libsecurity_manifest/lib/SecManifest.cpp

   1 #include "SecManifest.h"
   2 #include <security_utilities/security_utilities.h>
   3 #include "Manifest.h"
   4 #include <security_utilities/seccfobject.h>
   5 #include <security_cdsa_utilities/cssmbridge.h>
   6 #include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
   7
   8 /*
   9  * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved.
  10  *
  11  * @APPLE_LICENSE_HEADER_START@
  12  *
  13  * This file contains Original Code and/or Modifications of Original Code
  14  * as defined in and that are subject to the Apple Public Source License
  15  * Version 2.0 (the 'License'). You may not use this file except in
  16  * compliance with the License. Please obtain a copy of the License at
  17  * http://www.opensource.apple.com/apsl/ and read it before using this
  18  * file.
  19  *
  20  * The Original Code and all software distributed under the License are
  21  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  22  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  23  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  24  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  25  * Please see the License for the specific language governing rights and
  26  * limitations under the License.
  27  *
  28  * @APPLE_LICENSE_HEADER_END@
  29  */
  30
  31 #define API_BEGIN \
  32         try {
  33
  34 #define API_END \
  35         } \
  36         catch (const MacOSError &err) { return err.osStatus(); } \
  37         catch (const std::bad_alloc &) { return memFullErr; } \
  38         catch (...) { return internalComponentErr; } \
  39     return noErr;
  40
  41 #define API_END_GENERIC_CATCH           } catch (...) { return; }
  42
  43 #define API_END_ERROR_CATCH(bad)        } catch (...) { return bad; }
  44
  45
  46
  47 OSStatus SecManifestGetVersion (UInt32 *version)
  48 {
  49         secdebug ("manifest", "SecManifestGetVersion");
  50         *version = 0x01000000;
  51         return noErr;
  52 }
  53
  54
  55
  56 OSStatus SecManifestCreate(SecManifestRef *manifest)
  57 {
  58         API_BEGIN
  59
  60         Manifest* manifestPtr = new Manifest ();
  61         *manifest = (SecManifestRef) manifestPtr;
  62
  63         secdebug ("manifest", "SecManifestCreate(%p)", manifest);
  64
  65         API_END
  66 }
  67
  68
  69
  70 void SecManifestRelease (SecManifestRef manifest)
  71 {
  72         delete (Manifest*) manifest;
  73 }
  74
  75
  76
  77 static const char* GetDescription (CFTypeRef object)
  78 {
  79         return CFStringGetCStringPtr (CFCopyDescription (object), kCFStringEncodingMacRoman);
  80 }
  81
  82
  83
  84 OSStatus SecManifestVerifySignature (CFDataRef data,
  85                                                                          SecManifestTrustSetupCallback setupCallback,
  86                                                                          void* setupContext,
  87                                                                          SecManifestTrustEvaluateCallback evaluateCallback,
  88                                                                          void* evaluateContext,
  89                                                                          SecManifestRef *manifest)
  90 {
  91         return SecManifestVerifySignatureWithPolicy (data, setupCallback, setupContext, evaluateCallback,
  92                                                                                                  evaluateContext, NULL, manifest);
  93 }
  94
  95
  96
  97 OSStatus SecManifestVerifySignatureWithPolicy (CFDataRef data,
  98                                                                                            SecManifestTrustSetupCallback setupCallback,
  99                                                                                            void* setupContext,
 100                                                                                            SecManifestTrustEvaluateCallback evaluateCallback,
 101                                                                                            void* evaluateContext,
 102                                                                                            SecPolicyRef policyRef,
 103                                                                                            SecManifestRef *manifest)
 104 {
 105         API_BEGIN
 106
 107         secdebug ("manifest", "SecManifestVerifySignature (%s, %p, %p, %p, %p)", GetDescription (data), setupCallback, setupContext, evaluateCallback, evaluateContext);
 108
 109         Required (setupCallback);
 110         Required (evaluateCallback);
 111
 112         Manifest* mp = new Manifest ();
 113
 114         // make a temporary manifest for this operation
 115         Manifest tm;
 116         tm.MakeSigner (kAppleSigner);
 117
 118         try
 119         {
 120
 121                 tm.GetSigner ()->Verify (data, setupCallback, setupContext, evaluateCallback, evaluateContext,
 122                                                                  policyRef, manifest == NULL ? NULL : &mp->GetManifestInternal ());
 123                 if (manifest == NULL)
 124                 {
 125                         delete mp;
 126                 }
 127                 else
 128                 {
 129                         *manifest = (SecManifestRef) mp;
 130                 }
 131         }
 132         catch (...)
 133         {
 134                 delete mp;
 135                 throw;
 136         }
 137
 138         API_END
 139 }
 140
 141
 142
 143 OSStatus SecManifestCreateSignature(SecManifestRef manifest, UInt32 options, CFDataRef *data)
 144 {
 145         API_BEGIN
 146
 147         secdebug ("manifest", "SecManifestCreateSignature(%p, %ul, %p)", manifest, (unsigned int) options, data);
 148         Manifest* manifestPtr = (Manifest*) manifest;
 149
 150         if (options != 0)
 151         {
 152                 return unimpErr;
 153         }
 154
 155         // check to see if there is a serializer present
 156         const ManifestSigner* signer = manifestPtr->GetSigner ();
 157
 158         if (signer == NULL) // no serializer?
 159         {
 160                 manifestPtr->MakeSigner (kAppleSigner);
 161         }
 162
 163         *data = manifestPtr->GetSigner ()->Export (manifestPtr->GetManifestInternal ());
 164
 165         API_END
 166 }
 167
 168
 169
 170 OSStatus SecManifestAddObject(SecManifestRef manifest, CFTypeRef object, CFArrayRef exceptionList)
 171 {
 172         API_BEGIN
 173
 174         secdebug ("manifest", "SecManifestAddObject(%p), %s, %s",
 175                                                   manifest, GetDescription (object),
 176                                                   exceptionList ? GetDescription (exceptionList) : "NULL");
 177
 178         Manifest* manifestPtr = (Manifest*) manifest;
 179         manifestPtr->GetManifestInternal ().GetItemList ().AddObject (object, exceptionList);
 180
 181         API_END
 182 }
 183
 184
 185
 186 OSStatus SecManifestCompare(SecManifestRef manifest1, SecManifestRef manifest2, SecManifestCompareOptions options)
 187 {
 188         API_BEGIN
 189
 190         secdebug ("manifest", "SecManifestVerify(%p, %p, %d)", manifest1, manifest2, (int) options);
 191
 192         ManifestInternal &m1 = ((Manifest*) (manifest1))->GetManifestInternal ();
 193         ManifestInternal &m2 = ((Manifest*) (manifest2))->GetManifestInternal ();
 194
 195         ManifestInternal::CompareManifests (m1, m2, options);
 196
 197         API_END
 198 }
 199
 200
 201
 202 OSStatus SecManifestAddSigner(SecManifestRef manifest, SecIdentityRef identity)
 203 {
 204         API_BEGIN
 205
 206         secdebug ("manifest", "SecManifestAddSigner(%p, %p)", manifest, identity);
 207         Manifest* manifestPtr = (Manifest*) (manifest);
 208
 209         // check to see if there is a serializer present
 210         const ManifestSigner* signer = manifestPtr->GetSigner ();
 211
 212         if (signer == NULL) // no serializer?
 213         {
 214                 manifestPtr->MakeSigner (kAppleSigner);
 215         }
 216
 217         manifestPtr->GetSigner ()->AddSigner (identity);
 218
 219         API_END
 220 }
 221
 222
 223