+++ /dev/null
-/*
- * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-//
-// CodeSigner - SecCodeSigner API objects
-//
-#ifndef _H_CODESIGNER
-#define _H_CODESIGNER
-
-#include "cs.h"
-#include "StaticCode.h"
-#include "cdbuilder.h"
-#include <Security/SecIdentity.h>
-#include <security_utilities/utilities.h>
-
-namespace Security {
-namespace CodeSigning {
-
-
-//
-// A SecCode object represents running code in the system. It must be subclassed
-// to implement a particular notion of code.
-//
-class SecCodeSigner : public SecCFObject, public DiskRep::SigningContext {
- NOCOPY(SecCodeSigner)
-public:
- class Parser;
- class Signer;
-
-public:
- SECCFFUNCTIONS(SecCodeSigner, SecCodeSignerRef, errSecCSInvalidObjectRef, gCFObjects().CodeSigner)
-
- SecCodeSigner(SecCSFlags flags);
- virtual ~SecCodeSigner() throw();
-
- void parameters(CFDictionaryRef args); // parse and set parameters
- bool valid() const;
-
- std::string getTeamIDFromSigner(CFArrayRef certs);
-
- void sign(SecStaticCode *code, SecCSFlags flags);
- void remove(SecStaticCode *code, SecCSFlags flags);
-
- void returnDetachedSignature(BlobCore *blob, Signer &signer);
-
-protected:
- std::string sdkPath(const std::string &path) const;
- bool isAdhoc() const;
- SecCSFlags signingFlags() const;
-
-private:
- // parsed parameter set
- SecCSFlags mOpFlags; // operation flags
- CFRef<SecIdentityRef> mSigner; // signing identity
- CFRef<CFTypeRef> mDetached; // detached-signing information (NULL => attached)
- CFRef<CFDictionaryRef> mResourceRules; // explicit resource collection rules (override)
- CFRef<CFDateRef> mSigningTime; // signing time desired (kCFNull for none)
- CFRef<CFDataRef> mApplicationData; // contents of application slot
- CFRef<CFDataRef> mEntitlementData; // entitlement configuration data
- CFRef<CFURLRef> mSDKRoot; // substitute filesystem root for sub-component lookup
- CFRef<CFTypeRef> mRequirements; // internal code requirements
- size_t mCMSSize; // size estimate for CMS blob
- uint32_t mCdFlags; // CodeDirectory flags
- uint32_t mPreserveMetadata; // metadata preservation options
- bool mCdFlagsGiven; // CodeDirectory flags were specified
- CodeDirectory::HashAlgorithm mDigestAlgorithm; // interior digest (hash) algorithm
- std::string mIdentifier; // unique identifier override
- std::string mIdentifierPrefix; // prefix for un-dotted default identifiers
- std::string mTeamID; // teamID
- bool mNoMachO; // override to perform non-Mach-O signing
- bool mDryRun; // dry run (do not change target)
- CFRef<CFNumberRef> mPageSize; // main executable page size
- CFRef<SecIdentityRef> mTimestampAuthentication; // identity for client-side authentication to the Timestamp server
- CFRef<CFURLRef> mTimestampService; // URL for Timestamp server
- bool mWantTimeStamp; // use a Timestamp server
- bool mNoTimeStampCerts; // don't request certificates with timestamping request
-};
-
-
-} // end namespace CodeSigning
-} // end namespace Security
-
-#endif // !_H_CODESIGNER
projects / apple / security.git / blobdiff