OSX/include/security_cdsa_utilities/osxverifier.h

   1 /*
   2  * Copyright (c) 2000-2001,2011,2013-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // osxsigner - MacOS X's standard code signing algorithm.
  21 //
  22 #ifndef _H_OSXVERIFIER
  23 #define _H_OSXVERIFIER
  24
  25 #include <security_utilities/hashing.h>
  26 #include <security_utilities/osxcode.h>
  27 #include <security_utilities/blob.h>
  28 #include <security_cdsa_utilities/cssmdata.h>
  29 #include <Security/CodeSigning.h>
  30 #include <string>
  31 #include <map>
  32
  33 namespace Security {
  34
  35
  36 //
  37 // A standard OS X style signature verifier.
  38 // This encapsulates the different modes of signing/verifying currently
  39 // supported. It knows nothing about the way this is represented in
  40 // keychain access control lists; this knowledge resides exclusively
  41 // in acl_codesigning.
  42 //
  43 class OSXVerifier {
  44 public:
  45         static const size_t legacyHashLimit = 16 * 1024;
  46         static const uint32_t commentAlignment = 4;
  47
  48 public:
  49         // make a Verifier from a code reference object
  50         OSXVerifier(OSXCode *code);             // makes both legacy hash and SecRequirement
  51         OSXVerifier(const SHA1::Byte *hash, const std::string &path); // just hash
  52         ~OSXVerifier();
  53
  54         // components
  55         const unsigned char *legacyHash() const { return mLegacyHash; }
  56         const std::string& path() const { return mPath; }
  57         SecRequirementRef requirement() const { return mRequirement; }
  58
  59 public:
  60         // handle other (not explicitly understood) information in the verifier
  61         class AuxMap : public std::map<BlobCore::Magic, BlobCore *> {
  62         public:
  63                 AuxMap() { }
  64                 AuxMap(const AuxMap &src);
  65                 ~AuxMap();
  66         };
  67
  68         AuxMap::const_iterator beginAux() const { return mAuxiliary.begin(); }
  69         AuxMap::const_iterator endAux() const { return mAuxiliary.end(); }
  70
  71         void add(const BlobCore *info);
  72         const BlobCore *find(BlobCore::Magic magic);
  73
  74         template <class BlobType>
  75         static const BlobType *find()
  76         { return static_cast<BlobType *>(find(BlobType::typeMagic)); }
  77
  78 public:
  79         static void makeLegacyHash(OSXCode *code, SHA1::Digest digest);
  80
  81         IFDUMP(void dump() const);
  82
  83 private:
  84         SHA1::Digest mLegacyHash;               // legacy page hash
  85         std::string mPath;                              // path to originating code (comment)
  86         CFCopyRef<SecRequirementRef> mRequirement; // CS-style requirement
  87         AuxMap mAuxiliary;                              // other data (does not include mRequirement)
  88 };
  89
  90 } // end namespace Security
  91
  92
  93 #endif //_H_OSXVERIFIER