OSX/libsecurity_keychain/lib/TrustedApplication.h

   1 /*
   2  * Copyright (c) 2002-2004,2011-2012,2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // TrustedApplication.h - TrustedApplication control wrappers
  26 //
  27 #ifndef _SECURITY_TRUSTEDAPPLICATION_H_
  28 #define _SECURITY_TRUSTEDAPPLICATION_H_
  29
  30 #include <Security/SecTrustedApplication.h>
  31 #include <security_cdsa_utilities/cssmdata.h>
  32 #include <security_cdsa_utilities/cssmaclpod.h>
  33 #include <security_cdsa_utilities/acl_codesigning.h>
  34 #include <security_utilities/seccfobject.h>
  35 #include "SecCFTypes.h"
  36
  37
  38 namespace Security {
  39 namespace KeychainCore {
  40
  41
  42 //
  43 // TrustedApplication actually denotes a signed executable
  44 // on disk as used by the ACL subsystem. Much useful
  45 // information is encapsulated in the 'comment' field that
  46 // is stored with the ACL subject. TrustedApplication does
  47 // not interpret this value, leaving its meaning to its caller.
  48 //
  49 class TrustedApplication : public SecCFObject {
  50         NOCOPY(TrustedApplication)
  51 public:
  52         SECCFFUNCTIONS(TrustedApplication, SecTrustedApplicationRef, errSecInvalidItemRef, gTypes().TrustedApplication)
  53
  54         TrustedApplication(const TypedList &subject);   // from ACL subject form
  55         TrustedApplication(const std::string &path);    // from code on disk
  56         TrustedApplication();                                                   // for current application
  57         TrustedApplication(const std::string &path, SecRequirementRef requirement); // with requirement and aux. path
  58         TrustedApplication(CFDataRef external);                 // from external representation
  59         ~TrustedApplication();
  60
  61         const char *path() const { return mForm->path().c_str(); }
  62         CssmData legacyHash() const     { return CssmData::wrap(mForm->legacyHash(), SHA1::digestLength); }
  63         SecRequirementRef requirement() const { return mForm->requirement(); }
  64
  65         void data(CFDataRef data);
  66         CFDataRef externalForm() const;
  67
  68         CssmList makeSubject(Allocator &allocator);
  69
  70         bool verifyToDisk(const char *path);            // verify against on-disk image
  71
  72 private:
  73         RefPointer<CodeSignatureAclSubject> mForm;
  74 };
  75
  76 } // end namespace KeychainCore
  77 } // end namespace Security
  78
  79 #endif // !_SECURITY_TRUSTEDAPPLICATION_H_