X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/72a12576750f52947eb043106ba5c12c0d07decf..b1ab9ed8d0e0f1c3b66d7daa8fd5564444c56195:/libsecurity_cdsa_utilities/lib/osxverifier.h diff --git a/libsecurity_cdsa_utilities/lib/osxverifier.h b/libsecurity_cdsa_utilities/lib/osxverifier.h new file mode 100644 index 00000000..a431c338 --- /dev/null +++ b/libsecurity_cdsa_utilities/lib/osxverifier.h @@ -0,0 +1,93 @@ +/* + * Copyright (c) 2000-2001 Apple Computer, Inc. All Rights Reserved. + * + * The contents of this file constitute Original Code as defined in and are + * subject to the Apple Public Source License Version 1.2 (the 'License'). + * You may not use this file except in compliance with the License. Please obtain + * a copy of the License at http://www.apple.com/publicsource and read it before + * using this file. + * + * This Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS + * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT + * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR + * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the + * specific language governing rights and limitations under the License. + */ + + +// +// osxsigner - MacOS X's standard code signing algorithm. +// +#ifndef _H_OSXVERIFIER +#define _H_OSXVERIFIER + +#include +#include +#include +#include +#include +#include +#include + +namespace Security { + + +// +// A standard OS X style signature verifier. +// This encapsulates the different modes of signing/verifying currently +// supported. It knows nothing about the way this is represented in +// keychain access control lists; this knowledge resides exclusively +// in acl_codesigning. +// +class OSXVerifier { +public: + static const size_t legacyHashLimit = 16 * 1024; + static const uint32_t commentAlignment = 4; + +public: + // make a Verifier from a code reference object + OSXVerifier(OSXCode *code); // makes both legacy hash and SecRequirement + OSXVerifier(const SHA1::Byte *hash, const std::string &path); // just hash + ~OSXVerifier(); + + // components + const unsigned char *legacyHash() const { return mLegacyHash; } + std::string path() const { return mPath; } + SecRequirementRef requirement() const { return mRequirement; } + +public: + // handle other (not explicitly understood) information in the verifier + class AuxMap : public std::map { + public: + AuxMap() { } + AuxMap(const AuxMap &src); + ~AuxMap(); + }; + + AuxMap::const_iterator beginAux() const { return mAuxiliary.begin(); } + AuxMap::const_iterator endAux() const { return mAuxiliary.end(); } + + void add(const BlobCore *info); + const BlobCore *find(BlobCore::Magic magic); + + template + static const BlobType *find() + { return static_cast(find(BlobType::typeMagic)); } + +public: + static void makeLegacyHash(OSXCode *code, SHA1::Digest digest); + + IFDUMP(void dump() const); + +private: + SHA1::Digest mLegacyHash; // legacy page hash + std::string mPath; // path to originating code (comment) + CFCopyRef mRequirement; // CS-style requirement + AuxMap mAuxiliary; // other data (does not include mRequirement) +}; + +} // end namespace Security + + +#endif //_H_OSXVERIFIER