]> git.saurik.com Git - apple/security.git/blob - Security/libsecurity_codesigning/lib/SecCodeSigner.cpp
Security-57031.1.35.tar.gz
[apple/security.git] / Security / libsecurity_codesigning / lib / SecCodeSigner.cpp
1 /*
2 * Copyright (c) 2006-2012,2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24 //
25 // SecCode - API frame for SecCode objects.
26 //
27 // Note that some SecCode* functions take SecStaticCodeRef arguments in order to
28 // accept either static or dynamic code references, operating on the respective
29 // StaticCode. Those functions are in SecStaticCode.cpp, not here, despite their name.
30 //
31 #include "cs.h"
32 #include "CodeSigner.h"
33 #include "cskernel.h"
34
35 using namespace CodeSigning;
36
37
38 //
39 // Parameter keys
40 //
41 const CFStringRef kSecCodeSignerApplicationData = CFSTR("application-specific");
42 const CFStringRef kSecCodeSignerDetached = CFSTR("detached");
43 const CFStringRef kSecCodeSignerDigestAlgorithm = CFSTR("digest-algorithm");
44 const CFStringRef kSecCodeSignerDryRun = CFSTR("dryrun");
45 const CFStringRef kSecCodeSignerEntitlements = CFSTR("entitlements");
46 const CFStringRef kSecCodeSignerFlags = CFSTR("flags");
47 const CFStringRef kSecCodeSignerIdentifier = CFSTR("identifier");
48 const CFStringRef kSecCodeSignerIdentifierPrefix = CFSTR("identifier-prefix");
49 const CFStringRef kSecCodeSignerIdentity = CFSTR("signer");
50 const CFStringRef kSecCodeSignerPageSize = CFSTR("pagesize");
51 const CFStringRef kSecCodeSignerRequirements = CFSTR("requirements");
52 const CFStringRef kSecCodeSignerResourceRules = CFSTR("resource-rules");
53 const CFStringRef kSecCodeSignerSDKRoot = CFSTR("sdkroot");
54 const CFStringRef kSecCodeSignerSigningTime = CFSTR("signing-time");
55 const CFStringRef kSecCodeSignerRequireTimestamp = CFSTR("timestamp-required");
56 const CFStringRef kSecCodeSignerTimestampServer = CFSTR("timestamp-url");
57 const CFStringRef kSecCodeSignerTimestampAuthentication = CFSTR("timestamp-authentication");
58 const CFStringRef kSecCodeSignerTimestampOmitCertificates = CFSTR("timestamp-omit-certificates");
59 const CFStringRef kSecCodeSignerPreserveMetadata = CFSTR("preserve-metadata");
60 const CFStringRef kSecCodeSignerTeamIdentifier = CFSTR("teamidentifier");
61
62 // temporary add-back to bridge B&I build dependencies -- remove soon
63 const CFStringRef kSecCodeSignerTSAUse = CFSTR("timestamp-required");
64 const CFStringRef kSecCodeSignerTSAURL = CFSTR("timestamp-url");
65 const CFStringRef kSecCodeSignerTSAClientAuth = CFSTR("timestamp-authentication");
66 const CFStringRef kSecCodeSignerTSANoCerts = CFSTR("timestamp-omit-certificates");
67
68
69 //
70 // CF-standard type code functions
71 //
72 CFTypeID SecCodeSignerGetTypeID(void)
73 {
74 BEGIN_CSAPI
75 return gCFObjects().CodeSigner.typeID;
76 END_CSAPI1(_kCFRuntimeNotATypeID)
77 }
78
79
80 //
81 // Create a signer object
82 //
83 OSStatus SecCodeSignerCreate(CFDictionaryRef parameters, SecCSFlags flags,
84 SecCodeSignerRef *signerRef)
85 {
86 BEGIN_CSAPI
87
88 checkFlags(flags,
89 kSecCSRemoveSignature
90 | kSecCSSignPreserveSignature
91 | kSecCSSignNestedCode
92 | kSecCSSignOpaque
93 | kSecCSSignV1
94 | kSecCSSignNoV1
95 | kSecCSSignBundleRoot
96 | kSecCSSignStrictPreflight);
97 SecPointer<SecCodeSigner> signer = new SecCodeSigner(flags);
98 signer->parameters(parameters);
99 CodeSigning::Required(signerRef) = signer->handle();
100
101 END_CSAPI
102 }
103
104
105 //
106 // Generate a signature
107 //
108 OSStatus SecCodeSignerAddSignature(SecCodeSignerRef signerRef,
109 SecStaticCodeRef codeRef, SecCSFlags flags)
110 {
111 return SecCodeSignerAddSignatureWithErrors(signerRef, codeRef, flags, NULL);
112 }
113
114 OSStatus SecCodeSignerAddSignatureWithErrors(SecCodeSignerRef signerRef,
115 SecStaticCodeRef codeRef, SecCSFlags flags, CFErrorRef *errors)
116 {
117 BEGIN_CSAPI
118 checkFlags(flags,
119 kSecCSReportProgress
120 );
121 SecCodeSigner::required(signerRef)->sign(SecStaticCode::required(codeRef), flags);
122 END_CSAPI_ERRORS
123 }