static inline int GetIntValue( CFTypeRef r ) { int ret; if( !r || CFGetTypeID(r) != CFNumberGetTypeID() || !CFNumberGetValue(CFNumberRef(r), kCFNumberIntType, &ret) ) return 0; return ret; }
bool CFScan::scannumber(CFTypeRef obj) { ++format; // consume format code if (!obj) return true; // suppressed, okay if (CFGetTypeID(obj) != CFNumberGetTypeID()) return false; store<Value>(cfNumber<Value>(CFNumberRef(obj))); return true; }
static int GetIntProperty( io_registry_entry_t entry, CFStringRef key ) { CFTypeRef t = IORegistryEntryCreateCFProperty( entry, key, NULL, 0 ); if( !t ) return -1; if( CFGetTypeID( t ) != CFNumberGetTypeID() ) { CFRelease( t ); return -1; } int num; if( !CFNumberGetValue(CFNumberRef(t), kCFNumberIntType, &num) ) num = -1; CFRelease( t ); return num; }
CFDictionaryRef xpcEngineUpdate(CFTypeRef target, uint flags, CFDictionaryRef context) { Message msg("update"); // target can be NULL, a CFURLRef, a SecRequirementRef, or a CFNumberRef if (target) { if (CFGetTypeID(target) == CFNumberGetTypeID()) xpc_dictionary_set_uint64(msg, "rule", cfNumber<int64_t>(CFNumberRef(target))); else if (CFGetTypeID(target) == CFURLGetTypeID()) xpc_dictionary_set_string(msg, "url", cfString(CFURLRef(target)).c_str()); else if (CFGetTypeID(target) == SecRequirementGetTypeID()) { CFRef<CFDataRef> data; MacOSError::check(SecRequirementCopyData(SecRequirementRef(target), kSecCSDefaultFlags, &data.aref())); xpc_dictionary_set_data(msg, "requirement", CFDataGetBytePtr(data), CFDataGetLength(data)); } else MacOSError::throwMe(errSecCSInvalidObjectRef); } xpc_dictionary_set_int64(msg, "flags", flags); CFRef<CFMutableDictionaryRef> ctx = makeCFMutableDictionary(); if (context) CFDictionaryApplyFunction(context, copyCFDictionary, ctx); AuthorizationRef localAuthorization = NULL; if (CFDictionaryGetValue(ctx, kSecAssessmentUpdateKeyAuthorization) == NULL) { // no caller-provided authorization MacOSError::check(AuthorizationCreate(NULL, NULL, kAuthorizationFlagDefaults, &localAuthorization)); AuthorizationExternalForm extForm; MacOSError::check(AuthorizationMakeExternalForm(localAuthorization, &extForm)); CFDictionaryAddValue(ctx, kSecAssessmentUpdateKeyAuthorization, CFTempData(&extForm, sizeof(extForm))); } CFRef<CFDataRef> contextData = makeCFData(CFDictionaryRef(ctx)); xpc_dictionary_set_data(msg, "context", CFDataGetBytePtr(contextData), CFDataGetLength(contextData)); msg.send(); if (localAuthorization) AuthorizationFree(localAuthorization, kAuthorizationFlagDefaults); if (int64_t error = xpc_dictionary_get_int64(msg, "error")) MacOSError::throwMe(error); size_t resultLength; const void *resultData = xpc_dictionary_get_data(msg, "result", &resultLength); return makeCFDictionaryFrom(resultData, resultLength); }
// // Contemplate the object-to-be-signed and set up the Signer state accordingly. // void SecCodeSigner::Signer::prepare(SecCSFlags flags) { // get the Info.plist out of the rep for some creative defaulting CFRef<CFDictionaryRef> infoDict; if (CFRef<CFDataRef> infoData = rep->component(cdInfoSlot)) infoDict.take(makeCFDictionaryFrom(infoData)); // work out the canonical identifier identifier = state.mIdentifier; if (identifier.empty()) { identifier = rep->recommendedIdentifier(state); if (identifier.find('.') == string::npos) identifier = state.mIdentifierPrefix + identifier; if (identifier.find('.') == string::npos && state.isAdhoc()) identifier = identifier + "-" + uniqueName(); secdebug("signer", "using default identifier=%s", identifier.c_str()); } else secdebug("signer", "using explicit identifier=%s", identifier.c_str()); // work out the CodeDirectory flags word if (state.mCdFlagsGiven) { cdFlags = state.mCdFlags; secdebug("signer", "using explicit cdFlags=0x%x", cdFlags); } else { cdFlags = 0; if (infoDict) if (CFTypeRef csflags = CFDictionaryGetValue(infoDict, CFSTR("CSFlags"))) { if (CFGetTypeID(csflags) == CFNumberGetTypeID()) { cdFlags = cfNumber<uint32_t>(CFNumberRef(csflags)); secdebug("signer", "using numeric cdFlags=0x%x from Info.plist", cdFlags); } else if (CFGetTypeID(csflags) == CFStringGetTypeID()) { cdFlags = cdTextFlags(cfString(CFStringRef(csflags))); secdebug("signer", "using text cdFlags=0x%x from Info.plist", cdFlags); } else MacOSError::throwMe(errSecCSBadDictionaryFormat); } } if (state.mSigner == SecIdentityRef(kCFNull)) // ad-hoc signing requested... cdFlags |= kSecCodeSignatureAdhoc; // ... so note that // prepare the resource directory, if any string rpath = rep->resourcesRootPath(); if (!rpath.empty()) { // explicitly given resource rules always win CFCopyRef<CFDictionaryRef> resourceRules = state.mResourceRules; // embedded resource rules come next if (!resourceRules && infoDict) if (CFTypeRef spec = CFDictionaryGetValue(infoDict, _kCFBundleResourceSpecificationKey)) { if (CFGetTypeID(spec) == CFStringGetTypeID()) if (CFRef<CFDataRef> data = cfLoadFile(rpath + "/" + cfString(CFStringRef(spec)))) if (CFDictionaryRef dict = makeCFDictionaryFrom(data)) resourceRules.take(dict); if (!resourceRules) // embedded rules present but unacceptable MacOSError::throwMe(errSecCSResourceRulesInvalid); } // finally, ask the DiskRep for its default if (!resourceRules) resourceRules.take(rep->defaultResourceRules(state)); // build the resource directory ResourceBuilder resources(rpath, cfget<CFDictionaryRef>(resourceRules, "rules"), digestAlgorithm()); rep->adjustResources(resources); // DiskRep-specific adjustments CFRef<CFDictionaryRef> rdir = resources.build(); resourceDirectory.take(CFPropertyListCreateXMLData(NULL, rdir)); } // screen and set the signing time CFAbsoluteTime now = CFAbsoluteTimeGetCurrent(); if (state.mSigningTime == CFDateRef(kCFNull)) { signingTime = 0; // no time at all } else if (!state.mSigningTime) { signingTime = now; // default } else { CFAbsoluteTime time = CFDateGetAbsoluteTime(state.mSigningTime); if (time > now) // not allowed to post-date a signature MacOSError::throwMe(errSecCSBadDictionaryFormat); signingTime = time; } pagesize = state.mPageSize ? cfNumber<size_t>(state.mPageSize) : rep->pageSize(state); // Timestamping setup CFRef<SecIdentityRef> mTSAuth; // identity for client-side authentication to the Timestamp server }