#ifndef _H_CSPROXY
#define _H_CSPROXY
#include <security_utilities/casts.h>
#include <security_utilities/cfutilities.h>
#include <security_utilities/debugging_internal.h>
#include <security_cdsa_utilities/handleobject.h>
#include <security_utilities/mach++.h>
#include <security_utilities/machserver.h>
#include <security_cdsa_utilities/cssmdata.h>
#include <securityd_client/cshosting.h>
#include <Security/SecCodeHost.h>
#include <string>
#include <map>
using MachPlusPlus::Port;
using MachPlusPlus::MachServer;
class CodeSigningHost : private MachServer::Handler {
public:
CodeSigningHost();
~CodeSigningHost();
void reset();
enum HostingState {
noHosting, dynamicHosting, proxyHosting };
enum GuestCheck {
strict, loose };
struct Guest : public RefCount, public HandleObject {
public:
Guest();
~Guest();
std::vector<SecGuestRef> guestPath; uint32_t status; std::string path; CFRef<CFDictionaryRef> attributes; CFRef<CFDataRef> cdhash; bool dedicated;
operator bool() const { return attributes; } SecGuestRef guestRef() const { return int_cast<long, SecGuestRef>(handle()); }
void setAttributes(const CssmData &attrData);
uint8_t const *attrData() const { createAttrData(); return mAttrData; };
CFIndex attrDataLength() const { createAttrData(); return mAttrDataLength; };
void setHash(const CssmData &given, bool generate);
bool isGuestOf(Guest *host, GuestCheck check) const;
bool matches(CFIndex count, CFTypeRef keys[], CFTypeRef values[]) const;
IFDUMP(void dump() const);
private:
void createAttrData() const;
mutable uint8_t *mAttrData; mutable CFIndex mAttrDataLength;
};
void registerCodeSigning(mach_port_t hostingPort, SecCSFlags flags);
Port hostingPort() const { return mHostingPort; }
SecGuestRef createGuest(SecGuestRef guest,
uint32_t status, const char *path,
const CssmData &cdhash, const CssmData &attributes, SecCSFlags flags);
void setGuestStatus(SecGuestRef guest, uint32_t status, const CssmData &attributes);
void removeGuest(SecGuestRef host, SecGuestRef guest);
public:
IFDUMP(void dump() const);
public:
Guest *findHost(SecGuestRef hostRef); Guest *findGuest(Guest *host, const CssmData &attrData); Guest *findGuest(SecGuestRef guestRef, bool hostOk = false); Guest *findGuest(Guest *host);
class Lock;
friend class Lock;
private:
boolean_t handle(mach_msg_header_t *in, mach_msg_header_t *out);
void eraseGuest(Guest *guest);
private:
mutable Mutex mLock;
HostingState mHostingState; Port mHostingPort;
typedef std::map<SecGuestRef, RefPointer<Guest> > GuestMap;
GuestMap mGuests;
};
#define CSH_ARGS mach_port_t servicePort, mach_port_t replyPort, OSStatus *rcode
#define DATA_IN(base) void *base, mach_msg_type_number_t base##Length
#define DATA_OUT(base) void **base, mach_msg_type_number_t *base##Length
#define DATA(base) CssmData(base, base##Length)
kern_return_t cshosting_server_findGuest(CSH_ARGS, SecGuestRef hostRef,
DATA_IN(attributes),
GuestChain *foundGuest, mach_msg_type_number_t *depth, mach_port_t *subhost);
kern_return_t cshosting_server_identifyGuest(CSH_ARGS, SecGuestRef guestRef,
char *path, char *hash, uint32_t *hashLength, DATA_OUT(attributes));
kern_return_t cshosting_server_guestStatus(CSH_ARGS, SecGuestRef guestRef, uint32_t *status);
#undef CSH_ARGS
#undef DATA_IN
#undef DATA_OUT
#undef DATA
#endif //_H_CSPROXY