[apple/security.git] / libsecurity_keychain / lib / TrustedApplication.h

/*
 * Copyright (c) 2002-2004 Apple Computer, Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

//
// TrustedApplication.h - TrustedApplication control wrappers
//
#ifndef _SECURITY_TRUSTEDAPPLICATION_H_
#define _SECURITY_TRUSTEDAPPLICATION_H_

#include <Security/SecTrustedApplication.h>
#include <security_cdsa_utilities/cssmdata.h>
#include <security_cdsa_utilities/cssmaclpod.h>
#include <security_cdsa_utilities/acl_codesigning.h>
#include <security_utilities/seccfobject.h>
#include "SecCFTypes.h"


namespace Security {
namespace KeychainCore {


//
// TrustedApplication actually denotes a signed executable
// on disk as used by the ACL subsystem. Much useful
// information is encapsulated in the 'comment' field that
// is stored with the ACL subject. TrustedApplication does
// not interpret this value, leaving its meaning to its caller.
//
class TrustedApplication : public SecCFObject {
	NOCOPY(TrustedApplication)
public:
	SECCFFUNCTIONS(TrustedApplication, SecTrustedApplicationRef, errSecInvalidItemRef, gTypes().TrustedApplication)

	TrustedApplication(const TypedList &subject);	// from ACL subject form
	TrustedApplication(const std::string &path);	// from code on disk
	TrustedApplication();							// for current application
	TrustedApplication(const std::string &path, SecRequirementRef requirement); // with requirement and aux. path
	TrustedApplication(CFDataRef external);			// from external representation
	~TrustedApplication();

	const char *path() const { return mForm->path().c_str(); }
	CssmData legacyHash() const	{ return CssmData::wrap(mForm->legacyHash(), SHA1::digestLength); }
	SecRequirementRef requirement() const { return mForm->requirement(); }

	void data(CFDataRef data);
	CFDataRef externalForm() const;

	CssmList makeSubject(Allocator &allocator);

	bool verifyToDisk(const char *path);		// verify against on-disk image

private:
	RefPointer<CodeSignatureAclSubject> mForm;
};


//
// A simple implementation of a caching path database in the system.
//
class PathDatabase {
public:
    PathDatabase(const char *path = "/var/db/CodeEquivalenceCandidates");

    bool operator [] (const std::string &path)
        { return mQualifyAll || lookup(path); }

private:
    bool mQualifyAll;
    set<std::string> mPaths;

	bool lookup(const std::string &path);
};


} // end namespace KeychainCore
} // end namespace Security

#endif // !_SECURITY_TRUSTEDAPPLICATION_H_
Commit	Line	Data
b1ab9ed8 A	1	/*
b1ab9ed8 A	2	* Copyright (c) 2002-2004 Apple Computer, Inc. All Rights Reserved.
427c49bc	3	*
b1ab9ed8	4	* @APPLE_LICENSE_HEADER_START@
427c49bc	5	*
b1ab9ed8 A	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
427c49bc	12	*
b1ab9ed8 A	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
427c49bc	20	*
b1ab9ed8 A	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23
	24	//
	25	// TrustedApplication.h - TrustedApplication control wrappers
	26	//
	27	#ifndef _SECURITY_TRUSTEDAPPLICATION_H_
	28	#define _SECURITY_TRUSTEDAPPLICATION_H_
	29
	30	#include <Security/SecTrustedApplication.h>
	31	#include <security_cdsa_utilities/cssmdata.h>
	32	#include <security_cdsa_utilities/cssmaclpod.h>
	33	#include <security_cdsa_utilities/acl_codesigning.h>
	34	#include <security_utilities/seccfobject.h>
	35	#include "SecCFTypes.h"
	36
	37
	38	namespace Security {
	39	namespace KeychainCore {
	40
	41
	42	//
	43	// TrustedApplication actually denotes a signed executable
	44	// on disk as used by the ACL subsystem. Much useful
	45	// information is encapsulated in the 'comment' field that
	46	// is stored with the ACL subject. TrustedApplication does
	47	// not interpret this value, leaving its meaning to its caller.
	48	//
	49	class TrustedApplication : public SecCFObject {
	50	NOCOPY(TrustedApplication)
	51	public:
	52	SECCFFUNCTIONS(TrustedApplication, SecTrustedApplicationRef, errSecInvalidItemRef, gTypes().TrustedApplication)
	53
	54	TrustedApplication(const TypedList &subject); // from ACL subject form
	55	TrustedApplication(const std::string &path); // from code on disk
	56	TrustedApplication(); // for current application
	57	TrustedApplication(const std::string &path, SecRequirementRef requirement); // with requirement and aux. path
	58	TrustedApplication(CFDataRef external); // from external representation
	59	~TrustedApplication();
	60
	61	const char *path() const { return mForm->path().c_str(); }
	62	CssmData legacyHash() const { return CssmData::wrap(mForm->legacyHash(), SHA1::digestLength); }
	63	SecRequirementRef requirement() const { return mForm->requirement(); }
427c49bc A	64
427c49bc A	65	void data(CFDataRef data);
b1ab9ed8	66	CFDataRef externalForm() const;
427c49bc	67
b1ab9ed8 A	68	CssmList makeSubject(Allocator &allocator);
	69
	70	bool verifyToDisk(const char *path); // verify against on-disk image
	71
	72	private:
	73	RefPointer<CodeSignatureAclSubject> mForm;
	74	};
	75
	76
	77	//
	78	// A simple implementation of a caching path database in the system.
	79	//
	80	class PathDatabase {
	81	public:
	82	PathDatabase(const char *path = "/var/db/CodeEquivalenceCandidates");
	83
	84	bool operator [] (const std::string &path)
	85	{ return mQualifyAll \|\| lookup(path); }
	86
	87	private:
	88	bool mQualifyAll;
	89	set<std::string> mPaths;
427c49bc	90
b1ab9ed8 A	91	bool lookup(const std::string &path);
	92	};
	93
	94
	95	} // end namespace KeychainCore
	96	} // end namespace Security
	97
	98	#endif // !_SECURITY_TRUSTEDAPPLICATION_H_