-/*
- * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-//
-// cs.h - code signing core header
-//
-#ifndef _H_CS
-#define _H_CS
-
-#include "cserror.h"
-#include "codesigning_dtrace.h"
-#include <Security/CSCommonPriv.h>
-#include <Security/SecCodePriv.h>
-#include <Security/SecStaticCodePriv.h>
-#include <Security/SecRequirementPriv.h>
-#include <Security/SecCodeSigner.h>
-#include <Security/SecBasePriv.h>
-#include <security_utilities/globalizer.h>
-#include <security_utilities/seccfobject.h>
-#include <security_utilities/cfclass.h>
-#include <security_utilities/errors.h>
-#include <security_utilities/sqlite++.h>
-#include <security_utilities/cfutilities.h>
-
-
-namespace Security {
-namespace CodeSigning {
-
-
-//
-// API per-thread globals
-//
-struct PerThread {
- SecCSFlags flags; // flags of pending API call
-};
-
-
-//
-// API globals
-//
-struct CFObjects {
- CFObjects();
- CFClass Code;
- CFClass StaticCode;
- CFClass Requirement;
- CFClass CodeSigner;
-
- ThreadNexus<PerThread> perThread;
-
- SecCSFlags &flags() { return perThread().flags; }
-};
-
-extern ModuleNexus<CFObjects> gCFObjects;
-
-static inline SecCSFlags apiFlags() { return gCFObjects().flags(); }
-
-OSStatus dbError(const SQLite3::Error &err);
-
-
-//
-// Code Signing API brackets
-//
-#define BEGIN_CSAPI \
- try {
-
-#define END_CSAPI \
- } \
- catch (const UnixError &err) { \
- switch (err.error) { \
- case ENOEXEC: return errSecCSBadObjectFormat; \
- default: return err.osStatus(); \
- }} \
- catch (const MacOSError &err) { return err.osStatus(); } \
- catch (const SQLite3::Error &err) { return dbError(err); } \
- catch (const CommonError &err) { return SecKeychainErrFromOSStatus(err.osStatus()); } \
- catch (const std::bad_alloc &) { return errSecAllocate; } \
- catch (...) { return errSecCSInternalError; } \
- return errSecSuccess;
-
-#define END_CSAPI_ERRORS \
- } \
- catch (const CSError &err) { return err.cfError(errors); } \
- catch (const UnixError &err) { \
- switch (err.error) { \
- case ENOEXEC: return CSError::cfError(errors, errSecCSBadObjectFormat); \
- default: return CSError::cfError(errors, err.osStatus()); \
- }} \
- catch (const MacOSError &err) { return CSError::cfError(errors, err.osStatus()); } \
- catch (const SQLite3::Error &err) { return CSError::cfError(errors, dbError(err)); } \
- catch (const CommonError &err) { return CSError::cfError(errors, SecKeychainErrFromOSStatus(err.osStatus())); } \
- catch (const std::bad_alloc &) { return CSError::cfError(errors, errSecAllocate); } \
- catch (...) { return CSError::cfError(errors, errSecCSInternalError); } \
- return errSecSuccess;
-
-#define END_CSAPI1(bad) } catch (...) { return bad; }
-
-
-#define END_CSAPI_ERRORS1(bad) \
- } \
- catch (const CSError &err) { err.cfError(errors); } \
- catch (const UnixError &err) { \
- switch (err.error) { \
- case ENOEXEC: CSError::cfError(errors, errSecCSBadObjectFormat); \
- default: CSError::cfError(errors, err.osStatus()); \
- }} \
- catch (const MacOSError &err) { CSError::cfError(errors, err.osStatus()); } \
- catch (const SQLite3::Error &err) { CSError::cfError(errors, dbError(err)); } \
- catch (const CommonError &err) { CSError::cfError(errors, SecKeychainErrFromOSStatus(err.osStatus())); } \
- catch (const std::bad_alloc &) { CSError::cfError(errors, errSecAllocate); } \
- catch (...) { CSError::cfError(errors, errSecCSInternalError); } \
- return bad;
-
-
-//
-// A version of CodeSigning::Required
-//
-template <class T>
-static inline T &Required(T *ptr)
-{
- if (ptr == NULL)
- MacOSError::throwMe(errSecCSObjectRequired);
- return *ptr;
-}
-
-static inline void Required(const void *ptr)
-{
- if (ptr == NULL)
- MacOSError::throwMe(errSecCSObjectRequired);
-}
-
-
-//
-// Check flags against a validity mask
-//
-static inline void checkFlags(SecCSFlags flags, SecCSFlags acceptable = 0)
-{
- if (flags & ~acceptable)
- MacOSError::throwMe(errSecCSInvalidFlags);
- gCFObjects().flags() = flags;
-}
-
-
-//
-// DTrace USDT function bracket.
-// Use like this:
-// DTRACK(PROVIDER_PROBE_PREFIX, arguments-after-this);
-// which will call
-// PROVIDER_PROBE_PREFIX_START(this, arguments-after-this)
-// and
-// PROVIDER_PROBE_PREFIX_END(this)
-//
-#define DTRACK(_prefix, _obj, _args...) \
- if (_prefix ## _START_ENABLED()) _prefix ## _START((_obj), ## _args); \
- struct _DTFrame ## _prefix { void *me; \
- _DTFrame ## _prefix(void *m) : me(m) { } \
- ~_DTFrame ## _prefix() { _prefix ## _END(me); } \
- } _dtframe##_prefix((_obj));
-
-
-} // CodeSigning
-} // Security
-
-#endif //_H_CS
projects / apple / security.git / blobdiff