I'm trying to find a way to verify the signing certificate of a binary in code. For example, if you run the command: "codesign -vvvvd /YourApp/Executable" you may receive the output: "Authority: Apple Root CA" etc. I'm looking for a way to do this in code. Any push or nudge in the right direction would be outstanding.
Thanks!
On the Mac, SecStaticCode and SecCode provide code signing and verification functionality. Specifically, SecCodeCopySelf() and SecCodeCheckValidityWithErrors() would be used to check the code signing of the current application.
Note that an application that has been modified and resigned (with the same certificate or any other) is effectively impossible to detect, since anyone capable of modifying the application and resigning it can stub out or otherwise defeat your verification code. The functions named above are, at best, a keep-honest-people-honest solution.
On iOS, Apple's official position is that you shouldn't attempt to do jailbreak detection or similar, and should trust the OS to get it right. Since you cannot run dynamically loaded code or read the binary data of other applications, it is not very useful to be able to verify code signing on that platform. (Whether or not Apple's official position is useful to you is another discussion entirely.)
this is possible with an OS X application using Code Signing Services or Ole Begemann's code, but doesn't appear to be possible with iOS.
