OSX/libsecurity_codesigning/lib/singlediskrep.cpp

   1 /*
   2  * Copyright (c) 2006-2011,2014 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 //
  25 // singlediskrep - semi-abstract diskrep for a single file of some kind
  26 //
  27 #include "singlediskrep.h"
  28 #include "csutilities.h"
  29 #include <security_utilities/cfutilities.h>
  30 #include <sys/stat.h>
  31
  32 namespace Security {
  33 namespace CodeSigning {
  34
  35 using namespace UnixPlusPlus;
  36
  37
  38 //
  39 // Construct a SingleDiskRep
  40 //
  41 SingleDiskRep::SingleDiskRep(const std::string &path)
  42         : mPath(path)
  43 {
  44 }
  45
  46
  47 //
  48 // The default binary identification of a SingleDiskRep is the (SHA-1) hash
  49 // of the entire file itself.
  50 //
  51 CFDataRef SingleDiskRep::identification()
  52 {
  53         SHA1 hash;
  54         this->fd().seek(0);
  55         hashFileData(this->fd(), &hash);
  56         SHA1::Digest digest;
  57         hash.finish(digest);
  58         return makeCFData(digest, sizeof(digest));
  59 }
  60
  61
  62 //
  63 // Both the canonical and main executable path of a SingleDiskRep is, well, its path.
  64 //
  65 CFURLRef SingleDiskRep::copyCanonicalPath()
  66 {
  67         return makeCFURL(mPath);
  68 }
  69
  70 string SingleDiskRep::mainExecutablePath()
  71 {
  72         return mPath;
  73 }
  74
  75
  76 //
  77 // The default signing limit is the size of the file.
  78 // This will do unless the signing data gets creatively stuck in there somewhere.
  79 //
  80 size_t SingleDiskRep::signingLimit()
  81 {
  82         return fd().fileSize();
  83 }
  84
  85 //
  86 // A lazily opened read-only file descriptor for the path.
  87 //
  88 FileDesc &SingleDiskRep::fd()
  89 {
  90         if (!mFd)
  91                 mFd.open(mPath, O_RDONLY);
  92
  93         return mFd;
  94 }
  95
  96 //
  97 // Flush cached state
  98 //
  99 void SingleDiskRep::flush()
 100 {
 101         mFd.close();
 102 }
 103
 104
 105 //
 106 // The recommended identifier of a SingleDiskRep is, absent any better clue,
 107 // the basename of its path.
 108 //
 109 string SingleDiskRep::recommendedIdentifier(const SigningContext &)
 110 {
 111         return canonicalIdentifier(mPath);
 112 }
 113
 114
 115 //
 116 // Paranoid validation
 117 //
 118 void SingleDiskRep::strictValidate(const CodeDirectory* cd, const ToleratedErrors& tolerated, SecCSFlags flags)
 119 {
 120         DiskRep::strictValidate(cd, tolerated, flags);
 121
 122         // code limit must cover (exactly) the entire file
 123         if (cd && cd->signingLimit() != signingLimit())
 124                 MacOSError::throwMe(errSecCSSignatureInvalid);
 125 }
 126
 127
 128
 129 //
 130 // Prototype Writers
 131 //
 132 FileDesc &SingleDiskRep::Writer::fd()
 133 {
 134         if (!mFd)
 135                 mFd.open(rep->path(), O_RDWR);
 136         return mFd;
 137 }
 138
 139
 140 } // end namespace CodeSigning
 141 } // end namespace Security