2 * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 // CodeSigner - SecCodeSigner API objects
31 #include "StaticCode.h"
32 #include "cdbuilder.h"
33 #include <Security/SecIdentity.h>
34 #include <security_utilities/utilities.h>
37 namespace CodeSigning
{
41 // A SecCode object represents running code in the system. It must be subclassed
42 // to implement a particular notion of code.
44 class SecCodeSigner
: public SecCFObject
, public DiskRep::SigningContext
{
51 SECCFFUNCTIONS(SecCodeSigner
, SecCodeSignerRef
, errSecCSInvalidObjectRef
, gCFObjects().CodeSigner
)
53 SecCodeSigner(SecCSFlags flags
);
54 virtual ~SecCodeSigner() throw();
56 void parameters(CFDictionaryRef args
); // parse and set parameters
59 void sign(SecStaticCode
*code
, SecCSFlags flags
);
60 void remove(SecStaticCode
*code
, SecCSFlags flags
);
62 void returnDetachedSignature(BlobCore
*blob
, Signer
&signer
);
65 std::string
sdkPath(const std::string
&path
) const;
69 // parsed parameter set
70 SecCSFlags mOpFlags
; // operation flags
71 CFRef
<SecIdentityRef
> mSigner
; // signing identity
72 CFRef
<CFTypeRef
> mDetached
; // detached-signing information (NULL => attached)
73 CFRef
<CFDictionaryRef
> mResourceRules
; // explicit resource collection rules (override)
74 CFRef
<CFDateRef
> mSigningTime
; // signing time desired (kCFNull for none)
75 CFRef
<CFDataRef
> mApplicationData
; // contents of application slot
76 CFRef
<CFDataRef
> mEntitlementData
; // entitlement configuration data
77 CFRef
<CFURLRef
> mSDKRoot
; // substitute filesystem root for sub-component lookup
78 const Requirements
*mRequirements
; // internal code requirements
79 size_t mCMSSize
; // size estimate for CMS blob
80 uint32_t mCdFlags
; // CodeDirectory flags
81 bool mCdFlagsGiven
; // CodeDirectory flags were specified
82 CodeDirectory::HashAlgorithm mDigestAlgorithm
; // interior digest (hash) algorithm
83 std::string mIdentifier
; // unique identifier override
84 std::string mIdentifierPrefix
; // prefix for un-dotted default identifiers
85 bool mNoMachO
; // override to perform non-Mach-O signing
86 bool mDryRun
; // dry run (do not change target)
87 CFRef
<CFNumberRef
> mPageSize
; // main executable page size
88 CFRef
<SecIdentityRef
> mTimestampAuthentication
; // identity for client-side authentication to the Timestamp server
89 CFRef
<CFURLRef
> mTimestampService
; // URL for Timestamp server
90 bool mWantTimeStamp
; // use a Timestamp server
91 bool mNoTimeStampCerts
; // don't request certificates with timestamping request
95 } // end namespace CodeSigning
96 } // end namespace Security
98 #endif // !_H_CODESIGNER
projects / apple / security.git / blob