56 private static void verifyCodesignResult(List<String> result, Path target,
57 boolean signed) {
58 result.stream().forEachOrdered(TKit::trace);
59 if (signed) {
60 String lookupString = target.toString() + ": valid on disk";
61 checkString(result, lookupString);
62 lookupString = target.toString() + ": satisfies its Designated Requirement";
63 checkString(result, lookupString);
64 } else {
65 String lookupString = target.toString()
66 + ": code object is not signed at all";
67 checkString(result, lookupString);
68 }
69 }
70
71 private static List<String> spctlResult(Path target, String type) {
72 List<String> result = new Executor()
73 .setExecutable("/usr/sbin/spctl")
74 .addArguments("-vvv", "--assess", "--type", type,
75 target.toString())
76 .executeAndGetOutput();
77
78 return result;
79 }
80
81 private static void verifySpctlResult(List<String> result, Path target, String type) {
82 result.stream().forEachOrdered(TKit::trace);
83 String lookupString = target.toString() + ": accepted";
84 checkString(result, lookupString);
85 lookupString = "source=" + DEV_NAME;
86 checkString(result, lookupString);
87 if (type.equals("install")) {
88 lookupString = "origin=" + INSTALLER_CERT;
89 } else {
90 lookupString = "origin=" + APP_CERT;
91 }
92 checkString(result, lookupString);
93 }
94
95 private static List<String> pkgutilResult(Path target) {
96 List<String> result = new Executor()
97 .setExecutable("/usr/sbin/pkgutil")
98 .addArguments("--check-signature",
99 target.toString())
100 .executeAndGetOutput();
101
102 return result;
103 }
104
105 private static void verifyPkgutilResult(List<String> result) {
106 result.stream().forEachOrdered(TKit::trace);
|
56 private static void verifyCodesignResult(List<String> result, Path target,
57 boolean signed) {
58 result.stream().forEachOrdered(TKit::trace);
59 if (signed) {
60 String lookupString = target.toString() + ": valid on disk";
61 checkString(result, lookupString);
62 lookupString = target.toString() + ": satisfies its Designated Requirement";
63 checkString(result, lookupString);
64 } else {
65 String lookupString = target.toString()
66 + ": code object is not signed at all";
67 checkString(result, lookupString);
68 }
69 }
70
71 private static List<String> spctlResult(Path target, String type) {
72 List<String> result = new Executor()
73 .setExecutable("/usr/sbin/spctl")
74 .addArguments("-vvv", "--assess", "--type", type,
75 target.toString())
76 // on Catalina, the exit code can be 3, meaning not notarized
77 .saveOutput()
78 .executeWithoutExitCodeCheck()
79 .getOutput();
80
81 return result;
82 }
83
84 private static void verifySpctlResult(List<String> result, Path target, String type) {
85 result.stream().forEachOrdered(TKit::trace);
86 String lookupString;
87 /* on Catalina, spctl may return 3 and say:
88 * target: rejected
89 * source=Unnotarized DEV_NAME
90 * so we must skip these two checks
91 lookupString = target.toString() + ": accepted";
92 checkString(result, lookupString);
93 lookupString = "source=" + DEV_NAME;
94 checkString(result, lookupString);
95 */
96 if (type.equals("install")) {
97 lookupString = "origin=" + INSTALLER_CERT;
98 } else {
99 lookupString = "origin=" + APP_CERT;
100 }
101 checkString(result, lookupString);
102 }
103
104 private static List<String> pkgutilResult(Path target) {
105 List<String> result = new Executor()
106 .setExecutable("/usr/sbin/pkgutil")
107 .addArguments("--check-signature",
108 target.toString())
109 .executeAndGetOutput();
110
111 return result;
112 }
113
114 private static void verifyPkgutilResult(List<String> result) {
115 result.stream().forEachOrdered(TKit::trace);
|