PageRenderTime 198ms CodeModel.GetById 40ms app.highlight 108ms RepoModel.GetById 33ms app.codeStats 1ms

/gecko_api/include/jar.h

http://firefox-mac-pdf.googlecode.com/
C++ Header | 481 lines | 187 code | 95 blank | 199 comment | 1 complexity | 9ada3881ae7c1e9f589694b1f894e918 MD5 | raw file
  1/* ***** BEGIN LICENSE BLOCK *****
  2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3 *
  4 * The contents of this file are subject to the Mozilla Public License Version
  5 * 1.1 (the "License"); you may not use this file except in compliance with
  6 * the License. You may obtain a copy of the License at
  7 * http://www.mozilla.org/MPL/
  8 *
  9 * Software distributed under the License is distributed on an "AS IS" basis,
 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 11 * for the specific language governing rights and limitations under the
 12 * License.
 13 *
 14 * The Original Code is the Netscape security libraries.
 15 *
 16 * The Initial Developer of the Original Code is
 17 * Netscape Communications Corporation.
 18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
 19 * the Initial Developer. All Rights Reserved.
 20 *
 21 * Contributor(s):
 22 *
 23 * Alternatively, the contents of this file may be used under the terms of
 24 * either the GNU General Public License Version 2 or later (the "GPL"), or
 25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 26 * in which case the provisions of the GPL or the LGPL are applicable instead
 27 * of those above. If you wish to allow use of your version of this file only
 28 * under the terms of either the GPL or the LGPL, and not to allow others to
 29 * use your version of this file under the terms of the MPL, indicate your
 30 * decision by deleting the provisions above and replace them with the notice
 31 * and other provisions required by the GPL or the LGPL. If you do not delete
 32 * the provisions above, a recipient may use your version of this file under
 33 * the terms of any one of the MPL, the GPL or the LGPL.
 34 *
 35 * ***** END LICENSE BLOCK ***** */
 36
 37#ifndef __JAR_h_
 38#define __JAR_h_
 39
 40/*
 41 *  In general, any functions that return pointers
 42 *  have memory owned by the caller.
 43 *
 44 */
 45
 46/* security includes */
 47#include "cert.h"
 48#include "hasht.h"
 49
 50/* nspr 2.0 includes */
 51#include "prio.h"
 52
 53#ifndef ZHUGEP
 54#ifdef XP_WIN16
 55#define ZHUGEP __huge
 56#else
 57#define ZHUGEP
 58#endif
 59#endif
 60
 61#include <stdio.h>
 62
 63/* various types */
 64
 65typedef enum
 66  {
 67  jarTypeMF = 2,
 68  jarTypeSF = 3,
 69  jarTypeMeta = 6,
 70  jarTypePhy = 7,
 71  jarTypeSign = 10,
 72  jarTypeSect = 11,
 73  jarTypeOwner = 13
 74  }
 75jarType;
 76
 77/* void data in ZZList's contain JAR_Item type */
 78
 79typedef struct JAR_Item_
 80  {
 81  char *pathname;        /* relative. inside zip file */
 82  jarType type;          /* various types */
 83  size_t size;           /* size of data below */
 84  void *data;            /* totally opaque */
 85  }
 86JAR_Item;
 87
 88
 89/* hashes */
 90
 91typedef enum
 92  {
 93  jarHashNone = 0,
 94  jarHashBad = 1,
 95  jarHashPresent = 2
 96  }
 97jarHash;
 98
 99typedef struct JAR_Digest_
100  {
101  jarHash md5_status;
102  unsigned char md5 [MD5_LENGTH];
103  jarHash sha1_status;
104  unsigned char sha1 [SHA1_LENGTH];
105  }
106JAR_Digest;
107
108
109/* physical archive formats */
110
111typedef enum
112  {
113  jarArchGuess = 0,
114  jarArchNone = 1,
115  jarArchZip = 2,
116  jarArchTar = 3
117  }
118jarArch;
119
120
121#include "jar-ds.h"
122
123/* jar object */
124
125typedef struct JAR_
126  {
127  jarArch format;       /* physical archive format */ 
128  char *url;            /* Where it came from */
129  char *filename;       /* Disk location */
130  FILE *fp;             /* For multiple extractions */    /* JAR_FILE */
131
132  /* various linked lists */
133
134  ZZList *manifest;     /* Digests of MF sections */
135  ZZList *hashes;       /* Digests of actual signed files */
136  ZZList *phy;          /* Physical layout of JAR file */
137  ZZList *metainfo;     /* Global metainfo */
138
139  JAR_Digest *globalmeta;  /* digest of .MF global portion */
140
141  /* Below will change to a linked list to support multiple sigs */
142
143  int pkcs7;            /* Enforced opaqueness */
144  int valid;            /* PKCS7 signature validated */
145
146  ZZList *signers;      /* the above, per signer */
147
148  /* Window context, very necessary for PKCS11 now */
149
150  void *mw;             /* MWContext window context */
151
152  /* Signal callback function */
153
154  int (*signal) (int status, struct JAR_ *jar, 
155     const char *metafile, char *pathname, char *errorstring);
156  }
157JAR;
158
159
160/*
161 *  Iterator
162 *
163 *  Context for iterative operations. Certain operations
164 *  require iterating multiple linked lists because of
165 *  multiple signers. "nextsign" is used for this purpose.
166 *
167 */
168
169typedef struct JAR_Context_
170  {
171  JAR *jar;             /* Jar we are searching */
172  char *pattern;        /* Regular expression */
173  jarType finding;      /* Type of item to find */
174  ZZLink *next;         /* Next item in find */
175  ZZLink *nextsign;     /* Next signer, sometimes */
176  }
177JAR_Context;
178
179typedef struct JAR_Signer_
180  {
181  int pkcs7;            /* Enforced opaqueness */
182  int valid;            /* PKCS7 signature validated */
183  char *owner;          /* name of .RSA file */
184  JAR_Digest *digest;   /* of .SF file */
185  ZZList *sf;           /* Linked list of .SF file contents */
186  ZZList *certs;        /* Signing information */
187  }
188JAR_Signer;
189
190
191/* Meta informaton, or "policy", from the manifest file.
192   Right now just one tuple per JAR_Item. */
193
194typedef struct JAR_Metainfo_
195  {
196  char *header;
197  char *info;
198  }
199JAR_Metainfo;
200
201/* This should not be global */
202
203typedef struct JAR_Physical_
204  {
205  unsigned char compression;
206  unsigned long offset;
207  unsigned long length;
208  unsigned long uncompressed_length;
209#if defined(XP_UNIX) || defined(XP_BEOS)
210  uint16 mode;
211#endif
212  }
213JAR_Physical;
214
215typedef struct JAR_Cert_
216  {
217  size_t length;
218  void *key;
219  CERTCertificate *cert;
220  }
221JAR_Cert;
222
223
224/* certificate stuff */
225
226typedef enum
227  {
228  jarCertCompany = 1,
229  jarCertCA = 2,
230  jarCertSerial = 3,
231  jarCertExpires = 4,
232  jarCertNickname = 5,
233  jarCertFinger = 6,
234  jarCertJavaHack = 100
235  }
236jarCert;
237
238/* callback types */
239
240#define JAR_CB_SIGNAL	1
241
242
243/* 
244 *  This is the base for the JAR error codes. It will
245 *  change when these are incorporated into allxpstr.c,
246 *  but right now they won't let me put them there.
247 *
248 */
249
250#ifndef SEC_ERR_BASE
251#define SEC_ERR_BASE		(-0x2000)
252#endif
253 
254#define JAR_BASE		SEC_ERR_BASE + 300
255
256/* Jar specific error definitions */
257
258#define JAR_ERR_GENERAL         (JAR_BASE + 1)
259#define JAR_ERR_FNF		(JAR_BASE + 2)
260#define JAR_ERR_CORRUPT		(JAR_BASE + 3)
261#define JAR_ERR_MEMORY		(JAR_BASE + 4)
262#define JAR_ERR_DISK		(JAR_BASE + 5)
263#define JAR_ERR_ORDER           (JAR_BASE + 6)
264#define JAR_ERR_SIG		(JAR_BASE + 7)
265#define JAR_ERR_METADATA        (JAR_BASE + 8)
266#define JAR_ERR_ENTRY		(JAR_BASE + 9)
267#define JAR_ERR_HASH		(JAR_BASE + 10)
268#define JAR_ERR_PK7		(JAR_BASE + 11)
269#define JAR_ERR_PNF		(JAR_BASE + 12)
270
271
272/*
273 *  Birth and death 
274 *
275 */
276
277extern JAR *JAR_new (void);
278
279extern void PR_CALLBACK JAR_destroy (JAR *jar);
280
281extern char *JAR_get_error (int status);
282
283extern int JAR_set_callback (int type, JAR *jar, 
284  int (*fn) (int status, JAR *jar, 
285  const char *metafile, char *pathname, char *errortext));
286
287extern void JAR_init_callbacks
288  ( char *(*string_cb)(int), void *(*find_cx)(void), void *(*init_cx)(void) );
289
290/*
291 *  JAR_set_context
292 *
293 *  PKCS11 may require a password to be entered by the user
294 *  before any crypto routines may be called. This will require
295 *  a window context if used from inside Mozilla.
296 *
297 *  Call this routine with your context before calling 
298 *  verifying or signing. If you have no context, call with NULL
299 *  and one will be chosen for you.
300 *
301 */
302
303int JAR_set_context (JAR *jar, void /*MWContext*/ *mw);
304
305/*
306 *  Iterative operations
307 *
308 *  JAR_find sets up for repeated calls with JAR_find_next.
309 *  I never liked findfirst and findnext, this is nicer.
310 *
311 *  Pattern contains a relative pathname to match inside the
312 *  archive. It is currently assumed to be "*".
313 *
314 *  To use:
315 *
316 *     JAR_Item *item;
317 *     JAR_find (jar, "*.class", jarTypeMF);
318 *     while (JAR_find_next (jar, &item) >= 0) 
319 *       { do stuff }
320 *
321 */
322
323
324/* Replacement functions with an external context */
325
326extern JAR_Context *JAR_find (JAR *jar, char *pattern, jarType type);
327
328extern int JAR_find_next (JAR_Context *ctx, JAR_Item **it);
329
330extern void JAR_find_end (JAR_Context *ctx);
331
332
333/*
334 *  Function to parse manifest file:
335 *
336 *  Many signatures may be attached to a single filename located
337 *  inside the zip file. We only support one.
338 *
339 *  Several manifests may be included in the zip file. 
340 *
341 *  You must pass the MANIFEST.MF file before any .SF files.
342 *
343 *  Right now this returns a big ole list, privately in the jar structure.
344 *  If you need to traverse it, use JAR_find if possible.
345 *
346 *  The path is needed to determine what type of binary signature is
347 *  being passed, though it is technically not needed for manifest files.
348 *
349 *  When parsing an ASCII file, null terminate the ASCII raw_manifest
350 *  prior to sending it, and indicate a length of 0. For binary digital
351 *  signatures only, indicate the true length of the signature.
352 *  (This is legacy behavior.)
353 *
354 *  You may free the manifest after parsing it.
355 *
356 */
357
358extern int JAR_parse_manifest 
359    (JAR *jar, char ZHUGEP *raw_manifest, 
360       long length, const char *path, const char *url);
361
362/*
363 *  Verify data (nonstreaming). The signature is actually
364 *  checked by JAR_parse_manifest or JAR_pass_archive.
365 *
366 */
367
368extern JAR_Digest * PR_CALLBACK JAR_calculate_digest 
369    (void ZHUGEP *data, long length);
370
371extern int PR_CALLBACK JAR_verify_digest
372    (JAR *jar, const char *name, JAR_Digest *dig);
373
374extern int JAR_digest_file (char *filename, JAR_Digest *dig);
375
376/*
377 *  Get attribute from certificate:
378 *
379 *  Returns any special signed attribute associated with this cert
380 *  or signature (passed in "data"). Attributes jarCert*. Most of the time
381 *  this will return a zero terminated string.
382 *
383 */
384
385extern int PR_CALLBACK JAR_cert_attribute
386    (JAR *jar, jarCert attrib, long keylen, void *key, 
387       void **result, unsigned long *length);
388
389/*
390 *  Meta information
391 *
392 *  Currently, since this call does not support passing of an owner
393 *  (certificate, or physical name of the .sf file), it is restricted to
394 *  returning information located in the manifest.mf file. 
395 *
396 *  Meta information is a name/value pair inside the archive file. Here,
397 *  the name is passed in *header and value returned in **info.
398 *
399 *  Pass a NULL as the name to retrieve metainfo from the global section.
400 *
401 *  Data is returned in **info, of size *length. The return value
402 *  will indicate if no data was found.
403 *
404 */
405
406extern int JAR_get_metainfo
407    (JAR *jar, char *name, char *header, void **info, unsigned long *length);
408
409extern char *JAR_get_filename (JAR *jar);
410
411extern char *JAR_get_url (JAR *jar);
412
413/*
414 *  Return an HTML mockup of a certificate or signature.
415 *
416 *  Returns a zero terminated ascii string
417 *  in raw HTML format.
418 *
419 */
420
421extern char *JAR_cert_html
422    (JAR *jar, int style, long keylen, void *key, int *result);
423
424/* save the certificate with this fingerprint in persistent
425   storage, somewhere, for retrieval in a future session when there 
426   is no corresponding JAR structure. */
427
428extern int PR_CALLBACK JAR_stash_cert
429        (JAR *jar, long keylen, void *key);
430
431/* retrieve a certificate presumably stashed with the above
432   function, but may be any certificate. Type is &CERTCertificate */
433
434void *JAR_fetch_cert (long length, void *key);
435
436/*
437 *  New functions to handle archives alone
438 *    (call JAR_new beforehand)
439 *
440 *  JAR_pass_archive acts much like parse_manifest. Certificates
441 *  are returned in the JAR structure but as opaque data. When calling 
442 *  JAR_verified_extract you still need to decide which of these 
443 *  certificates to honor. 
444 *
445 *  Code to examine a JAR structure is in jarbert.c. You can obtain both 
446 *  a list of filenames and certificates from traversing the linked list.
447 *
448 */
449
450extern int JAR_pass_archive
451    (JAR *jar, jarArch format, char *filename, const char *url);
452
453/*
454 * Same thing, but don't check signatures
455 */
456extern int JAR_pass_archive_unverified
457    (JAR *jar, jarArch format, char *filename, const char *url);
458
459/*
460 *  Extracts a relative pathname from the archive and places it
461 *  in the filename specified. 
462 * 
463 *  Call JAR_set_nailed if you want to keep the file descriptors
464 *  open between multiple calls to JAR_verify_extract.
465 *
466 */
467
468extern int JAR_verified_extract
469    (JAR *jar, char *path, char *outpath);
470
471/*
472 *  JAR_extract does no crypto checking. This can be used if you
473 *  need to extract a manifest file or signature, etc.
474 *
475 */
476
477extern int JAR_extract
478    (JAR *jar, char *path, char *outpath);
479
480
481#endif /* __JAR_h_ */