]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_codesigning/lib/SecCodeSigner.cpp
Security-58286.260.20.tar.gz
[apple/security.git] / OSX / libsecurity_codesigning / lib / SecCodeSigner.cpp
1 /*
2 * Copyright (c) 2006-2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // SecCode - API frame for SecCode objects.
26 //
27 // Note that some SecCode* functions take SecStaticCodeRef arguments in order to
28 // accept either static or dynamic code references, operating on the respective
29 // StaticCode. Those functions are in SecStaticCode.cpp, not here, despite their name.
30 //
31 #include "cs.h"
32 #include "CodeSigner.h"
33 #include "cskernel.h"
34
35 using namespace CodeSigning;
36
37
38 //
39 // Parameter keys
40 //
41 const CFStringRef kSecCodeSignerApplicationData = CFSTR("application-specific");
42 const CFStringRef kSecCodeSignerDetached = CFSTR("detached");
43 const CFStringRef kSecCodeSignerDigestAlgorithm = CFSTR("digest-algorithm");
44 const CFStringRef kSecCodeSignerDryRun = CFSTR("dryrun");
45 const CFStringRef kSecCodeSignerEntitlements = CFSTR("entitlements");
46 const CFStringRef kSecCodeSignerFlags = CFSTR("flags");
47 const CFStringRef kSecCodeSignerIdentifier = CFSTR("identifier");
48 const CFStringRef kSecCodeSignerIdentifierPrefix = CFSTR("identifier-prefix");
49 const CFStringRef kSecCodeSignerIdentity = CFSTR("signer");
50 const CFStringRef kSecCodeSignerPageSize = CFSTR("pagesize");
51 const CFStringRef kSecCodeSignerRequirements = CFSTR("requirements");
52 const CFStringRef kSecCodeSignerResourceRules = CFSTR("resource-rules");
53 const CFStringRef kSecCodeSignerSDKRoot = CFSTR("sdkroot");
54 const CFStringRef kSecCodeSignerSigningTime = CFSTR("signing-time");
55 const CFStringRef kSecCodeSignerRequireTimestamp = CFSTR("timestamp-required");
56 const CFStringRef kSecCodeSignerTimestampServer = CFSTR("timestamp-url");
57 const CFStringRef kSecCodeSignerTimestampAuthentication = CFSTR("timestamp-authentication");
58 const CFStringRef kSecCodeSignerTimestampOmitCertificates = CFSTR("timestamp-omit-certificates");
59 const CFStringRef kSecCodeSignerPreserveMetadata = CFSTR("preserve-metadata");
60 const CFStringRef kSecCodeSignerTeamIdentifier = CFSTR("teamidentifier");
61 const CFStringRef kSecCodeSignerPlatformIdentifier = CFSTR("platform-identifier");
62 const CFStringRef kSecCodeSignerRuntimeVersion = CFSTR("runtime-version");
63 const CFStringRef kSecCodeSignerPreserveAFSC = CFSTR("preserve-afsc");
64 const CFStringRef kSecCodeSignerOmitAdhocFlag = CFSTR("omit-adhoc-flag");
65
66 // Keys for signature editing
67 const CFStringRef kSecCodeSignerEditCpuType = CFSTR("edit-cpu-type");
68 const CFStringRef kSecCodeSignerEditCpuSubtype = CFSTR("edit-cpu-subtype");
69 const CFStringRef kSecCodeSignerEditCMS = CFSTR("edit-cms");
70
71
72
73 //
74 // CF-standard type code functions
75 //
76 CFTypeID SecCodeSignerGetTypeID(void)
77 {
78 BEGIN_CSAPI
79 return gCFObjects().CodeSigner.typeID;
80 END_CSAPI1(_kCFRuntimeNotATypeID)
81 }
82
83
84 //
85 // Create a signer object
86 //
87 OSStatus SecCodeSignerCreate(CFDictionaryRef parameters, SecCSFlags flags,
88 SecCodeSignerRef *signerRef)
89 {
90 BEGIN_CSAPI
91
92 checkFlags(flags,
93 kSecCSEditSignature
94 | kSecCSRemoveSignature
95 | kSecCSSignPreserveSignature
96 | kSecCSSignNestedCode
97 | kSecCSSignOpaque
98 | kSecCSSignV1
99 | kSecCSSignNoV1
100 | kSecCSSignBundleRoot
101 | kSecCSSignStrictPreflight
102 | kSecCSSignGeneratePEH
103 | kSecCSSignGenerateEntitlementDER);
104 SecPointer<SecCodeSigner> signer = new SecCodeSigner(flags);
105 signer->parameters(parameters);
106 CodeSigning::Required(signerRef) = signer->handle();
107
108 END_CSAPI
109 }
110
111
112 //
113 // Generate a signature
114 //
115 OSStatus SecCodeSignerAddSignature(SecCodeSignerRef signerRef,
116 SecStaticCodeRef codeRef, SecCSFlags flags)
117 {
118 return SecCodeSignerAddSignatureWithErrors(signerRef, codeRef, flags, NULL);
119 }
120
121 OSStatus SecCodeSignerAddSignatureWithErrors(SecCodeSignerRef signerRef,
122 SecStaticCodeRef codeRef, SecCSFlags flags, CFErrorRef *errors)
123 {
124 BEGIN_CSAPI
125 checkFlags(flags,
126 kSecCSReportProgress
127 );
128 SecCodeSigner::required(signerRef)->sign(SecStaticCode::required(codeRef), flags);
129 END_CSAPI_ERRORS
130 }