+++ /dev/null
-/*
- * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
- *
- * @APPLE_LICENSE_HEADER_START@
- *
- * This file contains Original Code and/or Modifications of Original Code
- * as defined in and that are subject to the Apple Public Source License
- * Version 2.0 (the 'License'). You may not use this file except in
- * compliance with the License. Please obtain a copy of the License at
- * http://www.opensource.apple.com/apsl/ and read it before using this
- * file.
- *
- * The Original Code and all software distributed under the License are
- * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
- * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
- * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
- * Please see the License for the specific language governing rights and
- * limitations under the License.
- *
- * @APPLE_LICENSE_HEADER_END@
- */
-
-//
-// signer - Signing operation supervisor and controller
-//
-#ifndef _H_SIGNER
-#define _H_SIGNER
-
-#include "CodeSigner.h"
-#include "cdbuilder.h"
-#include "signerutils.h"
-#include "StaticCode.h"
-#include <security_utilities/utilities.h>
-
-namespace Security {
-namespace CodeSigning {
-
-
-//
-// The signer driver class.
-// This is a workflow object, containing all the data needed for the various
-// signing stages to cooperate. It is not meant to be API visible; that is
-// SecCodeSigner's job.
-//
-class SecCodeSigner::Signer {
-public:
- Signer(SecCodeSigner &s, SecStaticCode *c) : state(s), code(c), requirements(NULL)
- { strict = state.signingFlags() & kSecCSSignStrictPreflight; }
- ~Signer() { ::free((Requirements *)requirements); }
-
- void sign(SecCSFlags flags);
- void remove(SecCSFlags flags);
-
- SecCodeSigner &state;
- SecStaticCode * const code;
-
- CodeDirectory::HashAlgorithm digestAlgorithm() const { return state.mDigestAlgorithm; }
-
- std::string path() const { return cfString(rep->copyCanonicalPath()); }
- SecIdentityRef signingIdentity() const { return state.mSigner; }
- std::string signingIdentifier() const { return identifier; }
-
-protected:
- void prepare(SecCSFlags flags); // set up signing parameters
- void signMachO(Universal *fat, const Requirement::Context &context); // sign a Mach-O binary
- void signArchitectureAgnostic(const Requirement::Context &context); // sign anything else
-
- void populate(DiskRep::Writer &writer); // global
- void populate(CodeDirectory::Builder &builder, DiskRep::Writer &writer,
- InternalRequirements &ireqs, size_t offset = 0, size_t length = 0); // per-architecture
- CFDataRef signCodeDirectory(const CodeDirectory *cd);
-
- uint32_t cdTextFlags(std::string text); // convert text CodeDirectory flags
- std::string uniqueName() const; // derive unique string from rep
-
-protected:
- void buildResources(std::string root, std::string relBase, CFDictionaryRef rules);
- CFMutableDictionaryRef signNested(FTSENT *ent, const char *relpath);
- CFDataRef hashFile(const char *path);
-
-private:
- RefPointer<DiskRep> rep; // DiskRep of Code being signed
- CFRef<CFDictionaryRef> resourceDirectory; // resource directory
- CFRef<CFDataRef> resourceDictData; // XML form of resourceDirectory
- std::string identifier; // signing identifier
- std::string teamID; // team identifier
- CFRef<CFDataRef> entitlements; // entitlements
- uint32_t cdFlags; // CodeDirectory flags
- const Requirements *requirements; // internal requirements ready-to-use
- size_t pagesize; // size of main executable pages
- CFAbsoluteTime signingTime; // signing time for CMS signature (0 => none)
- bool strict; // strict validation
-};
-
-
-} // end namespace CodeSigning
-} // end namespace Security
-
-#endif // !_H_CODESIGNER
projects / apple / security.git / blobdiff