#ifndef _H_BUNDLEDISKREP
#define _H_BUNDLEDISKREP
#include "diskrep.h"
#include "machorep.h"
namespace Security {
namespace CodeSigning {
#define BUNDLEDISKREP_DIRECTORY "_CodeSignature"
#define CODERESOURCES_LINK "CodeResources"
#define STORE_RECEIPT_DIRECTORY "_MASReceipt"
class BundleDiskRep : public DiskRep {
public:
BundleDiskRep(const char *path, const Context *ctx = NULL);
BundleDiskRep(CFBundleRef ref, const Context *ctx = NULL);
~BundleDiskRep();
CFDataRef component(CodeDirectory::SpecialSlot slot);
CFDataRef identification();
std::string mainExecutablePath();
CFURLRef copyCanonicalPath();
std::string resourcesRootPath();
std::string resourcesRelativePath();
void adjustResources(ResourceBuilder &builder);
Universal *mainExecutableImage();
void prepareForSigning(SigningContext &context);
size_t signingBase();
size_t signingLimit();
std::string format();
CFArrayRef modifiedFiles();
UnixPlusPlus::FileDesc &fd();
void flush();
CFDictionaryRef diskRepInformation();
std::string recommendedIdentifier(const SigningContext &ctx);
CFDictionaryRef defaultResourceRules(const SigningContext &ctx);
const Requirements *defaultRequirements(const Architecture *arch, const SigningContext &ctx);
size_t pageSize(const SigningContext &ctx);
void strictValidate(const CodeDirectory* cd, const ToleratedErrors& tolerated, SecCSFlags flags);
CFArrayRef allowedResourceOmissions();
CFBundleRef bundle() const { return mBundle; }
public:
Writer *writer();
class Writer;
friend class Writer;
protected:
std::string metaPath(const char *name);
void createMeta(); CFDataRef metaData(const char *name);
CFDataRef metaData(CodeDirectory::SpecialSlot slot);
private:
void setup(const Context *ctx); void checkModifiedFile(CFMutableArrayRef files, CodeDirectory::SpecialSlot slot);
CFDataRef loadRegularFile(CFURLRef url);
void recordStrictError(OSStatus error);
void validateMetaDirectory(const CodeDirectory* cd);
void validateFrameworkRoot(std::string root);
void checkPlainFile(UnixPlusPlus::FileDesc fd, const std::string& path);
void checkForks(UnixPlusPlus::FileDesc fd);
void checkMoved(CFURLRef oldPath, CFURLRef newPath);
void componentFromExec(bool fromExec);
private:
CFRef<CFBundleRef> mBundle;
std::string mMetaPath; bool mMetaExists; CFRef<CFURLRef> mMainExecutableURL; bool mInstallerPackage; bool mAppLike; string mFormat; RefPointer<DiskRep> mExecRep; bool mComponentsFromExec; bool mComponentsFromExecValid; std::set<CodeDirectory::SpecialSlot> mUsedComponents; std::set<OSStatus> mStrictErrors; };
class BundleDiskRep::Writer : public DiskRep::Writer {
friend class BundleDiskRep;
public:
Writer(BundleDiskRep *r);
void component(CodeDirectory::SpecialSlot slot, CFDataRef data);
void remove();
void flush();
protected:
DiskRep *execRep() { return rep->mExecRep; }
void remove(CodeDirectory::SpecialSlot slot);
void purgeMetaDirectory();
protected:
RefPointer<BundleDiskRep> rep;
RefPointer<DiskRep::Writer> execWriter;
bool mMadeMetaDirectory;
std::set<std::string> mWrittenFiles;
};
} }
#endif // !_H_BUNDLEDISKREP