]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_manifest/lib/SecManifest.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57740.1.18.tar.gz
[apple/security.git] / OSX / libsecurity_manifest / lib / SecManifest.cpp
1 #include "SecManifest.h"
2 #include <security_utilities/security_utilities.h>
3 #include "Manifest.h"
4 #include <security_utilities/seccfobject.h>
5 #include <security_cdsa_utilities/cssmbridge.h>
6 #include <../sec/Security/SecBase.h>
7 /*
8 * Copyright (c) 2004,2011,2013-2014 Apple Inc. All Rights Reserved.
9 *
10 * @APPLE_LICENSE_HEADER_START@
11 *
12 * This file contains Original Code and/or Modifications of Original Code
13 * as defined in and that are subject to the Apple Public Source License
14 * Version 2.0 (the 'License'). You may not use this file except in
15 * compliance with the License. Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this
17 * file.
18 *
19 * The Original Code and all software distributed under the License are
20 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
21 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
22 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
23 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
24 * Please see the License for the specific language governing rights and
25 * limitations under the License.
26 *
27 * @APPLE_LICENSE_HEADER_END@
28 */
29
30 #define API_BEGIN \
31 try {
32
33 #define API_END \
34 } \
35 catch (const MacOSError &err) { return err.osStatus(); } \
36 catch (const std::bad_alloc &) { return errSecAllocate; } \
37 catch (...) { return errSecInternalComponent; } \
38 return errSecSuccess;
39
40 #define API_END_GENERIC_CATCH } catch (...) { return; }
41
42 #define API_END_ERROR_CATCH(bad) } catch (...) { return bad; }
43
44
45
46 OSStatus SecManifestGetVersion (UInt32 *version)
47 {
48 secinfo ("manifest", "SecManifestGetVersion");
49 *version = 0x01000000;
50 return errSecSuccess;
51 }
52
53
54
55 OSStatus SecManifestCreate(SecManifestRef *manifest)
56 {
57 API_BEGIN
58
59 Manifest* manifestPtr = new Manifest ();
60 *manifest = (SecManifestRef) manifestPtr;
61
62 secinfo ("manifest", "SecManifestCreate(%p)", manifest);
63
64 API_END
65 }
66
67
68
69 void SecManifestRelease (SecManifestRef manifest)
70 {
71 delete (Manifest*) manifest;
72 }
73
74 // On release builds, this function isn't called (due to how secinfo works). Assure the compiler this is okay.
75 #pragma clang diagnostic push
76 #pragma clang diagnostic ignored "-Wunused-function"
77 static const char* GetDescription (CFTypeRef object)
78 {
79 return CFStringGetCStringPtr (CFCopyDescription (object), kCFStringEncodingMacRoman);
80 }
81 #pragma clang pop
82
83
84
85 OSStatus SecManifestVerifySignature (CFDataRef data,
86 SecManifestTrustSetupCallback setupCallback,
87 void* setupContext,
88 SecManifestTrustEvaluateCallback evaluateCallback,
89 void* evaluateContext,
90 SecManifestRef *manifest)
91 {
92 return SecManifestVerifySignatureWithPolicy (data, setupCallback, setupContext, evaluateCallback,
93 evaluateContext, NULL, manifest);
94 }
95
96
97
98 OSStatus SecManifestVerifySignatureWithPolicy (CFDataRef data,
99 SecManifestTrustSetupCallback setupCallback,
100 void* setupContext,
101 SecManifestTrustEvaluateCallback evaluateCallback,
102 void* evaluateContext,
103 SecPolicyRef policyRef,
104 SecManifestRef *manifest)
105 {
106 API_BEGIN
107
108 secinfo ("manifest", "SecManifestVerifySignature (%s, %p, %p, %p, %p)", GetDescription (data), setupCallback, setupContext, evaluateCallback, evaluateContext);
109
110 Required (setupCallback);
111 Required (evaluateCallback);
112
113 Manifest* mp = new Manifest ();
114
115 // make a temporary manifest for this operation
116 Manifest tm;
117 tm.MakeSigner (kAppleSigner);
118
119 try
120 {
121
122 tm.GetSigner ()->Verify (data, setupCallback, setupContext, evaluateCallback, evaluateContext,
123 policyRef, manifest == NULL ? NULL : &mp->GetManifestInternal ());
124 if (manifest == NULL)
125 {
126 delete mp;
127 }
128 else
129 {
130 *manifest = (SecManifestRef) mp;
131 }
132 }
133 catch (...)
134 {
135 delete mp;
136 throw;
137 }
138
139 API_END
140 }
141
142
143
144 OSStatus SecManifestCreateSignature(SecManifestRef manifest, UInt32 options, CFDataRef *data)
145 {
146 API_BEGIN
147
148 secinfo ("manifest", "SecManifestCreateSignature(%p, %ul, %p)", manifest, (unsigned int) options, data);
149 Manifest* manifestPtr = (Manifest*) manifest;
150
151 if (options != 0)
152 {
153 return errSecUnimplemented;
154 }
155
156 // check to see if there is a serializer present
157 const ManifestSigner* signer = manifestPtr->GetSigner ();
158
159 if (signer == NULL) // no serializer?
160 {
161 manifestPtr->MakeSigner (kAppleSigner);
162 }
163
164 *data = manifestPtr->GetSigner ()->Export (manifestPtr->GetManifestInternal ());
165
166 API_END
167 }
168
169
170
171 OSStatus SecManifestAddObject(SecManifestRef manifest, CFTypeRef object, CFArrayRef exceptionList)
172 {
173 API_BEGIN
174
175 secinfo ("manifest", "SecManifestAddObject(%p), %s, %s",
176 manifest, GetDescription (object),
177 exceptionList ? GetDescription (exceptionList) : "NULL");
178
179 Manifest* manifestPtr = (Manifest*) manifest;
180 manifestPtr->GetManifestInternal ().GetItemList ().AddObject (object, exceptionList);
181
182 API_END
183 }
184
185
186
187 OSStatus SecManifestCompare(SecManifestRef manifest1, SecManifestRef manifest2, SecManifestCompareOptions options)
188 {
189 API_BEGIN
190
191 secinfo ("manifest", "SecManifestVerify(%p, %p, %d)", manifest1, manifest2, (int) options);
192
193 ManifestInternal &m1 = ((Manifest*) (manifest1))->GetManifestInternal ();
194 ManifestInternal &m2 = ((Manifest*) (manifest2))->GetManifestInternal ();
195
196 ManifestInternal::CompareManifests (m1, m2, options);
197
198 API_END
199 }
200
201
202
203 OSStatus SecManifestAddSigner(SecManifestRef manifest, SecIdentityRef identity)
204 {
205 API_BEGIN
206
207 secinfo ("manifest", "SecManifestAddSigner(%p, %p)", manifest, identity);
208 Manifest* manifestPtr = (Manifest*) (manifest);
209
210 // check to see if there is a serializer present
211 const ManifestSigner* signer = manifestPtr->GetSigner ();
212
213 if (signer == NULL) // no serializer?
214 {
215 manifestPtr->MakeSigner (kAppleSigner);
216 }
217
218 manifestPtr->GetSigner ()->AddSigner (identity);
219
220 API_END
221 }
222
223
224
mirror of Security