#ifndef _H_CODESIGDB
#define _H_CODESIGDB
#include "acls.h"
#include <security_cdsa_utilities/db++.h>
#include <security_cdsa_utilities/osxverifier.h>
#include <Security/CodeSigning.h>
class Process;
class CodeSignatures;
class CodeSignatures {
public:
class Identity {
friend class CodeSignatures;
public:
Identity();
virtual ~Identity();
operator bool () const { return mState == valid; }
std::string path() { return getPath(); }
std::string name() { return canonicalName(path()); }
std::string trustedName() const { return mName; }
static std::string canonicalName(const std::string &path);
IFDUMP(void debugDump(const char *how = NULL) const);
virtual std::string getPath() const = 0;
virtual const CssmData getHash() const = 0;
private:
enum { untried, valid, invalid } mState;
std::string mName; };
public:
CodeSignatures();
~CodeSignatures();
void open(const char *path);
public:
bool find(Identity &id, uid_t user);
void makeLink(Identity &id, const std::string &ident, bool forUser = false, uid_t user = 0);
void addLink(const CssmData &oldHash, const CssmData &newHash,
const char *name, bool forSystem);
void removeLink(const CssmData &hash, const char *name, bool forSystem);
IFDUMP(void debugDump(const char *how = NULL) const);
public:
bool verify(Process &process, const OSXVerifier &verifier, const AclValidationContext &context);
private:
OSStatus matchSignedClientToLegacyACL(Process &process,
const OSXVerifier &verifier, const AclValidationContext &context);
private:
UnixPlusPlus::UnixDb mDb;
Mutex mDatabaseLock; Mutex mUILock; };
#endif //_H_CODESIGDB