本文整理汇总了C++中CFRef类的典型用法代码示例。如果您正苦于以下问题:C++ CFRef类的具体用法?C++ CFRef怎么用?C++ CFRef使用的例子?那么, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了CFRef类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: _
//
// Load root (anchor) certificates from disk
//
void TrustStore::loadRootCertificates()
{
StLock<Mutex> _(mMutex);
CFRef<CFArrayRef> anchors;
OSStatus ortn;
/*
* Get the current set of all positively trusted anchors.
*/
ortn = SecTrustSettingsCopyUnrestrictedRoots(
true, true, true, /* all domains */
anchors.take());
if(ortn) {
MacOSError::throwMe(ortn);
}
// how many data bytes do we need?
size_t size = 0;
CFIndex numCerts = CFArrayGetCount(anchors);
CSSM_RETURN crtn;
for(CFIndex dex=0; dex<numCerts; dex++) {
SecCertificateRef certRef = (SecCertificateRef)CFArrayGetValueAtIndex(anchors, dex);
CSSM_DATA certData;
crtn = SecCertificateGetData(certRef, &certData);
if(crtn) {
CssmError::throwMe(crtn);
}
size += certData.Length;
}
mRootBytes.length(size);
// fill CssmData vector while copying data bytes together
mRoots.clear();
uint8 *base = mRootBytes.data<uint8>();
for(CFIndex dex=0; dex<numCerts; dex++) {
SecCertificateRef certRef = (SecCertificateRef)CFArrayGetValueAtIndex(anchors, dex);
CSSM_DATA certData;
SecCertificateGetData(certRef, &certData);
memcpy(base, certData.Data, certData.Length);
mRoots.push_back(CssmData(base, certData.Length));
base += certData.Length;
}
secdebug("anchors", "%ld anchors loaded", (long)numCerts);
mRootsValid = true; // ready to roll
}示例2: assert
//
// Generate the CMS signature for a (finished) CodeDirectory.
//
CFDataRef SecCodeSigner::Signer::signCodeDirectory(const CodeDirectory *cd)
{
assert(state.mSigner);
CFRef<CFMutableDictionaryRef> defaultTSContext = NULL;
// a null signer generates a null signature blob
if (state.mSigner == SecIdentityRef(kCFNull))
return CFDataCreate(NULL, NULL, 0);
// generate CMS signature
CFRef<CMSEncoderRef> cms;
MacOSError::check(CMSEncoderCreate(&cms.aref()));
MacOSError::check(CMSEncoderSetCertificateChainMode(cms, kCMSCertificateChainWithRoot));
CMSEncoderAddSigners(cms, state.mSigner);
MacOSError::check(CMSEncoderSetHasDetachedContent(cms, true));
if (signingTime) {
MacOSError::check(CMSEncoderAddSignedAttributes(cms, kCMSAttrSigningTime));
MacOSError::check(CMSEncoderSetSigningTime(cms, signingTime));
}
MacOSError::check(CMSEncoderUpdateContent(cms, cd, cd->length()));
// Set up to call Timestamp server if requested
if (state.mWantTimeStamp)
{
CFRef<CFErrorRef> error = NULL;
defaultTSContext = SecCmsTSAGetDefaultContext(&error.aref());
if (error)
MacOSError::throwMe(errSecDataNotAvailable);
if (state.mNoTimeStampCerts || state.mTimestampService) {
if (state.mTimestampService)
CFDictionarySetValue(defaultTSContext, kTSAContextKeyURL, state.mTimestampService);
if (state.mNoTimeStampCerts)
CFDictionarySetValue(defaultTSContext, kTSAContextKeyNoCerts, kCFBooleanTrue);
}
CmsMessageSetTSAContext(cms, defaultTSContext);
}
CFDataRef signature;
MacOSError::check(CMSEncoderCopyEncodedContent(cms, &signature));
return signature;
}示例3: codeInvalidityExceptions
//
// Process special overrides for invalidly signed code.
// This is the (hopefully minimal) concessions we make to keep hurting our customers
// for our own prior mistakes...
//
static bool codeInvalidityExceptions(SecStaticCodeRef code, CFMutableDictionaryRef result)
{
if (OSAIsRecognizedExecutableURL) {
CFRef<CFDictionaryRef> info;
MacOSError::check(SecCodeCopySigningInformation(code, kSecCSDefaultFlags, &info.aref()));
if (CFURLRef executable = CFURLRef(CFDictionaryGetValue(info, kSecCodeInfoMainExecutable))) {
SInt32 error;
if (OSAIsRecognizedExecutableURL(executable, &error)) {
if (result)
CFDictionaryAddValue(result,
kSecAssessmentAssessmentAuthorityOverride, CFSTR("ignoring known invalid applet signature"));
return true;
}
}
}
return false;
}示例4: time
void Server::shutdownSnitch()
{
time_t now;
time(&now);
fprintf(reportFile, "%.24s %d residual clients:\n", ctime(&now), int(mPids.size()));
for (PidMap::const_iterator it = mPids.begin(); it != mPids.end(); ++it)
if (SecCodeRef clientCode = it->second->processCode()) {
CFRef<CFURLRef> path;
OSStatus rc = SecCodeCopyPath(clientCode, kSecCSDefaultFlags, &path.aref());
if (path)
fprintf(reportFile, " %s (%d)\n", cfString(path).c_str(), it->first);
else
fprintf(reportFile, "pid=%d (error %d)\n", it->first, int32_t(rc));
}
fprintf(reportFile, "\n");
fflush(reportFile);
}示例5: _
ClientIdentification::GuestState *ClientIdentification::current() const
{
// if we have no client identification, we can't find a current guest either
if (!processCode())
return NULL;
SecGuestRef guestRef = Server::connection().guestRef();
// try to deliver an already-cached entry
{
StLock<Mutex> _(mLock);
GuestMap::iterator it = mGuests.find(guestRef);
if (it != mGuests.end())
return &it->second;
}
// okay, make a new one (this may take a while)
CFRef<CFDictionaryRef> attributes = (guestRef == kSecNoGuest)
? NULL
: makeCFDictionary(1, kSecGuestAttributeCanonical, CFTempNumber(guestRef).get());
Server::active().longTermActivity();
CFRef<SecCodeRef> code;
switch (OSStatus rc = SecCodeCopyGuestWithAttributes(processCode(),
attributes, kSecCSDefaultFlags, &code.aref())) {
case noErr:
break;
case errSecCSUnsigned: // not signed; clearly not a host
case errSecCSNotAHost: // signed but not marked as a (potential) host
code = mClientProcess;
break;
case errSecCSNoSuchCode: // potential host, but...
if (guestRef == kSecNoGuest) { // ... no guests (yet), so return the process
code = mClientProcess;
break;
}
// else fall through // ... the guest we expected to be there isn't
default:
MacOSError::throwMe(rc);
}
StLock<Mutex> _(mLock);
GuestState &slot = mGuests[guestRef];
if (!slot.code) // if another thread didn't get here first...
slot.code = code;
return &slot;
}示例6: ctx
//
// Construct and prepare an SQL query on the authority table, operating on some set of existing authority records.
// In essence, this appends a suitable WHERE clause to the stanza passed and prepares it on the statement given.
//
void PolicyEngine::selectRules(SQLite::Statement &action, std::string phrase, std::string table,
CFTypeRef inTarget, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context, std::string suffix /* = "" */)
{
CFDictionary ctx(context, errSecCSInvalidAttributeValues);
CFCopyRef<CFTypeRef> target = inTarget;
std::string filter_unsigned; // ignored; used just to trigger ad-hoc signing
normalizeTarget(target, ctx, &filter_unsigned);
string label;
if (CFStringRef lab = ctx.get<CFStringRef>(kSecAssessmentUpdateKeyLabel))
label = cfString(CFStringRef(lab));
if (!target) {
if (label.empty()) {
if (type == kAuthorityInvalid) {
action.query(phrase + suffix);
} else {
action.query(phrase + " WHERE " + table + ".type = :type" + suffix);
action.bind(":type").integer(type);
}
} else { // have label
if (type == kAuthorityInvalid) {
action.query(phrase + " WHERE " + table + ".label = :label" + suffix);
} else {
action.query(phrase + " WHERE " + table + ".type = :type AND " + table + ".label = :label" + suffix);
action.bind(":type").integer(type);
}
action.bind(":label") = label;
}
} else if (CFGetTypeID(target) == CFNumberGetTypeID()) {
action.query(phrase + " WHERE " + table + ".id = :id" + suffix);
action.bind(":id").integer(cfNumber<uint64_t>(target.as<CFNumberRef>()));
} else if (CFGetTypeID(target) == SecRequirementGetTypeID()) {
if (type == kAuthorityInvalid)
type = kAuthorityExecute;
CFRef<CFStringRef> requirementText;
MacOSError::check(SecRequirementCopyString(target.as<SecRequirementRef>(), kSecCSDefaultFlags, &requirementText.aref()));
action.query(phrase + " WHERE " + table + ".type = :type AND " + table + ".requirement = :requirement" + suffix);
action.bind(":type").integer(type);
action.bind(":requirement") = requirementText.get();
} else
MacOSError::throwMe(errSecCSInvalidObjectRef);
}示例7: SecRequirementsCopyRequirements
//
// Break a requirement set (given as a CFData) into its constituent requirements
// and return it as a CFDictionary.
//
OSStatus SecRequirementsCopyRequirements(CFDataRef requirementSet, SecCSFlags flags,
CFDictionaryRef *requirements)
{
BEGIN_CSAPI
checkFlags(flags);
if (requirementSet == NULL)
return errSecCSObjectRequired;
const Requirements *reqs = (const Requirements *)CFDataGetBytePtr(requirementSet);
CFRef<CFMutableDictionaryRef> dict = makeCFMutableDictionary();
unsigned count = reqs->count();
for (unsigned n = 0; n < count; n++) {
CFRef<SecRequirementRef> req = (new SecRequirement(reqs->blob<Requirement>(n)))->handle();
CFDictionaryAddValue(dict, CFTempNumber(reqs->type(n)), req);
}
CodeSigning::Required(requirements) = dict.yield();
END_CSAPI
}示例8: secdebug
//
// Direct verification interface.
// If path == NULL, we verify against the running code itself.
//
bool TrustedApplication::verifyToDisk(const char *path)
{
if (SecRequirementRef requirement = mForm->requirement()) {
secdebug("trustedapp", "%p validating requirement against path %s", this, path);
CFRef<SecStaticCodeRef> ondisk;
if (path)
MacOSError::check(SecStaticCodeCreateWithPath(CFTempURL(path),
kSecCSDefaultFlags, &ondisk.aref()));
else
MacOSError::check(SecCodeCopySelf(kSecCSDefaultFlags, (SecCodeRef *)&ondisk.aref()));
return SecStaticCodeCheckValidity(ondisk, kSecCSDefaultFlags, requirement) == noErr;
} else {
secdebug("trustedapp", "%p validating hash against path %s", this, path);
RefPointer<OSXCode> code = path ? OSXCode::at(path) : OSXCode::main();
SHA1::Digest ondiskDigest;
OSXVerifier::makeLegacyHash(code, ondiskDigest);
return memcmp(ondiskDigest, mForm->legacyHash(), sizeof(ondiskDigest)) == 0;
}
}示例9: sizeof
void OSXVerifier::dump() const
{
static const SHA1::Digest nullDigest = { 0 };
if (!memcmp(mLegacyHash, nullDigest, sizeof(mLegacyHash))) {
Debug::dump("(no hash)");
} else {
Debug::dump("oldHash=");
Debug::dumpData(mLegacyHash, sizeof(mLegacyHash));
}
if (mRequirement) {
CFRef<CFDataRef> reqData;
if (!SecRequirementCopyData(mRequirement, 0, &reqData.aref())) {
Debug::dump(" Requirement =>");
((const Requirement *)CFDataGetBytePtr(reqData))->dump();
}
} else {
Debug::dump(" NO REQ");
}
}示例10: SecPolicyCreateWithOID
//
// Pre-Signing contexts
//
PreSigningContext::PreSigningContext(const SecCodeSigner::Signer &signer)
{
// construct a cert chain
if (signer.signingIdentity() != SecIdentityRef(kCFNull)) {
CFRef<SecCertificateRef> signingCert;
MacOSError::check(SecIdentityCopyCertificate(signer.signingIdentity(), &signingCert.aref()));
CFRef<SecPolicyRef> policy = SecPolicyCreateWithOID(kSecPolicyAppleCodeSigning);
CFRef<SecTrustRef> trust;
MacOSError::check(SecTrustCreateWithCertificates(CFArrayRef(signingCert.get()), policy, &trust.aref()));
SecTrustResultType result;
MacOSError::check(SecTrustEvaluate(trust, &result));
CSSM_TP_APPLE_EVIDENCE_INFO *info;
MacOSError::check(SecTrustGetResult(trust, &result, &mCerts.aref(), &info));
this->certs = mCerts;
}
// other stuff
this->identifier = signer.signingIdentifier();
}示例11: OSXCodeWrap
//
// Produce an OSXCode for the currently running application.
//
// Note that we don't build the CFBundleRef here; we defer this to when we
// really need it for something more interesting than the base or executable paths.
// This is important because OSXCode::main() is called from various initialization
// scenarios (out of the securityd client layer), and CFBundle calls into some
// bizarrely high-level APIs to complete CFBundleGetMainBundle. Until that is fixed
// (if it ever is), this particular instance of laziness is mandatory.
//
RefPointer<OSXCode> OSXCode::main()
{
// return a code signing-aware OSXCode subclass if possible
CFRef<SecCodeRef> me;
if (!SecCodeCopySelf(kSecCSDefaultFlags, &me.aref()))
return new OSXCodeWrap(me);
// otherwise, follow the legacy path precisely - no point in messing with this, is there?
Boolean isRealBundle;
string path = cfStringRelease(_CFBundleCopyMainBundleExecutableURL(&isRealBundle));
if (isRealBundle) {
const char *cpath = path.c_str();
if (const char *slash = strrchr(cpath, '/'))
if (const char *contents = strstr(cpath, "/Contents/MacOS/"))
if (contents + 15 == slash)
return new Bundle(path.substr(0, contents-cpath).c_str());
secdebug("bundle", "OSXCode::main(%s) not recognized as bundle (treating as tool)", cpath);
}
return new ExecutableTool(path.c_str());
}示例12: query
CFDictionaryRef PolicyEngine::find(CFTypeRef target, AuthorityType type, SecAssessmentFlags flags, CFDictionaryRef context)
{
SQLite::Statement query(*this);
selectRules(query, "SELECT scan_authority.id, scan_authority.type, scan_authority.requirement, scan_authority.allow, scan_authority.label, scan_authority.priority, scan_authority.remarks, scan_authority.expires, scan_authority.disabled, bookmarkhints.bookmark FROM scan_authority LEFT OUTER JOIN bookmarkhints ON scan_authority.id = bookmarkhints.authority",
"scan_authority", target, type, flags, context,
" ORDER BY priority DESC");
CFRef<CFMutableArrayRef> found = makeCFMutableArray(0);
while (query.nextRow()) {
SQLite::int64 id = query[0];
int type = int(query[1]);
const char *requirement = query[2];
int allow = int(query[3]);
const char *label = query[4];
double priority = query[5];
const char *remarks = query[6];
double expires = query[7];
int disabled = int(query[8]);
CFRef<CFDataRef> bookmark = query[9].data();
CFRef<CFMutableDictionaryRef> rule = makeCFMutableDictionary(5,
kSecAssessmentRuleKeyID, CFTempNumber(id).get(),
kSecAssessmentRuleKeyType, CFRef<CFStringRef>(typeNameFor(type)).get(),
kSecAssessmentRuleKeyRequirement, CFTempString(requirement).get(),
kSecAssessmentRuleKeyAllow, allow ? kCFBooleanTrue : kCFBooleanFalse,
kSecAssessmentRuleKeyPriority, CFTempNumber(priority).get()
);
if (label)
CFDictionaryAddValue(rule, kSecAssessmentRuleKeyLabel, CFTempString(label));
if (remarks)
CFDictionaryAddValue(rule, kSecAssessmentRuleKeyRemarks, CFTempString(remarks));
if (expires != never)
CFDictionaryAddValue(rule, kSecAssessmentRuleKeyExpires, CFRef<CFDateRef>(julianToDate(expires)));
if (disabled)
CFDictionaryAddValue(rule, kSecAssessmentRuleKeyDisabled, CFTempNumber(disabled));
if (bookmark)
CFDictionaryAddValue(rule, kSecAssessmentRuleKeyBookmark, bookmark);
CFArrayAppendValue(found, rule);
}
if (CFArrayGetCount(found) == 0)
MacOSError::throwMe(errSecCSNoMatches);
return cfmake<CFDictionaryRef>("{%O=%O}", kSecAssessmentUpdateKeyFound, found.get());
}示例13: installerPolicy
static CFTypeRef installerPolicy()
{
CFRef<SecPolicyRef> base = SecPolicyCreateBasicX509();
CFRef<SecPolicyRef> crl = makeCRLPolicy();
CFRef<SecPolicyRef> ocsp = makeOCSPPolicy();
return makeCFArray(3, base.get(), crl.get(), ocsp.get());
}示例14: CFDataGetLength
//
// Identify a guest by attribute set, and return a new GenericCode representing it.
// This uses cshosting RPCs to ask the host (or its proxy).
//
SecCode *GenericCode::locateGuest(CFDictionaryRef attributes)
{
if (Port host = hostingPort()) {
CFRef<CFDataRef> attrData;
void *attrPtr = NULL; size_t attrLength = 0;
if (attributes) {
attrData.take(CFPropertyListCreateXMLData(NULL, attributes));
attrPtr = (void *)CFDataGetBytePtr(attrData);
attrLength = CFDataGetLength(attrData);
}
GuestChain guestPath;
mach_msg_type_number_t guestPathLength;
mach_port_t subport;
CALL(host, findGuest, guestRef(), attrPtr, (mach_msg_type_number_t)attrLength,
&guestPath, &guestPathLength, &subport);
CODESIGN_GUEST_LOCATE_GENERIC(this, guestPath, guestPathLength, subport);
SecPointer<SecCode> code = this;
for (unsigned n = 0; n < guestPathLength; n++)
code = new GenericCode(code, guestPath[n]);
return code.yield();
} else
return NULL; // not found, no error
}示例15: SecCodeCopySigningInformation
OSStatus SecCodeCopySigningInformation(SecStaticCodeRef codeRef, SecCSFlags flags,
CFDictionaryRef *infoRef)
{
BEGIN_CSAPI
checkFlags(flags,
kSecCSInternalInformation
| kSecCSSigningInformation
| kSecCSRequirementInformation
| kSecCSDynamicInformation
| kSecCSContentInformation);
SecPointer<SecStaticCode> code = SecStaticCode::requiredStatic(codeRef);
CFRef<CFDictionaryRef> info = code->signingInformation(flags);
if (flags & kSecCSDynamicInformation)
if (SecPointer<SecCode> dcode = SecStaticCode::optionalDynamic(codeRef))
info.take(cfmake<CFDictionaryRef>("{+%O,%O=%u}", info.get(), kSecCodeInfoStatus, dcode->status()));
CodeSigning::Required(infoRef) = info.yield();
END_CSAPI
}