--- /dev/null
+/*
+ * Copyright (c) 2000-2001,2011,2013-2014 Apple Inc. All Rights Reserved.
+ *
+ * The contents of this file constitute Original Code as defined in and are
+ * subject to the Apple Public Source License Version 1.2 (the 'License').
+ * You may not use this file except in compliance with the License. Please obtain
+ * a copy of the License at http://www.apple.com/publicsource and read it before
+ * using this file.
+ *
+ * This Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS
+ * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT
+ * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
+ * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the
+ * specific language governing rights and limitations under the License.
+ */
+
+
+//
+// osxsigner - MacOS X's standard code signing algorithm.
+//
+#ifndef _H_OSXVERIFIER
+#define _H_OSXVERIFIER
+
+#include <security_utilities/hashing.h>
+#include <security_utilities/osxcode.h>
+#include <security_utilities/blob.h>
+#include <security_cdsa_utilities/cssmdata.h>
+#include <Security/CodeSigning.h>
+#include <string>
+#include <map>
+
+namespace Security {
+
+
+//
+// A standard OS X style signature verifier.
+// This encapsulates the different modes of signing/verifying currently
+// supported. It knows nothing about the way this is represented in
+// keychain access control lists; this knowledge resides exclusively
+// in acl_codesigning.
+//
+class OSXVerifier {
+public:
+ static const size_t legacyHashLimit = 16 * 1024;
+ static const uint32_t commentAlignment = 4;
+
+public:
+ // make a Verifier from a code reference object
+ OSXVerifier(OSXCode *code); // makes both legacy hash and SecRequirement
+ OSXVerifier(const SHA1::Byte *hash, const std::string &path); // just hash
+ ~OSXVerifier();
+
+ // components
+ const unsigned char *legacyHash() const { return mLegacyHash; }
+ const std::string& path() const { return mPath; }
+ SecRequirementRef requirement() const { return mRequirement; }
+
+public:
+ // handle other (not explicitly understood) information in the verifier
+ class AuxMap : public std::map<BlobCore::Magic, BlobCore *> {
+ public:
+ AuxMap() { }
+ AuxMap(const AuxMap &src);
+ ~AuxMap();
+ };
+
+ AuxMap::const_iterator beginAux() const { return mAuxiliary.begin(); }
+ AuxMap::const_iterator endAux() const { return mAuxiliary.end(); }
+
+ void add(const BlobCore *info);
+ const BlobCore *find(BlobCore::Magic magic);
+
+ template <class BlobType>
+ static const BlobType *find()
+ { return static_cast<BlobType *>(find(BlobType::typeMagic)); }
+
+public:
+ static void makeLegacyHash(OSXCode *code, SHA1::Digest digest);
+
+ IFDUMP(void dump() const);
+
+private:
+ SHA1::Digest mLegacyHash; // legacy page hash
+ std::string mPath; // path to originating code (comment)
+ CFCopyRef<SecRequirementRef> mRequirement; // CS-style requirement
+ AuxMap mAuxiliary; // other data (does not include mRequirement)
+};
+
+} // end namespace Security
+
+
+#endif //_H_OSXVERIFIER
projects / apple / security.git / blobdiff