1/* 2 * Copyright (c) 2006-2007 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24// 25// reqinterp - Requirement language (exprOp) interpreter 26// 27#ifndef _H_REQINTERP 28#define _H_REQINTERP 29 30#include <security_codesigning/reqreader.h> 31#include <Security/SecTrustSettings.h> 32#include <security_cdsa_utilities/cssmdata.h> // CssmOid 33 34namespace Security { 35namespace CodeSigning { 36 37 38// 39// An interpreter for exprForm-type requirements. 40// This is a simple Polish Notation stack evaluator. 41// 42class Requirement::Interpreter : public Requirement::Reader { 43public: 44 Interpreter(const Requirement *req, const Context *ctx) : Reader(req), mContext(ctx) { } 45 46 bool evaluate(); 47 48protected: 49 class Match { 50 public: 51 Match(Interpreter &interp); // reads match postfix from interp 52 Match(CFStringRef value, MatchOperation op) : mValue(value), mOp(op) { } // explicit 53 Match() : mValue(NULL), mOp(matchExists) { } // explict test for presence 54 bool operator () (CFTypeRef candidate) const; // match to candidate 55 56 protected: 57 bool inequality(CFTypeRef candidate, CFStringCompareFlags flags, CFComparisonResult outcome, bool negate) const; 58 59 private: 60 CFCopyRef<CFStringRef> mValue; // match value 61 MatchOperation mOp; // type of match 62 }; 63 64protected: 65 bool infoKeyValue(const std::string &key, const Match &match); 66 bool entitlementValue(const std::string &key, const Match &match); 67 bool certFieldValue(const string &key, const Match &match, SecCertificateRef cert); 68 bool certFieldGeneric(const string &key, const Match &match, SecCertificateRef cert); 69 bool certFieldGeneric(const CssmOid &oid, const Match &match, SecCertificateRef cert); 70 bool certFieldPolicy(const string &key, const Match &match, SecCertificateRef cert); 71 bool certFieldPolicy(const CssmOid &oid, const Match &match, SecCertificateRef cert); 72 bool verifyAnchor(SecCertificateRef cert, const unsigned char *digest); 73 bool appleSigned(); 74 bool appleAnchored(); 75 bool trustedCerts(); 76 bool trustedCert(int slot); 77 78 static SecTrustSettingsResult trustSetting(SecCertificateRef cert, bool isAnchor); 79 80private: 81 const Context * const mContext; 82}; 83 84 85} // CodeSigning 86} // Security 87 88#endif //_H_REQINTERP 89