1/*
2 * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23
24//
25// codesign - Swiss Army Knife tool for Code Signing operations
26//
27#ifndef _H_CODESIGN
28#define _H_CODESIGN
29
30#include "cs_utils.h"
31#include <Security/Security.h>
32#include <Security/CodeSigning.h>
33#include <Security/SecCodeSigner.h>
34
35
36//
37// Main functions
38//
39
40void prepareToSign();
41void sign(const char *target);
42void prepareToVerify();
43void verify(const char *target);
44void dump(const char *target);
45void hostinginfo(const char *target);
46void procinfo(const char *target);
47void procaction(const char *target);
48
49
50//
51// Program arguments
52//
53static const size_t pagesizeUnspecified = -1;
54extern size_t pagesize;					// signing page size
55extern SecIdentityRef signer;			// signer identity
56extern SecKeychainRef keychain;			// source keychain for signer identity
57extern const char *internalReq;			// internal requirement (raw optarg)
58extern const char *testReq;				// external requirement (raw optarg)
59extern const char *detached;			// detached signature path (to explicit file)
60extern const char *detachedDb;			// reference to detached signature database
61extern const char *entitlements;		// path to entitlement configuration input
62extern const char *resourceRules;		// explicit resource rules template
63extern const char *uniqueIdentifier;	// unique ident hash
64extern const char *identifierPrefix;	// prefix for un-dotted default identifiers
65extern const char *teamID;              // TeamID
66extern const char *modifiedFiles;		// file to receive list of modified files
67extern const char *extractCerts;		// location for extracting signing chain certificates
68extern const char *sdkRoot;				// alternate root for looking up sub-components
69extern SecCSFlags staticVerifyOptions;	// option flags to static verifications
70extern SecCSFlags dynamicVerifyOptions;	// option flags to dynamic verifications
71extern SecCSFlags signOptions;			// option flags to signing operations
72extern uint32_t digestAlgorithm;		// digest algorithm to be used when signing
73extern CFDateRef signingTime;			// explicit signing time option
74extern size_t signatureSize;			// override CMS signature size estimate
75extern uint32_t cdFlags;				// CodeDirectory flags requested
76extern const char *procAction;			// action-on-process(es) requested
77extern Architecture architecture;		// specific binary architecture to process (from a universal file)
78extern const char *bundleVersion;		// specific version string requested (from a versioned bundle)
79extern bool noMachO;					// force non-MachO operation
80extern bool dryrun;						// do not actually change anything
81extern bool allArchitectures;			// process all architectures in a universal (aka fat) code file
82extern bool nested;						// nested code processing (--deep)
83extern CFBooleanRef timestampRequest;	// timestamp request option
84extern bool noTSAcerts;					// Don't request certificates with ts request
85extern const char *tsaURL;				// TimeStamping Authority URL
86extern uint32_t preserveMetadata;		// keep metadata from previous signature (if any)
87
88
89//
90// Configuration constants
91//
92static const unsigned int timestampSlop = 180; // allow 3 minutes between internal and external timestamps
93
94
95#endif //_H_CODESIGN
96