X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/79b9da22a1f4b26279940d285c1bc28ce4e99252..refs/heads/master:/OSX/libsecurity_codesigning/lib/StaticCode.h

diff --git a/OSX/libsecurity_codesigning/lib/StaticCode.h b/OSX/libsecurity_codesigning/lib/StaticCode.h
index 2ca6d7da..ae4cc602 100644
--- a/OSX/libsecurity_codesigning/lib/StaticCode.h
+++ b/OSX/libsecurity_codesigning/lib/StaticCode.h
@@ -107,7 +107,7 @@ public:
 	static SecCode *optionalDynamic(SecStaticCodeRef ref); // extract SecCodeRef or NULL if static
 
 	SecStaticCode(DiskRep *rep, uint32_t flags = 0);
-    virtual ~SecStaticCode() throw();
+    virtual ~SecStaticCode() _NOEXCEPT;
 
     void initializeFromParent(const SecStaticCode& parent);
 
@@ -125,6 +125,7 @@ public:
 	CodeDirectory::HashAlgorithms hashAlgorithms() const { return mHashAlgorithms; }
 	CFDataRef cdHash();
 	CFArrayRef cdHashes();
+	CFDictionaryRef cdHashesFull();
 	CFDataRef signature();
 	CFAbsoluteTime signingTime();
 	CFAbsoluteTime signingTimestamp();
@@ -199,12 +200,12 @@ public:
 	CFDictionaryRef signingInformation(SecCSFlags flags); // omnibus information-gathering API (creates new dictionary)
 
 	static bool isAppleDeveloperCert(CFArrayRef certs); // determines if this is an apple developer certificate for library validation
-#if !TARGET_OS_OSX
     bool trustedSigningCertChain() { return mTrustedSigningCertChain; }
-#endif
 
 	void handleOtherArchitectures(void (^handle)(SecStaticCode* other));
 
+	uint8_t cmsDigestHashType() const { return mCMSDigestHashType; };
+	CFDataRef createCmsDigest();
 public:
 	void staticValidate(SecCSFlags flags, const SecRequirement *req);
 	void staticValidateCore(SecCSFlags flags, const SecRequirement *req);
@@ -228,11 +229,14 @@ private:
 	void validateOtherVersions(CFURLRef path, SecCSFlags flags, SecRequirementRef req, SecStaticCode *code);
 	bool checkfix30814861(string path, bool addition);
 	bool checkfix41082220(OSStatus result);
+	CFArrayRef copyCertChain(SecTrustRef trust);
 
 	ResourceBuilder *mCheckfix30814861builder1;
 	dispatch_once_t mCheckfix30814861builder1_once;
 	
 private:
+	static const uint8_t mCMSDigestHashType = kSecCodeSignatureHashSHA256;
+										// hash of CMS digest (kSecCodeSignatureHash* constant)
 	RefPointer<DiskRep> mRep;			// on-disk representation
 	mutable CodeDirectoryMap mCodeDirectories; // available CodeDirectory blobs by digest type
 	mutable CFRef<CFDataRef> mBaseDir;	// the primary CodeDirectory blob (whether it's chosen or not)
@@ -284,7 +288,8 @@ private:
 	const Requirement *mDesignatedReq;	// cached designated req if we made one up
 	CFRef<CFDataRef> mCDHash;			// hash of chosen CodeDirectory
 	CFRef<CFArrayRef> mCDHashes;		// hashes of all CodeDirectories (in digest type code order)
-	
+	CFRef<CFDictionaryRef> mCDHashFullDict;	// untruncated hashes of CodeDirectories (as dictionary)
+
 	bool mGotResourceBase;				// asked mRep for resourceBasePath
 	CFRef<CFURLRef> mResourceBase;		// URL form of resource base directory
 
@@ -300,11 +305,7 @@ private:
 	// signature verification outcome (mTrust == NULL => not done yet)
 	CFRef<SecTrustRef> mTrust;			// outcome of crypto validation (valid or not)
 	CFRef<CFArrayRef> mCertChain;
-#if TARGET_OS_OSX
-    CSSM_TP_APPLE_EVIDENCE_INFO *mEvalDetails;
-#else
     bool mTrustedSigningCertChain;
-#endif
 
 };