1/* 2 * Copyright (c) 2000-2001,2011,2013-2014 Apple Inc. All Rights Reserved. 3 * 4 * The contents of this file constitute Original Code as defined in and are 5 * subject to the Apple Public Source License Version 1.2 (the 'License'). 6 * You may not use this file except in compliance with the License. Please obtain 7 * a copy of the License at http://www.apple.com/publicsource and read it before 8 * using this file. 9 * 10 * This Original Code and all software distributed under the License are 11 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS 12 * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT 13 * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 14 * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the 15 * specific language governing rights and limitations under the License. 16 */ 17 18 19// 20// osxsigner - MacOS X's standard code signing algorithm. 21// 22#ifndef _H_OSXVERIFIER 23#define _H_OSXVERIFIER 24 25#include <security_utilities/hashing.h> 26#include <security_utilities/osxcode.h> 27#include <security_utilities/blob.h> 28#include <security_cdsa_utilities/cssmdata.h> 29#include <Security/CodeSigning.h> 30#include <string> 31#include <map> 32 33namespace Security { 34 35 36// 37// A standard OS X style signature verifier. 38// This encapsulates the different modes of signing/verifying currently 39// supported. It knows nothing about the way this is represented in 40// keychain access control lists; this knowledge resides exclusively 41// in acl_codesigning. 42// 43class OSXVerifier { 44public: 45 static const size_t legacyHashLimit = 16 * 1024; 46 static const uint32_t commentAlignment = 4; 47 48public: 49 // make a Verifier from a code reference object 50 OSXVerifier(OSXCode *code); // makes both legacy hash and SecRequirement 51 OSXVerifier(const SHA1::Byte *hash, const std::string &path); // just hash 52 ~OSXVerifier(); 53 54 // components 55 const unsigned char *legacyHash() const { return mLegacyHash; } 56 const std::string& path() const { return mPath; } 57 SecRequirementRef requirement() const { return mRequirement; } 58 59public: 60 // handle other (not explicitly understood) information in the verifier 61 class AuxMap : public std::map<BlobCore::Magic, BlobCore *> { 62 public: 63 AuxMap() { } 64 AuxMap(const AuxMap &src); 65 ~AuxMap(); 66 }; 67 68 AuxMap::const_iterator beginAux() const { return mAuxiliary.begin(); } 69 AuxMap::const_iterator endAux() const { return mAuxiliary.end(); } 70 71 void add(const BlobCore *info); 72 const BlobCore *find(BlobCore::Magic magic); 73 74 template <class BlobType> 75 static const BlobType *find() 76 { return static_cast<BlobType *>(find(BlobType::typeMagic)); } 77 78public: 79 static void makeLegacyHash(OSXCode *code, SHA1::Digest digest); 80 81 IFDUMP(void dump() const); 82 83private: 84 SHA1::Digest mLegacyHash; // legacy page hash 85 std::string mPath; // path to originating code (comment) 86 CFCopyRef<SecRequirementRef> mRequirement; // CS-style requirement 87 AuxMap mAuxiliary; // other data (does not include mRequirement) 88}; 89 90} // end namespace Security 91 92 93#endif //_H_OSXVERIFIER 94