• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Code Sign verification on Leopard
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Code Sign verification on Leopard

  • Subject: Re: Code Sign verification on Leopard
  • From: "email@hidden" <email@hidden>
  • Date: Tue, 13 Oct 2009 13:48:35 +0100

On 13 Oct 2009, at 08:34, Jakub Bednar wrote:

Hi list,

I have read CodeSigningGuide and CodeSigningRef from Apple. In the CodeSigningRef every method has a note, that it is available in 10.6 and later. So I just want to make sure.

On Leopard, there is now Cocoa or other API for verifying code signatures. So if I want to verify e.g. that a script is really the one I have installed, I need to use NSTask to run codesign utility. Is this correct?

Yes.
On Leopard I use the following.

//
//  MGSCodeSigning.h
//

#import <Cocoa/Cocoa.h>

typedef enum {
	CodesignUnrecognised = -2,
	CodesignError = -1,
	CodesignOkay = 0,
	CodesignFail = 1,
	CodesignInvalidArgs = 2,
	CodesignFailedRequirement = 3,
} CodesignResult;

@interface MGSCodeSigning : NSObject {
	NSString *_resultString;
}

@property (copy) NSString *resultString;

- (CodesignResult)validateExecutable;
- (CodesignResult)validatePath:(NSString *)path;
- (CodesignResult)validateApplication;

@end

//
// MGSCodeSigning.m
//
#import "MGSCodeSigning.h"
#include <dlfcn.h>

@implementation MGSCodeSigning

@synthesize resultString = _resultString;

/*

 validate executable

*/
- (CodesignResult)validateExecutable
{
Dl_info info;
int errDlAddr = dladdr( (const void *)__func__, &info );
if(errDlAddr == 0) {
return CodesignError;
}
char *exec_path = (char *)(info.dli_fname);

NSString *path = [NSString stringWithCString:exec_path encoding:NSUTF8StringEncoding];
return [self validatePath:path];
}
/*

 validate this application

 */
- (CodesignResult)validateApplication
{
	return [self validatePath:[[NSBundle mainBundle] bundlePath]];
}
/*

 validate path

*/
- (CodesignResult)validatePath:(NSString *)path
{
self.resultString = nil;
int status = CodesignError;

@try {
NSArray *arguments = [NSArray arrayWithObjects: @"--verify", path, nil];
NSTask *task = [[NSTask alloc] init];

[task setArguments:arguments];
[task setLaunchPath:@"/usr/bin/codesign"];
[task setStandardOutput:[NSFileHandle fileHandleWithNullDevice]];
[task setStandardError:[NSFileHandle fileHandleWithNullDevice]];
[task launch];
[task waitUntilExit];
status = [task terminationStatus];

switch (status) {
case CodesignOkay:
self.resultString = NSLocalizedString(@"Valid", @"Codesign okay.");
break;

case CodesignFail:
self.resultString = NSLocalizedString(@"Invalid", @"Codesign failed.");
break;

case CodesignInvalidArgs:
self.resultString = NSLocalizedString(@"Invalid arguments", @"Codesign invalid arguments");
break;

case CodesignFailedRequirement:
self.resultString = NSLocalizedString(@"Failed requirement", @"Codesign failed requirement.");
break;

default:
self.resultString = NSLocalizedString(@"Unrecognised response", @"Codesign unrecognised response.");
status = CodesignUnrecognised;
break;

}

if (status != CodesignOkay) {
NSLog(@"codesign failure: %@", self.resultString);
}


}@catch (NSException *e) {
NSLog(@"Exception launching codesign: %@", [e reason]);
return CodesignError;
}

return status;
}

@end 
Thanks a lot for your answer,

Jakub
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden


Jonathan Mitchell

Developer
http://www.mugginsoft.com





_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




  • Follow-Ups:

      

    • Re: Code Sign verification on Leopard

      • From: Jens Alfke <email@hidden>
      • 





References: 


 >Code Sign verification on Leopard (From: Jakub Bednar <email@hidden>)






    

  • Prev by Date:
Re: Bindings Driving Me CRAZY. :'(

    • 

  • Next by Date:
Re: Subclassing a view class from an external framework

    • 

  • Previous by thread:
Code Sign verification on Leopard

    • 

  • Next by thread:
Re: Code Sign verification on Leopard

    • 

  • Index(es):

      

    • Date
      • 

    • Thread
      • 

    

    •