Enum apple_codesign::code_requirement::CodeRequirementExpression

pub enum CodeRequirementExpression<'a> {
    False,
    True,
    Identifier(Cow<'a, str>),
    AnchorApple,
    AnchorCertificateHash(i32, Cow<'a, [u8]>),
    InfoKeyValueLegacy(Cow<'a, str>, Cow<'a, str>),
    And(Box<CodeRequirementExpression<'a>>, Box<CodeRequirementExpression<'a>>),
    Or(Box<CodeRequirementExpression<'a>>, Box<CodeRequirementExpression<'a>>),
    CodeDirectoryHash(Cow<'a, [u8]>),
    Not(Box<CodeRequirementExpression<'a>>),
    InfoPlistKeyField(Cow<'a, str>, CodeRequirementMatchExpression<'a>),
    CertificateField(i32, Cow<'a, str>, CodeRequirementMatchExpression<'a>),
    CertificateTrusted(i32),
    AnchorTrusted,
    CertificateGeneric(i32, Oid<&'a [u8]>, CodeRequirementMatchExpression<'a>),
    AnchorAppleGeneric,
    EntitlementsKey(Cow<'a, str>, CodeRequirementMatchExpression<'a>),
    CertificatePolicy(i32, Oid<&'a [u8]>, CodeRequirementMatchExpression<'a>),
    NamedAnchor(Cow<'a, str>),
    NamedCode(Cow<'a, str>),
    Platform(u32),
    Notarized,
    CertificateFieldDate(i32, Oid<&'a [u8]>, CodeRequirementMatchExpression<'a>),
    LegacyDeveloperId,
}

Defines a code requirement expression.

Variants

False

False

false

No payload.

True

True

true

No payload.

Identifier(Cow<'a, str>)

Signing identifier.

identifier <string>

4 bytes length followed by C string.

AnchorApple

The certificate chain must lead to an Apple root.

anchor apple

No payload.

AnchorCertificateHash(i32, Cow<'a, [u8]>)

The certificate chain must anchor to a certificate with specified SHA-1 hash.

anchor <slot> H"<hash>"

4 bytes slot number, 4 bytes hash length, hash value.

InfoKeyValueLegacy(Cow<'a, str>, Cow<'a, str>)

Info.plist key value (legacy).

info[<key>] = <value>

2 pairs of (length + value).

And(Box<CodeRequirementExpression<'a>>, Box<CodeRequirementExpression<'a>>)

Logical and.

expr0 and expr1

Payload consists of 2 sub-expressions with no additional encoding.

Or(Box<CodeRequirementExpression<'a>>, Box<CodeRequirementExpression<'a>>)

Logical or.

expr0 or expr1

Payload consists of 2 sub-expressions with no additional encoding.

CodeDirectoryHash(Cow<'a, [u8]>)

Code directory hash.

`cdhash H““

4 bytes length followed by raw digest value.

Not(Box<CodeRequirementExpression<'a>>)

Logical not.

!expr

Payload is 1 sub-expression.

InfoPlistKeyField(Cow<'a, str>, CodeRequirementMatchExpression<'a>)

Info plist key field.

info [key] match expression

e.g. info [CFBundleName] exists

4 bytes key length, key string, then match expression.

CertificateField(i32, Cow<'a, str>, CodeRequirementMatchExpression<'a>)

Certificate field matches.

certificate <slot> [<field>] match expression

Slot i32, 4 bytes field length, field string, then match expression.

CertificateTrusted(i32)

Certificate in position is trusted for code signing.

certificate <position> trusted

4 bytes certificate position.

AnchorTrusted

The certificate chain must lead to a trusted root.

anchor trusted

No payload.

CertificateGeneric(i32, Oid<&'a [u8]>, CodeRequirementMatchExpression<'a>)

Certificate field matches by OID.

certificate <slot> [field.<oid>] match expression

Slot i32, 4 bytes OID length, OID raw bytes, match expression.

AnchorAppleGeneric

For code signed by Apple, including from code signing certificates issued by Apple.

anchor apple generic

No payload.

EntitlementsKey(Cow<'a, str>, CodeRequirementMatchExpression<'a>)

Value associated with specified key in signature’s embedded entitlements dictionary.

entitlement [<key>] match expression

4 bytes key length, key bytes, match expression.

CertificatePolicy(i32, Oid<&'a [u8]>, CodeRequirementMatchExpression<'a>)

OID associated with certificate in a given slot.

It is unknown what the OID means.

certificate <slot> [policy.<oid>] match expression

NamedAnchor(Cow<'a, str>)

A named Apple anchor.

anchor apple <name>

4 bytes name length, name bytes.

NamedCode(Cow<'a, str>)

Named code.

(<name>)

4 bytes name length, name bytes.

Platform(u32)

Platform value.

platform = <value>

Payload is a u32.

Notarized

Binary is notarized.

notarized

No Payload.

CertificateFieldDate(i32, Oid<&'a [u8]>, CodeRequirementMatchExpression<'a>)

Certificate field date.

Unknown what the OID corresponds to.

certificate <slot> [timestamp.<oid>] match expression

LegacyDeveloperId

Legacy developer ID used.

Implementations

impl<'a> CodeRequirementExpression<'a>

pub fn from_bytes(
    data: &'a [u8]
) -> Result<(Self, &'a [u8]), AppleCodesignError>

Construct an expression element by reading from a slice.

Returns the newly constructed element and remaining data in the slice.

pub fn write_to(&self, dest: &mut impl Write) -> Result<(), AppleCodesignError>

Write binary representation of this expression to a destination.

pub fn to_bytes(&self) -> Result<Vec<u8>, AppleCodesignError>

Produce the binary serialization of this expression.

The blob header/magic is not included.

Trait Implementations

impl<'a> Clone for CodeRequirementExpression<'a>

fn clone(&self) -> CodeRequirementExpression<'a>

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<'a> Debug for CodeRequirementExpression<'a>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'a> Display for CodeRequirementExpression<'a>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'a> PartialEq<CodeRequirementExpression<'a>> for CodeRequirementExpression<'a>

fn eq(&self, other: &CodeRequirementExpression<'a>) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &CodeRequirementExpression<'a>) -> bool

This method tests for !=.

impl<'a> StructuralPartialEq for CodeRequirementExpression<'a>