X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_codesigning/lib/CodeSigner.h?ds=sidebyside diff --git a/Security/libsecurity_codesigning/lib/CodeSigner.h b/Security/libsecurity_codesigning/lib/CodeSigner.h new file mode 100644 index 00000000..be888dbd --- /dev/null +++ b/Security/libsecurity_codesigning/lib/CodeSigner.h @@ -0,0 +1,103 @@ +/* + * Copyright (c) 2006-2012,2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ + +// +// CodeSigner - SecCodeSigner API objects +// +#ifndef _H_CODESIGNER +#define _H_CODESIGNER + +#include "cs.h" +#include "StaticCode.h" +#include "cdbuilder.h" +#include +#include + +namespace Security { +namespace CodeSigning { + + +// +// A SecCode object represents running code in the system. It must be subclassed +// to implement a particular notion of code. +// +class SecCodeSigner : public SecCFObject, public DiskRep::SigningContext { + NOCOPY(SecCodeSigner) +public: + class Parser; + class Signer; + +public: + SECCFFUNCTIONS(SecCodeSigner, SecCodeSignerRef, errSecCSInvalidObjectRef, gCFObjects().CodeSigner) + + SecCodeSigner(SecCSFlags flags); + virtual ~SecCodeSigner() throw(); + + void parameters(CFDictionaryRef args); // parse and set parameters + bool valid() const; + + std::string getTeamIDFromSigner(CFArrayRef certs); + + void sign(SecStaticCode *code, SecCSFlags flags); + void remove(SecStaticCode *code, SecCSFlags flags); + + void returnDetachedSignature(BlobCore *blob, Signer &signer); + +protected: + std::string sdkPath(const std::string &path) const; + bool isAdhoc() const; + SecCSFlags signingFlags() const; + +private: + // parsed parameter set + SecCSFlags mOpFlags; // operation flags + CFRef mSigner; // signing identity + CFRef mDetached; // detached-signing information (NULL => attached) + CFRef mResourceRules; // explicit resource collection rules (override) + CFRef mSigningTime; // signing time desired (kCFNull for none) + CFRef mApplicationData; // contents of application slot + CFRef mEntitlementData; // entitlement configuration data + CFRef mSDKRoot; // substitute filesystem root for sub-component lookup + CFRef mRequirements; // internal code requirements + size_t mCMSSize; // size estimate for CMS blob + uint32_t mCdFlags; // CodeDirectory flags + uint32_t mPreserveMetadata; // metadata preservation options + bool mCdFlagsGiven; // CodeDirectory flags were specified + CodeDirectory::HashAlgorithm mDigestAlgorithm; // interior digest (hash) algorithm + std::string mIdentifier; // unique identifier override + std::string mIdentifierPrefix; // prefix for un-dotted default identifiers + std::string mTeamID; // teamID + bool mNoMachO; // override to perform non-Mach-O signing + bool mDryRun; // dry run (do not change target) + CFRef mPageSize; // main executable page size + CFRef mTimestampAuthentication; // identity for client-side authentication to the Timestamp server + CFRef mTimestampService; // URL for Timestamp server + bool mWantTimeStamp; // use a Timestamp server + bool mNoTimeStampCerts; // don't request certificates with timestamping request +}; + + +} // end namespace CodeSigning +} // end namespace Security + +#endif // !_H_CODESIGNER