libsecurity_codesigning/lib/signer.h

   1 /*
   2  * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // signer - Signing operation supervisor and controller
  26 //
  27 #ifndef _H_SIGNER
  28 #define _H_SIGNER
  29
  30 #include "CodeSigner.h"
  31 #include "cdbuilder.h"
  32 #include "signerutils.h"
  33 #include "StaticCode.h"
  34 #include <security_utilities/utilities.h>
  35
  36 namespace Security {
  37 namespace CodeSigning {
  38
  39
  40 //
  41 // The signer driver class.
  42 // This is a workflow object, containing all the data needed for the various
  43 // signing stages to cooperate. It is not meant to be API visible; that is
  44 // SecCodeSigner's job.
  45 //
  46 class SecCodeSigner::Signer {
  47 public:
  48         Signer(SecCodeSigner &s, SecStaticCode *c) : state(s), code(c) { }
  49         void sign(SecCSFlags flags);
  50         void remove(SecCSFlags flags);
  51
  52         SecCodeSigner &state;
  53         SecStaticCode * const code;
  54
  55         CodeDirectory::HashAlgorithm digestAlgorithm() const { return state.mDigestAlgorithm; }
  56
  57         std::string path() const { return cfString(rep->canonicalPath()); }
  58         SecIdentityRef signingIdentity() const { return state.mSigner; }
  59         std::string signingIdentifier() const { return identifier; }
  60
  61 protected:
  62         void prepare(SecCSFlags flags);                         // set up signing parameters
  63         void signMachO(Universal *fat, const Requirement::Context &context); // sign a Mach-O binary
  64         void signArchitectureAgnostic(const Requirement::Context &context); // sign anything else
  65
  66         void populate(DiskRep::Writer &writer);         // global
  67         void populate(CodeDirectory::Builder &builder, DiskRep::Writer &writer,
  68                 InternalRequirements &ireqs, size_t offset = 0, size_t length = 0);     // per-architecture
  69         CFDataRef signCodeDirectory(const CodeDirectory *cd);
  70
  71         uint32_t cdTextFlags(std::string text);         // convert text CodeDirectory flags
  72         std::string uniqueName() const;                         // derive unique string from rep
  73
  74 private:
  75         RefPointer<DiskRep> rep;                // DiskRep of Code being signed
  76         CFRef<CFDataRef> resourceDirectory;     // resource directory
  77         std::string identifier;                 // signing identifier
  78         uint32_t cdFlags;                               // CodeDirectory flags
  79         size_t pagesize;                                // size of main executable pages
  80         CFAbsoluteTime signingTime;             // signing time for CMS signature (0 => none)
  81 };
  82
  83
  84 } // end namespace CodeSigning
  85 } // end namespace Security
  86
  87 #endif // !_H_CODESIGNER