2 * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 // csproxy - Code Signing Hosting Proxy
31 #include <security_utilities/cfutilities.h>
32 #include <security_cdsa_utilities/handleobject.h>
33 #include <security_utilities/mach++.h>
34 #include <security_utilities/machserver.h>
35 #include <security_cdsa_utilities/cssmdata.h>
36 #include <Security/SecCodeHost.h>
40 using MachPlusPlus::Port
;
41 using MachPlusPlus::MachServer
;
45 // CodeSigningHost is a mix-in for an object representing a primary
46 // Code Signing host object. It performs two notionally separate functions:
47 // (1) Register a hosting port.
48 // (2) Optionally, maintain a guest registry to offload the host's work.
50 class CodeSigningHost
: private MachServer::Handler
{
57 noHosting
, // is not a host (yet), could go either way
58 dynamicHosting
, // gave us its own hosting port to keep
59 proxyHosting
// we act as a proxy for it
63 strict
, // direct guest relationship required
64 loose
// indirect or identity is okay (prefix check)
67 struct Guest
: public RefCount
, public HandleObject
{
70 std::vector
<SecGuestRef
> guestPath
; // guest chain to this guest
71 uint32_t status
; // dynamic status
72 std::string path
; // canonical code path
73 CFRef
<CFDictionaryRef
> attributes
; // matching attributes set
74 bool dedicated
; // host is dedicated (and this is the only guest)
76 operator bool() const { return attributes
; } // exists
77 SecGuestRef
guestRef() const { return handle(); }
78 void setAttributes(const CssmData
&attrData
);
80 bool isGuestOf(Guest
*host
, GuestCheck check
) const;
81 bool matches(CFIndex count
, CFTypeRef keys
[], CFTypeRef values
[]) const;
83 IFDUMP(void dump() const);
86 void registerCodeSigning(mach_port_t hostingPort
, SecCSFlags flags
);
87 Port
hostingPort() const { return mHostingPort
; }
89 SecGuestRef
createGuest(SecGuestRef guest
,
90 uint32_t status
, const char *path
, const CssmData
&attributes
, SecCSFlags flags
);
91 void setGuestStatus(SecGuestRef guest
, uint32_t status
, const CssmData
&attributes
);
92 void removeGuest(SecGuestRef host
, SecGuestRef guest
);
94 Guest
*findHost(SecGuestRef hostRef
); // find most dedicated guest of this host
95 Guest
*findGuest(Guest
*host
, const CssmData
&attrData
); // by host and attributes
96 Guest
*findGuest(SecGuestRef guestRef
, bool hostOk
= false); // by guest reference
97 Guest
*findGuest(Guest
*host
); // any guest of this host
99 IFDUMP(void dump() const);
102 boolean_t
handle(mach_msg_header_t
*in
, mach_msg_header_t
*out
);
103 void eraseGuest(Guest
*guest
);
106 // host port registry
107 HostingState mHostingState
; // status of hosting support
108 Port mHostingPort
; // his or ours or NULL
110 // guest map (only used if mHostingState == proxyHosting)
111 typedef std::map
<SecGuestRef
, RefPointer
<Guest
> > GuestMap
;
projects / apple / securityd.git / blob