1/* 2 * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 24// 25// codesign - Swiss Army Knife tool for Code Signing operations 26// 27#ifndef _H_CODESIGN 28#define _H_CODESIGN 29 30#include "cs_utils.h" 31#include <Security/Security.h> 32#include <Security/CodeSigning.h> 33#include <Security/SecCodeSigner.h> 34 35 36// 37// Main functions 38// 39 40void prepareToSign(); 41void sign(const char *target); 42void prepareToVerify(); 43void verify(const char *target); 44void dump(const char *target); 45void hostinginfo(const char *target); 46void procinfo(const char *target); 47void procaction(const char *target); 48 49 50// 51// Program arguments 52// 53static const size_t pagesizeUnspecified = -1; 54extern size_t pagesize; // signing page size 55extern SecIdentityRef signer; // signer identity 56extern SecKeychainRef keychain; // source keychain for signer identity 57extern const char *internalReq; // internal requirement (raw optarg) 58extern const char *testReq; // external requirement (raw optarg) 59extern const char *detached; // detached signature path (to explicit file) 60extern const char *detachedDb; // reference to detached signature database 61extern const char *entitlements; // path to entitlement configuration input 62extern const char *resourceRules; // explicit resource rules template 63extern const char *uniqueIdentifier; // unique ident hash 64extern const char *identifierPrefix; // prefix for un-dotted default identifiers 65extern const char *teamID; // TeamID 66extern const char *modifiedFiles; // file to receive list of modified files 67extern const char *extractCerts; // location for extracting signing chain certificates 68extern const char *sdkRoot; // alternate root for looking up sub-components 69extern SecCSFlags staticVerifyOptions; // option flags to static verifications 70extern SecCSFlags dynamicVerifyOptions; // option flags to dynamic verifications 71extern SecCSFlags signOptions; // option flags to signing operations 72extern uint32_t digestAlgorithm; // digest algorithm to be used when signing 73extern CFDateRef signingTime; // explicit signing time option 74extern size_t signatureSize; // override CMS signature size estimate 75extern uint32_t cdFlags; // CodeDirectory flags requested 76extern const char *procAction; // action-on-process(es) requested 77extern Architecture architecture; // specific binary architecture to process (from a universal file) 78extern const char *bundleVersion; // specific version string requested (from a versioned bundle) 79extern bool noMachO; // force non-MachO operation 80extern bool dryrun; // do not actually change anything 81extern bool allArchitectures; // process all architectures in a universal (aka fat) code file 82extern bool nested; // nested code processing (--deep) 83extern CFBooleanRef timestampRequest; // timestamp request option 84extern bool noTSAcerts; // Don't request certificates with ts request 85extern const char *tsaURL; // TimeStamping Authority URL 86extern uint32_t preserveMetadata; // keep metadata from previous signature (if any) 87 88 89// 90// Configuration constants 91// 92static const unsigned int timestampSlop = 180; // allow 3 minutes between internal and external timestamps 93 94 95#endif //_H_CODESIGN 96