]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_manifest/lib/SecManifest.cpp
Security-59306.120.7.tar.gz
[apple/security.git] / OSX / libsecurity_manifest / lib / SecManifest.cpp
1 #include "SecManifest.h"
2 #include <security_utilities/security_utilities.h>
3 #include <utilities/SecCFRelease.h>
4 #include "Manifest.h"
5 #include <security_utilities/seccfobject.h>
6 #include <security_cdsa_utilities/cssmbridge.h>
7 #include <../../base/SecBase.h>
8 /*
9 * Copyright (c) 2004,2011,2013-2014 Apple Inc. All Rights Reserved.
10 *
11 * @APPLE_LICENSE_HEADER_START@
12 *
13 * This file contains Original Code and/or Modifications of Original Code
14 * as defined in and that are subject to the Apple Public Source License
15 * Version 2.0 (the 'License'). You may not use this file except in
16 * compliance with the License. Please obtain a copy of the License at
17 * http://www.opensource.apple.com/apsl/ and read it before using this
18 * file.
19 *
20 * The Original Code and all software distributed under the License are
21 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
22 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
23 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
24 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
25 * Please see the License for the specific language governing rights and
26 * limitations under the License.
27 *
28 * @APPLE_LICENSE_HEADER_END@
29 */
30
31 #define API_BEGIN \
32 try {
33
34 #define API_END \
35 } \
36 catch (const MacOSError &err) { return err.osStatus(); } \
37 catch (const std::bad_alloc &) { return errSecAllocate; } \
38 catch (...) { return errSecInternalComponent; } \
39 return errSecSuccess;
40
41 #define API_END_GENERIC_CATCH } catch (...) { return; }
42
43 #define API_END_ERROR_CATCH(bad) } catch (...) { return bad; }
44
45
46
47 OSStatus SecManifestGetVersion (UInt32 *version)
48 {
49 secinfo ("manifest", "SecManifestGetVersion");
50 *version = 0x01000000;
51 return errSecSuccess;
52 }
53
54
55
56 OSStatus SecManifestCreate(SecManifestRef *manifest)
57 {
58 API_BEGIN
59
60 Manifest* manifestPtr = new Manifest ();
61 *manifest = (SecManifestRef) manifestPtr;
62
63 secinfo ("manifest", "SecManifestCreate(%p)", manifest);
64
65 API_END
66 }
67
68
69
70 void SecManifestRelease (SecManifestRef manifest)
71 {
72 delete (Manifest*) manifest;
73 }
74
75 // On release builds, this function isn't called (due to how secinfo works). Assure the compiler this is okay.
76 #pragma clang diagnostic push
77 #pragma clang diagnostic ignored "-Wunused-function"
78 static const char* GetDescription (CFTypeRef object)
79 {
80 CFStringRef s = CFCopyDescription (object);
81 const char * p = CFStringGetCStringPtr (s, kCFStringEncodingMacRoman);
82 CFReleaseNull(s);
83 return p;
84 }
85 #pragma clang diagnostic pop
86
87
88
89 OSStatus SecManifestVerifySignature (CFDataRef data,
90 SecManifestTrustSetupCallback setupCallback,
91 void* setupContext,
92 SecManifestTrustEvaluateCallback evaluateCallback,
93 void* evaluateContext,
94 SecManifestRef *manifest)
95 {
96 return SecManifestVerifySignatureWithPolicy (data, setupCallback, setupContext, evaluateCallback,
97 evaluateContext, NULL, manifest);
98 }
99
100
101
102 OSStatus SecManifestVerifySignatureWithPolicy (CFDataRef data,
103 SecManifestTrustSetupCallback setupCallback,
104 void* setupContext,
105 SecManifestTrustEvaluateCallback evaluateCallback,
106 void* evaluateContext,
107 SecPolicyRef policyRef,
108 SecManifestRef *manifest)
109 {
110 API_BEGIN
111
112 secinfo ("manifest", "SecManifestVerifySignature (%s, %p, %p, %p, %p)", GetDescription (data), setupCallback, setupContext, evaluateCallback, evaluateContext);
113
114 Required (setupCallback);
115 Required (evaluateCallback);
116
117 Manifest* mp = new Manifest ();
118
119 // make a temporary manifest for this operation
120 Manifest tm;
121 tm.MakeSigner (kAppleSigner);
122
123 try
124 {
125
126 tm.GetSigner ()->Verify (data, setupCallback, setupContext, evaluateCallback, evaluateContext,
127 policyRef, manifest == NULL ? NULL : &mp->GetManifestInternal ());
128 if (manifest == NULL)
129 {
130 delete mp;
131 }
132 else
133 {
134 *manifest = (SecManifestRef) mp;
135 }
136 }
137 catch (...)
138 {
139 delete mp;
140 throw;
141 }
142
143 API_END
144 }
145
146
147
148 OSStatus SecManifestCreateSignature(SecManifestRef manifest, UInt32 options, CFDataRef *data)
149 {
150 API_BEGIN
151
152 secinfo ("manifest", "SecManifestCreateSignature(%p, %ul, %p)", manifest, (unsigned int) options, data);
153 Manifest* manifestPtr = (Manifest*) manifest;
154
155 if (options != 0)
156 {
157 return errSecUnimplemented;
158 }
159
160 // check to see if there is a serializer present
161 const ManifestSigner* signer = manifestPtr->GetSigner ();
162
163 if (signer == NULL) // no serializer?
164 {
165 manifestPtr->MakeSigner (kAppleSigner);
166 }
167
168 *data = manifestPtr->GetSigner ()->Export (manifestPtr->GetManifestInternal ());
169
170 API_END
171 }
172
173
174
175 OSStatus SecManifestAddObject(SecManifestRef manifest, CFTypeRef object, CFArrayRef exceptionList)
176 {
177 API_BEGIN
178
179 secinfo ("manifest", "SecManifestAddObject(%p), %s, %s",
180 manifest, GetDescription (object),
181 exceptionList ? GetDescription (exceptionList) : "NULL");
182
183 Manifest* manifestPtr = (Manifest*) manifest;
184 manifestPtr->GetManifestInternal ().GetItemList ().AddObject (object, exceptionList);
185
186 API_END
187 }
188
189
190
191 OSStatus SecManifestCompare(SecManifestRef manifest1, SecManifestRef manifest2, SecManifestCompareOptions options)
192 {
193 API_BEGIN
194
195 secinfo ("manifest", "SecManifestVerify(%p, %p, %d)", manifest1, manifest2, (int) options);
196
197 ManifestInternal &m1 = ((Manifest*) (manifest1))->GetManifestInternal ();
198 ManifestInternal &m2 = ((Manifest*) (manifest2))->GetManifestInternal ();
199
200 ManifestInternal::CompareManifests (m1, m2, options);
201
202 API_END
203 }
204
205
206
207 OSStatus SecManifestAddSigner(SecManifestRef manifest, SecIdentityRef identity)
208 {
209 API_BEGIN
210
211 secinfo ("manifest", "SecManifestAddSigner(%p, %p)", manifest, identity);
212 Manifest* manifestPtr = (Manifest*) (manifest);
213
214 // check to see if there is a serializer present
215 const ManifestSigner* signer = manifestPtr->GetSigner ();
216
217 if (signer == NULL) // no serializer?
218 {
219 manifestPtr->MakeSigner (kAppleSigner);
220 }
221
222 manifestPtr->GetSigner ()->AddSigner (identity);
223
224 API_END
225 }
226
227
228