Cradicle Explorer
darling-security
/ OSX / libsecurity_keychain / lib / SecTrustedApplication.cpp
SecTrustedApplication.cpp
  1  /*
  2   * Copyright (c) 2002-2004,2011-2014 Apple Inc. All Rights Reserved.
  3   *
  4   * @APPLE_LICENSE_HEADER_START@
  5   * 
  6   * This file contains Original Code and/or Modifications of Original Code
  7   * as defined in and that are subject to the Apple Public Source License
  8   * Version 2.0 (the 'License'). You may not use this file except in
  9   * compliance with the License. Please obtain a copy of the License at
 10   * http://www.opensource.apple.com/apsl/ and read it before using this
 11   * file.
 12   * 
 13   * The Original Code and all software distributed under the License are
 14   * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 15   * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 16   * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 17   * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 18   * Please see the License for the specific language governing rights and
 19   * limitations under the License.
 20   * 
 21   * @APPLE_LICENSE_HEADER_END@
 22   */
 23  
 24  #include <Security/SecTrustedApplicationPriv.h>
 25  #include <security_keychain/TrustedApplication.h>
 26  #include <security_keychain/Certificate.h>
 27  #include <securityd_client/ssclient.h>		// for code equivalence SPIs
 28  
 29  #include "SecBridge.h"
 30  
 31  
 32  
 33  #pragma clang diagnostic push
 34  #pragma clang diagnostic ignored "-Wunused-function"
 35  static inline CssmData cfData(CFDataRef data)
 36  {
 37      return CssmData(const_cast<UInt8 *>(CFDataGetBytePtr(data)),
 38          CFDataGetLength(data));
 39  }
 40  #pragma clang diagnostic pop
 41  
 42  
 43  CFTypeID
 44  SecTrustedApplicationGetTypeID(void)
 45  {
 46  	BEGIN_SECAPI
 47  	return gTypes().TrustedApplication.typeID;
 48  
 49  	END_SECAPI1(_kCFRuntimeNotATypeID)
 50  }
 51  
 52  
 53  OSStatus
 54  SecTrustedApplicationCreateFromPath(const char *path, SecTrustedApplicationRef *appRef)
 55  {
 56  	BEGIN_SECAPI
 57  	SecPointer<TrustedApplication> app =
 58  		path ? new TrustedApplication(path) : new TrustedApplication;
 59  	Required(appRef) = app->handle();
 60  	END_SECAPI
 61  }
 62  
 63  OSStatus SecTrustedApplicationCopyData(SecTrustedApplicationRef appRef,
 64  	CFDataRef *dataRef)
 65  {
 66  	BEGIN_SECAPI
 67  	const char *path = TrustedApplication::required(appRef)->path();
 68  	Required(dataRef) = CFDataCreate(NULL, (const UInt8 *)path, strlen(path) + 1);
 69  	END_SECAPI
 70  }
 71  
 72  OSStatus SecTrustedApplicationSetData(SecTrustedApplicationRef appRef,
 73  	CFDataRef dataRef)
 74  {
 75  	BEGIN_SECAPI
 76  	if (!dataRef)
 77  		return errSecParam;
 78  	TrustedApplication::required(appRef)->data(dataRef);
 79  	END_SECAPI
 80  }
 81  
 82  
 83  OSStatus
 84  SecTrustedApplicationValidateWithPath(SecTrustedApplicationRef appRef, const char *path)
 85  {
 86  	BEGIN_SECAPI
 87  	TrustedApplication &app = *TrustedApplication::required(appRef);
 88  	if (!app.verifyToDisk(path))
 89  		return CSSMERR_CSP_VERIFY_FAILED;
 90  	END_SECAPI
 91  }
 92  
 93  
 94  //
 95  // Convert from/to external data representation
 96  //
 97  OSStatus SecTrustedApplicationCopyExternalRepresentation(
 98  	SecTrustedApplicationRef appRef,
 99  	CFDataRef *externalRef)
100  {
101  	BEGIN_SECAPI
102  	TrustedApplication &app = *TrustedApplication::required(appRef);
103  	Required(externalRef) = app.externalForm();
104  	END_SECAPI
105  }
106  
107  OSStatus SecTrustedApplicationCreateWithExternalRepresentation(
108  	CFDataRef externalRef,
109  	SecTrustedApplicationRef *appRef)
110  {
111  	BEGIN_SECAPI
112  	Required(appRef) = (new TrustedApplication(externalRef))->handle();
113  	END_SECAPI
114  }
115  
116  
117  OSStatus
118  SecTrustedApplicationMakeEquivalent(SecTrustedApplicationRef oldRef,
119  	SecTrustedApplicationRef newRef, UInt32 flags)
120  {
121  	BEGIN_SECAPI
122      return errSecParam;
123  	END_SECAPI
124  }
125  
126  OSStatus
127  SecTrustedApplicationRemoveEquivalence(SecTrustedApplicationRef appRef, UInt32 flags)
128  {
129  	BEGIN_SECAPI
130      return errSecParam;
131  	END_SECAPI
132  }
133  
134  
135  /*
136   * Check to see if an application at a given path is a candidate for
137   * pre-emptive code equivalency establishment
138   */
139  OSStatus
140  SecTrustedApplicationIsUpdateCandidate(const char *installroot, const char *path)
141  {
142      BEGIN_SECAPI
143      return CSSMERR_DL_RECORD_NOT_FOUND;	// whatever
144      END_SECAPI
145  }
146  
147  
148  /*
149   * Point the system at another system root for equivalence use.
150   * This is for system update installers (only)!
151   */
152  OSStatus
153  SecTrustedApplicationUseAlternateSystem(const char *systemRoot)
154  {
155  	BEGIN_SECAPI
156      return errSecParam;
157  	END_SECAPI
158  }
159  
160  
161  /*
162   * Gateway between traditional SecTrustedApplicationRefs and the Code Signing
163   * subsystem. Invisible to the naked eye, as of 10.5 (Leopard), these reference
164   * may contain Cod e Signing Requirement objects (SecRequirementRefs). For backward
165   * compatibility, these are handled implicitly at the SecAccess/SecACL layer.
166   * However, Those Who Know can bridge the gap for additional functionality.
167   */
168  OSStatus SecTrustedApplicationCreateFromRequirement(const char *description,
169  	SecRequirementRef requirement, SecTrustedApplicationRef *appRef)
170  {
171  	BEGIN_SECAPI
172  	if (description == NULL)
173  		description = "csreq://";	// default to "generic requirement"
174  	SecPointer<TrustedApplication> app = new TrustedApplication(description, requirement);
175  	Required(appRef) = app->handle();
176  	END_SECAPI
177  }
178  
179  OSStatus SecTrustedApplicationCopyRequirement(SecTrustedApplicationRef appRef,
180  	SecRequirementRef *requirement)
181  {
182  	BEGIN_SECAPI
183  	Required(requirement) = TrustedApplication::required(appRef)->requirement();
184  	if (*requirement)
185  		CFRetain(*requirement);
186  	END_SECAPI
187  }
188  
189  
190  /*
191   * Create an application group reference.
192   */
193  OSStatus SecTrustedApplicationCreateApplicationGroup(const char *groupName,
194  	SecCertificateRef anchor, SecTrustedApplicationRef *appRef)
195  {
196  	BEGIN_SECAPI
197  	CFRef<SecRequirementRef> req;
198  	MacOSError::check(SecRequirementCreateGroup(CFTempString(groupName), anchor,
199  		kSecCSDefaultFlags, &req.aref()));
200  	string description = string("group://") + groupName;
201  	if (anchor) {
202  		Certificate *cert = Certificate::required(anchor);
203  		const CssmData &hash = cert->publicKeyHash();
204  		description = description + "?cert=" + cfString(cert->commonName())
205  			+ "&hash=" + hash.toHex();
206  	}
207  	SecPointer<TrustedApplication> app = new TrustedApplication(description, req);
208  	Required(appRef) = app->handle();
209  
210  	END_SECAPI
211  }