/*
 * Copyright (c) 2006-2012,2014 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

//
// CodeSigner - SecCodeSigner API objects
//
#ifndef _H_CODESIGNER
#define _H_CODESIGNER

#include "cs.h"
#include "StaticCode.h"
#include "cdbuilder.h"
#include <Security/SecIdentity.h>
#include <security_utilities/utilities.h>

namespace Security {
namespace CodeSigning {


//
// A SecCode object represents running code in the system. It must be subclassed
// to implement a particular notion of code.
//
class SecCodeSigner : public SecCFObject, public DiskRep::SigningContext {
	NOCOPY(SecCodeSigner)
public:
	class Parser;
	class Signer;

public:
	SECCFFUNCTIONS(SecCodeSigner, SecCodeSignerRef, errSecCSInvalidObjectRef, gCFObjects().CodeSigner)

	SecCodeSigner(SecCSFlags flags);
    virtual ~SecCodeSigner() throw();
	
	void parameters(CFDictionaryRef args);	// parse and set parameters
	bool valid() const;
    
	std::string getTeamIDFromSigner(CFArrayRef certs);
	
	void sign(SecStaticCode *code, SecCSFlags flags);
	void remove(SecStaticCode *code, SecCSFlags flags);
	
	void returnDetachedSignature(BlobCore *blob, Signer &signer);

protected:
	std::string sdkPath(const std::string &path) const;
	bool isAdhoc() const;
	SecCSFlags signingFlags() const;
	
private:
	// parsed parameter set
	SecCSFlags mOpFlags;			// operation flags
	CFRef<SecIdentityRef> mSigner;	// signing identity
	CFRef<CFTypeRef> mDetached;		// detached-signing information (NULL => attached)
	CFRef<CFDictionaryRef> mResourceRules; // explicit resource collection rules (override)
	CFRef<CFDateRef> mSigningTime;	// signing time desired (kCFNull for none)
	CFRef<CFDataRef> mApplicationData; // contents of application slot
	CFRef<CFDataRef> mEntitlementData; // entitlement configuration data
	CFRef<CFURLRef> mSDKRoot;		// substitute filesystem root for sub-component lookup
	CFRef<CFTypeRef> mRequirements; // internal code requirements
	size_t mCMSSize;				// size estimate for CMS blob
	uint32_t mCdFlags;				// CodeDirectory flags
	uint32_t mPreserveMetadata;		// metadata preservation options
	bool mCdFlagsGiven;				// CodeDirectory flags were specified
	CodeDirectory::HashAlgorithm mDigestAlgorithm; // interior digest (hash) algorithm
	std::string mIdentifier;		// unique identifier override
	std::string mIdentifierPrefix;	// prefix for un-dotted default identifiers
	std::string mTeamID;            // teamID
	bool mNoMachO;					// override to perform non-Mach-O signing
	bool mDryRun;					// dry run (do not change target)
	CFRef<CFNumberRef> mPageSize;	// main executable page size
	CFRef<SecIdentityRef> mTimestampAuthentication;	// identity for client-side authentication to the Timestamp server
	CFRef<CFURLRef> mTimestampService;		// URL for Timestamp server
    bool mWantTimeStamp;          // use a Timestamp server
    bool mNoTimeStampCerts;       // don't request certificates with timestamping request
};


} // end namespace CodeSigning
} // end namespace Security

#endif // !_H_CODESIGNER