OSX/libsecurity_cdsa_utilities/lib/osxverifier.h

   1 /*
   2  * Copyright (c) 2000-2001,2011,2013-2014 Apple Inc. All Rights Reserved.
   3  *
   4  * The contents of this file constitute Original Code as defined in and are
   5  * subject to the Apple Public Source License Version 1.2 (the 'License').
   6  * You may not use this file except in compliance with the License. Please obtain
   7  * a copy of the License at http://www.apple.com/publicsource and read it before
   8  * using this file.
   9  *
  10  * This Original Code and all software distributed under the License are
  11  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
  12  * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
  13  * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
  14  * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
  15  * specific language governing rights and limitations under the License.
  16  */
  17
  18
  19 //
  20 // osxsigner - MacOS X's standard code signing algorithm.
  21 //
  22 #ifndef _H_OSXVERIFIER
  23 #define _H_OSXVERIFIER
  24
  25 #include <security_utilities/hashing.h>
  26 #include <security_utilities/osxcode.h>
  27 #include <security_utilities/blob.h>
  28 #include <security_utilities/debugging_internal.h>
  29 #include <security_cdsa_utilities/cssmdata.h>
  30 #include <Security/CodeSigning.h>
  31 #include <string>
  32 #include <map>
  33
  34 #define LEGACY_HASH_LIMIT 16*1024
  35
  36 namespace Security {
  37
  38
  39 //
  40 // A standard OS X style signature verifier.
  41 // This encapsulates the different modes of signing/verifying currently
  42 // supported. It knows nothing about the way this is represented in
  43 // keychain access control lists; this knowledge resides exclusively
  44 // in acl_codesigning.
  45 //
  46 class OSXVerifier {
  47 public:
  48         static const size_t legacyHashLimit = LEGACY_HASH_LIMIT;
  49         static const uint32_t commentAlignment = 4;
  50
  51 public:
  52         // make a Verifier from a code reference object
  53         OSXVerifier(OSXCode *code);             // makes both legacy hash and SecRequirement
  54         OSXVerifier(const SHA1::Byte *hash, const std::string &path); // just hash
  55         ~OSXVerifier();
  56
  57         // components
  58         const unsigned char *legacyHash() const { return mLegacyHash; }
  59         const std::string& path() const { return mPath; }
  60         SecRequirementRef requirement() const { return mRequirement; }
  61
  62 public:
  63         // handle other (not explicitly understood) information in the verifier
  64         class AuxMap : public std::map<BlobCore::Magic, BlobCore *> {
  65         public:
  66                 AuxMap() { }
  67                 AuxMap(const AuxMap &src);
  68                 ~AuxMap();
  69         };
  70
  71         AuxMap::const_iterator beginAux() const { return mAuxiliary.begin(); }
  72         AuxMap::const_iterator endAux() const { return mAuxiliary.end(); }
  73
  74         void add(const BlobCore *info);
  75         const BlobCore *find(BlobCore::Magic magic);
  76
  77         template <class BlobType>
  78         static const BlobType *find()
  79         { return static_cast<BlobType *>(find(BlobType::typeMagic)); }
  80
  81 public:
  82         static void makeLegacyHash(OSXCode *code, SHA1::Digest digest);
  83
  84         IFDUMP(void dump() const);
  85
  86 private:
  87         SHA1::Digest mLegacyHash;               // legacy page hash
  88         std::string mPath;                              // path to originating code (comment)
  89         CFCopyRef<SecRequirementRef> mRequirement; // CS-style requirement
  90         AuxMap mAuxiliary;                              // other data (does not include mRequirement)
  91 };
  92
  93 } // end namespace Security
  94
  95
  96 #endif //_H_OSXVERIFIER