]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_codesigning/lib/RequirementParser.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-58286.260.20.tar.gz
[apple/security.git] / OSX / libsecurity_codesigning / lib / RequirementParser.cpp
1 /* $ANTLR 2.7.7 (20121221): "requirements.grammar" -> "RequirementParser.cpp"$ */
2 #include "RequirementParser.hpp"
3 #include <antlr/NoViableAltException.hpp>
4 #include <antlr/SemanticException.hpp>
5 #include <antlr/ASTFactory.hpp>
6
7 #include "requirement.h"
8 #include "reqmaker.h"
9 #include "csutilities.h"
10 #include <libDER/libDER.h>
11 #include <libDER/asn1Types.h>
12 #include <security_utilities/cfutilities.h>
13 #include <security_utilities/hashing.h>
14 #include <security_cdsa_utilities/cssmdata.h> // OID coding
15 #include <Security/SecCertificate.h>
16 using namespace CodeSigning;
17 typedef Requirement::Maker Maker;
18
19 extern "C" {
20
21 /* Decode a choice of UTCTime or GeneralizedTime to a CFAbsoluteTime. Return
22 an absoluteTime if the date was valid and properly decoded. Return
23 NULL_TIME otherwise. */
24 CFAbsoluteTime SecAbsoluteTimeFromDateContent(DERTag tag, const uint8_t *bytes,
25 size_t length);
26
27 }
28
29
30 ANTLR_BEGIN_NAMESPACE(Security_CodeSigning)
31
32 //
33 // Collect error messages.
34 // Note that the immediate caller takes the absence of collected error messages
35 // to indicate compilation success.
36 //
37 void RequirementParser::reportError(const antlr::RecognitionException &ex)
38 {
39 errors += ex.toString() + "\n";
40 }
41
42 void RequirementParser::reportError(const std::string &s)
43 {
44 errors += s + "\n";
45 }
46
47
48 //
49 // Parser helper functions
50 //
51 string RequirementParser::hexString(const string &s)
52 {
53 if (s.size() % 2)
54 throw antlr::SemanticException("odd number of digits");
55 const char *p = s.data();
56 string result;
57 for (unsigned n = 0; n < s.length(); n += 2) {
58 char c;
59 sscanf(p+n, "%2hhx", &c);
60 result.push_back(c);
61 }
62 return result;
63 }
64
65 void RequirementParser::hashString(const string &s, SHA1::Digest hash)
66 {
67 if (s.size() != 2 * SHA1::digestLength)
68 throw antlr::SemanticException("invalid hash length");
69 memcpy(hash, hexString(s).data(), SHA1::digestLength);
70 }
71
72 static const char *matchPrefix(const string &key, const char *prefix)
73 {
74 size_t pLength = strlen(prefix);
75 if (!key.compare(0, pLength, prefix, 0, pLength))
76 return key.c_str() + pLength;
77 else
78 return NULL;
79 }
80
81 void RequirementParser::certMatchOperation(Maker &maker, int32_t slot, string key)
82 {
83 if (const char *oids = matchPrefix(key, "timestamp.")) {
84 maker.put(opCertFieldDate);
85 maker.put(slot);
86 CssmAutoData oid(Allocator::standard()); oid.fromOid(oids);
87 maker.putData(oid.data(), oid.length());
88 } else if (matchPrefix(key, "subject.")) {
89 maker.put(opCertField);
90 maker.put(slot);
91 maker.put(key);
92 } else if (const char *oids = matchPrefix(key, "field.")) {
93 maker.put(opCertGeneric);
94 maker.put(slot);
95 CssmAutoData oid(Allocator::standard()); oid.fromOid(oids);
96 maker.putData(oid.data(), oid.length());
97 } else if (const char *oids = matchPrefix(key, "extension.")) {
98 maker.put(opCertGeneric);
99 maker.put(slot);
100 CssmAutoData oid(Allocator::standard()); oid.fromOid(oids);
101 maker.putData(oid.data(), oid.length());
102 } else if (const char *oids = matchPrefix(key, "policy.")) {
103 maker.put(opCertPolicy);
104 maker.put(slot);
105 CssmAutoData oid(Allocator::standard()); oid.fromOid(oids);
106 maker.putData(oid.data(), oid.length());
107 } else {
108 throw antlr::SemanticException(key + ": unrecognized certificate field");
109 }
110 }
111
112 RequirementParser::RequirementParser(antlr::TokenBuffer& tokenBuf, int k)
113 : antlr::LLkParser(tokenBuf,k)
114 {
115 }
116
117 RequirementParser::RequirementParser(antlr::TokenBuffer& tokenBuf)
118 : antlr::LLkParser(tokenBuf,2)
119 {
120 }
121
122 RequirementParser::RequirementParser(antlr::TokenStream& lexer, int k)
123 : antlr::LLkParser(lexer,k)
124 {
125 }
126
127 RequirementParser::RequirementParser(antlr::TokenStream& lexer)
128 : antlr::LLkParser(lexer,2)
129 {
130 }
131
132 RequirementParser::RequirementParser(const antlr::ParserSharedInputState& state)
133 : antlr::LLkParser(state,2)
134 {
135 }
136
137 BlobCore * RequirementParser::autosense() {
138 BlobCore *result = NULL;
139
140 try { // for error handling
141 switch ( LA(1)) {
142 case LPAREN:
143 case NOT:
144 case LITERAL_always:
145 case LITERAL_true:
146 case LITERAL_never:
147 case LITERAL_false:
148 case LITERAL_identifier:
149 case LITERAL_cdhash:
150 case LITERAL_platform:
151 case LITERAL_notarized:
152 case LITERAL_anchor:
153 case LITERAL_certificate:
154 case LITERAL_cert:
155 case LITERAL_info:
156 case LITERAL_entitlement:
157 {
158 result=requirement();
159 break;
160 }
161 case LITERAL_guest:
162 case LITERAL_host:
163 case LITERAL_designated:
164 case LITERAL_library:
165 case LITERAL_plugin:
166 case INTEGER:
167 {
168 result=requirementSet();
169 break;
170 }
171 default:
172 {
173 throw antlr::NoViableAltException(LT(1), getFilename());
174 }
175 }
176 }
177 catch (antlr::RecognitionException& ex) {
178 reportError(ex);
179 recover(ex,_tokenSet_0);
180 }
181 return result;
182 }
183
184 Requirement * RequirementParser::requirement() {
185 Requirement *result = NULL;
186
187 try { // for error handling
188 result=requirementElement();
189 match(antlr::Token::EOF_TYPE);
190 }
191 catch (antlr::RecognitionException& ex) {
192 reportError(ex);
193 recover(ex,_tokenSet_0);
194 }
195 return result;
196 }
197
198 Requirements * RequirementParser::requirementSet() {
199 Requirements *result = NULL;
200 Requirements::Maker maker;
201
202 try { // for error handling
203 { // ( ... )+
204 int _cnt4=0;
205 for (;;) {
206 if ((_tokenSet_1.member(LA(1)))) {
207 uint32_t t; Requirement *req;
208 t=requirementType();
209 match(ARROW);
210 req=requirementElement();
211 maker.add(t, req);
212 }
213 else {
214 if ( _cnt4>=1 ) { goto _loop4; } else {throw antlr::NoViableAltException(LT(1), getFilename());}
215 }
216
217 _cnt4++;
218 }
219 _loop4:;
220 } // ( ... )+
221 result = errors.empty() ? maker() : NULL;
222 match(antlr::Token::EOF_TYPE);
223 }
224 catch (antlr::RecognitionException& ex) {
225 reportError(ex);
226 recover(ex,_tokenSet_0);
227 }
228 return result;
229 }
230
231 uint32_t RequirementParser::requirementType() {
232 uint32_t type = kSecInvalidRequirementType;
233
234 try { // for error handling
235 switch ( LA(1)) {
236 case LITERAL_guest:
237 {
238 match(LITERAL_guest);
239 type = kSecGuestRequirementType;
240 break;
241 }
242 case LITERAL_host:
243 {
244 match(LITERAL_host);
245 type = kSecHostRequirementType;
246 break;
247 }
248 case LITERAL_designated:
249 {
250 match(LITERAL_designated);
251 type = kSecDesignatedRequirementType;
252 break;
253 }
254 case LITERAL_library:
255 {
256 match(LITERAL_library);
257 type = kSecLibraryRequirementType;
258 break;
259 }
260 case LITERAL_plugin:
261 {
262 match(LITERAL_plugin);
263 type = kSecPluginRequirementType;
264 break;
265 }
266 case INTEGER:
267 {
268 type=integer();
269 break;
270 }
271 default:
272 {
273 throw antlr::NoViableAltException(LT(1), getFilename());
274 }
275 }
276 }
277 catch (antlr::RecognitionException& ex) {
278 reportError(ex);
279 recover(ex,_tokenSet_2);
280 }
281 return type;
282 }
283
284 Requirement * RequirementParser::requirementElement() {
285 Requirement *result = NULL;
286 Requirement::Maker maker;
287
288 try { // for error handling
289 expr(maker);
290 result = maker();
291 { // ( ... )*
292 for (;;) {
293 if ((LA(1) == SEMI)) {
294 fluff();
295 }
296 else {
297 goto _loop9;
298 }
299
300 }
301 _loop9:;
302 } // ( ... )*
303 }
304 catch (antlr::RecognitionException& ex) {
305 reportError(ex);
306 recover(ex,_tokenSet_3);
307 }
308 return result;
309 }
310
311 int32_t RequirementParser::integer() {
312 int32_t result;
313 antlr::RefToken s = antlr::nullToken;
314
315 try { // for error handling
316 s = LT(1);
317 match(INTEGER);
318 result = int32_t(atol(s->getText().c_str()));
319 }
320 catch (antlr::RecognitionException& ex) {
321 reportError(ex);
322 recover(ex,_tokenSet_4);
323 }
324 return result;
325 }
326
327 void RequirementParser::expr(
328 Maker &maker
329 ) {
330 Maker::Label label(maker);
331
332 try { // for error handling
333 term(maker);
334 { // ( ... )*
335 for (;;) {
336 if ((LA(1) == LITERAL_or)) {
337 match(LITERAL_or);
338 maker.insert<ExprOp>(label) = opOr;
339 term(maker);
340 }
341 else {
342 goto _loop12;
343 }
344
345 }
346 _loop12:;
347 } // ( ... )*
348 }
349 catch (antlr::RecognitionException& ex) {
350 reportError(ex);
351 recover(ex,_tokenSet_5);
352 }
353 }
354
355 void RequirementParser::fluff() {
356
357 try { // for error handling
358 match(SEMI);
359 }
360 catch (antlr::RecognitionException& ex) {
361 reportError(ex);
362 recover(ex,_tokenSet_6);
363 }
364 }
365
366 void RequirementParser::term(
367 Maker &maker
368 ) {
369 Maker::Label label(maker);
370
371 try { // for error handling
372 primary(maker);
373 { // ( ... )*
374 for (;;) {
375 if ((LA(1) == LITERAL_and)) {
376 match(LITERAL_and);
377 maker.insert<ExprOp>(label) = opAnd;
378 primary(maker);
379 }
380 else {
381 goto _loop15;
382 }
383
384 }
385 _loop15:;
386 } // ( ... )*
387 }
388 catch (antlr::RecognitionException& ex) {
389 reportError(ex);
390 recover(ex,_tokenSet_7);
391 }
392 }
393
394 void RequirementParser::primary(
395 Maker &maker
396 ) {
397
398 try { // for error handling
399 switch ( LA(1)) {
400 case NOT:
401 {
402 match(NOT);
403 maker.put(opNot);
404 primary(maker);
405 break;
406 }
407 case LITERAL_always:
408 case LITERAL_true:
409 {
410 {
411 switch ( LA(1)) {
412 case LITERAL_always:
413 {
414 match(LITERAL_always);
415 break;
416 }
417 case LITERAL_true:
418 {
419 match(LITERAL_true);
420 break;
421 }
422 default:
423 {
424 throw antlr::NoViableAltException(LT(1), getFilename());
425 }
426 }
427 }
428 maker.put(opTrue);
429 break;
430 }
431 case LITERAL_never:
432 case LITERAL_false:
433 {
434 {
435 switch ( LA(1)) {
436 case LITERAL_never:
437 {
438 match(LITERAL_never);
439 break;
440 }
441 case LITERAL_false:
442 {
443 match(LITERAL_false);
444 break;
445 }
446 default:
447 {
448 throw antlr::NoViableAltException(LT(1), getFilename());
449 }
450 }
451 }
452 maker.put(opFalse);
453 break;
454 }
455 case LITERAL_anchor:
456 case LITERAL_certificate:
457 case LITERAL_cert:
458 {
459 certspec(maker);
460 break;
461 }
462 case LITERAL_info:
463 {
464 infospec(maker);
465 break;
466 }
467 case LITERAL_entitlement:
468 {
469 entitlementspec(maker);
470 break;
471 }
472 case LITERAL_identifier:
473 {
474 match(LITERAL_identifier);
475 string code;
476 eql();
477 code=identifierString();
478 maker.ident(code);
479 break;
480 }
481 case LITERAL_cdhash:
482 {
483 match(LITERAL_cdhash);
484 SHA1::Digest digest;
485 eql();
486 hash(digest);
487 maker.cdhash(digest);
488 break;
489 }
490 case LITERAL_platform:
491 {
492 match(LITERAL_platform);
493 int32_t ident;
494 eql();
495 ident=integer();
496 maker.platform(ident);
497 break;
498 }
499 case LITERAL_notarized:
500 {
501 match(LITERAL_notarized);
502 maker.put(opNotarized);
503 break;
504 }
505 default:
506 if ((LA(1) == LPAREN) && (_tokenSet_8.member(LA(2)))) {
507 match(LPAREN);
508 expr(maker);
509 match(RPAREN);
510 }
511 else if ((LA(1) == LPAREN) && (LA(2) == DOTKEY || LA(2) == STRING)) {
512 match(LPAREN);
513 string name;
514 name=identifierString();
515 match(RPAREN);
516 maker.put(opNamedCode); maker.put(name);
517 }
518 else {
519 throw antlr::NoViableAltException(LT(1), getFilename());
520 }
521 }
522 }
523 catch (antlr::RecognitionException& ex) {
524 reportError(ex);
525 recover(ex,_tokenSet_9);
526 }
527 }
528
529 void RequirementParser::certspec(
530 Maker &maker
531 ) {
532
533 try { // for error handling
534 if ((LA(1) == LITERAL_anchor) && (LA(2) == LITERAL_apple)) {
535 match(LITERAL_anchor);
536 match(LITERAL_apple);
537 appleanchor(maker);
538 }
539 else if ((LA(1) == LITERAL_anchor) && (LA(2) == LITERAL_generic)) {
540 match(LITERAL_anchor);
541 match(LITERAL_generic);
542 match(LITERAL_apple);
543 maker.put(opAppleGenericAnchor);
544 }
545 else if ((LA(1) == LITERAL_anchor || LA(1) == LITERAL_certificate || LA(1) == LITERAL_cert) && (LA(2) == LITERAL_trusted)) {
546 {
547 switch ( LA(1)) {
548 case LITERAL_certificate:
549 {
550 match(LITERAL_certificate);
551 break;
552 }
553 case LITERAL_cert:
554 {
555 match(LITERAL_cert);
556 break;
557 }
558 case LITERAL_anchor:
559 {
560 match(LITERAL_anchor);
561 break;
562 }
563 default:
564 {
565 throw antlr::NoViableAltException(LT(1), getFilename());
566 }
567 }
568 }
569 match(LITERAL_trusted);
570 maker.trustedAnchor();
571 }
572 else if ((LA(1) == LITERAL_certificate || LA(1) == LITERAL_cert) && (_tokenSet_10.member(LA(2)))) {
573 {
574 switch ( LA(1)) {
575 case LITERAL_certificate:
576 {
577 match(LITERAL_certificate);
578 break;
579 }
580 case LITERAL_cert:
581 {
582 match(LITERAL_cert);
583 break;
584 }
585 default:
586 {
587 throw antlr::NoViableAltException(LT(1), getFilename());
588 }
589 }
590 }
591 int32_t slot;
592 slot=certSlot();
593 {
594 switch ( LA(1)) {
595 case EQL:
596 case EQQL:
597 case LBRACK:
598 case HASHCONSTANT:
599 case DOTKEY:
600 case STRING:
601 case PATHNAME:
602 {
603 certslotspec(maker, slot);
604 break;
605 }
606 case LITERAL_trusted:
607 {
608 match(LITERAL_trusted);
609 maker.trustedAnchor(slot);
610 break;
611 }
612 default:
613 {
614 throw antlr::NoViableAltException(LT(1), getFilename());
615 }
616 }
617 }
618 }
619 else if ((LA(1) == LITERAL_anchor) && (_tokenSet_11.member(LA(2)))) {
620 match(LITERAL_anchor);
621 certslotspec(maker, Requirement::anchorCert);
622 }
623 else {
624 throw antlr::NoViableAltException(LT(1), getFilename());
625 }
626
627 }
628 catch (antlr::RecognitionException& ex) {
629 reportError(ex);
630 recover(ex,_tokenSet_9);
631 }
632 }
633
634 void RequirementParser::infospec(
635 Maker &maker
636 ) {
637 string key;
638
639 try { // for error handling
640 match(LITERAL_info);
641 key=bracketKey();
642 maker.put(opInfoKeyField); maker.put(key);
643 match_suffix(maker);
644 }
645 catch (antlr::RecognitionException& ex) {
646 reportError(ex);
647 recover(ex,_tokenSet_9);
648 }
649 }
650
651 void RequirementParser::entitlementspec(
652 Maker &maker
653 ) {
654 string key;
655
656 try { // for error handling
657 match(LITERAL_entitlement);
658 key=bracketKey();
659 maker.put(opEntitlementField); maker.put(key);
660 match_suffix(maker);
661 }
662 catch (antlr::RecognitionException& ex) {
663 reportError(ex);
664 recover(ex,_tokenSet_9);
665 }
666 }
667
668 void RequirementParser::eql() {
669
670 try { // for error handling
671 switch ( LA(1)) {
672 case EQL:
673 {
674 match(EQL);
675 break;
676 }
677 case EQQL:
678 {
679 match(EQQL);
680 break;
681 }
682 case HASHCONSTANT:
683 case DOTKEY:
684 case STRING:
685 case PATHNAME:
686 case INTEGER:
687 {
688 empty();
689 break;
690 }
691 default:
692 {
693 throw antlr::NoViableAltException(LT(1), getFilename());
694 }
695 }
696 }
697 catch (antlr::RecognitionException& ex) {
698 reportError(ex);
699 recover(ex,_tokenSet_12);
700 }
701 }
702
703 string RequirementParser::identifierString() {
704 string result;
705 antlr::RefToken dk = antlr::nullToken;
706 antlr::RefToken s = antlr::nullToken;
707
708 try { // for error handling
709 switch ( LA(1)) {
710 case DOTKEY:
711 {
712 dk = LT(1);
713 match(DOTKEY);
714 result = dk->getText();
715 break;
716 }
717 case STRING:
718 {
719 s = LT(1);
720 match(STRING);
721 result = s->getText();
722 break;
723 }
724 default:
725 {
726 throw antlr::NoViableAltException(LT(1), getFilename());
727 }
728 }
729 }
730 catch (antlr::RecognitionException& ex) {
731 reportError(ex);
732 recover(ex,_tokenSet_9);
733 }
734 return result;
735 }
736
737 void RequirementParser::hash(
738 SHA1::Digest digest
739 ) {
740 antlr::RefToken hash = antlr::nullToken;
741
742 try { // for error handling
743 hash = LT(1);
744 match(HASHCONSTANT);
745 hashString(hash->getText(), digest);
746 }
747 catch (antlr::RecognitionException& ex) {
748 reportError(ex);
749 recover(ex,_tokenSet_9);
750 }
751 }
752
753 void RequirementParser::appleanchor(
754 Maker &maker
755 ) {
756
757 try { // for error handling
758 switch ( LA(1)) {
759 case antlr::Token::EOF_TYPE:
760 case LITERAL_guest:
761 case LITERAL_host:
762 case LITERAL_designated:
763 case LITERAL_library:
764 case LITERAL_plugin:
765 case LITERAL_or:
766 case LITERAL_and:
767 case RPAREN:
768 case INTEGER:
769 case SEMI:
770 {
771 empty();
772 maker.put(opAppleAnchor);
773 break;
774 }
775 case LITERAL_generic:
776 {
777 match(LITERAL_generic);
778 maker.put(opAppleGenericAnchor);
779 break;
780 }
781 case DOTKEY:
782 case STRING:
783 {
784 string name;
785 name=identifierString();
786 maker.put(opNamedAnchor); maker.put(name);
787 break;
788 }
789 default:
790 {
791 throw antlr::NoViableAltException(LT(1), getFilename());
792 }
793 }
794 }
795 catch (antlr::RecognitionException& ex) {
796 reportError(ex);
797 recover(ex,_tokenSet_9);
798 }
799 }
800
801 int32_t RequirementParser::certSlot() {
802 int32_t slot = 0;
803
804 try { // for error handling
805 switch ( LA(1)) {
806 case INTEGER:
807 {
808 slot=integer();
809 break;
810 }
811 case NEG:
812 {
813 match(NEG);
814 slot=integer();
815 slot = -slot;
816 break;
817 }
818 case LITERAL_leaf:
819 {
820 match(LITERAL_leaf);
821 slot = Requirement::leafCert;
822 break;
823 }
824 case LITERAL_root:
825 {
826 match(LITERAL_root);
827 slot = Requirement::anchorCert;
828 break;
829 }
830 default:
831 {
832 throw antlr::NoViableAltException(LT(1), getFilename());
833 }
834 }
835 }
836 catch (antlr::RecognitionException& ex) {
837 reportError(ex);
838 recover(ex,_tokenSet_13);
839 }
840 return slot;
841 }
842
843 void RequirementParser::certslotspec(
844 Maker &maker, int32_t slot
845 ) {
846 string key;
847
848 try { // for error handling
849 switch ( LA(1)) {
850 case EQL:
851 case EQQL:
852 case HASHCONSTANT:
853 case DOTKEY:
854 case STRING:
855 case PATHNAME:
856 {
857 eql();
858 SHA1::Digest digest;
859 certificateDigest(digest);
860 maker.anchor(slot, digest);
861 break;
862 }
863 case LBRACK:
864 {
865 key=bracketKey();
866 certMatchOperation(maker, slot, key);
867 match_suffix(maker);
868 break;
869 }
870 default:
871 {
872 throw antlr::NoViableAltException(LT(1), getFilename());
873 }
874 }
875 }
876 catch (antlr::RecognitionException& ex) {
877 reportError(ex);
878 recover(ex,_tokenSet_9);
879 }
880 }
881
882 void RequirementParser::empty() {
883
884 try { // for error handling
885 }
886 catch (antlr::RecognitionException& ex) {
887 reportError(ex);
888 recover(ex,_tokenSet_14);
889 }
890 }
891
892 void RequirementParser::certificateDigest(
893 SHA1::Digest digest
894 ) {
895
896 try { // for error handling
897 switch ( LA(1)) {
898 case HASHCONSTANT:
899 {
900 hash(digest);
901 break;
902 }
903 case DOTKEY:
904 case STRING:
905 case PATHNAME:
906 {
907 string path;
908 path=pathstring();
909 if (CFRef<CFDataRef> certData = cfLoadFile(path))
910 hashOfCertificate(CFDataGetBytePtr(certData), CFDataGetLength(certData), digest);
911 else
912 throw antlr::SemanticException(path + ": not found");
913
914 break;
915 }
916 default:
917 {
918 throw antlr::NoViableAltException(LT(1), getFilename());
919 }
920 }
921 }
922 catch (antlr::RecognitionException& ex) {
923 reportError(ex);
924 recover(ex,_tokenSet_9);
925 }
926 }
927
928 string RequirementParser::bracketKey() {
929 string key;
930
931 try { // for error handling
932 match(LBRACK);
933 key=stringvalue();
934 match(RBRACK);
935 }
936 catch (antlr::RecognitionException& ex) {
937 reportError(ex);
938 recover(ex,_tokenSet_15);
939 }
940 return key;
941 }
942
943 void RequirementParser::match_suffix(
944 Maker &maker
945 ) {
946
947 try { // for error handling
948 switch ( LA(1)) {
949 case antlr::Token::EOF_TYPE:
950 case LITERAL_guest:
951 case LITERAL_host:
952 case LITERAL_designated:
953 case LITERAL_library:
954 case LITERAL_plugin:
955 case LITERAL_or:
956 case LITERAL_and:
957 case RPAREN:
958 case LITERAL_exists:
959 case INTEGER:
960 case SEMI:
961 {
962 empty();
963 {
964 switch ( LA(1)) {
965 case LITERAL_exists:
966 {
967 match(LITERAL_exists);
968 break;
969 }
970 case antlr::Token::EOF_TYPE:
971 case LITERAL_guest:
972 case LITERAL_host:
973 case LITERAL_designated:
974 case LITERAL_library:
975 case LITERAL_plugin:
976 case LITERAL_or:
977 case LITERAL_and:
978 case RPAREN:
979 case INTEGER:
980 case SEMI:
981 {
982 break;
983 }
984 default:
985 {
986 throw antlr::NoViableAltException(LT(1), getFilename());
987 }
988 }
989 }
990 maker.put(matchExists);
991 break;
992 }
993 case LITERAL_absent:
994 {
995 match(LITERAL_absent);
996 maker.put(matchAbsent);
997 break;
998 }
999 case SUBS:
1000 {
1001 match(SUBS);
1002 string value;
1003 value=datavalue();
1004 maker.put(matchContains); maker.put(value);
1005 break;
1006 }
1007 default:
1008 if ((LA(1) == EQL || LA(1) == EQQL) && (_tokenSet_16.member(LA(2)))) {
1009 {
1010 switch ( LA(1)) {
1011 case EQL:
1012 {
1013 match(EQL);
1014 break;
1015 }
1016 case EQQL:
1017 {
1018 match(EQQL);
1019 break;
1020 }
1021 default:
1022 {
1023 throw antlr::NoViableAltException(LT(1), getFilename());
1024 }
1025 }
1026 }
1027 MatchOperation mop = matchEqual; string value;
1028 {
1029 switch ( LA(1)) {
1030 case STAR:
1031 {
1032 match(STAR);
1033 mop = matchEndsWith;
1034 break;
1035 }
1036 case HEXCONSTANT:
1037 case DOTKEY:
1038 case STRING:
1039 {
1040 break;
1041 }
1042 default:
1043 {
1044 throw antlr::NoViableAltException(LT(1), getFilename());
1045 }
1046 }
1047 }
1048 value=datavalue();
1049 {
1050 switch ( LA(1)) {
1051 case STAR:
1052 {
1053 match(STAR);
1054 mop = (mop == matchEndsWith) ? matchContains : matchBeginsWith;
1055 break;
1056 }
1057 case antlr::Token::EOF_TYPE:
1058 case LITERAL_guest:
1059 case LITERAL_host:
1060 case LITERAL_designated:
1061 case LITERAL_library:
1062 case LITERAL_plugin:
1063 case LITERAL_or:
1064 case LITERAL_and:
1065 case RPAREN:
1066 case INTEGER:
1067 case SEMI:
1068 {
1069 break;
1070 }
1071 default:
1072 {
1073 throw antlr::NoViableAltException(LT(1), getFilename());
1074 }
1075 }
1076 }
1077 maker.put(mop); maker.put(value);
1078 }
1079 else if ((LA(1) == EQL || LA(1) == EQQL) && (LA(2) == LITERAL_timestamp)) {
1080 {
1081 switch ( LA(1)) {
1082 case EQL:
1083 {
1084 match(EQL);
1085 break;
1086 }
1087 case EQQL:
1088 {
1089 match(EQQL);
1090 break;
1091 }
1092 default:
1093 {
1094 throw antlr::NoViableAltException(LT(1), getFilename());
1095 }
1096 }
1097 }
1098 MatchOperation mop = matchOn; int64_t value;
1099 value=timestamp();
1100 maker.put(mop); maker.put(value);
1101 }
1102 else if ((LA(1) == LESS) && ((LA(2) >= HEXCONSTANT && LA(2) <= STRING))) {
1103 match(LESS);
1104 string value;
1105 value=datavalue();
1106 maker.put(matchLessThan); maker.put(value);
1107 }
1108 else if ((LA(1) == GT) && ((LA(2) >= HEXCONSTANT && LA(2) <= STRING))) {
1109 match(GT);
1110 string value;
1111 value=datavalue();
1112 maker.put(matchGreaterThan); maker.put(value);
1113 }
1114 else if ((LA(1) == LE) && ((LA(2) >= HEXCONSTANT && LA(2) <= STRING))) {
1115 match(LE);
1116 string value;
1117 value=datavalue();
1118 maker.put(matchLessEqual); maker.put(value);
1119 }
1120 else if ((LA(1) == GE) && ((LA(2) >= HEXCONSTANT && LA(2) <= STRING))) {
1121 match(GE);
1122 string value;
1123 value=datavalue();
1124 maker.put(matchGreaterEqual); maker.put(value);
1125 }
1126 else if ((LA(1) == LESS) && (LA(2) == LITERAL_timestamp)) {
1127 match(LESS);
1128 int64_t value;
1129 value=timestamp();
1130 maker.put(matchBefore); maker.put(value);
1131 }
1132 else if ((LA(1) == GT) && (LA(2) == LITERAL_timestamp)) {
1133 match(GT);
1134 int64_t value;
1135 value=timestamp();
1136 maker.put(matchAfter); maker.put(value);
1137 }
1138 else if ((LA(1) == LE) && (LA(2) == LITERAL_timestamp)) {
1139 match(LE);
1140 int64_t value;
1141 value=timestamp();
1142 maker.put(matchOnOrBefore); maker.put(value);
1143 }
1144 else if ((LA(1) == GE) && (LA(2) == LITERAL_timestamp)) {
1145 match(GE);
1146 int64_t value;
1147 value=timestamp();
1148 maker.put(matchOnOrAfter); maker.put(value);
1149 }
1150 else {
1151 throw antlr::NoViableAltException(LT(1), getFilename());
1152 }
1153 }
1154 }
1155 catch (antlr::RecognitionException& ex) {
1156 reportError(ex);
1157 recover(ex,_tokenSet_9);
1158 }
1159 }
1160
1161 string RequirementParser::datavalue() {
1162 string result;
1163 antlr::RefToken hex = antlr::nullToken;
1164
1165 try { // for error handling
1166 switch ( LA(1)) {
1167 case DOTKEY:
1168 case STRING:
1169 {
1170 result=stringvalue();
1171 break;
1172 }
1173 case HEXCONSTANT:
1174 {
1175 hex = LT(1);
1176 match(HEXCONSTANT);
1177 result = hexString(hex->getText());
1178 break;
1179 }
1180 default:
1181 {
1182 throw antlr::NoViableAltException(LT(1), getFilename());
1183 }
1184 }
1185 }
1186 catch (antlr::RecognitionException& ex) {
1187 reportError(ex);
1188 recover(ex,_tokenSet_17);
1189 }
1190 return result;
1191 }
1192
1193 int64_t RequirementParser::timestamp() {
1194 int64_t result;
1195 antlr::RefToken s = antlr::nullToken;
1196
1197 try { // for error handling
1198 match(LITERAL_timestamp);
1199 s = LT(1);
1200 match(STRING);
1201 result = (int64_t)SecAbsoluteTimeFromDateContent(ASN1_GENERALIZED_TIME, (uint8_t const *)s->getText().c_str(), s->getText().length());
1202 }
1203 catch (antlr::RecognitionException& ex) {
1204 reportError(ex);
1205 recover(ex,_tokenSet_9);
1206 }
1207 return result;
1208 }
1209
1210 string RequirementParser::stringvalue() {
1211 string result;
1212 antlr::RefToken dk = antlr::nullToken;
1213 antlr::RefToken s = antlr::nullToken;
1214
1215 try { // for error handling
1216 switch ( LA(1)) {
1217 case DOTKEY:
1218 {
1219 dk = LT(1);
1220 match(DOTKEY);
1221 result = dk->getText();
1222 break;
1223 }
1224 case STRING:
1225 {
1226 s = LT(1);
1227 match(STRING);
1228 result = s->getText();
1229 break;
1230 }
1231 default:
1232 {
1233 throw antlr::NoViableAltException(LT(1), getFilename());
1234 }
1235 }
1236 }
1237 catch (antlr::RecognitionException& ex) {
1238 reportError(ex);
1239 recover(ex,_tokenSet_18);
1240 }
1241 return result;
1242 }
1243
1244 string RequirementParser::pathstring() {
1245 string result;
1246 antlr::RefToken dk = antlr::nullToken;
1247 antlr::RefToken s = antlr::nullToken;
1248 antlr::RefToken pn = antlr::nullToken;
1249
1250 try { // for error handling
1251 switch ( LA(1)) {
1252 case DOTKEY:
1253 {
1254 dk = LT(1);
1255 match(DOTKEY);
1256 result = dk->getText();
1257 break;
1258 }
1259 case STRING:
1260 {
1261 s = LT(1);
1262 match(STRING);
1263 result = s->getText();
1264 break;
1265 }
1266 case PATHNAME:
1267 {
1268 pn = LT(1);
1269 match(PATHNAME);
1270 result = pn->getText();
1271 break;
1272 }
1273 default:
1274 {
1275 throw antlr::NoViableAltException(LT(1), getFilename());
1276 }
1277 }
1278 }
1279 catch (antlr::RecognitionException& ex) {
1280 reportError(ex);
1281 recover(ex,_tokenSet_9);
1282 }
1283 return result;
1284 }
1285
1286 void RequirementParser::initializeASTFactory( antlr::ASTFactory& )
1287 {
1288 }
1289 const char* RequirementParser::tokenNames[] = {
1290 "<0>",
1291 "EOF",
1292 "<2>",
1293 "NULL_TREE_LOOKAHEAD",
1294 "ARROW",
1295 "\"guest\"",
1296 "\"host\"",
1297 "\"designated\"",
1298 "\"library\"",
1299 "\"plugin\"",
1300 "\"or\"",
1301 "\"and\"",
1302 "LPAREN",
1303 "RPAREN",
1304 "NOT",
1305 "\"always\"",
1306 "\"true\"",
1307 "\"never\"",
1308 "\"false\"",
1309 "\"identifier\"",
1310 "\"cdhash\"",
1311 "\"platform\"",
1312 "\"notarized\"",
1313 "\"anchor\"",
1314 "\"apple\"",
1315 "\"generic\"",
1316 "\"certificate\"",
1317 "\"cert\"",
1318 "\"trusted\"",
1319 "\"info\"",
1320 "\"entitlement\"",
1321 "\"exists\"",
1322 "\"absent\"",
1323 "EQL",
1324 "EQQL",
1325 "STAR",
1326 "SUBS",
1327 "LESS",
1328 "GT",
1329 "LE",
1330 "GE",
1331 "LBRACK",
1332 "RBRACK",
1333 "NEG",
1334 "\"leaf\"",
1335 "\"root\"",
1336 "HASHCONSTANT",
1337 "HEXCONSTANT",
1338 "DOTKEY",
1339 "STRING",
1340 "PATHNAME",
1341 "INTEGER",
1342 "\"timestamp\"",
1343 "SEMI",
1344 "IDENT",
1345 "HEX",
1346 "COMMA",
1347 "WS",
1348 "SHELLCOMMENT",
1349 "C_COMMENT",
1350 "CPP_COMMENT",
1351 0
1352 };
1353
1354 const unsigned long RequirementParser::_tokenSet_0_data_[] = { 2UL, 0UL, 0UL, 0UL };
1355 // EOF
1356 const antlr::BitSet RequirementParser::_tokenSet_0(_tokenSet_0_data_,4);
1357 const unsigned long RequirementParser::_tokenSet_1_data_[] = { 992UL, 524288UL, 0UL, 0UL };
1358 // "guest" "host" "designated" "library" "plugin" INTEGER
1359 const antlr::BitSet RequirementParser::_tokenSet_1(_tokenSet_1_data_,4);
1360 const unsigned long RequirementParser::_tokenSet_2_data_[] = { 16UL, 0UL, 0UL, 0UL };
1361 // ARROW
1362 const antlr::BitSet RequirementParser::_tokenSet_2(_tokenSet_2_data_,4);
1363 const unsigned long RequirementParser::_tokenSet_3_data_[] = { 994UL, 524288UL, 0UL, 0UL };
1364 // EOF "guest" "host" "designated" "library" "plugin" INTEGER
1365 const antlr::BitSet RequirementParser::_tokenSet_3(_tokenSet_3_data_,4);
1366 const unsigned long RequirementParser::_tokenSet_4_data_[] = { 268447730UL, 3097094UL, 0UL, 0UL };
1367 // EOF ARROW "guest" "host" "designated" "library" "plugin" "or" "and"
1368 // RPAREN "trusted" EQL EQQL LBRACK HASHCONSTANT DOTKEY STRING PATHNAME
1369 // INTEGER SEMI
1370 const antlr::BitSet RequirementParser::_tokenSet_4(_tokenSet_4_data_,4);
1371 const unsigned long RequirementParser::_tokenSet_5_data_[] = { 9186UL, 2621440UL, 0UL, 0UL };
1372 // EOF "guest" "host" "designated" "library" "plugin" RPAREN INTEGER SEMI
1373 const antlr::BitSet RequirementParser::_tokenSet_5(_tokenSet_5_data_,4);
1374 const unsigned long RequirementParser::_tokenSet_6_data_[] = { 994UL, 2621440UL, 0UL, 0UL };
1375 // EOF "guest" "host" "designated" "library" "plugin" INTEGER SEMI
1376 const antlr::BitSet RequirementParser::_tokenSet_6(_tokenSet_6_data_,4);
1377 const unsigned long RequirementParser::_tokenSet_7_data_[] = { 10210UL, 2621440UL, 0UL, 0UL };
1378 // EOF "guest" "host" "designated" "library" "plugin" "or" RPAREN INTEGER
1379 // SEMI
1380 const antlr::BitSet RequirementParser::_tokenSet_7(_tokenSet_7_data_,4);
1381 const unsigned long RequirementParser::_tokenSet_8_data_[] = { 1828704256UL, 0UL, 0UL, 0UL };
1382 // LPAREN NOT "always" "true" "never" "false" "identifier" "cdhash" "platform"
1383 // "notarized" "anchor" "certificate" "cert" "info" "entitlement"
1384 const antlr::BitSet RequirementParser::_tokenSet_8(_tokenSet_8_data_,4);
1385 const unsigned long RequirementParser::_tokenSet_9_data_[] = { 12258UL, 2621440UL, 0UL, 0UL };
1386 // EOF "guest" "host" "designated" "library" "plugin" "or" "and" RPAREN
1387 // INTEGER SEMI
1388 const antlr::BitSet RequirementParser::_tokenSet_9(_tokenSet_9_data_,4);
1389 const unsigned long RequirementParser::_tokenSet_10_data_[] = { 0UL, 538624UL, 0UL, 0UL };
1390 // NEG "leaf" "root" INTEGER
1391 const antlr::BitSet RequirementParser::_tokenSet_10(_tokenSet_10_data_,4);
1392 const unsigned long RequirementParser::_tokenSet_11_data_[] = { 0UL, 475654UL, 0UL, 0UL };
1393 // EQL EQQL LBRACK HASHCONSTANT DOTKEY STRING PATHNAME
1394 const antlr::BitSet RequirementParser::_tokenSet_11(_tokenSet_11_data_,4);
1395 const unsigned long RequirementParser::_tokenSet_12_data_[] = { 0UL, 999424UL, 0UL, 0UL };
1396 // HASHCONSTANT DOTKEY STRING PATHNAME INTEGER
1397 const antlr::BitSet RequirementParser::_tokenSet_12(_tokenSet_12_data_,4);
1398 const unsigned long RequirementParser::_tokenSet_13_data_[] = { 268435456UL, 475654UL, 0UL, 0UL };
1399 // "trusted" EQL EQQL LBRACK HASHCONSTANT DOTKEY STRING PATHNAME
1400 const antlr::BitSet RequirementParser::_tokenSet_13(_tokenSet_13_data_,4);
1401 const unsigned long RequirementParser::_tokenSet_14_data_[] = { 2147495906UL, 3096576UL, 0UL, 0UL };
1402 // EOF "guest" "host" "designated" "library" "plugin" "or" "and" RPAREN
1403 // "exists" HASHCONSTANT DOTKEY STRING PATHNAME INTEGER SEMI
1404 const antlr::BitSet RequirementParser::_tokenSet_14(_tokenSet_14_data_,4);
1405 const unsigned long RequirementParser::_tokenSet_15_data_[] = { 2147495906UL, 2621943UL, 0UL, 0UL };
1406 // EOF "guest" "host" "designated" "library" "plugin" "or" "and" RPAREN
1407 // "exists" "absent" EQL EQQL SUBS LESS GT LE GE INTEGER SEMI
1408 const antlr::BitSet RequirementParser::_tokenSet_15(_tokenSet_15_data_,4);
1409 const unsigned long RequirementParser::_tokenSet_16_data_[] = { 0UL, 229384UL, 0UL, 0UL };
1410 // STAR HEXCONSTANT DOTKEY STRING
1411 const antlr::BitSet RequirementParser::_tokenSet_16(_tokenSet_16_data_,4);
1412 const unsigned long RequirementParser::_tokenSet_17_data_[] = { 12258UL, 2621448UL, 0UL, 0UL };
1413 // EOF "guest" "host" "designated" "library" "plugin" "or" "and" RPAREN
1414 // STAR INTEGER SEMI
1415 const antlr::BitSet RequirementParser::_tokenSet_17(_tokenSet_17_data_,4);
1416 const unsigned long RequirementParser::_tokenSet_18_data_[] = { 12258UL, 2622472UL, 0UL, 0UL };
1417 // EOF "guest" "host" "designated" "library" "plugin" "or" "and" RPAREN
1418 // STAR RBRACK INTEGER SEMI
1419 const antlr::BitSet RequirementParser::_tokenSet_18(_tokenSet_18_data_,4);
1420
1421
1422 ANTLR_END_NAMESPACE
mirror of Security