cdsa/cdsa_utilities/acl_codesigning.cpp

   1 /*
   2  * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // acl_codesigning - ACL subject for signature of calling application
  21 //
  22 #ifdef __MWERKS__
  23 #define _CPP_ACL_CODESIGNING
  24 #endif
  25
  26 #include <Security/acl_codesigning.h>
  27 #include <Security/cssmdata.h>
  28 #include <algorithm>
  29
  30
  31 //
  32 // Construct a password ACL subject.
  33 // Note that this takes over ownership of the signature object.
  34 //
  35 CodeSignatureAclSubject::CodeSignatureAclSubject(CssmAllocator &alloc,
  36         const Signature *signature, const void *comment, size_t commentLength)
  37         : AclSubject(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE),
  38     allocator(alloc), mSignature(signature),
  39         mHaveComment(true), mComment(alloc, comment, commentLength)
  40 { }
  41
  42 CodeSignatureAclSubject::CodeSignatureAclSubject(CssmAllocator &alloc,
  43         const Signature *signature)
  44         : AclSubject(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE),
  45     allocator(alloc), mSignature(signature), mHaveComment(false), mComment(alloc)
  46 { }
  47
  48 CodeSignatureAclSubject::~CodeSignatureAclSubject()
  49 {
  50         delete mSignature;
  51 }
  52
  53 //
  54 // Code signature credentials are validated globally - they are entirely
  55 // a feature of "the" process (defined by the environment), and take no
  56 // samples whatsoever.
  57 //
  58 bool CodeSignatureAclSubject::validate(const AclValidationContext &context) const
  59 {
  60         // a suitable environment is required for a match
  61     if (Environment *env = context.environment<Environment>())
  62                 return env->verifyCodeSignature(mSignature);
  63         else
  64                 return false;
  65 }
  66
  67
  68 //
  69 // Make a copy of this subject in CSSM_LIST form.
  70 // The format is (head), (type code: Wordid), (signature data: datum), (comment: datum)
  71 //
  72 CssmList CodeSignatureAclSubject::toList(CssmAllocator &alloc) const
  73 {
  74     // all associated data is public (no secrets)
  75         TypedList list(alloc, CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE,
  76                 new(alloc) ListElement(mSignature->type()),
  77                 new(alloc) ListElement(alloc.alloc(*mSignature)));
  78         if (mHaveComment)
  79                 list += new(alloc) ListElement(alloc.alloc(mComment));
  80         return list;
  81 }
  82
  83
  84 //
  85 // Create a CodeSignatureAclSubject
  86 //
  87 CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(const TypedList &list) const
  88 {
  89     CssmAllocator &alloc = CssmAllocator::standard();
  90         if (list.length() == 3+1) {
  91                 // signature type: int, signature data: datum, comment: datum
  92                 ListElement *elem[3];
  93                 crack(list, 3, elem,
  94                         CSSM_LIST_ELEMENT_WORDID, CSSM_LIST_ELEMENT_DATUM, CSSM_LIST_ELEMENT_DATUM);
  95                 CssmData &commentData(*elem[2]);
  96                 return new CodeSignatureAclSubject(alloc, signer.restore(*elem[0], *elem[1]),
  97                         commentData.data(), commentData.length());
  98         } else {
  99                 // signature type: int, signature data: datum [no comment]
 100                 ListElement *elem[2];
 101                 crack(list, 2, elem,
 102                         CSSM_LIST_ELEMENT_WORDID, CSSM_LIST_ELEMENT_DATUM);
 103                 return new CodeSignatureAclSubject(alloc, signer.restore(*elem[0], *elem[1]));
 104         }
 105 }
 106
 107 CodeSignatureAclSubject *CodeSignatureAclSubject::Maker::make(Version version,
 108         Reader &pub, Reader &priv) const
 109 {
 110         assert(version == 0);
 111     CssmAllocator &alloc = CssmAllocator::standard();
 112         uint32 sigType; pub(sigType);
 113         const void *data; uint32 length; pub.countedData(data, length);
 114         const void *commentData; uint32 commentLength; pub.countedData(commentData, commentLength);
 115         return new CodeSignatureAclSubject(alloc,
 116                 signer.restore(sigType, data, length),
 117                 commentData, commentLength);
 118 }
 119
 120
 121 //
 122 // Export the subject to a memory blob
 123 //
 124 void CodeSignatureAclSubject::exportBlob(Writer::Counter &pub, Writer::Counter &priv)
 125 {
 126         uint32 sigType = mSignature->type(); pub(sigType);
 127         pub.countedData(*mSignature);
 128         pub.countedData(mComment);
 129 }
 130
 131 void CodeSignatureAclSubject::exportBlob(Writer &pub, Writer &priv)
 132 {
 133         uint32 sigType = mSignature->type(); pub(sigType);
 134         pub.countedData(*mSignature);
 135         pub.countedData(mComment);
 136 }
 137
 138
 139 #ifdef DEBUGDUMP
 140
 141 void CodeSignatureAclSubject::debugDump() const
 142 {
 143         Debug::dump("CodeSigning");
 144         if (mHaveComment) {
 145                 Debug::dump(" comment=");
 146                 Debug::dumpData(mComment);
 147         }
 148 }
 149
 150 #endif //DEBUGDUMP