StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>Thanks friend!</p> <p>I managed to do it for 10.6 with the new functionality but the problem is i am targeting 10.5 and 10.6, at least until some time passes.</p> <p>I have to throw some more time into libsecurity_codesigning soon so this can be completed for 10.5 also.</p> <p>But, for people who are looking for ready solutions around here, here is what i ended up with:</p> <pre><code>SecStaticCodeRef ref = NULL; NSURL * url = [NSURL URLWithString:[[NSBundle mainBundle] executablePath]]; OSStatus status; // obtain the cert info from the executable status = SecStaticCodeCreateWithPath((CFURLRef)url, kSecCSDefaultFlags, &ref); if (ref == NULL) exit(EXIT_STATUS_ON_BAD_CODE_SIGNATURE); if (status != noErr) exit(EXIT_STATUS_ON_BAD_CODE_SIGNATURE); SecRequirementRef req = NULL; // this is the public SHA1 fingerprint of the cert match string NSString * reqStr = [NSString stringWithFormat:@"%@ %@ = %@%@%@", @"certificate", @"leaf", @"H\"66875745923F01", @"F122B387B0F943", @"X7D981183151\"" ]; // create the requirement to check against status = SecRequirementCreateWithString((CFStringRef)reqStr, kSecCSDefaultFlags, &req); if (status != noErr) exit(EXIT_STATUS_ON_BAD_CODE_SIGNATURE); if (req == NULL) exit(EXIT_STATUS_ON_BAD_CODE_SIGNATURE); status = SecStaticCodeCheckValidity(ref, kSecCSCheckAllArchitectures, req); if (status != noErr) exit(EXIT_STATUS_ON_BAD_CODE_SIGNATURE); CFRelease(ref); CFRelease(req); LogDebug(@"Code signature was checked and it seems OK"); </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload