]>
git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_codesigning/lib/reqdumper.cpp
c971f0ffd7db19f76872d11fee376a9c0e5f96a8
   2  * Copyright (c) 2006-2007,2011-2013 Apple Inc. All Rights Reserved. 
   4  * @APPLE_LICENSE_HEADER_START@ 
   6  * This file contains Original Code and/or Modifications of Original Code 
   7  * as defined in and that are subject to the Apple Public Source License 
   8  * Version 2.0 (the 'License'). You may not use this file except in 
   9  * compliance with the License. Please obtain a copy of the License at 
  10  * http://www.opensource.apple.com/apsl/ and read it before using this 
  13  * The Original Code and all software distributed under the License are 
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 
  18  * Please see the License for the specific language governing rights and 
  19  * limitations under the License. 
  21  * @APPLE_LICENSE_HEADER_END@ 
  25 // reqdumper - Requirement un-parsing (disassembly) 
  27 #include "reqdumper.h" 
  29 #include <security_cdsa_utilities/cssmdata.h>   // OID encoder 
  34 namespace CodeSigning 
{ 
  36 using namespace UnixPlusPlus
; 
  40 // Table of reserved words (keywords), generated by ANTLR 
  42 static const char * const keywords
[] = { 
  43 #include "RequirementKeywords.h" 
  50 // Printf to established output channel 
  52 void Dumper::print(const char *format
, ...) 
  56         va_start(args
, format
); 
  57         vsnprintf(buffer
, sizeof(buffer
), format
, args
); 
  64 // Dump the underlying Requirement program 
  70         // remove any initial space 
  71         if (mOutput
[0] == ' ') 
  72                 mOutput 
= mOutput
.substr(1); 
  77 // Dump an entire Requirements set, using temporary Dumper objects. 
  79 // This detects single Requirement inputs and dumps them successfully (using 
  80 // single-requirement syntax). No indication of error is returned in this case. 
  82 string 
Dumper::dump(const Requirements 
*reqs
, bool debug 
/* = false */) 
  85                 return "# no requirement(s)"; 
  86         } else if (reqs
->magic() == Requirement::typeMagic
) {   // single requirement 
  87                 return dump((const Requirement 
*)reqs
) + "\n"; 
  90                 for (unsigned n 
= 0; n 
< reqs
->count(); n
++) { 
  92                         if (reqs
->type(n
) < kSecRequirementTypeCount
) 
  93                                 snprintf(prefix
, sizeof(prefix
), 
  94                                         "%s => ", Requirement::typeNames
[reqs
->type(n
)]); 
  96                                 snprintf(prefix
, sizeof(prefix
), "/*unknown type*/ %d => ", reqs
->type(n
)); 
  97                         Dumper 
dumper(reqs
->blob
<Requirement
>(n
), debug
); 
  99                         result 
+= prefix 
+ dumper
.value() + "\n"; 
 105 string 
Dumper::dump(const Requirement 
*req
, bool debug 
/* = false */) 
 107         Dumper 
dumper(req
, debug
); 
 111         } catch (const CommonError 
&err
) { 
 114                         snprintf(errstr
, sizeof(errstr
), " !! error %ld !!", (unsigned long)err
.osStatus()); 
 115                         return dumper
.value() + errstr
; 
 121 string 
Dumper::dump(const BlobCore 
*req
, bool debug 
/* = false */) 
 123         switch (req
->magic()) { 
 124         case Requirement::typeMagic
: 
 125                 return dump(static_cast<const Requirement 
*>(req
), debug
); 
 126         case Requirements::typeMagic
: 
 127                 return dump(static_cast<const Requirements 
*>(req
), debug
); 
 129                 return "invalid data type"; 
 135 // Element dumpers. Output accumulates in internal buffer. 
 137 void Dumper::expr(SyntaxLevel level
) 
 140                 print("/*@0x%x*/", pc()); 
 141         ExprOp op 
= ExprOp(get
<uint32_t>()); 
 142         switch (op 
& ~opFlagMask
) { 
 150                 print("identifier "); 
 154                 print("anchor apple"); 
 156         case opAppleGenericAnchor
: 
 157                 print("anchor apple generic"); 
 160                 print("certificate"); certSlot(); print(" = "); hashData(); 
 165                 print("info["); dotString(); print("] = "); data(); 
 194                 print("info["); dotString(); print("]"); match(); 
 196         case opEntitlementField
: 
 197                 print("entitlement["); dotString(); print("]"); match(); 
 200                 print("certificate"); certSlot(); print("["); dotString(); print("]"); match(); 
 203                 print("certificate"); certSlot(); print("["); 
 206                         const unsigned char *data
; size_t length
; 
 207                         getData(data
, length
); 
 208                         print("field.%s", CssmOid((unsigned char *)data
, length
).toOid().c_str()); 
 214                 print("certificate"); certSlot(); print("["); 
 217                         const unsigned char *data
; size_t length
; 
 218                         getData(data
, length
); 
 219                         print("policy.%s", CssmOid((unsigned char *)data
, length
).toOid().c_str()); 
 225                 print("certificate"); certSlot(); print("trusted"); 
 228                 print("anchor trusted"); 
 231                 print("anchor apple "); data(); 
 234                 print("("); data(); print(")"); 
 237                 print("platform = %d", get
<int32_t>()); 
 240                 if (op 
& opGenericFalse
) { 
 241                         print(" false /* opcode %d */", op 
& ~opFlagMask
); 
 243                 } else if (op 
& opGenericSkip
) { 
 244                         print(" /* opcode %d */", op 
& ~opFlagMask
); 
 247                         print("OPCODE %d NOT UNDERSTOOD (ending print)", op
); 
 253 void Dumper::certSlot() 
 255         switch (int32_t slot 
= get
<int32_t>()) { 
 256         case Requirement::anchorCert
: 
 259         case Requirement::leafCert
: 
 270         switch (MatchOperation op 
= MatchOperation(get
<uint32_t>())) { 
 272                 print(" /* exists */"); 
 275                 print(" = "); data(); 
 278                 print(" ~ "); data(); 
 280         case matchBeginsWith
: 
 281                 print(" = "); data(); print("*"); 
 284                 print(" = *"); data(); 
 287                 print(" < "); data(); 
 289         case matchGreaterEqual
: 
 290                 print(" >= "); data(); 
 293                 print(" <= "); data(); 
 295         case matchGreaterThan
: 
 296                 print(" > "); data(); 
 299                 print("MATCH OPCODE %d NOT UNDERSTOOD", op
); 
 304 void Dumper::hashData() 
 307         const unsigned char *data
; size_t length
; 
 308         getData(data
, length
); 
 309         printBytes(data
, length
); 
 313 void Dumper::data(PrintMode bestMode 
/* = isSimple */, bool dotOkay 
/* = false */) 
 315         const unsigned char *data
; size_t length
; 
 316         getData(data
, length
); 
 317         for (unsigned n 
= 0; n 
< length
; n
++) 
 318                 if ((isalnum(data
[n
]) || (data
[n
] == '.' && dotOkay
))) {        // simple 
 319                         if (n 
== 0 && isdigit(data
[n
])) // unquoted idents can't start with a digit 
 320                                 bestMode 
= isPrintable
; 
 321                 } else if (isgraph(data
[n
]) || isspace(data
[n
])) { 
 322                         if (bestMode 
== isSimple
) 
 323                                 bestMode 
= isPrintable
; 
 329         if (bestMode 
== isSimple
) { 
 330                 string 
s((const char *)data
, length
); 
 331                 for (const char * const * k 
= keywords
; *k
; k
++) 
 333                                 bestMode 
= isPrintable
;         // reserved word; need quotes 
 340                 print("%.*s", (int)length
, data
); 
 344                 for (unsigned n 
= 0; n 
< length
; n
++) 
 348                                 print("\\%c", data
[n
]); 
 351                                 print("%c", data
[n
]); 
 358                 printBytes(data
, length
); 
 363 void Dumper::printBytes(const Byte 
*data
, size_t length
) 
 365         for (unsigned n 
= 0; n 
< length
; n
++) 
 366                 print("%02.2x", data
[n
]);