]> git.saurik.com Git - apple/security.git/blob - Keychain/TrustedApplication.cpp
projects / apple / security.git / blob
? search:


3c1037a7b7b052cca567c46d99e78011bfd4afde
[apple/security.git] / Keychain / TrustedApplication.cpp
1 /*
2 * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved.
3 *
4 * The contents of this file constitute Original Code as defined in and are
5 * subject to the Apple Public Source License Version 1.2 (the 'License').
6 * You may not use this file except in compliance with the License. Please obtain
7 * a copy of the License at http://www.apple.com/publicsource and read it before
8 * using this file.
9 *
10 * This Original Code and all software distributed under the License are
11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
15 * specific language governing rights and limitations under the License.
16 */
17
18 //
19 // TrustedApplication.cpp
20 //
21 #include <Security/TrustedApplication.h>
22 #include <Security/ACL.h>
23 #include <Security/osxsigning.h>
24 #include <Security/osxsigner.h>
25 #include <Security/trackingallocator.h>
26 #include <sys/syslimits.h>
27 #include <memory>
28
29 using namespace KeychainCore;
30 using namespace CodeSigning;
31
32
33 //
34 // Create a TrustedApplication from a code-signing ACL subject.
35 // Throws ACL::ParseError if the subject is unexpected.
36 //
37 TrustedApplication::TrustedApplication(const TypedList &subject)
38 : mSignature(CssmAllocator::standard()),
39 mData(CssmAllocator::standard())
40 {
41 if (subject.type() != CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE)
42 throw ACL::ParseError();
43 if (subject[1] != CSSM_ACL_CODE_SIGNATURE_OSX)
44 throw ACL::ParseError();
45 mSignature = subject[2].data();
46 mData = subject[3].data();
47 }
48
49
50 TrustedApplication::TrustedApplication(const CssmData &signature, const CssmData &data) :
51 mSignature(CssmAllocator::standard(), signature),
52 mData(CssmAllocator::standard(), data)
53 {
54 }
55
56 TrustedApplication::TrustedApplication(const char *path)
57 : mSignature(CssmAllocator::standard()),
58 mData(CssmAllocator::standard())
59 {
60 OSXSigner signer;
61 RefPointer<OSXCode> object(OSXCode::at(path));
62 auto_ptr<OSXSigner::OSXSignature> signature(signer.sign(*object));
63 mSignature = *signature;
64 string basePath = object->canonicalPath();
65 mData = CssmData(const_cast<char *>(basePath.c_str()), basePath.length() + 1);
66 }
67
68 TrustedApplication::TrustedApplication()
69 : mSignature(CssmAllocator::standard()),
70 mData(CssmAllocator::standard())
71 {
72 OSXSigner signer;
73 RefPointer<OSXCode> object(OSXCode::main());
74 auto_ptr<OSXSigner::OSXSignature> signature(signer.sign(*object));
75 mSignature = *signature;
76 string path = object->canonicalPath();
77 mData.copy(path.c_str(), path.length() + 1); // including trailing null
78 }
79
80 TrustedApplication::~TrustedApplication() throw()
81 {
82 }
83
84 const CssmData &
85 TrustedApplication::signature() const
86 {
87 return mSignature;
88 }
89
90 const char *
91 TrustedApplication::path() const
92 {
93 if (mData)
94 return mData.get().interpretedAs<const char>();
95 else
96 return NULL;
97 }
98
99 bool
100 TrustedApplication::sameSignature(const char *path)
101 {
102 // return true if object at given path has same signature
103 CssmAutoData otherSignature(CssmAllocator::standard());
104 calcSignature(path, otherSignature);
105 return (mSignature.get() == otherSignature);
106 }
107
108 void
109 TrustedApplication::calcSignature(const char *path, CssmOwnedData &signature)
110 {
111 // generate a signature for the given object
112 RefPointer<CodeSigning::OSXCode> objToVerify(CodeSigning::OSXCode::at(path));
113 CodeSigning::OSXSigner signer;
114 auto_ptr<CodeSigning::OSXSigner::OSXSignature> osxSignature(signer.sign(*objToVerify));
115 signature.copy(osxSignature->data(), osxSignature->length());
116 }
117
118
119 //
120 // Produce a TypedList representing a code-signing ACL subject
121 // for this application.
122 // Memory is allocated from the allocator given, and belongs to
123 // the caller.
124 //
125 TypedList TrustedApplication::makeSubject(CssmAllocator &allocator)
126 {
127 return TypedList(allocator,
128 CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE,
129 new(allocator) ListElement(CSSM_ACL_CODE_SIGNATURE_OSX),
130 new(allocator) ListElement(allocator, mSignature.get()),
131 new(allocator) ListElement(allocator, mData.get()));
132 }
133
134
135 //
136 // On a completely different note...
137 // Read a simple text file from disk and cache the lines in a set.
138 // This is used during re-prebinding to cut down on the number of
139 // equivalency records being generated.
140 // This feature is otherwise completely unconnected to anything else here.
141 //
142 PathDatabase::PathDatabase(const char *path)
143 {
144 if (FILE *f = fopen(path, "r")) {
145 mQualifyAll = false;
146 char path[PATH_MAX+1];
147 while (fgets(path, sizeof(path), f)) {
148 path[strlen(path)-1] = '\0'; // strip NL
149 mPaths.insert(path);
150 }
151 fclose(f);
152 secdebug("equivdb", "read %ld paths from %s", mPaths.size(), path);
153 } else {
154 mQualifyAll = true;
155 secdebug("equivdb", "cannot open %s, will qualify all application paths", path);
156 }
157 }
158
159
160 bool PathDatabase::lookup(const string &path)
161 {
162 string::size_type lastSlash = path.rfind('/');
163 string::size_type bundleCore = path.find("/Contents/MacOS/");
164 if (lastSlash != string::npos && bundleCore != string::npos)
165 if (bundleCore + 15 == lastSlash)
166 path = path.substr(0, bundleCore);
167 return mPaths.find(path) != mPaths.end();
168 }
mirror of Security