OSX/libsecurity_manifest/lib/SecManifest.cpp

   1 #include "SecManifest.h"
   2 #include <security_utilities/security_utilities.h>
   3 #include "Manifest.h"
   4 #include <security_utilities/seccfobject.h>
   5 #include <security_cdsa_utilities/cssmbridge.h>
   6 #include <../sec/Security/SecBase.h>
   7 /*
   8  * Copyright (c) 2004,2011,2013-2014 Apple Inc. All Rights Reserved.
   9  *
  10  * @APPLE_LICENSE_HEADER_START@
  11  *
  12  * This file contains Original Code and/or Modifications of Original Code
  13  * as defined in and that are subject to the Apple Public Source License
  14  * Version 2.0 (the 'License'). You may not use this file except in
  15  * compliance with the License. Please obtain a copy of the License at
  16  * http://www.opensource.apple.com/apsl/ and read it before using this
  17  * file.
  18  *
  19  * The Original Code and all software distributed under the License are
  20  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  21  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  22  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  23  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  24  * Please see the License for the specific language governing rights and
  25  * limitations under the License.
  26  *
  27  * @APPLE_LICENSE_HEADER_END@
  28  */
  29
  30 #define API_BEGIN \
  31         try {
  32
  33 #define API_END \
  34         } \
  35         catch (const MacOSError &err) { return err.osStatus(); } \
  36         catch (const std::bad_alloc &) { return errSecAllocate; } \
  37         catch (...) { return errSecInternalComponent; } \
  38     return errSecSuccess;
  39
  40 #define API_END_GENERIC_CATCH           } catch (...) { return; }
  41
  42 #define API_END_ERROR_CATCH(bad)        } catch (...) { return bad; }
  43
  44
  45
  46 OSStatus SecManifestGetVersion (UInt32 *version)
  47 {
  48         secdebug ("manifest", "SecManifestGetVersion");
  49         *version = 0x01000000;
  50         return errSecSuccess;
  51 }
  52
  53
  54
  55 OSStatus SecManifestCreate(SecManifestRef *manifest)
  56 {
  57         API_BEGIN
  58
  59         Manifest* manifestPtr = new Manifest ();
  60         *manifest = (SecManifestRef) manifestPtr;
  61
  62         secdebug ("manifest", "SecManifestCreate(%p)", manifest);
  63
  64         API_END
  65 }
  66
  67
  68
  69 void SecManifestRelease (SecManifestRef manifest)
  70 {
  71         delete (Manifest*) manifest;
  72 }
  73
  74
  75
  76 static const char* GetDescription (CFTypeRef object)
  77 {
  78         return CFStringGetCStringPtr (CFCopyDescription (object), kCFStringEncodingMacRoman);
  79 }
  80
  81
  82
  83 OSStatus SecManifestVerifySignature (CFDataRef data,
  84                                                                          SecManifestTrustSetupCallback setupCallback,
  85                                                                          void* setupContext,
  86                                                                          SecManifestTrustEvaluateCallback evaluateCallback,
  87                                                                          void* evaluateContext,
  88                                                                          SecManifestRef *manifest)
  89 {
  90         return SecManifestVerifySignatureWithPolicy (data, setupCallback, setupContext, evaluateCallback,
  91                                                                                                  evaluateContext, NULL, manifest);
  92 }
  93
  94
  95
  96 OSStatus SecManifestVerifySignatureWithPolicy (CFDataRef data,
  97                                                                                            SecManifestTrustSetupCallback setupCallback,
  98                                                                                            void* setupContext,
  99                                                                                            SecManifestTrustEvaluateCallback evaluateCallback,
 100                                                                                            void* evaluateContext,
 101                                                                                            SecPolicyRef policyRef,
 102                                                                                            SecManifestRef *manifest)
 103 {
 104         API_BEGIN
 105
 106         secdebug ("manifest", "SecManifestVerifySignature (%s, %p, %p, %p, %p)", GetDescription (data), setupCallback, setupContext, evaluateCallback, evaluateContext);
 107
 108         Required (setupCallback);
 109         Required (evaluateCallback);
 110
 111         Manifest* mp = new Manifest ();
 112
 113         // make a temporary manifest for this operation
 114         Manifest tm;
 115         tm.MakeSigner (kAppleSigner);
 116
 117         try
 118         {
 119
 120                 tm.GetSigner ()->Verify (data, setupCallback, setupContext, evaluateCallback, evaluateContext,
 121                                                                  policyRef, manifest == NULL ? NULL : &mp->GetManifestInternal ());
 122                 if (manifest == NULL)
 123                 {
 124                         delete mp;
 125                 }
 126                 else
 127                 {
 128                         *manifest = (SecManifestRef) mp;
 129                 }
 130         }
 131         catch (...)
 132         {
 133                 delete mp;
 134                 throw;
 135         }
 136
 137         API_END
 138 }
 139
 140
 141
 142 OSStatus SecManifestCreateSignature(SecManifestRef manifest, UInt32 options, CFDataRef *data)
 143 {
 144         API_BEGIN
 145
 146         secdebug ("manifest", "SecManifestCreateSignature(%p, %ul, %p)", manifest, (unsigned int) options, data);
 147         Manifest* manifestPtr = (Manifest*) manifest;
 148
 149         if (options != 0)
 150         {
 151                 return errSecUnimplemented;
 152         }
 153
 154         // check to see if there is a serializer present
 155         const ManifestSigner* signer = manifestPtr->GetSigner ();
 156
 157         if (signer == NULL) // no serializer?
 158         {
 159                 manifestPtr->MakeSigner (kAppleSigner);
 160         }
 161
 162         *data = manifestPtr->GetSigner ()->Export (manifestPtr->GetManifestInternal ());
 163
 164         API_END
 165 }
 166
 167
 168
 169 OSStatus SecManifestAddObject(SecManifestRef manifest, CFTypeRef object, CFArrayRef exceptionList)
 170 {
 171         API_BEGIN
 172
 173         secdebug ("manifest", "SecManifestAddObject(%p), %s, %s",
 174                                                   manifest, GetDescription (object),
 175                                                   exceptionList ? GetDescription (exceptionList) : "NULL");
 176
 177         Manifest* manifestPtr = (Manifest*) manifest;
 178         manifestPtr->GetManifestInternal ().GetItemList ().AddObject (object, exceptionList);
 179
 180         API_END
 181 }
 182
 183
 184
 185 OSStatus SecManifestCompare(SecManifestRef manifest1, SecManifestRef manifest2, SecManifestCompareOptions options)
 186 {
 187         API_BEGIN
 188
 189         secdebug ("manifest", "SecManifestVerify(%p, %p, %d)", manifest1, manifest2, (int) options);
 190
 191         ManifestInternal &m1 = ((Manifest*) (manifest1))->GetManifestInternal ();
 192         ManifestInternal &m2 = ((Manifest*) (manifest2))->GetManifestInternal ();
 193
 194         ManifestInternal::CompareManifests (m1, m2, options);
 195
 196         API_END
 197 }
 198
 199
 200
 201 OSStatus SecManifestAddSigner(SecManifestRef manifest, SecIdentityRef identity)
 202 {
 203         API_BEGIN
 204
 205         secdebug ("manifest", "SecManifestAddSigner(%p, %p)", manifest, identity);
 206         Manifest* manifestPtr = (Manifest*) (manifest);
 207
 208         // check to see if there is a serializer present
 209         const ManifestSigner* signer = manifestPtr->GetSigner ();
 210
 211         if (signer == NULL) // no serializer?
 212         {
 213                 manifestPtr->MakeSigner (kAppleSigner);
 214         }
 215
 216         manifestPtr->GetSigner ()->AddSigner (identity);
 217
 218         API_END
 219 }
 220
 221
 222