Commit 9ab1d461 authored by George Nachman's avatar George Nachman

Improve SIG verify command line program

parent ddefa859
......@@ -13,6 +13,7 @@ NS_ASSUME_NONNULL_BEGIN
@interface SIGArchiveReader : NSObject
@property (nonatomic, readonly) NSURL *url;
@property (nonatomic, readonly) long long payloadLength;
- (nullable instancetype)initWithURL:(NSURL *)url NS_DESIGNATED_INITIALIZER;
- (instancetype)init NS_UNAVAILABLE;
......
......@@ -129,6 +129,14 @@
chunk.payloadLength)];
}
- (long long)payloadLength {
SIGArchiveChunk *chunk = [self chunkWithTag:SIGArchiveTagPayload];
if (!chunk) {
return 0;
}
return chunk.payloadLength;
}
- (BOOL)load:(out NSError **)errorOut {
assert(!_loaded);
_loaded = YES;
......
......@@ -9,20 +9,62 @@
#import <Foundation/Foundation.h>
#import <stdio.h>
#import "SIGArchiveVerifier.h"
#import "SIGCertificate.h"
#import "SIGError.h"
static NSError *Verify(NSString *path) {
static NSString *Details(SIGArchiveVerifier *verifier) {
NSMutableArray<NSString *> *detailLines = [NSMutableArray array];
[detailLines addObject:@" The following certificates were found:"];
BOOL first = YES;
for (NSData *data in [verifier.reader signingCertificates:nil]) {
SIGCertificate *cert = [[SIGCertificate alloc] initWithData:data];
if (!cert) {
continue;
}
NSString *name = ((cert.name ?: cert.longDescription) ?: @"Unknown");
NSString *line = [NSString stringWithFormat:@" Certificate “%@”", name];
if (first) {
line = [line stringByAppendingFormat:@" [signing cert]"];
}
if (cert.issuer) {
NSString *name = ((cert.issuer.name ?: cert.issuer.longDescription) ?: @"Unknown");
line = [line stringByAppendingFormat:@", issued by “%@”", name];
}
first = NO;
[detailLines addObject:line];
}
NSError *error;
NSString *metadata = [verifier.reader metadata:&error];
if (metadata.length > 0) {
[detailLines addObject:@" Metadata:"];
for (NSString *line in [metadata componentsSeparatedByString:@"\n"]) {
[detailLines addObject:[@" " stringByAppendingString:line]];
}
}
[detailLines addObject:[NSString stringWithFormat:@" Payload length: %@", @(verifier.reader.payloadLength)]];
return [detailLines componentsJoinedByString:@"\n"];
}
static NSError *Verify(NSString *path, NSString **detailsPtr) {
SIGArchiveVerifier *verifier = [[SIGArchiveVerifier alloc] initWithURL:[NSURL fileURLWithPath:path]];
__block BOOL result;
__block NSError *errorResult = nil;
dispatch_group_t group = dispatch_group_create();
dispatch_group_enter(group);
__block NSString *details;
[verifier verifyWithCompletion:^(BOOL ok, NSError *error) {
details = Details(verifier);
result = ok;
errorResult = error;
dispatch_group_leave(group);
}];
dispatch_group_wait(group, DISPATCH_TIME_FOREVER);
if (detailsPtr) {
*detailsPtr = details;
}
if (result) {
return nil;
}
......@@ -35,17 +77,28 @@ static NSError *Verify(NSString *path) {
int main(int argc, const char * argv[]) {
@autoreleasepool {
if (argc < 2) {
fprintf(stderr, "Usage: verify file [file...]\n");
fprintf(stderr, "Usage: verify [-v] file [file...]\n");
return 1;
}
int errors = 0;
for (int i = 1; i < argc; i++) {
NSError *error = Verify([NSString stringWithUTF8String:argv[i]]);
int first = 1;
BOOL verbose = NO;
if (argc > 1 && !strcmp(argv[1], "-v")) {
verbose = YES;
first++;
}
for (int i = first; i < argc; i++) {
NSString *details;
NSError *error = Verify([NSString stringWithUTF8String:argv[i]],
verbose ? &details : NULL);
if (error) {
errors++;
printf("%s: %s\n", argv[i], error.localizedDescription.UTF8String);
} else {
printf("%s: %s\n", argv[i], "ok");
if (verbose) {
printf("%s\n", details.UTF8String);
}
}
}
return errors > 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment