Re: Code Sign verification on Leopard
Re: Code Sign verification on Leopard
- Subject: Re: Code Sign verification on Leopard
- From: "email@hidden" <email@hidden>
- Date: Tue, 13 Oct 2009 13:48:35 +0100
On 13 Oct 2009, at 08:34, Jakub Bednar wrote:
Hi list,
I have read CodeSigningGuide and CodeSigningRef from Apple. In the
CodeSigningRef every method has a note, that it is available in 10.6
and later. So I just want to make sure.
On Leopard, there is now Cocoa or other API for verifying code
signatures. So if I want to verify e.g. that a script is really the
one I have installed, I need to use NSTask to run codesign utility.
Is this correct?
Yes.
On Leopard I use the following.
//
// MGSCodeSigning.h
//
#import <Cocoa/Cocoa.h>
typedef enum {
CodesignUnrecognised = -2,
CodesignError = -1,
CodesignOkay = 0,
CodesignFail = 1,
CodesignInvalidArgs = 2,
CodesignFailedRequirement = 3,
} CodesignResult;
@interface MGSCodeSigning : NSObject {
NSString *_resultString;
}
@property (copy) NSString *resultString;
- (CodesignResult)validateExecutable;
- (CodesignResult)validatePath:(NSString *)path;
- (CodesignResult)validateApplication;
@end
//
// MGSCodeSigning.m
//
#import "MGSCodeSigning.h"
#include <dlfcn.h>
@implementation MGSCodeSigning
@synthesize resultString = _resultString;
/*
validate executable
*/
- (CodesignResult)validateExecutable
{
Dl_info info;
int errDlAddr = dladdr( (const void *)__func__, &info );
if(errDlAddr == 0) {
return CodesignError;
}
char *exec_path = (char *)(info.dli_fname);
NSString *path = [NSString stringWithCString:exec_path
encoding:NSUTF8StringEncoding];
return [self validatePath:path];
}
/*
validate this application
*/
- (CodesignResult)validateApplication
{
return [self validatePath:[[NSBundle mainBundle] bundlePath]];
}
/*
validate path
*/
- (CodesignResult)validatePath:(NSString *)path
{
self.resultString = nil;
int status = CodesignError;
@try {
NSArray *arguments = [NSArray arrayWithObjects: @"--verify", path,
nil];
NSTask *task = [[NSTask alloc] init];
[task setArguments:arguments];
[task setLaunchPath:@"/usr/bin/codesign"];
[task setStandardOutput:[NSFileHandle fileHandleWithNullDevice]];
[task setStandardError:[NSFileHandle fileHandleWithNullDevice]];
[task launch];
[task waitUntilExit];
status = [task terminationStatus];
switch (status) {
case CodesignOkay:
self.resultString = NSLocalizedString(@"Valid", @"Codesign okay.");
break;
case CodesignFail:
self.resultString = NSLocalizedString(@"Invalid", @"Codesign
failed.");
break;
case CodesignInvalidArgs:
self.resultString = NSLocalizedString(@"Invalid arguments",
@"Codesign invalid arguments");
break;
case CodesignFailedRequirement:
self.resultString = NSLocalizedString(@"Failed requirement",
@"Codesign failed requirement.");
break;
default:
self.resultString = NSLocalizedString(@"Unrecognised response",
@"Codesign unrecognised response.");
status = CodesignUnrecognised;
break;
}
if (status != CodesignOkay) {
NSLog(@"codesign failure: %@", self.resultString);
}
}@catch (NSException *e) {
NSLog(@"Exception launching codesign: %@", [e reason]);
return CodesignError;
}
return status;
}
@end
Thanks a lot for your answer,
Jakub
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Jonathan Mitchell
Developer
http://www.mugginsoft.com
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden