#ifndef _H_REQINTERP
#define _H_REQINTERP
#include "reqreader.h"
#include <Security/SecTrustSettings.h>
#if TARGET_OS_OSX
#include <security_cdsa_utilities/cssmdata.h> // CssmOid
#endif
namespace Security {
namespace CodeSigning {
class Requirement::Interpreter : public Requirement::Reader {
public:
Interpreter(const Requirement *req, const Context *ctx) : Reader(req), mContext(ctx) { }
static const unsigned stackLimit = 1000;
bool evaluate();
protected:
class Match {
public:
Match(Interpreter &interp); Match(CFStringRef value, MatchOperation op) : mValue(value), mOp(op) { } Match() : mValue(NULL), mOp(matchExists) { } bool operator () (CFTypeRef candidate) const;
protected:
bool inequality(CFTypeRef candidate, CFStringCompareFlags flags, CFComparisonResult outcome, bool negate) const;
private:
CFCopyRef<CFStringRef> mValue; MatchOperation mOp; };
protected:
bool eval(int depth);
bool infoKeyValue(const std::string &key, const Match &match);
bool entitlementValue(const std::string &key, const Match &match);
bool certFieldValue(const string &key, const Match &match, SecCertificateRef cert);
#if TARGET_OS_OSX
bool certFieldGeneric(const string &key, const Match &match, SecCertificateRef cert);
bool certFieldGeneric(const CssmOid &oid, const Match &match, SecCertificateRef cert);
bool certFieldPolicy(const string &key, const Match &match, SecCertificateRef cert);
bool certFieldPolicy(const CssmOid &oid, const Match &match, SecCertificateRef cert);
#endif
bool verifyAnchor(SecCertificateRef cert, const unsigned char *digest);
bool appleSigned();
bool appleAnchored();
bool trustedCerts();
bool trustedCert(int slot);
static SecTrustSettingsResult trustSetting(SecCertificateRef cert, bool isAnchor);
private:
CFArrayRef getAdditionalTrustedAnchors();
bool appleLocalAnchored();
const Context * const mContext;
};
} }
#endif //_H_REQINTERP