1#include "SecManifest.h" 2#include <security_utilities/security_utilities.h> 3#include "Manifest.h" 4#include <security_utilities/seccfobject.h> 5#include <security_cdsa_utilities/cssmbridge.h> 6#include <../sec/Security/SecBase.h> 7/* 8 * Copyright (c) 2004 Apple Computer, Inc. All Rights Reserved. 9 * 10 * @APPLE_LICENSE_HEADER_START@ 11 * 12 * This file contains Original Code and/or Modifications of Original Code 13 * as defined in and that are subject to the Apple Public Source License 14 * Version 2.0 (the 'License'). You may not use this file except in 15 * compliance with the License. Please obtain a copy of the License at 16 * http://www.opensource.apple.com/apsl/ and read it before using this 17 * file. 18 * 19 * The Original Code and all software distributed under the License are 20 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 21 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 22 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 23 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 24 * Please see the License for the specific language governing rights and 25 * limitations under the License. 26 * 27 * @APPLE_LICENSE_HEADER_END@ 28 */ 29 30#define API_BEGIN \ 31 try { 32 33#define API_END \ 34 } \ 35 catch (const MacOSError &err) { return err.osStatus(); } \ 36 catch (const std::bad_alloc &) { return errSecAllocate; } \ 37 catch (...) { return errSecInternalComponent; } \ 38 return errSecSuccess; 39 40#define API_END_GENERIC_CATCH } catch (...) { return; } 41 42#define API_END_ERROR_CATCH(bad) } catch (...) { return bad; } 43 44 45 46OSStatus SecManifestGetVersion (UInt32 *version) 47{ 48 secdebug ("manifest", "SecManifestGetVersion"); 49 *version = 0x01000000; 50 return errSecSuccess; 51} 52 53 54 55OSStatus SecManifestCreate(SecManifestRef *manifest) 56{ 57 API_BEGIN 58 59 Manifest* manifestPtr = new Manifest (); 60 *manifest = (SecManifestRef) manifestPtr; 61 62 secdebug ("manifest", "SecManifestCreate(%p)", manifest); 63 64 API_END 65} 66 67 68 69void SecManifestRelease (SecManifestRef manifest) 70{ 71 delete (Manifest*) manifest; 72} 73 74 75 76static const char* GetDescription (CFTypeRef object) 77{ 78 return CFStringGetCStringPtr (CFCopyDescription (object), kCFStringEncodingMacRoman); 79} 80 81 82 83OSStatus SecManifestVerifySignature (CFDataRef data, 84 SecManifestTrustSetupCallback setupCallback, 85 void* setupContext, 86 SecManifestTrustEvaluateCallback evaluateCallback, 87 void* evaluateContext, 88 SecManifestRef *manifest) 89{ 90 return SecManifestVerifySignatureWithPolicy (data, setupCallback, setupContext, evaluateCallback, 91 evaluateContext, NULL, manifest); 92} 93 94 95 96OSStatus SecManifestVerifySignatureWithPolicy (CFDataRef data, 97 SecManifestTrustSetupCallback setupCallback, 98 void* setupContext, 99 SecManifestTrustEvaluateCallback evaluateCallback, 100 void* evaluateContext, 101 SecPolicyRef policyRef, 102 SecManifestRef *manifest) 103{ 104 API_BEGIN 105 106 secdebug ("manifest", "SecManifestVerifySignature (%s, %p, %p, %p, %p)", GetDescription (data), setupCallback, setupContext, evaluateCallback, evaluateContext); 107 108 Required (setupCallback); 109 Required (evaluateCallback); 110 111 Manifest* mp = new Manifest (); 112 113 // make a temporary manifest for this operation 114 Manifest tm; 115 tm.MakeSigner (kAppleSigner); 116 117 try 118 { 119 120 tm.GetSigner ()->Verify (data, setupCallback, setupContext, evaluateCallback, evaluateContext, 121 policyRef, manifest == NULL ? NULL : &mp->GetManifestInternal ()); 122 if (manifest == NULL) 123 { 124 delete mp; 125 } 126 else 127 { 128 *manifest = (SecManifestRef) mp; 129 } 130 } 131 catch (...) 132 { 133 delete mp; 134 throw; 135 } 136 137 API_END 138} 139 140 141 142OSStatus SecManifestCreateSignature(SecManifestRef manifest, UInt32 options, CFDataRef *data) 143{ 144 API_BEGIN 145 146 secdebug ("manifest", "SecManifestCreateSignature(%p, %ul, %p)", manifest, (unsigned int) options, data); 147 Manifest* manifestPtr = (Manifest*) manifest; 148 149 if (options != 0) 150 { 151 return errSecUnimplemented; 152 } 153 154 // check to see if there is a serializer present 155 const ManifestSigner* signer = manifestPtr->GetSigner (); 156 157 if (signer == NULL) // no serializer? 158 { 159 manifestPtr->MakeSigner (kAppleSigner); 160 } 161 162 *data = manifestPtr->GetSigner ()->Export (manifestPtr->GetManifestInternal ()); 163 164 API_END 165} 166 167 168 169OSStatus SecManifestAddObject(SecManifestRef manifest, CFTypeRef object, CFArrayRef exceptionList) 170{ 171 API_BEGIN 172 173 secdebug ("manifest", "SecManifestAddObject(%p), %s, %s", 174 manifest, GetDescription (object), 175 exceptionList ? GetDescription (exceptionList) : "NULL"); 176 177 Manifest* manifestPtr = (Manifest*) manifest; 178 manifestPtr->GetManifestInternal ().GetItemList ().AddObject (object, exceptionList); 179 180 API_END 181} 182 183 184 185OSStatus SecManifestCompare(SecManifestRef manifest1, SecManifestRef manifest2, SecManifestCompareOptions options) 186{ 187 API_BEGIN 188 189 secdebug ("manifest", "SecManifestVerify(%p, %p, %d)", manifest1, manifest2, (int) options); 190 191 ManifestInternal &m1 = ((Manifest*) (manifest1))->GetManifestInternal (); 192 ManifestInternal &m2 = ((Manifest*) (manifest2))->GetManifestInternal (); 193 194 ManifestInternal::CompareManifests (m1, m2, options); 195 196 API_END 197} 198 199 200 201OSStatus SecManifestAddSigner(SecManifestRef manifest, SecIdentityRef identity) 202{ 203 API_BEGIN 204 205 secdebug ("manifest", "SecManifestAddSigner(%p, %p)", manifest, identity); 206 Manifest* manifestPtr = (Manifest*) (manifest); 207 208 // check to see if there is a serializer present 209 const ManifestSigner* signer = manifestPtr->GetSigner (); 210 211 if (signer == NULL) // no serializer? 212 { 213 manifestPtr->MakeSigner (kAppleSigner); 214 } 215 216 manifestPtr->GetSigner ()->AddSigner (identity); 217 218 API_END 219} 220 221 222 223