecCodeSigner.cpp
CommitLineData
b1ab9ed8
A
1/*
2 * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24//
25// SecCode - API frame for SecCode objects.
26//
27// Note that some SecCode* functions take SecStaticCodeRef arguments in order to
28// accept either static or dynamic code references, operating on the respective
29// StaticCode. Those functions are in SecStaticCode.cpp, not here, despite their name.
30//
31#include "cs.h"
32#include "CodeSigner.h"
33#include "cskernel.h"
34
35using namespace CodeSigning;
36
37
38//
39// Parameter keys
40//
41const CFStringRef kSecCodeSignerApplicationData = CFSTR("application-specific");
42const CFStringRef kSecCodeSignerDetached = CFSTR("detached");
43const CFStringRef kSecCodeSignerDigestAlgorithm = CFSTR("digest-algorithm");
44const CFStringRef kSecCodeSignerDryRun = CFSTR("dryrun");
45const CFStringRef kSecCodeSignerEntitlements = CFSTR("entitlements");
46const CFStringRef kSecCodeSignerFlags = CFSTR("flags");
47const CFStringRef kSecCodeSignerIdentifier = CFSTR("identifier");
48const CFStringRef kSecCodeSignerIdentifierPrefix = CFSTR("identifier-prefix");
49const CFStringRef kSecCodeSignerIdentity = CFSTR("signer");
50const CFStringRef kSecCodeSignerPageSize = CFSTR("pagesize");
51const CFStringRef kSecCodeSignerRequirements = CFSTR("requirements");
52const CFStringRef kSecCodeSignerResourceRules = CFSTR("resource-rules");
53const CFStringRef kSecCodeSignerSDKRoot = CFSTR("sdkroot");
54const CFStringRef kSecCodeSignerSigningTime = CFSTR("signing-time");
55const CFStringRef kSecCodeSignerRequireTimestamp = CFSTR("timestamp-required");
56const CFStringRef kSecCodeSignerTimestampServer = CFSTR("timestamp-url");
57const CFStringRef kSecCodeSignerTimestampAuthentication = CFSTR("timestamp-authentication");
58const CFStringRef kSecCodeSignerTimestampOmitCertificates = CFSTR("timestamp-omit-certificates");
59
60// temporary add-back to bridge B&I build dependencies -- remove soon
61const CFStringRef kSecCodeSignerTSAUse = CFSTR("timestamp-required");
62const CFStringRef kSecCodeSignerTSAURL = CFSTR("timestamp-url");
63const CFStringRef kSecCodeSignerTSAClientAuth = CFSTR("timestamp-authentication");
64const CFStringRef kSecCodeSignerTSANoCerts = CFSTR("timestamp-omit-certificates");
65
66
67//
68// CF-standard type code functions
69//
70CFTypeID SecCodeSignerGetTypeID(void)
71{
72 BEGIN_CSAPI
73 return gCFObjects().CodeSigner.typeID;
74 END_CSAPI1(_kCFRuntimeNotATypeID)
75}
76
77
78//
79// Create a signer object
80//
81OSStatus SecCodeSignerCreate(CFDictionaryRef parameters, SecCSFlags flags,
82 SecCodeSignerRef *signerRef)
83{
84 BEGIN_CSAPI
85
86 checkFlags(flags, kSecCSRemoveSignature);
87 SecPointer<SecCodeSigner> signer = new SecCodeSigner(flags);
88 signer->parameters(parameters);
89 CodeSigning::Required(signerRef) = signer->handle();
90
91 END_CSAPI
92}
93
94
95//
96// Generate a signature
97//
98OSStatus SecCodeSignerAddSignature(SecCodeSignerRef signerRef,
99 SecStaticCodeRef codeRef, SecCSFlags flags)
100{
101 return SecCodeSignerAddSignatureWithErrors(signerRef, codeRef, flags, NULL);
102}
103
104OSStatus SecCodeSignerAddSignatureWithErrors(SecCodeSignerRef signerRef,
105 SecStaticCodeRef codeRef, SecCSFlags flags, CFErrorRef *errors)
106{
107 BEGIN_CSAPI
108 SecCodeSigner::required(signerRef)->sign(SecStaticCode::required(codeRef), flags);
109 END_CSAPI_ERRORS
110}