mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-28 20:55:39 +00:00
367 lines
8.7 KiB
C
367 lines
8.7 KiB
C
/*
|
|
* The contents of this file are subject to the Mozilla Public
|
|
* License Version 1.1 (the "License"); you may not use this file
|
|
* except in compliance with the License. You may obtain a copy of
|
|
* the License at http://www.mozilla.org/MPL/
|
|
*
|
|
* Software distributed under the License is distributed on an "AS
|
|
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
|
|
* implied. See the License for the specific language governing
|
|
* rights and limitations under the License.
|
|
*
|
|
* The Original Code is the Netscape security libraries.
|
|
*
|
|
* The Initial Developer of the Original Code is Netscape
|
|
* Communications Corporation. Portions created by Netscape are
|
|
* Copyright (C) 1994-2000 Netscape Communications Corporation. All
|
|
* Rights Reserved.
|
|
*
|
|
* Contributor(s):
|
|
*
|
|
* Alternatively, the contents of this file may be used under the
|
|
* terms of the GNU General Public License Version 2 or later (the
|
|
* "GPL"), in which case the provisions of the GPL are applicable
|
|
* instead of those above. If you wish to allow use of your
|
|
* version of this file only under the terms of the GPL and not to
|
|
* allow others to use your version of this file under the MPL,
|
|
* indicate your decision by deleting the provisions above and
|
|
* replace them with the notice and other provisions required by
|
|
* the GPL. If you do not delete the provisions above, a recipient
|
|
* may use your version of this file under either the MPL or the
|
|
* GPL.
|
|
*/
|
|
|
|
#include "signtool.h"
|
|
|
|
|
|
static int jar_cb(int status, JAR *jar, const char *metafile,
|
|
char *pathname, char *errortext);
|
|
static int verify_global (JAR *jar);
|
|
|
|
/*************************************************************************
|
|
*
|
|
* V e r i f y J a r
|
|
*/
|
|
int
|
|
VerifyJar(char *filename)
|
|
{
|
|
FILE *fp;
|
|
|
|
int ret;
|
|
int status;
|
|
char *err;
|
|
|
|
JAR *jar;
|
|
JAR_Context *ctx;
|
|
|
|
JAR_Item *it;
|
|
|
|
jar = JAR_new();
|
|
|
|
if ((fp = fopen (filename, "r")) == NULL)
|
|
{
|
|
perror (filename);
|
|
exit (ERRX);
|
|
}
|
|
else
|
|
fclose (fp);
|
|
|
|
JAR_set_callback (JAR_CB_SIGNAL, jar, jar_cb);
|
|
|
|
|
|
status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
|
|
|
|
if (status < 0 || jar->valid < 0)
|
|
{
|
|
PR_fprintf(outputFD, "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename);
|
|
if (status < 0)
|
|
{
|
|
char *errtext;
|
|
|
|
if (status >= JAR_BASE && status <= JAR_BASE_END)
|
|
{
|
|
errtext = JAR_get_error (status);
|
|
}
|
|
else
|
|
{
|
|
errtext = SECU_ErrorString ((int16) PORT_GetError());
|
|
}
|
|
|
|
PR_fprintf(outputFD, " (reported reason: %s)\n\n", errtext);
|
|
|
|
/* corrupt files should not have their contents listed */
|
|
|
|
if (status == JAR_ERR_CORRUPT)
|
|
return status;
|
|
}
|
|
PR_fprintf(outputFD,
|
|
"entries shown below will have their digests checked only.\n");
|
|
jar->valid = 0;
|
|
}
|
|
else
|
|
PR_fprintf(outputFD,
|
|
"archive \"%s\" has passed crypto verification.\n", filename);
|
|
|
|
verify_global (jar);
|
|
|
|
PR_fprintf(outputFD, "\n");
|
|
PR_fprintf(outputFD, "%16s %s\n", "status", "path");
|
|
PR_fprintf(outputFD, "%16s %s\n", "------------", "-------------------");
|
|
|
|
ctx = JAR_find (jar, NULL, jarTypeMF);
|
|
|
|
while (JAR_find_next (ctx, &it) >= 0)
|
|
{
|
|
if (it && it->pathname)
|
|
{
|
|
rm_dash_r(TMP_OUTPUT);
|
|
ret = JAR_verified_extract (jar, it->pathname, TMP_OUTPUT);
|
|
/* if (ret < 0) printf ("error %d on %s\n", ret, it->pathname); */
|
|
|
|
if (ret == JAR_ERR_PNF)
|
|
err = "NOT PRESENT";
|
|
else if (ret == JAR_ERR_HASH)
|
|
err = "HASH FAILED";
|
|
else
|
|
err = "NOT VERIFIED";
|
|
|
|
PR_fprintf(outputFD, "%16s %s\n",
|
|
ret >= 0 ? "verified" : err, it->pathname);
|
|
|
|
if (ret != 0 && ret != JAR_ERR_PNF && ret != JAR_ERR_HASH)
|
|
PR_fprintf(outputFD, " (reason: %s)\n", JAR_get_error (ret));
|
|
}
|
|
}
|
|
|
|
JAR_find_end (ctx);
|
|
|
|
if (status < 0 || jar->valid < 0)
|
|
{
|
|
PR_fprintf(outputFD,
|
|
"\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename);
|
|
give_help (status);
|
|
}
|
|
|
|
JAR_destroy (jar);
|
|
|
|
return 0;
|
|
}
|
|
|
|
/***************************************************************************
|
|
*
|
|
* v e r i f y _ g l o b a l
|
|
*/
|
|
static int
|
|
verify_global (JAR *jar)
|
|
{
|
|
FILE *fp;
|
|
JAR_Context *ctx;
|
|
|
|
char *ext;
|
|
|
|
JAR_Item *it;
|
|
JAR_Digest *globaldig;
|
|
|
|
unsigned int sha1_length, md5_length;
|
|
|
|
char buf [BUFSIZ];
|
|
|
|
unsigned char *md5_digest, *sha1_digest;
|
|
|
|
ctx = JAR_find (jar, "*", jarTypePhy);
|
|
|
|
while (JAR_find_next (ctx, &it) >= 0) {
|
|
if (!PORT_Strncmp (it->pathname, "META-INF", 8)) {
|
|
for (ext = it->pathname; *ext; ext++);
|
|
while (ext > it->pathname && *ext != '.') ext--;
|
|
|
|
if(verbosity >= 0) {
|
|
if (!PORT_Strcasecmp (ext, ".rsa")) {
|
|
PR_fprintf(outputFD, "found a RSA signature file: %s\n",
|
|
it->pathname);
|
|
}
|
|
|
|
if(!PORT_Strcasecmp (ext, ".dsa")) {
|
|
PR_fprintf(outputFD, "found a DSA signature file: %s\n",
|
|
it->pathname);
|
|
}
|
|
|
|
if (!PORT_Strcasecmp (ext, ".mf")) {
|
|
PR_fprintf(outputFD,
|
|
"found a MF master manifest file: %s\n", it->pathname);
|
|
}
|
|
}
|
|
|
|
if (!PORT_Strcasecmp (ext, ".sf")) {
|
|
if(verbosity >= 0) {
|
|
PR_fprintf(outputFD,
|
|
"found a SF signature manifest file: %s\n", it->pathname);
|
|
}
|
|
|
|
rm_dash_r(TMP_OUTPUT);
|
|
if (JAR_extract (jar, it->pathname, TMP_OUTPUT) < 0) {
|
|
PR_fprintf(errorFD, "%s: error extracting %s\n", PROGRAM_NAME,
|
|
it->pathname);
|
|
errorCount++;
|
|
continue;
|
|
}
|
|
|
|
md5_digest = NULL;
|
|
sha1_digest = NULL;
|
|
|
|
if ((fp = fopen (TMP_OUTPUT, "rb")) != NULL) {
|
|
while (fgets (buf, BUFSIZ, fp)) {
|
|
char *s;
|
|
|
|
if (*buf == 0 || *buf == '\n' || *buf == '\r') break;
|
|
|
|
for (s = buf; *s && *s != '\n' && *s != '\r'; s++);
|
|
*s = 0;
|
|
|
|
if (!PORT_Strncmp (buf, "MD5-Digest: ", 12)) {
|
|
md5_digest = ATOB_AsciiToData (buf + 12, &md5_length);
|
|
}
|
|
|
|
if (!PORT_Strncmp (buf, "SHA1-Digest: ", 13)) {
|
|
sha1_digest = ATOB_AsciiToData (buf + 13, &sha1_length);
|
|
}
|
|
|
|
if (!PORT_Strncmp (buf, "SHA-Digest: ", 12)) {
|
|
sha1_digest = ATOB_AsciiToData (buf + 12, &sha1_length);
|
|
}
|
|
}
|
|
|
|
globaldig = jar->globalmeta;
|
|
|
|
if (globaldig && md5_digest) {
|
|
if(verbosity >= 0) {
|
|
PR_fprintf(outputFD,
|
|
" md5 digest on global metainfo: %s\n",
|
|
PORT_Memcmp (md5_digest, globaldig->md5, MD5_LENGTH) ?
|
|
"no match" : "match");
|
|
}
|
|
}
|
|
|
|
if (globaldig && sha1_digest) {
|
|
if(verbosity >= 0) {
|
|
PR_fprintf(outputFD,
|
|
" sha digest on global metainfo: %s\n",
|
|
PORT_Memcmp(sha1_digest, globaldig->sha1,
|
|
SHA1_LENGTH) ? "no match" : "match");
|
|
}
|
|
}
|
|
|
|
if (globaldig == NULL) {
|
|
if(verbosity >= 0) {
|
|
PR_fprintf(outputFD,
|
|
"global metadigest is not available, strange.\n");
|
|
}
|
|
}
|
|
|
|
fclose (fp);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
JAR_find_end (ctx);
|
|
|
|
return 0;
|
|
}
|
|
|
|
/************************************************************************
|
|
*
|
|
* J a r W h o
|
|
*/
|
|
void
|
|
JarWho(char *filename)
|
|
{
|
|
FILE *fp;
|
|
|
|
JAR *jar;
|
|
JAR_Context *ctx;
|
|
|
|
int status;
|
|
|
|
JAR_Item *it;
|
|
JAR_Cert *fing;
|
|
|
|
CERTCertificate *cert, *prev = NULL;
|
|
|
|
jar = JAR_new();
|
|
|
|
if ((fp = fopen (filename, "r")) == NULL)
|
|
{
|
|
perror (filename);
|
|
exit (ERRX);
|
|
}
|
|
else
|
|
fclose (fp);
|
|
|
|
status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
|
|
|
|
if (status < 0 || jar->valid < 0)
|
|
{
|
|
PR_fprintf(outputFD,
|
|
"NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename);
|
|
if (jar->valid < 0 || status != -1)
|
|
{
|
|
char *errtext;
|
|
|
|
if (status >= JAR_BASE && status <= JAR_BASE_END)
|
|
{
|
|
errtext = JAR_get_error (status);
|
|
}
|
|
else
|
|
{
|
|
errtext = SECU_ErrorString ((int16) PORT_GetError());
|
|
}
|
|
|
|
PR_fprintf(outputFD, " (reported reason: %s)\n\n", errtext);
|
|
}
|
|
}
|
|
|
|
PR_fprintf(outputFD, "\nSigner information:\n\n");
|
|
|
|
ctx = JAR_find (jar, NULL, jarTypeSign);
|
|
|
|
while (JAR_find_next (ctx, &it) >= 0)
|
|
{
|
|
fing = (JAR_Cert *) it->data;
|
|
cert = fing->cert;
|
|
|
|
if (cert)
|
|
{
|
|
if (prev == cert)
|
|
break;
|
|
|
|
if (cert->nickname)
|
|
PR_fprintf(outputFD, "nickname: %s\n", cert->nickname);
|
|
if (cert->subjectName)
|
|
PR_fprintf(outputFD, "subject name: %s\n", cert->subjectName);
|
|
if (cert->issuerName)
|
|
PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName);
|
|
}
|
|
else
|
|
PR_fprintf(outputFD, "no certificate could be found\n");
|
|
|
|
prev = cert;
|
|
}
|
|
|
|
JAR_find_end (ctx);
|
|
|
|
JAR_destroy (jar);
|
|
}
|
|
|
|
/************************************************************************
|
|
* j a r _ c b
|
|
*/
|
|
static int jar_cb(int status, JAR *jar, const char *metafile,
|
|
char *pathname, char *errortext)
|
|
{
|
|
PR_fprintf(errorFD, "error %d: %s IN FILE %s\n", status, errortext, pathname);
|
|
errorCount++;
|
|
return 0;
|
|
}
|
|
|