发表新帖
发表新帖

How to obtain codesigned application certificate info

后端 未结
关注
2 807
既然无缘
既然无缘 2020-12-05 11:51

I am having a tough time finding an answer to my codesigning issues.

We have an application for Mac OS written under Cocoa. Finally - we did our codesigning, but i w

相关标签:
2条回答
  • 醉酒成梦
    2020-12-05 12:07

    If you're targeting 10.6+ you can use the code signing functions in the Security framework (documentation), in particular SecCodeCheckValidity. Otherwise, the source code to the code signing system is in libsecurity_codesigning.

    Since you're using the code signature to authenticate your code you should also validate the designated requirement with SecCodeCopyDesignatedRequirement.

    0 讨论(0)
  • 一个人的身影
    2020-12-05 12:25

    Thanks friend!

    I managed to do it for 10.6 with the new functionality but the problem is i am targeting 10.5 and 10.6, at least until some time passes.

    I have to throw some more time into libsecurity_codesigning soon so this can be completed for 10.5 also.

    But, for people who are looking for ready solutions around here, here is what i ended up with:

    SecStaticCodeRef ref = NULL;

NSURL * url = [NSURL URLWithString:[[NSBundle mainBundle] executablePath]]; 

OSStatus status;

// obtain the cert info from the executable
status = SecStaticCodeCreateWithPath((CFURLRef)url, kSecCSDefaultFlags, &ref);

if (ref == NULL) exit(EXIT_STATUS_ON_BAD_CODE_SIGNATURE);
if (status != noErr) exit(EXIT_STATUS_ON_BAD_CODE_SIGNATURE);

SecRequirementRef req = NULL;

// this is the public SHA1 fingerprint of the cert match string
NSString * reqStr = [NSString stringWithFormat:@"%@ %@ = %@%@%@",
    @"certificate",
    @"leaf",
    @"H\"66875745923F01",
    @"F122B387B0F943",
    @"X7D981183151\""
    ];

// create the requirement to check against
status = SecRequirementCreateWithString((CFStringRef)reqStr, kSecCSDefaultFlags, &req);

if (status != noErr) exit(EXIT_STATUS_ON_BAD_CODE_SIGNATURE);
if (req == NULL) exit(EXIT_STATUS_ON_BAD_CODE_SIGNATURE);

status = SecStaticCodeCheckValidity(ref, kSecCSCheckAllArchitectures, req);

if (status != noErr) exit(EXIT_STATUS_ON_BAD_CODE_SIGNATURE);

CFRelease(ref);
CFRelease(req);

LogDebug(@"Code signature was checked and it seems OK");
    0 讨论(0)
 看不清?
提交回复
热议问题