--- /dev/null
+/*
+ * Copyright (c) 2006-2007,2011 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+
+//
+// reqinterp - Requirement language (exprOp) interpreter
+//
+#ifndef _H_REQINTERP
+#define _H_REQINTERP
+
+#include <security_codesigning/reqreader.h>
+#include <Security/SecTrustSettings.h>
+#include <security_cdsa_utilities/cssmdata.h> // CssmOid
+
+namespace Security {
+namespace CodeSigning {
+
+
+//
+// An interpreter for exprForm-type requirements.
+// This is a simple Polish Notation stack evaluator.
+//
+class Requirement::Interpreter : public Requirement::Reader {
+public:
+ Interpreter(const Requirement *req, const Context *ctx) : Reader(req), mContext(ctx) { }
+
+ bool evaluate();
+
+protected:
+ class Match {
+ public:
+ Match(Interpreter &interp); // reads match postfix from interp
+ Match(CFStringRef value, MatchOperation op) : mValue(value), mOp(op) { } // explicit
+ Match() : mValue(NULL), mOp(matchExists) { } // explict test for presence
+ bool operator () (CFTypeRef candidate) const; // match to candidate
+
+ protected:
+ bool inequality(CFTypeRef candidate, CFStringCompareFlags flags, CFComparisonResult outcome, bool negate) const;
+
+ private:
+ CFCopyRef<CFStringRef> mValue; // match value
+ MatchOperation mOp; // type of match
+ };
+
+protected:
+ bool infoKeyValue(const std::string &key, const Match &match);
+ bool entitlementValue(const std::string &key, const Match &match);
+ bool certFieldValue(const string &key, const Match &match, SecCertificateRef cert);
+ bool certFieldGeneric(const string &key, const Match &match, SecCertificateRef cert);
+ bool certFieldGeneric(const CssmOid &oid, const Match &match, SecCertificateRef cert);
+ bool certFieldPolicy(const string &key, const Match &match, SecCertificateRef cert);
+ bool certFieldPolicy(const CssmOid &oid, const Match &match, SecCertificateRef cert);
+ bool verifyAnchor(SecCertificateRef cert, const unsigned char *digest);
+ bool appleSigned();
+ bool appleAnchored();
+ bool trustedCerts();
+ bool trustedCert(int slot);
+
+ static SecTrustSettingsResult trustSetting(SecCertificateRef cert, bool isAnchor);
+
+private:
+ const Context * const mContext;
+};
+
+
+} // CodeSigning
+} // Security
+
+#endif //_H_REQINTERP
projects / apple / security.git / blobdiff