2 * Copyright (c) 2006-2012,2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 // CodeSigner - SecCodeSigner API objects
31 #include "StaticCode.h"
32 #include "cdbuilder.h"
33 #include <Security/SecIdentity.h>
34 #include <security_utilities/utilities.h>
37 namespace CodeSigning
{
41 // A SecCode object represents running code in the system. It must be subclassed
42 // to implement a particular notion of code.
44 class SecCodeSigner
: public SecCFObject
{
51 SECCFFUNCTIONS(SecCodeSigner
, SecCodeSignerRef
, errSecCSInvalidObjectRef
, gCFObjects().CodeSigner
)
53 SecCodeSigner(SecCSFlags flags
);
54 virtual ~SecCodeSigner() throw();
56 void parameters(CFDictionaryRef args
); // parse and set parameters
59 std::string
getTeamIDFromSigner(CFArrayRef certs
);
61 void sign(SecStaticCode
*code
, SecCSFlags flags
);
62 void remove(SecStaticCode
*code
, SecCSFlags flags
);
64 void returnDetachedSignature(BlobCore
*blob
, Signer
&signer
);
66 const CodeDirectory::HashAlgorithms
&digestAlgorithms() const { return mDigestAlgorithms
; }
69 // parsed parameter set
70 SecCSFlags mOpFlags
; // operation flags
71 CFRef
<SecIdentityRef
> mSigner
; // signing identity
72 CFRef
<CFTypeRef
> mDetached
; // detached-signing information (NULL => attached)
73 CFRef
<CFDictionaryRef
> mResourceRules
; // explicit resource collection rules (override)
74 CFRef
<CFDateRef
> mSigningTime
; // signing time desired (kCFNull for none)
75 CFRef
<CFDataRef
> mApplicationData
; // contents of application slot
76 CFRef
<CFDataRef
> mEntitlementData
; // entitlement configuration data
77 CFRef
<CFURLRef
> mSDKRoot
; // substitute filesystem root for sub-component lookup
78 CFRef
<CFTypeRef
> mRequirements
; // internal code requirements
79 size_t mCMSSize
; // size estimate for CMS blob
80 uint32_t mCdFlags
; // CodeDirectory flags
81 uint32_t mPreserveMetadata
; // metadata preservation options
82 bool mCdFlagsGiven
; // CodeDirectory flags were specified
83 CodeDirectory::HashAlgorithms mDigestAlgorithms
; // interior digest (hash) algorithm
84 std::string mIdentifier
; // unique identifier override
85 std::string mIdentifierPrefix
; // prefix for un-dotted default identifiers
86 std::string mTeamID
; // teamID
87 PlatformIdentifier mPlatform
; // platform identifier (zero if not platform binary)
88 bool mNoMachO
; // override to perform non-Mach-O signing
89 bool mDryRun
; // dry run (do not change target)
90 CFRef
<CFNumberRef
> mPageSize
; // main executable page size
91 CFRef
<SecIdentityRef
> mTimestampAuthentication
; // identity for client-side authentication to the Timestamp server
92 CFRef
<CFURLRef
> mTimestampService
; // URL for Timestamp server
93 bool mWantTimeStamp
; // use a Timestamp server
94 bool mNoTimeStampCerts
; // don't request certificates with timestamping request
95 LimitedAsync
*mLimitedAsync
; // limited async workers for verification
96 uint32_t mRuntimeVersionOverride
; // runtime Version Override
101 } // end namespace CodeSigning
102 } // end namespace Security
104 #endif // !_H_CODESIGNER
projects / apple / security.git / blob