--- /dev/null
+/*
+ * Copyright (c) 2006-2012,2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+//
+// CodeSigner - SecCodeSigner API objects
+//
+#ifndef _H_CODESIGNER
+#define _H_CODESIGNER
+
+#include "cs.h"
+#include "StaticCode.h"
+#include "cdbuilder.h"
+#include <Security/SecIdentity.h>
+#include <security_utilities/utilities.h>
+
+namespace Security {
+namespace CodeSigning {
+
+
+//
+// A SecCode object represents running code in the system. It must be subclassed
+// to implement a particular notion of code.
+//
+class SecCodeSigner : public SecCFObject, public DiskRep::SigningContext {
+ NOCOPY(SecCodeSigner)
+public:
+ class Parser;
+ class Signer;
+
+public:
+ SECCFFUNCTIONS(SecCodeSigner, SecCodeSignerRef, errSecCSInvalidObjectRef, gCFObjects().CodeSigner)
+
+ SecCodeSigner(SecCSFlags flags);
+ virtual ~SecCodeSigner() throw();
+
+ void parameters(CFDictionaryRef args); // parse and set parameters
+ bool valid() const;
+
+ std::string getTeamIDFromSigner(CFArrayRef certs);
+
+ void sign(SecStaticCode *code, SecCSFlags flags);
+ void remove(SecStaticCode *code, SecCSFlags flags);
+
+ void returnDetachedSignature(BlobCore *blob, Signer &signer);
+
+protected:
+ std::string sdkPath(const std::string &path) const;
+ bool isAdhoc() const;
+ SecCSFlags signingFlags() const;
+
+private:
+ // parsed parameter set
+ SecCSFlags mOpFlags; // operation flags
+ CFRef<SecIdentityRef> mSigner; // signing identity
+ CFRef<CFTypeRef> mDetached; // detached-signing information (NULL => attached)
+ CFRef<CFDictionaryRef> mResourceRules; // explicit resource collection rules (override)
+ CFRef<CFDateRef> mSigningTime; // signing time desired (kCFNull for none)
+ CFRef<CFDataRef> mApplicationData; // contents of application slot
+ CFRef<CFDataRef> mEntitlementData; // entitlement configuration data
+ CFRef<CFURLRef> mSDKRoot; // substitute filesystem root for sub-component lookup
+ CFRef<CFTypeRef> mRequirements; // internal code requirements
+ size_t mCMSSize; // size estimate for CMS blob
+ uint32_t mCdFlags; // CodeDirectory flags
+ uint32_t mPreserveMetadata; // metadata preservation options
+ bool mCdFlagsGiven; // CodeDirectory flags were specified
+ CodeDirectory::HashAlgorithm mDigestAlgorithm; // interior digest (hash) algorithm
+ std::string mIdentifier; // unique identifier override
+ std::string mIdentifierPrefix; // prefix for un-dotted default identifiers
+ std::string mTeamID; // teamID
+ bool mNoMachO; // override to perform non-Mach-O signing
+ bool mDryRun; // dry run (do not change target)
+ CFRef<CFNumberRef> mPageSize; // main executable page size
+ CFRef<SecIdentityRef> mTimestampAuthentication; // identity for client-side authentication to the Timestamp server
+ CFRef<CFURLRef> mTimestampService; // URL for Timestamp server
+ bool mWantTimeStamp; // use a Timestamp server
+ bool mNoTimeStampCerts; // don't request certificates with timestamping request
+};
+
+
+} // end namespace CodeSigning
+} // end namespace Security
+
+#endif // !_H_CODESIGNER
projects / apple / security.git / blobdiff