+++ /dev/null
-/*
- * Copyright (c) 2000-2004,2006,2011,2014 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-
-//
-// acl_codesigning - ACL subject for signature of calling application
-//
-// Note:
-// Once upon a time, a code signature was a single binary blob, a "signature".
-// Then we added an optional second blob, a "comment". The comment was only
-// ancilliary (non-security) data first, but then we added more security data
-// to it later. Now, the security-relevant data is kept in a (signature, comment)
-// pair, all of which is relevant for the security of such subjects.
-// Don't read any particular semantics into this separation. It is historical only
-// (having to do with backward binary compatibility of ACL blobs).
-//
-#ifndef _H_ACL_CODESIGNING
-#define _H_ACL_CODESIGNING
-
-#include <security_cdsa_utilities/cssmdata.h>
-#include <security_cdsa_utilities/cssmacl.h>
-#include <security_cdsa_utilities/osxverifier.h>
-
-namespace Security {
-
-
-//
-// The CodeSignature subject type matches a code signature applied to the
-// disk image that originated the client process.
-//
-class CodeSignatureAclSubject : public AclSubject, public OSXVerifier {
-public:
- class Maker; friend class Maker;
-
- static const size_t commentBagAlignment = 4;
-
- CodeSignatureAclSubject(const SHA1::Byte *hash, const std::string &path)
- : AclSubject(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE), OSXVerifier(hash, path) { }
-
- CodeSignatureAclSubject(const OSXVerifier &verifier)
- : AclSubject(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE), OSXVerifier(verifier) { }
-
- bool validate(const AclValidationContext &baseCtx) const;
- CssmList toList(Allocator &alloc) const;
-
- void exportBlob(Writer::Counter &pub, Writer::Counter &priv);
- void exportBlob(Writer &pub, Writer &priv);
-
- IFDUMP(void debugDump() const);
-
-public:
- class Environment : public virtual AclValidationEnvironment {
- public:
- virtual bool verifyCodeSignature(const OSXVerifier &verifier,
- const AclValidationContext &context) = 0;
- };
-
-public:
- class Maker : public AclSubject::Maker {
- public:
- Maker()
- : AclSubject::Maker(CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE) { }
- CodeSignatureAclSubject *make(const TypedList &list) const;
- CodeSignatureAclSubject *make(Version version, Reader &pub, Reader &priv) const;
-
- private:
- CodeSignatureAclSubject *make(const SHA1::Byte *hash, const CssmData &commentBag) const;
- };
-};
-
-} // end namespace Security
-
-
-
-#endif //_H_ACL_CODESIGNING
projects / apple / security.git / blobdiff