]> git.saurik.com Git - apple/security.git/blob - libsecurity_codesigning/lib/resources.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55179.11.tar.gz
[apple/security.git] / libsecurity_codesigning / lib / resources.h
1 /*
2 * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // resource directory construction and verification
26 //
27 #ifndef _H_RSIGN
28 #define _H_RSIGN
29
30 #include "renum.h"
31 #include "codedirectory.h"
32 #include <security_utilities/utilities.h>
33 #include <security_utilities/cfutilities.h>
34 #include <security_utilities/hashing.h>
35 #include "regex.h"
36 #include <CoreFoundation/CoreFoundation.h>
37 #include <vector>
38
39 namespace Security {
40 namespace CodeSigning {
41
42
43 //
44 // The builder of ResourceDirectories.
45 //
46 // Note that this *is* a ResourceEnumerate, which can enumerate
47 // its source directory once (only).
48 //
49 class ResourceBuilder : public ResourceEnumerator {
50 public:
51 ResourceBuilder(const std::string &root, CFDictionaryRef rules, CodeDirectory::HashAlgorithm hashType);
52 ~ResourceBuilder();
53
54 CFDictionaryRef build();
55
56 enum Action {
57 optional = 0x01, // may be absent at runtime
58 omitted = 0x02, // do not seal even if present
59 exclusion = 0x04, // overriding exclusion (stop looking)
60 };
61
62 typedef unsigned int Weight;
63
64 public:
65 class Rule : private regex_t {
66 public:
67 Rule(const std::string &pattern, Weight weight, uint32_t flags);
68 ~Rule();
69
70 bool match(const char *s) const;
71
72 const Weight weight;
73 const uint32_t flags;
74 };
75 void addRule(Rule *rule) { mRules.push_back(rule); }
76 void addExclusion(const std::string &pattern) { mRules.insert(mRules.begin(), new Rule(pattern, 0, exclusion)); }
77
78 static std::string escapeRE(const std::string &s);
79
80 FTSENT *next(std::string &path, Rule * &rule); // enumerate next file and match rule
81
82 protected:
83 void addRule(CFTypeRef key, CFTypeRef value);
84 CFDataRef hashFile(const char *path);
85 DynamicHash *getHash() const { return CodeDirectory::hashFor(this->mHashType); }
86
87 private:
88 CFCopyRef<CFDictionaryRef> mRawRules;
89 typedef std::vector<Rule *> Rules;
90 Rules mRules;
91 CodeDirectory::HashAlgorithm mHashType;
92 };
93
94
95 //
96 // The "seal" on a single resource.
97 //
98 class ResourceSeal {
99 public:
100 ResourceSeal(CFTypeRef ref);
101
102 public:
103 operator bool () const { return mHash; }
104 bool operator ! () const { return mHash == NULL; }
105
106 const SHA1::Byte *hash() const { return CFDataGetBytePtr(mHash); }
107 bool optional() const { return mOptional; }
108
109 private:
110 CFDataRef mHash;
111 int mOptional;
112 };
113
114
115 } // end namespace CodeSigning
116 } // end namespace Security
117
118 #endif // !_H_RSIGN
mirror of Security