#ifndef _H_RSIGN
#define _H_RSIGN
#include "codedirectory.h"
#include <security_utilities/utilities.h>
#include <security_utilities/cfutilities.h>
#include <security_utilities/hashing.h>
#include "regex.h"
#include <CoreFoundation/CoreFoundation.h>
#include <vector>
#include <fts.h>
namespace Security {
namespace CodeSigning {
class ResourceBuilder {
NOCOPY(ResourceBuilder)
public:
ResourceBuilder(const std::string &root, const std::string &relBase,
CFDictionaryRef rulesDict, bool strict, const MacOSErrorSet& toleratedErrors);
~ResourceBuilder();
std::string root() const { return mRoot; }
enum {
optional = 0x01, omitted = 0x02, nested = 0x04, exclusion = 0x10, softTarget = 0x20, };
typedef unsigned int Weight;
public:
class Rule : private regex_t {
public:
Rule(const std::string &pattern, Weight weight, uint32_t flags);
~Rule();
bool match(const char *s) const;
const Weight weight;
const uint32_t flags;
std::string source;
};
void addRule(Rule *rule) { mRules.push_back(rule); }
void addExclusion(const std::string &pattern, uint32_t flags = 0) { mRules.insert(mRules.begin(), new Rule(pattern, 0, exclusion | flags)); }
static std::string escapeRE(const std::string &s);
typedef void (^Scanner)(FTSENT *ent, uint32_t flags, const std::string relpath, Rule *rule);
void scan(Scanner next);
bool includes(string path) const;
Rule *findRule(string path) const;
static CFDataRef hashFile(const char *path, CodeDirectory::HashAlgorithm type);
static CFMutableDictionaryRef hashFile(const char *path, CodeDirectory::HashAlgorithms types, bool strictCheck);
static std::string hashName(CodeDirectory::HashAlgorithm type);
CFDictionaryRef rules() const { return mRawRules; }
protected:
void addRule(CFTypeRef key, CFTypeRef value);
private:
std::string mRoot, mRelBase;
FTS *mFTS;
CFCopyRef<CFDictionaryRef> mRawRules;
typedef std::vector<Rule *> Rules;
Rules mRules;
bool mCheckUnreadable;
bool mCheckUnknownType;
};
class ResourceSeal {
NOCOPY(ResourceSeal)
public:
ResourceSeal(CFTypeRef ref);
public:
const Hashing::Byte *hash(CodeDirectory::HashAlgorithm type) const;
bool nested() const { return mFlags & ResourceBuilder::nested; }
bool optional() const { return mFlags & ResourceBuilder::optional; }
CFDictionaryRef dict() const { return mDict; }
CFStringRef requirement() const { return mRequirement; }
CFStringRef link() const { return mLink; }
private:
CFRef<CFDictionaryRef> mDict;
CFStringRef mRequirement;
CFStringRef mLink;
uint32_t mFlags;
};
} }
#endif // !_H_RSIGN