OSX/libsecurity_cdsa_utilities/lib/osxverifier.h

   1 /*
   2  * Copyright (c) 2000-2001,2011,2013-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // osxsigner - MacOS X's standard code signing algorithm.
  21 //
  22 #ifndef _H_OSXVERIFIER
  23 #define _H_OSXVERIFIER
  24
  25 #include <security_utilities/hashing.h>
  26 #include <security_utilities/osxcode.h>
  27 #include <security_utilities/blob.h>
  28 #include <security_utilities/debugging_internal.h>
  29 #include <security_cdsa_utilities/cssmdata.h>
  30 #include <Security/CodeSigning.h>
  31 #include <string>
  32 #include <map>
  33
  34 namespace Security {
  35
  36
  37 //
  38 // A standard OS X style signature verifier.
  39 // This encapsulates the different modes of signing/verifying currently
  40 // supported. It knows nothing about the way this is represented in
  41 // keychain access control lists; this knowledge resides exclusively
  42 // in acl_codesigning.
  43 //
  44 class OSXVerifier {
  45 public:
  46         static const size_t legacyHashLimit = 16 * 1024;
  47         static const uint32_t commentAlignment = 4;
  48
  49 public:
  50         // make a Verifier from a code reference object
  51         OSXVerifier(OSXCode *code);             // makes both legacy hash and SecRequirement
  52         OSXVerifier(const SHA1::Byte *hash, const std::string &path); // just hash
  53         ~OSXVerifier();
  54
  55         // components
  56         const unsigned char *legacyHash() const { return mLegacyHash; }
  57         const std::string& path() const { return mPath; }
  58         SecRequirementRef requirement() const { return mRequirement; }
  59
  60 public:
  61         // handle other (not explicitly understood) information in the verifier
  62         class AuxMap : public std::map<BlobCore::Magic, BlobCore *> {
  63         public:
  64                 AuxMap() { }
  65                 AuxMap(const AuxMap &src);
  66                 ~AuxMap();
  67         };
  68
  69         AuxMap::const_iterator beginAux() const { return mAuxiliary.begin(); }
  70         AuxMap::const_iterator endAux() const { return mAuxiliary.end(); }
  71
  72         void add(const BlobCore *info);
  73         const BlobCore *find(BlobCore::Magic magic);
  74
  75         template <class BlobType>
  76         static const BlobType *find()
  77         { return static_cast<BlobType *>(find(BlobType::typeMagic)); }
  78
  79 public:
  80         static void makeLegacyHash(OSXCode *code, SHA1::Digest digest);
  81
  82         IFDUMP(void dump() const);
  83
  84 private:
  85         SHA1::Digest mLegacyHash;               // legacy page hash
  86         std::string mPath;                              // path to originating code (comment)
  87         CFCopyRef<SecRequirementRef> mRequirement; // CS-style requirement
  88         AuxMap mAuxiliary;                              // other data (does not include mRequirement)
  89 };
  90
  91 } // end namespace Security
  92
  93
  94 #endif //_H_OSXVERIFIER