SecCodeSigner.h   [plain text]


/*
 * Copyright (c) 2006 Apple Computer, Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */

/*!
	@header SecCodeSigner
	SecCodeSigner represents an object that signs code.
*/
#ifndef _H_SECCODESIGNER
#define _H_SECCODESIGNER

#ifdef __cplusplus
extern "C" {
#endif

#include <Security/CSCommon.h>

/*!
	@typedef SecCodeSignerRef
	This is the type of a reference to a code requirement.
*/
typedef struct __SecCodeSigner *SecCodeSignerRef;	/* code signing object */


/*!
	@function SecCodeGetTypeID
	Returns the type identifier of all SecCode instances.
*/
CFTypeID SecCodeSignerGetTypeID(void);


/*!
	@constant kSecCodeSignerIdentity A SecIdentityRef describing the signing identity
		to use for signing code. This is a mandatory parameter.
	@constant kSecCodeSignerDetached If present, a detached code signature is generated.
		If absent, code signature data is written into the target code (which must
		be writable). The value is a CFURL identifying the file that is replaced with
		the detached signature data.
	@constant kSecCodeSignerRequirements Internal code requirements.
	@constant kSecCodeSignerFlags Signature flags.
 */
extern const CFStringRef kSecCodeSignerApplicationData;
extern const CFStringRef kSecCodeSignerDetached;
extern const CFStringRef kSecCodeSignerDryRun;
extern const CFStringRef kSecCodeSignerEntitlements;
extern const CFStringRef kSecCodeSignerFlags;
extern const CFStringRef kSecCodeSignerIdentifier;
extern const CFStringRef kSecCodeSignerIdentifierPrefix;
extern const CFStringRef kSecCodeSignerIdentity;
extern const CFStringRef kSecCodeSignerPageSize;
extern const CFStringRef kSecCodeSignerRequirements;
extern const CFStringRef kSecCodeSignerResourceRules;
extern const CFStringRef kSecCodeSignerSigningTime;


/*!
	@function SecCodeSignerCreate
	Create a (new) SecCodeSigner object to be used for signing code.

	@param parameters An optional CFDictionary containing parameters that influence
		signing operations with the newly created SecCodeSigner. If NULL, defaults
		are applied to all parameters; note however that some parameters do not have
		useful defaults, and will need to be set before signing is attempted.
	@param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior.
	@param staticCode On successful return, a SecStaticCode object reference representing
	the file system origin of the given SecCode. On error, unchanged.
	@result Upon success, noErr. Upon error, an OSStatus value documented in
	CSCommon.h or certain other Security framework headers.
*/
OSStatus SecCodeSignerCreate(CFDictionaryRef parameters, SecCSFlags flags,
	SecCodeSignerRef *signer);


/*!
	@function SecCodeSignerAddSignature
	Create a code signature and add it to the StaticCode object being signed.

	@param signer A SecCodeSigner object containing all the information required
	to sign code.
	@param code A valid SecStaticCode object reference representing code files
	on disk. This code will be signed, and will ordinarily be modified to contain
	the resulting signature data.
	@param flags Optional flags. Pass kSecCSDefaultFlags for standard behavior.
	@param errors An optional pointer to a CFErrorRef variable. If the call fails
	(and something other than noErr is returned), and this argument is non-NULL,
	a CFErrorRef is stored there further describing the nature and circumstances
	of the failure. The caller must CFRelease() this error object when done with it.
	@result Upon success, noErr. Upon error, an OSStatus value documented in
	CSCommon.h or certain other Security framework headers.
*/
OSStatus SecCodeSignerAddSignature(SecCodeSignerRef signer,
	SecStaticCodeRef code, SecCSFlags flags);
	
OSStatus SecCodeSignerAddSignatureWithErrors(SecCodeSignerRef signer,
	SecStaticCodeRef code, SecCSFlags flags, CFErrorRef *errors);


#ifdef __cplusplus
}
#endif

#endif //_H_SECCODESIGNER