2 * Copyright (c) 2006-2012,2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 // CodeSigner - SecCodeSigner API objects
31 #include "StaticCode.h"
32 #include "cdbuilder.h"
33 #include <Security/SecIdentity.h>
34 #include <security_utilities/utilities.h>
37 namespace CodeSigning
{
41 // A SecCode object represents running code in the system. It must be subclassed
42 // to implement a particular notion of code.
44 class SecCodeSigner
: public SecCFObject
, public DiskRep::SigningContext
{
51 SECCFFUNCTIONS(SecCodeSigner
, SecCodeSignerRef
, errSecCSInvalidObjectRef
, gCFObjects().CodeSigner
)
53 SecCodeSigner(SecCSFlags flags
);
54 virtual ~SecCodeSigner() throw();
56 void parameters(CFDictionaryRef args
); // parse and set parameters
59 std::string
getTeamIDFromSigner(CFArrayRef certs
);
61 void sign(SecStaticCode
*code
, SecCSFlags flags
);
62 void remove(SecStaticCode
*code
, SecCSFlags flags
);
64 void returnDetachedSignature(BlobCore
*blob
, Signer
&signer
);
67 std::string
sdkPath(const std::string
&path
) const;
69 SecCSFlags
signingFlags() const;
72 // parsed parameter set
73 SecCSFlags mOpFlags
; // operation flags
74 CFRef
<SecIdentityRef
> mSigner
; // signing identity
75 CFRef
<CFTypeRef
> mDetached
; // detached-signing information (NULL => attached)
76 CFRef
<CFDictionaryRef
> mResourceRules
; // explicit resource collection rules (override)
77 CFRef
<CFDateRef
> mSigningTime
; // signing time desired (kCFNull for none)
78 CFRef
<CFDataRef
> mApplicationData
; // contents of application slot
79 CFRef
<CFDataRef
> mEntitlementData
; // entitlement configuration data
80 CFRef
<CFURLRef
> mSDKRoot
; // substitute filesystem root for sub-component lookup
81 CFRef
<CFTypeRef
> mRequirements
; // internal code requirements
82 size_t mCMSSize
; // size estimate for CMS blob
83 uint32_t mCdFlags
; // CodeDirectory flags
84 uint32_t mPreserveMetadata
; // metadata preservation options
85 bool mCdFlagsGiven
; // CodeDirectory flags were specified
86 CodeDirectory::HashAlgorithm mDigestAlgorithm
; // interior digest (hash) algorithm
87 std::string mIdentifier
; // unique identifier override
88 std::string mIdentifierPrefix
; // prefix for un-dotted default identifiers
89 std::string mTeamID
; // teamID
90 PlatformIdentifier mPlatform
; // platform identifier (zero if not platform binary)
91 bool mNoMachO
; // override to perform non-Mach-O signing
92 bool mDryRun
; // dry run (do not change target)
93 CFRef
<CFNumberRef
> mPageSize
; // main executable page size
94 CFRef
<SecIdentityRef
> mTimestampAuthentication
; // identity for client-side authentication to the Timestamp server
95 CFRef
<CFURLRef
> mTimestampService
; // URL for Timestamp server
96 bool mWantTimeStamp
; // use a Timestamp server
97 bool mNoTimeStampCerts
; // don't request certificates with timestamping request
98 LimitedAsync
*mLimitedAsync
; // limited async workers for verification
103 } // end namespace CodeSigning
104 } // end namespace Security
106 #endif // !_H_CODESIGNER
projects / apple / security.git / blob