Skip to content

Commit

Permalink
Fix CDHash value and formatting in santactl fileinfo.
Browse files Browse the repository at this point in the history 
Fix CDHash formatting.
  • Loading branch information
@pmarkowsky
pmarkowsky committed Apr 5, 2024
1 parent 3b2d02f commit f082e2a
Showing 1 changed file with 27 additions and 5 deletions.
32 changes: 27 additions & 5 deletions Source/santactl/Commands/SNTCommandFileInfo.m
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,22 @@
return result;
}

// Reformat the NSString for CDHash into a more presentable form.
// Normally we get NSStrings like:
// {length = 20, bytes = // 0x610424d2dff4a51646e287df11f79f1c163d19d3}
// from MOLCodesignChecker and want to format it into the cleaner.
//
// 610424d2dff4a51646e287df11f79f1c163d19d3.
NSString *formatCDHashStr(NSString *data) {
if (!data) return nil;

// Split the string and filterout 0x and the curly braces.
NSString *fields = [data componentsSeparatedByString:@"="].lastObject;
NSString *cleaned = [fields stringByReplacingOccurrencesOfString:@"0x" withString:@""];
cleaned = [cleaned stringByReplacingOccurrencesOfString:@"}" withString:@""];
return [cleaned stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceCharacterSet]];
}

@interface SNTCommandFileInfo : SNTCommand <SNTCommandProtocol>

// Properties set from commandline flags
Expand Down Expand Up @@ -380,10 +396,13 @@ - (SNTAttributeBlock)rule {
NSError *err;
MOLCodesignChecker *csc = [fileInfo codesignCheckerWithError:&err];

NSString *cdhash =
[csc.signingInformation objectForKey:(__bridge NSString *)kSecCodeInfoUnique];
NSString *teamID =
[csc.signingInformation objectForKey:(__bridge NSString *)kSecCodeInfoTeamIdentifier];
NSData *cdhashData =
(NSData *)[csc.signingInformation objectForKey:(__bridge NSString *)kSecCodeInfoUnique];
NSString *cdhash = formatCDHashStr([[NSString alloc] initWithData:cdhashData
encoding:NSUTF8StringEncoding]);

NSString *teamID = [[csc.signingInformation
objectForKey:(__bridge NSString *)kSecCodeInfoTeamIdentifier] description];
NSString *identifier =
[csc.signingInformation objectForKey:(__bridge NSString *)kSecCodeInfoIdentifier];

Expand Down Expand Up @@ -536,7 +555,10 @@ - (SNTAttributeBlock)signingID {
- (SNTAttributeBlock)cdhash {
return ^id(SNTCommandFileInfo *cmd, SNTFileInfo *fileInfo) {
MOLCodesignChecker *csc = [fileInfo codesignCheckerWithError:NULL];
return [csc.signingInformation objectForKey:(__bridge NSString *)kSecCodeInfoUnique];
NSData *cdhashData =
(NSData *)[csc.signingInformation objectForKey:(__bridge NSString *)kSecCodeInfoUnique];
return formatCDHashStr([[NSString alloc] initWithData:cdhashData
encoding:NSUTF8StringEncoding]);
};
}

Expand Down

0 comments on commit f082e2a

Please sign in to comment.