Cradicle Explorer
darling-security
/ OSX / libsecurity_codesigning / lib / SecCodeSigner.cpp
SecCodeSigner.cpp
  1  /*
  2   * Copyright (c) 2006-2012,2014 Apple Inc. All Rights Reserved.
  3   * 
  4   * @APPLE_LICENSE_HEADER_START@
  5   * 
  6   * This file contains Original Code and/or Modifications of Original Code
  7   * as defined in and that are subject to the Apple Public Source License
  8   * Version 2.0 (the 'License'). You may not use this file except in
  9   * compliance with the License. Please obtain a copy of the License at
 10   * http://www.opensource.apple.com/apsl/ and read it before using this
 11   * file.
 12   * 
 13   * The Original Code and all software distributed under the License are
 14   * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 15   * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 16   * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 17   * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 18   * Please see the License for the specific language governing rights and
 19   * limitations under the License.
 20   * 
 21   * @APPLE_LICENSE_HEADER_END@
 22   */
 23  
 24  //
 25  // SecCode - API frame for SecCode objects.
 26  //
 27  // Note that some SecCode* functions take SecStaticCodeRef arguments in order to
 28  // accept either static or dynamic code references, operating on the respective
 29  // StaticCode. Those functions are in SecStaticCode.cpp, not here, despite their name.
 30  //
 31  #include "cs.h"
 32  #include "CodeSigner.h"
 33  #include "cskernel.h"
 34  
 35  using namespace CodeSigning;
 36  
 37  
 38  //
 39  // Parameter keys
 40  //
 41  const CFStringRef kSecCodeSignerApplicationData = CFSTR("application-specific");
 42  const CFStringRef kSecCodeSignerDetached =		CFSTR("detached");
 43  const CFStringRef kSecCodeSignerDigestAlgorithm = CFSTR("digest-algorithm");
 44  const CFStringRef kSecCodeSignerDryRun =		CFSTR("dryrun");
 45  const CFStringRef kSecCodeSignerEntitlements =	CFSTR("entitlements");
 46  const CFStringRef kSecCodeSignerFlags =			CFSTR("flags");
 47  const CFStringRef kSecCodeSignerIdentifier =	CFSTR("identifier");
 48  const CFStringRef kSecCodeSignerIdentifierPrefix = CFSTR("identifier-prefix");
 49  const CFStringRef kSecCodeSignerIdentity =		CFSTR("signer");
 50  const CFStringRef kSecCodeSignerPageSize =		CFSTR("pagesize");
 51  const CFStringRef kSecCodeSignerRequirements =	CFSTR("requirements");
 52  const CFStringRef kSecCodeSignerResourceRules =	CFSTR("resource-rules");
 53  const CFStringRef kSecCodeSignerSDKRoot =		CFSTR("sdkroot");
 54  const CFStringRef kSecCodeSignerSigningTime =	CFSTR("signing-time");
 55  const CFStringRef kSecCodeSignerRequireTimestamp = CFSTR("timestamp-required");
 56  const CFStringRef kSecCodeSignerTimestampServer = CFSTR("timestamp-url");
 57  const CFStringRef kSecCodeSignerTimestampAuthentication = CFSTR("timestamp-authentication");
 58  const CFStringRef kSecCodeSignerTimestampOmitCertificates =	CFSTR("timestamp-omit-certificates");
 59  const CFStringRef kSecCodeSignerPreserveMetadata = CFSTR("preserve-metadata");
 60  const CFStringRef kSecCodeSignerTeamIdentifier =	CFSTR("teamidentifier");
 61  const CFStringRef kSecCodeSignerPlatformIdentifier = CFSTR("platform-identifier");
 62  const CFStringRef kSecCodeSignerRuntimeVersion = CFSTR("runtime-version");
 63  const CFStringRef kSecCodeSignerPreserveAFSC = 	CFSTR("preserve-afsc");
 64  const CFStringRef kSecCodeSignerOmitAdhocFlag =	CFSTR("omit-adhoc-flag");
 65  
 66  // Keys for signature editing
 67  const CFStringRef kSecCodeSignerEditCpuType = 	CFSTR("edit-cpu-type");
 68  const CFStringRef kSecCodeSignerEditCpuSubtype = CFSTR("edit-cpu-subtype");
 69  const CFStringRef kSecCodeSignerEditCMS = 		CFSTR("edit-cms");
 70  
 71  
 72  
 73  //
 74  // CF-standard type code functions
 75  //
 76  CFTypeID SecCodeSignerGetTypeID(void)
 77  {
 78  	BEGIN_CSAPI
 79  	return gCFObjects().CodeSigner.typeID;
 80      END_CSAPI1(_kCFRuntimeNotATypeID)
 81  }
 82  
 83  
 84  //
 85  // Create a signer object
 86  //
 87  OSStatus SecCodeSignerCreate(CFDictionaryRef parameters, SecCSFlags flags,
 88  	SecCodeSignerRef *signerRef)
 89  {
 90  	BEGIN_CSAPI
 91  		
 92  	checkFlags(flags,
 93  		  kSecCSEditSignature
 94  		| kSecCSRemoveSignature
 95  		| kSecCSSignPreserveSignature
 96  		| kSecCSSignNestedCode
 97  		| kSecCSSignOpaque
 98  		| kSecCSSignV1
 99  		| kSecCSSignNoV1
100  		| kSecCSSignBundleRoot
101  		| kSecCSSignStrictPreflight
102          | kSecCSSignGeneratePEH
103  		| kSecCSSignGenerateEntitlementDER);
104  	SecPointer<SecCodeSigner> signer = new SecCodeSigner(flags);
105  	signer->parameters(parameters);
106  	CodeSigning::Required(signerRef) = signer->handle();
107  
108      END_CSAPI
109  }
110  
111  
112  //
113  // Generate a signature
114  //
115  OSStatus SecCodeSignerAddSignature(SecCodeSignerRef signerRef,
116  	SecStaticCodeRef codeRef, SecCSFlags flags)
117  {
118  	return SecCodeSignerAddSignatureWithErrors(signerRef, codeRef, flags, NULL);
119  }
120  
121  OSStatus SecCodeSignerAddSignatureWithErrors(SecCodeSignerRef signerRef,
122  	SecStaticCodeRef codeRef, SecCSFlags flags, CFErrorRef *errors)
123  {
124  	BEGIN_CSAPI
125  	checkFlags(flags,
126  		kSecCSReportProgress
127  	);
128  	SecCodeSigner::required(signerRef)->sign(SecStaticCode::required(codeRef), flags);
129      END_CSAPI_ERRORS
130  }