Security-59306.61.1.tar.gz

[apple/security.git] / OSX / libsecurity_codesigning / lib / SecRequirement.cpp

diff --git a/OSX/libsecurity_codesigning/lib/SecRequirement.cpp b/OSX/libsecurity_codesigning/lib/SecRequirement.cpp
index 1ed75082fccd829343c266d8a7dae58ad5b0490b..d89c924088863c1ce6bcee62260d70b510bdca66 100644 (file)
--- a/OSX/libsecurity_codesigning/lib/SecRequirement.cpp
+++ b/OSX/libsecurity_codesigning/lib/SecRequirement.cpp
@@ -169,6 +169,8 @@ CFStringRef kSecRequirementKeyEntitlements = CFSTR("requirement:eval:entitlement
 CFStringRef kSecRequirementKeyIdentifier = CFSTR("requirement:eval:identifier");
 CFStringRef kSecRequirementKeyPackageChecksum = CFSTR("requirement:eval:package_checksum");
 CFStringRef kSecRequirementKeyChecksumAlgorithm = CFSTR("requirement:eval:package_checksum_algorithm");
+CFStringRef kSecRequirementKeySecureTimestamp = CFSTR("requirement:eval:secure_timestamp");
+CFStringRef kSecRequirementKeyTeamIdentifier = CFSTR("requirement:eval:team_identifier");
 
 OSStatus SecRequirementEvaluate(SecRequirementRef requirementRef,
        CFArrayRef certificateChain, CFDictionaryRef context,
@@ -188,6 +190,12 @@ OSStatus SecRequirementEvaluate(SecRequirementRef requirementRef,
                }
        }
 
+       const char *teamID = NULL;
+       if (context && CFDictionaryGetValue(context, kSecRequirementKeyTeamIdentifier)) {
+               CFStringRef str = (CFStringRef)CFDictionaryGetValue(context, kSecRequirementKeyTeamIdentifier);
+               teamID = CFStringGetCStringPtr(str, kCFStringEncodingUTF8);
+       }
+
        Requirement::Context ctx(certificateChain,              // mandatory
                context ? CFDictionaryRef(CFDictionaryGetValue(context, kSecRequirementKeyInfoPlist)) : NULL,
                context ? CFDictionaryRef(CFDictionaryGetValue(context, kSecRequirementKeyEntitlements)) : NULL,
@@ -196,7 +204,9 @@ OSStatus SecRequirementEvaluate(SecRequirementRef requirementRef,
                NULL,   // can't specify a CodeDirectory here
                context ? CFDataRef(CFDictionaryGetValue(context, kSecRequirementKeyPackageChecksum)) : NULL,
         checksumAlgorithm,
-               false // can't get forced platform this way
+               false, // can't get forced platform this way
+               context ? CFDateRef(CFDictionaryGetValue(context, kSecRequirementKeySecureTimestamp)) : NULL,
+               teamID
        );
        req->validate(ctx);
        
@@ -217,13 +227,13 @@ OSStatus SecRequirementsCreateFromRequirements(CFDictionaryRef requirements, Sec
        if (requirements == NULL)
                return errSecCSObjectRequired;
        CFIndex count = CFDictionaryGetCount(requirements);
-       CFNumberRef keys[count];
-       SecRequirementRef reqs[count];
-       CFDictionaryGetKeysAndValues(requirements, (const void **)keys, (const void **)reqs);
+       vector<CFNumberRef> keys_vector(count, NULL);
+       vector<SecRequirementRef> reqs_vector(count, NULL);
+       CFDictionaryGetKeysAndValues(requirements, (const void **)keys_vector.data(), (const void **)reqs_vector.data());
        Requirements::Maker maker;
        for (CFIndex n = 0; n < count; n++) {
-               const Requirement *req = SecRequirement::required(reqs[n])->requirement();
-               maker.add(cfNumber<Requirements::Type>(keys[n]), req->clone());
+               const Requirement *req = SecRequirement::required(reqs_vector[n])->requirement();
+               maker.add(cfNumber<Requirements::Type>(keys_vector[n]), req->clone());
        }
        Requirements *reqset = maker.make();                                    // malloc'ed
        CodeSigning::Required(requirementSet) = makeCFDataMalloc(*reqset);      // takes ownership of reqs