/* * Copyright (c) 2002 Apple Computer, Inc. All Rights Reserved. * * The contents of this file constitute Original Code as defined in and are * subject to the Apple Public Source License Version 1.2 (the 'License'). * You may not use this file except in compliance with the License. Please obtain * a copy of the License at http://www.apple.com/publicsource and read it before * using this file. * * This Original Code and all software distributed under the License are * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS * OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, INCLUDING WITHOUT * LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR * PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. Please see the License for the * specific language governing rights and limitations under the License. */ // // TrustedApplication.cpp // #include #include #include #include #include #include using namespace KeychainCore; using namespace CodeSigning; // // Create a TrustedApplication from a code-signing ACL subject. // Throws ACL::ParseError if the subject is unexpected. // TrustedApplication::TrustedApplication(const TypedList &subject) : mSignature(CssmAllocator::standard()), mData(CssmAllocator::standard()) { if (subject.type() != CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE) throw ACL::ParseError(); if (subject[1] != CSSM_ACL_CODE_SIGNATURE_OSX) throw ACL::ParseError(); mSignature = subject[2].data(); mData = subject[3].data(); } TrustedApplication::TrustedApplication(const CssmData &signature, const CssmData &data) : mSignature(CssmAllocator::standard(), signature), mData(CssmAllocator::standard(), data) { } TrustedApplication::TrustedApplication(const char *path) : mSignature(CssmAllocator::standard()), mData(CssmAllocator::standard()) { OSXSigner signer; RefPointer object(OSXCode::at(path)); auto_ptr signature(signer.sign(*object)); mSignature = *signature; mData = CssmData(const_cast(path), strlen(path) + 1); } TrustedApplication::TrustedApplication() : mSignature(CssmAllocator::standard()), mData(CssmAllocator::standard()) { OSXSigner signer; RefPointer object(OSXCode::main()); auto_ptr signature(signer.sign(*object)); mSignature = *signature; string path = object->canonicalPath(); mData.copy(path.c_str(), path.length() + 1); // including trailing null } TrustedApplication::~TrustedApplication() { } const CssmData & TrustedApplication::signature() const { return mSignature; } bool TrustedApplication::sameSignature(const char *path) { // return true if object at given path has same signature CssmAutoData otherSignature(CssmAllocator::standard()); calcSignature(path, otherSignature); return (mSignature.get() == otherSignature); } void TrustedApplication::calcSignature(const char *path, CssmOwnedData &signature) { // generate a signature for the given object RefPointer objToVerify(CodeSigning::OSXCode::at(path)); CodeSigning::OSXSigner signer; auto_ptr osxSignature(signer.sign(*objToVerify)); signature.copy(osxSignature->data(), osxSignature->length()); } // // Produce a TypedList representing a code-signing ACL subject // for this application. // Memory is allocated from the allocator given, and belongs to // the caller. // TypedList TrustedApplication::makeSubject(CssmAllocator &allocator) { return TypedList(allocator, CSSM_ACL_SUBJECT_TYPE_CODE_SIGNATURE, new(allocator) ListElement(CSSM_ACL_CODE_SIGNATURE_OSX), new(allocator) ListElement(mSignature.get()), new(allocator) ListElement(mData.get())); }