pub struct EmbeddedSignatureBuilder<'a> { /* private fields */ }Expand description
An entity for producing and writing EmbeddedSignature.
This entity can be used to incrementally build up super blob data.
Implementations§
source§impl<'a> EmbeddedSignatureBuilder<'a>
impl<'a> EmbeddedSignatureBuilder<'a>
sourcepub fn new_for_stapling(
signature: EmbeddedSignature<'a>
) -> Result<Self, AppleCodesignError>
pub fn new_for_stapling(
signature: EmbeddedSignature<'a>
) -> Result<Self, AppleCodesignError>
Create a new instance suitable for stapling a notarization ticket.
This starts with an existing EmbeddedSignature / superblob because stapling a notarization ticket just adds a new ticket slot without modifying existing slots.
Examples found in repository?
src/dmg.rs (line 295)
279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301
pub fn staple_file(
&self,
fh: &mut File,
ticket_data: Vec<u8>,
) -> Result<(), AppleCodesignError> {
warn!(
"stapling DMG with {} byte notarization ticket",
ticket_data.len()
);
let reader = DmgReader::new(fh)?;
let koly = reader.koly().clone();
let signature = reader
.embedded_signature()?
.ok_or(AppleCodesignError::DmgStapleNoSignature)?;
let mut builder = EmbeddedSignatureBuilder::new_for_stapling(signature)?;
builder.add_notarization_ticket(ticket_data)?;
let signature = builder.create_superblob()?;
Self::write_embedded_signature(fh, koly, &signature)
}sourcepub fn code_directory(&self) -> Option<&CodeDirectoryBlob<'_>>
pub fn code_directory(&self) -> Option<&CodeDirectoryBlob<'_>>
Obtain the code directory registered with this instance.
Examples found in repository?
src/embedded_signature_builder.rs (line 173)
148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304
pub fn add_code_directory(
&mut self,
cd_slot: CodeSigningSlot,
mut cd: CodeDirectoryBlob<'a>,
) -> Result<&CodeDirectoryBlob, AppleCodesignError> {
if matches!(self.state, BlobsState::SignatureAdded) {
return Err(AppleCodesignError::SignatureBuilder(
"cannot add code directory after signature data added",
));
}
for (slot, blob) in &self.blobs {
// Not all slots are expressible in the cd specials list!
if !slot.is_code_directory_specials_expressible() {
continue;
}
let digest = blob.digest_with(cd.digest_type)?;
cd.set_slot_digest(*slot, digest)?;
}
self.blobs.insert(cd_slot, cd.into());
self.state = BlobsState::CodeDirectoryAdded;
Ok(self.code_directory().expect("we just inserted this key"))
}
/// Add an alternative code directory.
///
/// This is a wrapper for [Self::add_code_directory()] that has logic for determining the
/// appropriate slot for the code directory.
pub fn add_alternative_code_directory(
&mut self,
cd: CodeDirectoryBlob<'a>,
) -> Result<&CodeDirectoryBlob, AppleCodesignError> {
let mut our_slot = CodeSigningSlot::AlternateCodeDirectory0;
for slot in self.blobs.keys() {
if slot.is_alternative_code_directory() {
our_slot = CodeSigningSlot::from(u32::from(*slot) + 1);
if !our_slot.is_alternative_code_directory() {
return Err(AppleCodesignError::SignatureBuilder(
"no more available alternative code directory slots",
));
}
}
}
self.add_code_directory(our_slot, cd)
}
/// The a CMS signature and register its signature blob.
///
/// `signing_key` and `signing_cert` denote the keypair being used to produce a
/// cryptographic signature.
///
/// `time_stamp_url` is an optional time-stamp protocol server to use to record
/// the signature in.
///
/// `certificates` are extra X.509 certificates to register in the signing chain.
///
/// This method errors if called before a code directory is registered.
pub fn create_cms_signature(
&mut self,
signing_key: &dyn KeyInfoSigner,
signing_cert: &CapturedX509Certificate,
time_stamp_url: Option<&Url>,
certificates: impl Iterator<Item = CapturedX509Certificate>,
) -> Result<(), AppleCodesignError> {
let main_cd = self
.code_directory()
.ok_or(AppleCodesignError::SignatureBuilder(
"cannot create CMS signature unless code directory is present",
))?;
if let Some(cn) = signing_cert.subject_common_name() {
warn!("creating cryptographic signature with certificate {}", cn);
}
let mut cdhashes = vec![];
let mut attributes = vec![];
for (slot, blob) in &self.blobs {
if *slot == CodeSigningSlot::CodeDirectory || slot.is_alternative_code_directory() {
if let BlobData::CodeDirectory(cd) = blob {
// plist digests use the native digest of the code directory but always
// truncated at 20 bytes.
let mut digest = cd.digest_with(cd.digest_type)?;
digest.truncate(20);
cdhashes.push(plist::Value::Data(digest));
// ASN.1 values are a SEQUENCE of (OID, OctetString) with the native
// digest.
let digest = cd.digest_with(cd.digest_type)?;
let alg = DigestAlgorithm::try_from(cd.digest_type)?;
attributes.push(AttributeValue::new(bcder::Captured::from_values(
bcder::Mode::Der,
bcder::encode::sequence((
Oid::from(alg).encode_ref(),
bcder::OctetString::new(digest.into()).encode_ref(),
)),
)));
} else {
return Err(AppleCodesignError::SignatureBuilder(
"unexpected blob type in code directory slot",
));
}
}
}
let mut plist_dict = plist::Dictionary::new();
plist_dict.insert("cdhashes".to_string(), plist::Value::Array(cdhashes));
let mut plist_xml = vec![];
plist::Value::from(plist_dict)
.to_writer_xml(&mut plist_xml)
.map_err(AppleCodesignError::CodeDirectoryPlist)?;
// We also need to include a trailing newline to conform with Apple's XML
// writer.
plist_xml.push(b'\n');
let signer = SignerBuilder::new(signing_key, signing_cert.clone())
.message_id_content(main_cd.to_blob_bytes()?)
.signed_attribute_octet_string(
Oid(Bytes::copy_from_slice(CD_DIGESTS_PLIST_OID.as_ref())),
&plist_xml,
);
let signer = signer.signed_attribute(Oid(CD_DIGESTS_OID.as_ref().into()), attributes);
let signer = if let Some(time_stamp_url) = time_stamp_url {
info!("Using time-stamp server {}", time_stamp_url);
signer.time_stamp_url(time_stamp_url.clone())?
} else {
signer
};
let der = SignedDataBuilder::default()
// The default is `signed-data`. But Apple appears to use the `data` content-type,
// in violation of RFC 5652 Section 5, which says `signed-data` should be
// used when there are signatures.
.content_type(Oid(OID_ID_DATA.as_ref().into()))
.signer(signer)
.certificates(certificates)
.build_der()?;
self.blobs.insert(
CodeSigningSlot::Signature,
BlobData::BlobWrapper(Box::new(BlobWrapperBlob::from_data_owned(der))),
);
self.state = BlobsState::SignatureAdded;
Ok(())
}sourcepub fn add_blob(
&mut self,
slot: CodeSigningSlot,
blob: BlobData<'a>
) -> Result<(), AppleCodesignError>
pub fn add_blob(
&mut self,
slot: CodeSigningSlot,
blob: BlobData<'a>
) -> Result<(), AppleCodesignError>
Register a blob into a slot.
There can only be a single blob per slot. Last write wins.
The code directory and embedded signature cannot be added using this method.
Blobs cannot be registered after a code directory or signature are added, as this would invalidate the signature.
Examples found in repository?
src/dmg.rs (line 334)
326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352
pub fn create_superblob<F: Read + Write + Seek>(
&self,
settings: &SigningSettings,
fh: &mut F,
) -> Result<Vec<u8>, AppleCodesignError> {
let mut builder = EmbeddedSignatureBuilder::default();
for (slot, blob) in self.create_special_blobs()? {
builder.add_blob(slot, blob)?;
}
builder.add_code_directory(
CodeSigningSlot::CodeDirectory,
self.create_code_directory(settings, fh)?,
)?;
if let Some((signing_key, signing_cert)) = settings.signing_key() {
builder.create_cms_signature(
signing_key,
signing_cert,
settings.time_stamp_url(),
settings.certificate_chain().iter().cloned(),
)?;
}
builder.create_superblob()
}More examples
src/macho_signing.rs (line 367)
359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402
pub fn create_superblob(
&self,
settings: &SigningSettings,
macho: &MachOBinary,
) -> Result<Vec<u8>, AppleCodesignError> {
let mut builder = EmbeddedSignatureBuilder::default();
for (slot, blob) in self.create_special_blobs(settings, macho.is_executable())? {
builder.add_blob(slot, blob)?;
}
let code_directory = self.create_code_directory(settings, macho)?;
info!("code directory version: {}", code_directory.version);
builder.add_code_directory(CodeSigningSlot::CodeDirectory, code_directory)?;
if let Some(digests) = settings.extra_digests(SettingsScope::Main) {
for digest_type in digests {
// Since everything consults settings for the digest to use, just make a new settings
// with a different digest.
let mut alt_settings = settings.clone();
alt_settings.set_digest_type(*digest_type);
info!(
"adding alternative code directory using digest {:?}",
digest_type
);
let cd = self.create_code_directory(&alt_settings, macho)?;
builder.add_alternative_code_directory(cd)?;
}
}
if let Some((signing_key, signing_cert)) = settings.signing_key() {
builder.create_cms_signature(
signing_key,
signing_cert,
settings.time_stamp_url(),
settings.certificate_chain().iter().cloned(),
)?;
}
builder.create_superblob()
}sourcepub fn add_code_directory(
&mut self,
cd_slot: CodeSigningSlot,
cd: CodeDirectoryBlob<'a>
) -> Result<&CodeDirectoryBlob<'_>, AppleCodesignError>
pub fn add_code_directory(
&mut self,
cd_slot: CodeSigningSlot,
cd: CodeDirectoryBlob<'a>
) -> Result<&CodeDirectoryBlob<'_>, AppleCodesignError>
Register a CodeDirectoryBlob with this builder.
This is the recommended mechanism to register a Code Directory with this instance.
When a code directory is registered, this method will automatically ensure digests of previously registered blobs/slots are present in the code directory. This removes the burden from callers of having to keep the code directory in sync with other registered blobs.
This function accepts the slot to add the code directory to because alternative slots can be registered.
Examples found in repository?
src/embedded_signature_builder.rs (line 198)
180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199
pub fn add_alternative_code_directory(
&mut self,
cd: CodeDirectoryBlob<'a>,
) -> Result<&CodeDirectoryBlob, AppleCodesignError> {
let mut our_slot = CodeSigningSlot::AlternateCodeDirectory0;
for slot in self.blobs.keys() {
if slot.is_alternative_code_directory() {
our_slot = CodeSigningSlot::from(u32::from(*slot) + 1);
if !our_slot.is_alternative_code_directory() {
return Err(AppleCodesignError::SignatureBuilder(
"no more available alternative code directory slots",
));
}
}
}
self.add_code_directory(our_slot, cd)
}More examples
src/dmg.rs (lines 337-340)
326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352
pub fn create_superblob<F: Read + Write + Seek>(
&self,
settings: &SigningSettings,
fh: &mut F,
) -> Result<Vec<u8>, AppleCodesignError> {
let mut builder = EmbeddedSignatureBuilder::default();
for (slot, blob) in self.create_special_blobs()? {
builder.add_blob(slot, blob)?;
}
builder.add_code_directory(
CodeSigningSlot::CodeDirectory,
self.create_code_directory(settings, fh)?,
)?;
if let Some((signing_key, signing_cert)) = settings.signing_key() {
builder.create_cms_signature(
signing_key,
signing_cert,
settings.time_stamp_url(),
settings.certificate_chain().iter().cloned(),
)?;
}
builder.create_superblob()
}src/macho_signing.rs (line 373)
359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402
pub fn create_superblob(
&self,
settings: &SigningSettings,
macho: &MachOBinary,
) -> Result<Vec<u8>, AppleCodesignError> {
let mut builder = EmbeddedSignatureBuilder::default();
for (slot, blob) in self.create_special_blobs(settings, macho.is_executable())? {
builder.add_blob(slot, blob)?;
}
let code_directory = self.create_code_directory(settings, macho)?;
info!("code directory version: {}", code_directory.version);
builder.add_code_directory(CodeSigningSlot::CodeDirectory, code_directory)?;
if let Some(digests) = settings.extra_digests(SettingsScope::Main) {
for digest_type in digests {
// Since everything consults settings for the digest to use, just make a new settings
// with a different digest.
let mut alt_settings = settings.clone();
alt_settings.set_digest_type(*digest_type);
info!(
"adding alternative code directory using digest {:?}",
digest_type
);
let cd = self.create_code_directory(&alt_settings, macho)?;
builder.add_alternative_code_directory(cd)?;
}
}
if let Some((signing_key, signing_cert)) = settings.signing_key() {
builder.create_cms_signature(
signing_key,
signing_cert,
settings.time_stamp_url(),
settings.certificate_chain().iter().cloned(),
)?;
}
builder.create_superblob()
}sourcepub fn add_alternative_code_directory(
&mut self,
cd: CodeDirectoryBlob<'a>
) -> Result<&CodeDirectoryBlob<'_>, AppleCodesignError>
pub fn add_alternative_code_directory(
&mut self,
cd: CodeDirectoryBlob<'a>
) -> Result<&CodeDirectoryBlob<'_>, AppleCodesignError>
Add an alternative code directory.
This is a wrapper for Self::add_code_directory() that has logic for determining the appropriate slot for the code directory.
Examples found in repository?
src/macho_signing.rs (line 388)
359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402
pub fn create_superblob(
&self,
settings: &SigningSettings,
macho: &MachOBinary,
) -> Result<Vec<u8>, AppleCodesignError> {
let mut builder = EmbeddedSignatureBuilder::default();
for (slot, blob) in self.create_special_blobs(settings, macho.is_executable())? {
builder.add_blob(slot, blob)?;
}
let code_directory = self.create_code_directory(settings, macho)?;
info!("code directory version: {}", code_directory.version);
builder.add_code_directory(CodeSigningSlot::CodeDirectory, code_directory)?;
if let Some(digests) = settings.extra_digests(SettingsScope::Main) {
for digest_type in digests {
// Since everything consults settings for the digest to use, just make a new settings
// with a different digest.
let mut alt_settings = settings.clone();
alt_settings.set_digest_type(*digest_type);
info!(
"adding alternative code directory using digest {:?}",
digest_type
);
let cd = self.create_code_directory(&alt_settings, macho)?;
builder.add_alternative_code_directory(cd)?;
}
}
if let Some((signing_key, signing_cert)) = settings.signing_key() {
builder.create_cms_signature(
signing_key,
signing_cert,
settings.time_stamp_url(),
settings.certificate_chain().iter().cloned(),
)?;
}
builder.create_superblob()
}sourcepub fn create_cms_signature(
&mut self,
signing_key: &dyn KeyInfoSigner,
signing_cert: &CapturedX509Certificate,
time_stamp_url: Option<&Url>,
certificates: impl Iterator<Item = CapturedX509Certificate>
) -> Result<(), AppleCodesignError>
pub fn create_cms_signature(
&mut self,
signing_key: &dyn KeyInfoSigner,
signing_cert: &CapturedX509Certificate,
time_stamp_url: Option<&Url>,
certificates: impl Iterator<Item = CapturedX509Certificate>
) -> Result<(), AppleCodesignError>
The a CMS signature and register its signature blob.
signing_key and signing_cert denote the keypair being used to produce a
cryptographic signature.
time_stamp_url is an optional time-stamp protocol server to use to record
the signature in.
certificates are extra X.509 certificates to register in the signing chain.
This method errors if called before a code directory is registered.
Examples found in repository?
src/dmg.rs (lines 343-348)
326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352
pub fn create_superblob<F: Read + Write + Seek>(
&self,
settings: &SigningSettings,
fh: &mut F,
) -> Result<Vec<u8>, AppleCodesignError> {
let mut builder = EmbeddedSignatureBuilder::default();
for (slot, blob) in self.create_special_blobs()? {
builder.add_blob(slot, blob)?;
}
builder.add_code_directory(
CodeSigningSlot::CodeDirectory,
self.create_code_directory(settings, fh)?,
)?;
if let Some((signing_key, signing_cert)) = settings.signing_key() {
builder.create_cms_signature(
signing_key,
signing_cert,
settings.time_stamp_url(),
settings.certificate_chain().iter().cloned(),
)?;
}
builder.create_superblob()
}More examples
src/macho_signing.rs (lines 393-398)
359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402
pub fn create_superblob(
&self,
settings: &SigningSettings,
macho: &MachOBinary,
) -> Result<Vec<u8>, AppleCodesignError> {
let mut builder = EmbeddedSignatureBuilder::default();
for (slot, blob) in self.create_special_blobs(settings, macho.is_executable())? {
builder.add_blob(slot, blob)?;
}
let code_directory = self.create_code_directory(settings, macho)?;
info!("code directory version: {}", code_directory.version);
builder.add_code_directory(CodeSigningSlot::CodeDirectory, code_directory)?;
if let Some(digests) = settings.extra_digests(SettingsScope::Main) {
for digest_type in digests {
// Since everything consults settings for the digest to use, just make a new settings
// with a different digest.
let mut alt_settings = settings.clone();
alt_settings.set_digest_type(*digest_type);
info!(
"adding alternative code directory using digest {:?}",
digest_type
);
let cd = self.create_code_directory(&alt_settings, macho)?;
builder.add_alternative_code_directory(cd)?;
}
}
if let Some((signing_key, signing_cert)) = settings.signing_key() {
builder.create_cms_signature(
signing_key,
signing_cert,
settings.time_stamp_url(),
settings.certificate_chain().iter().cloned(),
)?;
}
builder.create_superblob()
}sourcepub fn add_notarization_ticket(
&mut self,
ticket_data: Vec<u8>
) -> Result<(), AppleCodesignError>
pub fn add_notarization_ticket(
&mut self,
ticket_data: Vec<u8>
) -> Result<(), AppleCodesignError>
Add notarization ticket data.
This will register a new ticket slot holding the notarization ticket data.
Examples found in repository?
src/dmg.rs (line 296)
279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301
pub fn staple_file(
&self,
fh: &mut File,
ticket_data: Vec<u8>,
) -> Result<(), AppleCodesignError> {
warn!(
"stapling DMG with {} byte notarization ticket",
ticket_data.len()
);
let reader = DmgReader::new(fh)?;
let koly = reader.koly().clone();
let signature = reader
.embedded_signature()?
.ok_or(AppleCodesignError::DmgStapleNoSignature)?;
let mut builder = EmbeddedSignatureBuilder::new_for_stapling(signature)?;
builder.add_notarization_ticket(ticket_data)?;
let signature = builder.create_superblob()?;
Self::write_embedded_signature(fh, koly, &signature)
}sourcepub fn create_superblob(&self) -> Result<Vec<u8>, AppleCodesignError>
pub fn create_superblob(&self) -> Result<Vec<u8>, AppleCodesignError>
Create the embedded signature “superblob” data.
Examples found in repository?
src/dmg.rs (line 298)
279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352
pub fn staple_file(
&self,
fh: &mut File,
ticket_data: Vec<u8>,
) -> Result<(), AppleCodesignError> {
warn!(
"stapling DMG with {} byte notarization ticket",
ticket_data.len()
);
let reader = DmgReader::new(fh)?;
let koly = reader.koly().clone();
let signature = reader
.embedded_signature()?
.ok_or(AppleCodesignError::DmgStapleNoSignature)?;
let mut builder = EmbeddedSignatureBuilder::new_for_stapling(signature)?;
builder.add_notarization_ticket(ticket_data)?;
let signature = builder.create_superblob()?;
Self::write_embedded_signature(fh, koly, &signature)
}
fn write_embedded_signature(
fh: &mut File,
mut koly: KolyTrailer,
signature: &[u8],
) -> Result<(), AppleCodesignError> {
warn!("writing {} byte signature", signature.len());
fh.seek(SeekFrom::Start(koly.offset_after_plist()))?;
fh.write_all(signature)?;
koly.code_signature_offset = koly.offset_after_plist();
koly.code_signature_size = signature.len() as _;
let mut trailer = [0u8; KOLY_SIZE as usize];
trailer.pwrite_with(&koly, 0, scroll::BE)?;
fh.write_all(&trailer)?;
fh.set_len(koly.code_signature_offset + koly.code_signature_size + KOLY_SIZE as u64)?;
Ok(())
}
/// Create the embedded signature superblob content.
pub fn create_superblob<F: Read + Write + Seek>(
&self,
settings: &SigningSettings,
fh: &mut F,
) -> Result<Vec<u8>, AppleCodesignError> {
let mut builder = EmbeddedSignatureBuilder::default();
for (slot, blob) in self.create_special_blobs()? {
builder.add_blob(slot, blob)?;
}
builder.add_code_directory(
CodeSigningSlot::CodeDirectory,
self.create_code_directory(settings, fh)?,
)?;
if let Some((signing_key, signing_cert)) = settings.signing_key() {
builder.create_cms_signature(
signing_key,
signing_cert,
settings.time_stamp_url(),
settings.certificate_chain().iter().cloned(),
)?;
}
builder.create_superblob()
}More examples
src/macho_signing.rs (line 401)
359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402
pub fn create_superblob(
&self,
settings: &SigningSettings,
macho: &MachOBinary,
) -> Result<Vec<u8>, AppleCodesignError> {
let mut builder = EmbeddedSignatureBuilder::default();
for (slot, blob) in self.create_special_blobs(settings, macho.is_executable())? {
builder.add_blob(slot, blob)?;
}
let code_directory = self.create_code_directory(settings, macho)?;
info!("code directory version: {}", code_directory.version);
builder.add_code_directory(CodeSigningSlot::CodeDirectory, code_directory)?;
if let Some(digests) = settings.extra_digests(SettingsScope::Main) {
for digest_type in digests {
// Since everything consults settings for the digest to use, just make a new settings
// with a different digest.
let mut alt_settings = settings.clone();
alt_settings.set_digest_type(*digest_type);
info!(
"adding alternative code directory using digest {:?}",
digest_type
);
let cd = self.create_code_directory(&alt_settings, macho)?;
builder.add_alternative_code_directory(cd)?;
}
}
if let Some((signing_key, signing_cert)) = settings.signing_key() {
builder.create_cms_signature(
signing_key,
signing_cert,
settings.time_stamp_url(),
settings.certificate_chain().iter().cloned(),
)?;
}
builder.create_superblob()
}Trait Implementations§
source§impl<'a> Debug for EmbeddedSignatureBuilder<'a>
impl<'a> Debug for EmbeddedSignatureBuilder<'a>
source§impl<'a> Default for EmbeddedSignatureBuilder<'a>
impl<'a> Default for EmbeddedSignatureBuilder<'a>
source§fn default() -> EmbeddedSignatureBuilder<'a>
fn default() -> EmbeddedSignatureBuilder<'a>
Returns the “default value” for a type. Read more
Auto Trait Implementations§
impl<'a> RefUnwindSafe for EmbeddedSignatureBuilder<'a>
impl<'a> Send for EmbeddedSignatureBuilder<'a>
impl<'a> Sync for EmbeddedSignatureBuilder<'a>
impl<'a> Unpin for EmbeddedSignatureBuilder<'a>
impl<'a> UnwindSafe for EmbeddedSignatureBuilder<'a>
Blanket Implementations§
§impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
§impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
§impl<T> Conv for T
impl<T> Conv for T
§impl<T> FmtForward for T
impl<T> FmtForward for T
§fn fmt_binary(self) -> FmtBinary<Self>where
Self: Binary,
fn fmt_binary(self) -> FmtBinary<Self>where
Self: Binary,
Causes
self to use its Binary implementation when Debug-formatted.§fn fmt_display(self) -> FmtDisplay<Self>where
Self: Display,
fn fmt_display(self) -> FmtDisplay<Self>where
Self: Display,
Causes
self to use its Display implementation when
Debug-formatted.§fn fmt_lower_exp(self) -> FmtLowerExp<Self>where
Self: LowerExp,
fn fmt_lower_exp(self) -> FmtLowerExp<Self>where
Self: LowerExp,
Causes
self to use its LowerExp implementation when
Debug-formatted.§fn fmt_lower_hex(self) -> FmtLowerHex<Self>where
Self: LowerHex,
fn fmt_lower_hex(self) -> FmtLowerHex<Self>where
Self: LowerHex,
Causes
self to use its LowerHex implementation when
Debug-formatted.§fn fmt_octal(self) -> FmtOctal<Self>where
Self: Octal,
fn fmt_octal(self) -> FmtOctal<Self>where
Self: Octal,
Causes
self to use its Octal implementation when Debug-formatted.§fn fmt_pointer(self) -> FmtPointer<Self>where
Self: Pointer,
fn fmt_pointer(self) -> FmtPointer<Self>where
Self: Pointer,
Causes
self to use its Pointer implementation when
Debug-formatted.§fn fmt_upper_exp(self) -> FmtUpperExp<Self>where
Self: UpperExp,
fn fmt_upper_exp(self) -> FmtUpperExp<Self>where
Self: UpperExp,
Causes
self to use its UpperExp implementation when
Debug-formatted.§fn fmt_upper_hex(self) -> FmtUpperHex<Self>where
Self: UpperHex,
fn fmt_upper_hex(self) -> FmtUpperHex<Self>where
Self: UpperHex,
Causes
self to use its UpperHex implementation when
Debug-formatted.§fn fmt_list(self) -> FmtList<Self>where
&'a Self: for<'a> IntoIterator,
fn fmt_list(self) -> FmtList<Self>where
&'a Self: for<'a> IntoIterator,
Formats each item in a sequence. Read more
source§impl<T> Instrument for T
impl<T> Instrument for T
source§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
source§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
§impl<T> Pipe for Twhere
T: ?Sized,
impl<T> Pipe for Twhere
T: ?Sized,
§fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> Rwhere
Self: Sized,
fn pipe<R>(self, func: impl FnOnce(Self) -> R) -> Rwhere
Self: Sized,
Pipes by value. This is generally the method you want to use. Read more
§fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> Rwhere
R: 'a,
fn pipe_ref<'a, R>(&'a self, func: impl FnOnce(&'a Self) -> R) -> Rwhere
R: 'a,
Borrows
self and passes that borrow into the pipe function. Read more§fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> Rwhere
R: 'a,
fn pipe_ref_mut<'a, R>(&'a mut self, func: impl FnOnce(&'a mut Self) -> R) -> Rwhere
R: 'a,
Mutably borrows
self and passes that borrow into the pipe function. Read more§fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> Rwhere
Self: Borrow<B>,
B: 'a + ?Sized,
R: 'a,
fn pipe_borrow<'a, B, R>(&'a self, func: impl FnOnce(&'a B) -> R) -> Rwhere
Self: Borrow<B>,
B: 'a + ?Sized,
R: 'a,
§fn pipe_borrow_mut<'a, B, R>(
&'a mut self,
func: impl FnOnce(&'a mut B) -> R
) -> Rwhere
Self: BorrowMut<B>,
B: 'a + ?Sized,
R: 'a,
fn pipe_borrow_mut<'a, B, R>(
&'a mut self,
func: impl FnOnce(&'a mut B) -> R
) -> Rwhere
Self: BorrowMut<B>,
B: 'a + ?Sized,
R: 'a,
§fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> Rwhere
Self: AsRef<U>,
U: 'a + ?Sized,
R: 'a,
fn pipe_as_ref<'a, U, R>(&'a self, func: impl FnOnce(&'a U) -> R) -> Rwhere
Self: AsRef<U>,
U: 'a + ?Sized,
R: 'a,
Borrows
self, then passes self.as_ref() into the pipe function.§fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> Rwhere
Self: AsMut<U>,
U: 'a + ?Sized,
R: 'a,
fn pipe_as_mut<'a, U, R>(&'a mut self, func: impl FnOnce(&'a mut U) -> R) -> Rwhere
Self: AsMut<U>,
U: 'a + ?Sized,
R: 'a,
Mutably borrows
self, then passes self.as_mut() into the pipe
function.§impl<T> Pointable for T
impl<T> Pointable for T
§impl<T> Tap for T
impl<T> Tap for T
§fn tap_borrow<B>(self, func: impl FnOnce(&B)) -> Selfwhere
Self: Borrow<B>,
B: ?Sized,
fn tap_borrow<B>(self, func: impl FnOnce(&B)) -> Selfwhere
Self: Borrow<B>,
B: ?Sized,
Immutable access to the
Borrow<B> of a value. Read more§fn tap_borrow_mut<B>(self, func: impl FnOnce(&mut B)) -> Selfwhere
Self: BorrowMut<B>,
B: ?Sized,
fn tap_borrow_mut<B>(self, func: impl FnOnce(&mut B)) -> Selfwhere
Self: BorrowMut<B>,
B: ?Sized,
Mutable access to the
BorrowMut<B> of a value. Read more§fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Selfwhere
Self: AsRef<R>,
R: ?Sized,
fn tap_ref<R>(self, func: impl FnOnce(&R)) -> Selfwhere
Self: AsRef<R>,
R: ?Sized,
Immutable access to the
AsRef<R> view of a value. Read more§fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Selfwhere
Self: AsMut<R>,
R: ?Sized,
fn tap_ref_mut<R>(self, func: impl FnOnce(&mut R)) -> Selfwhere
Self: AsMut<R>,
R: ?Sized,
Mutable access to the
AsMut<R> view of a value. Read more§fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Selfwhere
Self: Deref<Target = T>,
T: ?Sized,
fn tap_deref<T>(self, func: impl FnOnce(&T)) -> Selfwhere
Self: Deref<Target = T>,
T: ?Sized,
Immutable access to the
Deref::Target of a value. Read more§fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Selfwhere
Self: DerefMut<Target = T> + Deref,
T: ?Sized,
fn tap_deref_mut<T>(self, func: impl FnOnce(&mut T)) -> Selfwhere
Self: DerefMut<Target = T> + Deref,
T: ?Sized,
Mutable access to the
Deref::Target of a value. Read more§fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self
fn tap_dbg(self, func: impl FnOnce(&Self)) -> Self
Calls
.tap() only in debug builds, and is erased in release builds.§fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self
fn tap_mut_dbg(self, func: impl FnOnce(&mut Self)) -> Self
Calls
.tap_mut() only in debug builds, and is erased in release
builds.§fn tap_borrow_dbg<B>(self, func: impl FnOnce(&B)) -> Selfwhere
Self: Borrow<B>,
B: ?Sized,
fn tap_borrow_dbg<B>(self, func: impl FnOnce(&B)) -> Selfwhere
Self: Borrow<B>,
B: ?Sized,
Calls
.tap_borrow() only in debug builds, and is erased in release
builds.§fn tap_borrow_mut_dbg<B>(self, func: impl FnOnce(&mut B)) -> Selfwhere
Self: BorrowMut<B>,
B: ?Sized,
fn tap_borrow_mut_dbg<B>(self, func: impl FnOnce(&mut B)) -> Selfwhere
Self: BorrowMut<B>,
B: ?Sized,
Calls
.tap_borrow_mut() only in debug builds, and is erased in release
builds.§fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Selfwhere
Self: AsRef<R>,
R: ?Sized,
fn tap_ref_dbg<R>(self, func: impl FnOnce(&R)) -> Selfwhere
Self: AsRef<R>,
R: ?Sized,
Calls
.tap_ref() only in debug builds, and is erased in release
builds.§fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Selfwhere
Self: AsMut<R>,
R: ?Sized,
fn tap_ref_mut_dbg<R>(self, func: impl FnOnce(&mut R)) -> Selfwhere
Self: AsMut<R>,
R: ?Sized,
Calls
.tap_ref_mut() only in debug builds, and is erased in release
builds.