/security/nss/cmd/modutil/pk11jar.html

http://github.com/zpao/v8monkey · HTML · 311 lines · 258 code · 18 blank · 35 comment · 0 complexity · e304b3c6965ddcce9a33d4513ca9035f MD5 · raw file

  1. <html>
  2. <!-- ***** BEGIN LICENSE BLOCK *****
  3. - Version: MPL 1.1/GPL 2.0/LGPL 2.1
  4. -
  5. - The contents of this file are subject to the Mozilla Public License Version
  6. - 1.1 (the "License"); you may not use this file except in compliance with
  7. - the License. You may obtain a copy of the License at
  8. - http://www.mozilla.org/MPL/
  9. -
  10. - Software distributed under the License is distributed on an "AS IS" basis,
  11. - WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  12. - for the specific language governing rights and limitations under the
  13. - License.
  14. -
  15. - The Original Code is the Netscape security libraries.
  16. -
  17. - The Initial Developer of the Original Code is
  18. - Netscape Communications Corporation.
  19. - Portions created by the Initial Developer are Copyright (C) 1994-2000
  20. - the Initial Developer. All Rights Reserved.
  21. -
  22. - Contributor(s):
  23. -
  24. - Alternatively, the contents of this file may be used under the terms of
  25. - either the GNU General Public License Version 2 or later (the "GPL"), or
  26. - the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  27. - in which case the provisions of the GPL or the LGPL are applicable instead
  28. - of those above. If you wish to allow use of your version of this file only
  29. - under the terms of either the GPL or the LGPL, and not to allow others to
  30. - use your version of this file under the terms of the MPL, indicate your
  31. - decision by deleting the provisions above and replace them with the notice
  32. - and other provisions required by the GPL or the LGPL. If you do not delete
  33. - the provisions above, a recipient may use your version of this file under
  34. - the terms of any one of the MPL, the GPL or the LGPL.
  35. -
  36. - ***** END LICENSE BLOCK ***** -->
  37. <head>
  38. <title>PKCS #11 JAR Format</title>
  39. </head>
  40. <body bgcolor=white text=black link=blue vlink=purple alink=red>
  41. <center><h1>PKCS #11 JAR Format</h1></center>
  42. <p>PKCS #11 modules can be packaged into JAR files that support automatic
  43. installation onto the filesystem and into the security module database.
  44. The JAR file should contain:
  45. <ul>
  46. <li>All files that will be installed onto the target machine. This will
  47. include at least the PKCS #11 module library file (.DLL or .so), and
  48. may also include any other file that should be installed (such as
  49. documentation).
  50. <li>A script to perform the installation.
  51. </ul>
  52. The script can be in one of two forms. If the JAR file is to be
  53. run by Communicator (or any program that interprets Javascript), the
  54. instructions will be in the form of a SmartUpdate script.
  55. <a href="http://devedge/library/documentation/security/jmpkcs/">Documentation
  56. </a> on creating this script can be found on DevEdge.
  57. <p>If the
  58. JAR file is to be run by a server, modutil, or any other program that
  59. doesn't interpret Javascript, a special information file must be included
  60. in the format described in this document.
  61. <h2>Declaring the Script in the Manifest File</h2>
  62. The script can have any name, but it must be declared in the manifest file
  63. of the JAR archive. The metainfo tag for this is
  64. <code>Pkcs11_install_script</code>. Meta-information is put in the manifest
  65. file by putting it in a file which is passed to
  66. <a href="http://developer.netscape.com/software/index_frame.html?content=signedobj/jarpack.html#signtool1.3">Signtool</a>. For example,
  67. suppose the PKCS #11 installer script is in the file <code>pk11install</code>.
  68. In Signtool's metainfo file, you would have a line like this:
  69. <blockquote><pre>
  70. + Pkcs11_install_script: pk11install
  71. </pre></blockquote>
  72. <h2>Sample Script File</h2>
  73. <blockquote><pre>
  74. ForwardCompatible { IRIX:6.2:mips Solaris:5.5.1:sparc }
  75. Platforms {
  76. WINNT::x86 {
  77. ModuleName { "Fortezza Module" }
  78. ModuleFile { win32/fort32.dll }
  79. DefaultMechanismFlags{0x0001}
  80. DefaultCipherFlags{0x0001}
  81. Files {
  82. win32/setup.exe {
  83. Executable
  84. RelativePath { %temp%/setup.exe }
  85. }
  86. win32/setup.hlp {
  87. RelativePath { %temp%/setup.hlp }
  88. }
  89. win32/setup.cab {
  90. RelativePath { %temp%/setup.cab }
  91. }
  92. }
  93. }
  94. WIN95::x86 {
  95. EquivalentPlatform {WINNT::x86}
  96. }
  97. Solaris:5.5.1:sparc {
  98. ModuleName { "Fortezza UNIX Module" }
  99. ModuleFile { unix/fort.so }
  100. DefaultMechanismFlags{0x0001}
  101. CipherEnableFlags{0x0001}
  102. Files {
  103. unix/fort.so {
  104. RelativePath{%root%/lib/fort.so}
  105. AbsolutePath{/usr/local/netscape/lib/fort.so}
  106. FilePermissions{555}
  107. }
  108. xplat/instr.html {
  109. RelativePath{%root%/docs/inst.html}
  110. AbsolutePath{/usr/local/netscape/docs/inst.html}
  111. FilePermissions{555}
  112. }
  113. }
  114. }
  115. IRIX:6.2:mips {
  116. EquivalentPlatform { Solaris:5.5.1:sparc }
  117. }
  118. }
  119. </pre></blockquote>
  120. <hr>
  121. <h2>Script File Grammar</h2>
  122. <blockquote><pre>
  123. --> <i>valuelist</i>
  124. <i>valuelist</i> --> <i>value</i> <i>valuelist</i>
  125. <i> </i> <i>&lt;null&gt;</i>
  126. <i>value</i> --> <i>key_value_pair</i>
  127. <i> </i> <i>string</i>
  128. <i>key_value_pair</i> --> <i>key</i> { <i>valuelist</i> }
  129. <i>key</i> --> <i>string</i>
  130. <i>string</i> --> <i>simple_string</i>
  131. <i> </i> "<i>complex_string</i>"
  132. <i>simple_string</i> --> [^ \t\n\""{""}"]+ <font size=-1><i>(no whitespace, quotes, or braces)</i></font>
  133. <i>complex_string</i> --> ([^\"\\\r\n]|(\\\")|(\\\\))+ <font size=-1><i>(quotes and backslashes must be escaped with a backslash, no newlines or carriage returns are allowed in the string)</i></font>
  134. </pre></blockquote>
  135. Outside of complex strings, all whitespace (space, tab, newline) is considered
  136. equal and is used only to delimit tokens.
  137. <hr>
  138. <h2>Keys</h2>
  139. Keys are case-insensitive.
  140. <h3>Global Keys</h3>
  141. <dl>
  142. <dt><code>ForwardCompatible</code>
  143. <dd>Gives a list of platforms that are forward compatible. If the current
  144. platform cannot be found in the list of supported platforms, then the
  145. ForwardCompatible list will be checked for any platforms that have the same
  146. OS and architecture and an earlier version. If one is found, its
  147. attributes will be used for the current platform.
  148. <dt><code>Platforms</code> (<i>required</i>)
  149. <dd>Gives a list of platforms. Each entry in the list is itself a key-value
  150. pair:
  151. the key is the name of the platform, and the valuelist contains various
  152. attributes of the platform. The ModuleName, ModuleFile, and Files attributes
  153. must be specified, unless an EquivalentPlatform attribute is specified.
  154. The platform string is in the following
  155. format: <u><i>system name</i></u>:<u><i>os release</i></u>:<u><i>architecture</i></u>. The installer
  156. will obtain these values from NSPR. <u><i>os release</i></u> is an empty
  157. string on non-UNIX operating systems. The following system names and platforms
  158. are currently defined by NSPR:<code>
  159. <ul>
  160. <li>AIX (rs6000)
  161. <li>BSDI (x86)
  162. <li>FREEBSD (x86)
  163. <li>HPUX (hppa1.1)
  164. <li>IRIX (mips)
  165. <li>LINUX (ppc, alpha, x86)
  166. <li>MacOS (PowerPC) </code>(<i>Note: NSPR actually defines the OS as
  167. "</i><code>Mac OS</code><i>". The
  168. space makes the name unsuitable for being embedded in identifiers. Until
  169. NSPR changes, you will have to add some special code to deal with this case.
  170. </i>)<code>
  171. <li>NCR (x86)
  172. <li>NEC (mips)
  173. <li>OS2 (x86)
  174. <li>OSF (alpha)
  175. <li>ReliantUNIX (mips)
  176. <li>SCO (x86)
  177. <li>SOLARIS (sparc)
  178. <li>SONY (mips)
  179. <li>SUNOS (sparc)
  180. <li>UnixWare (x86)
  181. <li>WIN95 (x86)
  182. <li>WINNT (x86)
  183. </ul>
  184. </code>
  185. Examples of valid platform strings: <code>IRIX:6.2:mips, Solaris:5.5.1:sparc,
  186. Linux:2.0.32:x86, WIN95::x86</code>.
  187. </dl>
  188. <h3>Per-Platform Keys</h3>
  189. These keys only have meaning within the value list of an entry in
  190. the <code>Platforms</code> list.
  191. <dl>
  192. <dt><code>ModuleName</code> (<i>required</i>)
  193. <dd>Gives the common name for the module. This name will be used to
  194. reference the module from Communicator, modutil, servers, or any other
  195. program that uses the Netscape security module database.
  196. <dt><code>ModuleFile</code> (<i>required</i>)
  197. <dd>Names the PKCS #11 module file (DLL or .so) for this platform. The name
  198. is given as the relative path of the file within the JAR archive.
  199. <dt><code>Files</code> (<i>required</i>)
  200. <dd>Lists the files that should be installed for this module. Each entry
  201. in the file list is a key-value pair: the key is the path of the file in
  202. the JAR archive, and
  203. the valuelist contains attributes of the file. At least RelativePath and
  204. AbsoluteDir must be specified in this valuelist.
  205. <dt><code>DefaultMechanismFlags</code>
  206. <dd>This key-value pair specifies
  207. of which mechanisms this module will be a default provider. It is a bitstring
  208. specified in hexadecimal (0x) format. It is constructed as a bitwise OR
  209. of the following constants. If the <code>DefaultMechanismFlags</code>
  210. entry is omitted, the value will default to 0x0.
  211. <blockquote><pre>
  212. RSA: 0x0000 0001
  213. DSA: 0x0000 0002
  214. RC2: 0x0000 0004
  215. RC4: 0x0000 0008
  216. DES: 0x0000 0010
  217. DH: 0x0000 0020
  218. FORTEZZA: 0x0000 0040
  219. RC5: 0x0000 0080
  220. SHA1: 0x0000 0100
  221. MD5: 0x0000 0200
  222. MD2: 0x0000 0400
  223. RANDOM: 0x0800 0000
  224. FRIENDLY: 0x1000 0000
  225. OWN_PW_DEFAULTS: 0x2000 0000
  226. DISABLE: 0x4000 0000
  227. </pre></blockquote>
  228. <dt><code>CipherEnableFlags</code>
  229. <dd>This key-value pair specifies
  230. which SSL ciphers will be enabled. It is a bitstring specified in
  231. hexadecimal (0x) format. It is constructed as a bitwise OR of the following
  232. constants. If the <code>CipherEnableFlags</code> entry is omitted, the
  233. value will default to 0x0.
  234. <blockquote><pre>
  235. FORTEZZA: 0x0000 0001
  236. </pre></blockquote>
  237. <dt><code>EquivalentPlatform</code>
  238. <dd>Specifies that the attributes of the named platform should also be used
  239. for the current platform. Saves typing when there is more than one platform
  240. that uses the same settings.
  241. </dl>
  242. <h3>Per-File Keys</h3>
  243. These keys only have meaning within the valuelist of an entry in a
  244. <code>Files</code> list. At least one of <code>RelativePath</code> and
  245. <code>AbsolutePath</code> must be specified. If both are specified, the
  246. relative path will be tried first and the absolute path used only if no
  247. relative root directory is provided by the installer program.
  248. <dl>
  249. <dt><code>RelativePath</code>
  250. <dd>Specifies the destination directory of the file, relative to some directory
  251. decided at install-time. Two variables can be used in the relative
  252. path, "%root%" and "%temp%". "%root%" will be replaced at run-time with
  253. the directory relative to which files should be installed; for
  254. example, it may be the server's root directory or Communicator's root
  255. directory. "%temp%" is a directory that will be created at the beginning
  256. of the installation and destroyed at the end of the installation. Its purpose
  257. is to hold executable files (such as setup programs), or files that are
  258. used by these programs. For example, a Windows installation might consist
  259. of a <code>setup.exe</code> installation program, a help file, and a .cab file
  260. containing compressed information. All these files could be installed into the
  261. temporary directory. Files destined for the temporary directory are guaranteed
  262. to be in place before any executable file is run, and will not be deleted
  263. until all executable files have finished.
  264. <dt><code>AbsoluteDir</code>
  265. <dd>Specifies the destination directory of the file as an absolute path.
  266. This will only be used if the installer is unable to determine a
  267. relative directory.
  268. <dt><code>Executable</code>
  269. <dd>This string specifies that the file is to be executed during the
  270. course of the
  271. installation. Typically this would be used for a setup program provided
  272. by a module vendor, such as a self-extracting <code>setup.exe</code>.
  273. More than one file can be specified as executable, in which case they will
  274. be run in the order they are specified in the script file.
  275. <dt><code>FilePermissions</code>
  276. <dd>This string is interpreted as a string of octal digits, according to the
  277. standard UNIX format. It is a bitwise OR of the following constants:
  278. <blockquote><pre>
  279. user read: 400
  280. user write: 200
  281. user execute: 100
  282. group read: 040
  283. group write: 020
  284. group execute: 010
  285. other read: 004
  286. other write: 002
  287. other execute: 001
  288. </pre></blockquote>
  289. Some platforms may not understand these permissions. They will only be
  290. applied insofar as makes sense for the current platform. If this attribute
  291. is omitted, a default of 777 is assumed.
  292. </body>
  293. </html>