Re: Code signing validation
Re: Code signing validation
- Subject: Re: Code signing validation
- From: Jean-Daniel Dupas <email@hidden>
- Date: Tue, 28 Oct 2008 11:31:01 +0100
You may fill a feature request to ask Apple to publish this API that
is part of the Security Framework:
http://www.opensource.apple.com/darwinsource/10.5.5/libsecurity_codesigning-33803/lib/SecStaticCode.h
Le 28 oct. 08 à 10:36, email@hidden a écrit :
Hello list
Having implemented code signing for my app I wanted to be able to do
a quick visual check that things were as they should be.
I used the following to display a code signing validation message
in the app About window for both the application bundle and a couple
of auxiliary executables.
Has anyone else done anything similar, or hopefully, better?
It would probably be a good idea to also check the signing identity.
#import <Cocoa/Cocoa.h>
typedef enum {
CodesignUnrecognised = -2,
CodesignError = -1,
CodesignOkay = 0,
CodesignFail = 1,
CodesignInvalidArgs = 2,
CodesignFailedRequirement = 3,
} CodesignResult;
@interface MGSCodeSigning : NSObject {
NSString *_resultString;
}
@property (copy) NSString *resultString;
- (CodesignResult)validateExecutable;
- (CodesignResult)validatePath:(NSString *)path;
- (CodesignResult)validateApplication;
@end
#import "MGSCodeSigning.h"
#include <dlfcn.h>
@implementation MGSCodeSigning
@synthesize resultString = _resultString;
/*
validate executable
*/
- (CodesignResult)validateExecutable
{
Dl_info info;
int errDlAddr = dladdr( (const void *)__func__, &info );
if(errDlAddr == 0) {
return CodesignError;
}
char *exec_path = (char *)(info.dli_fname);
NSString *path = [NSString stringWithCString:exec_path
encoding:NSUTF8StringEncoding];
return [self validatePath:path];
}
/*
validate this application
*/
- (CodesignResult)validateApplication
{
return [self validatePath:[[NSBundle mainBundle] bundlePath]];
}
/*
validate path
*/
- (CodesignResult)validatePath:(NSString *)path
{
self.resultString = nil;
int status = CodesignError;
@try {
NSArray *arguments = [NSArray arrayWithObjects: @"--verify",
path, nil];
NSTask *task = [[NSTask alloc] init];
[task setArguments:arguments];
[task setLaunchPath:@"/usr/bin/codesign"];
[task setStandardOutput:[NSFileHandle fileHandleWithNullDevice]];
[task setStandardError:[NSFileHandle fileHandleWithNullDevice]];
[task launch];
[task waitUntilExit];
status = [task terminationStatus];
switch (status) {
case CodesignOkay:
self.resultString = NSLocalizedString(@"Valid", @"Codesign
okay.");
break;
case CodesignFail:
self.resultString = NSLocalizedString(@"Invalid", @"Codesign
failed.");
break;
case CodesignInvalidArgs:
self.resultString = NSLocalizedString(@"Invalid arguments",
@"Codesign invalid arguments");
break;
case CodesignFailedRequirement:
self.resultString = NSLocalizedString(@"Failed requirement",
@"Codesign failed requirement.");
break;
default:
self.resultString = NSLocalizedString(@"Unrecognised response",
@"Codesign unrecognised response.");
status = CodesignUnrecognised;
break;
}
if (status != CodesignOkay) {
NSLog(@"codesign failure: %@", self.resultString);
}
}@catch (NSException *e) {
NSLog(@"Exception launching codesign: %@", [e reason]);
return CodesignError;
}
return status;
}
@end
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden