PageRenderTime 62ms CodeModel.GetById 26ms app.highlight 27ms RepoModel.GetById 1ms app.codeStats 0ms

/security/nss/cmd/signtool/verify.c

http://github.com/zpao/v8monkey
C | 371 lines | 246 code | 73 blank | 52 comment | 86 complexity | b3e8fabda97b5e3468a8db4d739acc49 MD5 | raw file
  1/* ***** BEGIN LICENSE BLOCK *****
  2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3 *
  4 * The contents of this file are subject to the Mozilla Public License Version
  5 * 1.1 (the "License"); you may not use this file except in compliance with
  6 * the License. You may obtain a copy of the License at
  7 * http://www.mozilla.org/MPL/
  8 *
  9 * Software distributed under the License is distributed on an "AS IS" basis,
 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 11 * for the specific language governing rights and limitations under the
 12 * License.
 13 *
 14 * The Original Code is the Netscape security libraries.
 15 *
 16 * The Initial Developer of the Original Code is
 17 * Netscape Communications Corporation.
 18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
 19 * the Initial Developer. All Rights Reserved.
 20 *
 21 * Contributor(s):
 22 *
 23 * Alternatively, the contents of this file may be used under the terms of
 24 * either the GNU General Public License Version 2 or later (the "GPL"), or
 25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 26 * in which case the provisions of the GPL or the LGPL are applicable instead
 27 * of those above. If you wish to allow use of your version of this file only
 28 * under the terms of either the GPL or the LGPL, and not to allow others to
 29 * use your version of this file under the terms of the MPL, indicate your
 30 * decision by deleting the provisions above and replace them with the notice
 31 * and other provisions required by the GPL or the LGPL. If you do not delete
 32 * the provisions above, a recipient may use your version of this file under
 33 * the terms of any one of the MPL, the GPL or the LGPL.
 34 *
 35 * ***** END LICENSE BLOCK ***** */
 36
 37#include "signtool.h"
 38
 39
 40static int	jar_cb(int status, JAR *jar, const char *metafile, 
 41char *pathname, char *errortext);
 42static int	verify_global (JAR *jar);
 43
 44/*************************************************************************
 45 *
 46 * V e r i f y J a r
 47 */
 48int
 49VerifyJar(char *filename)
 50{
 51    FILE * fp;
 52
 53    int	ret;
 54    int	status;
 55    int	failed = 0;
 56    char	*err;
 57
 58    JAR * jar;
 59    JAR_Context * ctx;
 60
 61    JAR_Item * it;
 62
 63    jar = JAR_new();
 64
 65    if ((fp = fopen (filename, "r")) == NULL) {
 66	perror (filename);
 67	exit (ERRX);
 68    } else
 69	fclose (fp);
 70
 71    JAR_set_callback (JAR_CB_SIGNAL, jar, jar_cb);
 72
 73
 74    status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
 75
 76    if (status < 0 || jar->valid < 0) {
 77	failed = 1;
 78	PR_fprintf(outputFD, 
 79	    "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
 80	     filename);
 81	if (status < 0) {
 82	    char	*errtext;
 83
 84	    if (status >= JAR_BASE && status <= JAR_BASE_END) {
 85		errtext = JAR_get_error (status);
 86	    } else {
 87		errtext = SECU_Strerror(PORT_GetError());
 88	    }
 89
 90	    PR_fprintf(outputFD, "  (reported reason: %s)\n\n",
 91	         errtext);
 92
 93	    /* corrupt files should not have their contents listed */
 94
 95	    if (status == JAR_ERR_CORRUPT)
 96		return - 1;
 97	}
 98	PR_fprintf(outputFD,
 99	    "entries shown below will have their digests checked only.\n");
100	jar->valid = 0;
101    } else
102	PR_fprintf(outputFD,
103	    "archive \"%s\" has passed crypto verification.\n", filename);
104
105    if (verify_global (jar))
106	failed = 1;
107
108    PR_fprintf(outputFD, "\n");
109    PR_fprintf(outputFD, "%16s   %s\n", "status", "path");
110    PR_fprintf(outputFD, "%16s   %s\n", "------------", "-------------------");
111
112    ctx = JAR_find (jar, NULL, jarTypeMF);
113
114    while (JAR_find_next (ctx, &it) >= 0) {
115	if (it && it->pathname) {
116	    rm_dash_r(TMP_OUTPUT);
117	    ret = JAR_verified_extract (jar, it->pathname, TMP_OUTPUT);
118	    /* if (ret < 0) printf ("error %d on %s\n", ret, it->pathname); */
119	    if (ret < 0) 
120		failed = 1;
121
122	    if (ret == JAR_ERR_PNF)
123		err = "NOT PRESENT";
124	    else if (ret == JAR_ERR_HASH)
125		err = "HASH FAILED";
126	    else
127		err = "NOT VERIFIED";
128
129	    PR_fprintf(outputFD, "%16s   %s\n", 
130	        ret >= 0 ? "verified" : err, it->pathname);
131
132	    if (ret != 0 && ret != JAR_ERR_PNF && ret != JAR_ERR_HASH)
133		PR_fprintf(outputFD, "      (reason: %s)\n",
134		     JAR_get_error (ret));
135	}
136    }
137
138    JAR_find_end (ctx);
139
140    if (status < 0 || jar->valid < 0) {
141	failed = 1;
142	PR_fprintf(outputFD,
143	    "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
144	     filename);
145	give_help (status);
146    }
147
148    JAR_destroy (jar);
149
150    if (failed)
151	return - 1;
152    return 0;
153}
154
155
156/***************************************************************************
157 *
158 * v e r i f y _ g l o b a l
159 */
160static int	
161verify_global (JAR *jar)
162{
163    FILE        * fp;
164    JAR_Context * ctx;
165    JAR_Item    * it;
166    JAR_Digest  * globaldig;
167    char	* ext;
168    unsigned char *md5_digest, *sha1_digest;
169    unsigned int  sha1_length, md5_length;
170    int	          retval = 0;
171    char	  buf [BUFSIZ];
172
173    ctx = JAR_find (jar, "*", jarTypePhy);
174
175    while (JAR_find_next (ctx, &it) >= 0) {
176	if (!PORT_Strncmp (it->pathname, "META-INF", 8)) {
177	    for (ext = it->pathname; *ext; ext++)
178		;
179	    while (ext > it->pathname && *ext != '.') 
180		ext--;
181
182	    if (verbosity >= 0) {
183		if (!PORT_Strcasecmp (ext, ".rsa")) {
184		    PR_fprintf(outputFD, "found a RSA signature file: %s\n",
185		         				  it->pathname);
186		}
187
188		if (!PORT_Strcasecmp (ext, ".dsa")) {
189		    PR_fprintf(outputFD, "found a DSA signature file: %s\n",
190		         				  it->pathname);
191		}
192
193		if (!PORT_Strcasecmp (ext, ".mf")) {
194		    PR_fprintf(outputFD,
195		        "found a MF master manifest file: %s\n",
196		         it->pathname);
197		}
198	    }
199
200	    if (!PORT_Strcasecmp (ext, ".sf")) {
201		if (verbosity >= 0) {
202		    PR_fprintf(outputFD,
203		        "found a SF signature manifest file: %s\n",
204		         it->pathname);
205		}
206
207		rm_dash_r(TMP_OUTPUT);
208		if (JAR_extract (jar, it->pathname, TMP_OUTPUT) < 0) {
209		    PR_fprintf(errorFD, "%s: error extracting %s\n",
210		         PROGRAM_NAME, it->pathname);
211		    errorCount++;
212		    retval = -1;
213		    continue;
214		}
215
216		md5_digest = NULL;
217		sha1_digest = NULL;
218
219		if ((fp = fopen (TMP_OUTPUT, "rb")) != NULL) {
220		    while (fgets (buf, BUFSIZ, fp)) {
221			char	*s;
222
223			if (*buf == 0 || *buf == '\n' || *buf == '\r') 
224			    break;
225
226			for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
227			    ;
228			*s = 0;
229
230			if (!PORT_Strncmp (buf, "MD5-Digest: ", 12)) {
231			    md5_digest = 
232				ATOB_AsciiToData (buf + 12, &md5_length);
233			}
234			if (!PORT_Strncmp (buf, "SHA1-Digest: ", 13)) {
235			    sha1_digest = 
236				ATOB_AsciiToData (buf + 13, &sha1_length);
237			}
238			if (!PORT_Strncmp (buf, "SHA-Digest: ", 12)) {
239			    sha1_digest = 
240				ATOB_AsciiToData (buf + 12, &sha1_length);
241			}
242		    }
243
244		    globaldig = jar->globalmeta;
245
246		    if (globaldig && md5_digest && verbosity >= 0) {
247			PR_fprintf(outputFD,
248			   "  md5 digest on global metainfo: %s\n",
249			    PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH)
250			    ? "no match" : "match");
251		    }
252
253		    if (globaldig && sha1_digest && verbosity >= 0) {
254			PR_fprintf(outputFD,
255			    "  sha digest on global metainfo: %s\n",
256			    PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH) 
257			    ? "no match" : "match");
258		    }
259
260		    if (globaldig == NULL && verbosity >= 0) {
261			PR_fprintf(outputFD,
262			     "global metadigest is not available, strange.\n");
263		    }
264
265		    fclose (fp);
266		}
267	    }
268	}
269    }
270
271    JAR_find_end (ctx);
272
273    return retval;
274}
275
276
277/************************************************************************
278 *
279 * J a r W h o
280 */
281int
282JarWho(char *filename)
283{
284    FILE * fp;
285
286    JAR * jar;
287    JAR_Context * ctx;
288
289    int	status;
290    int	retval = 0;
291
292    JAR_Item * it;
293    JAR_Cert * fing;
294
295    CERTCertificate * cert, *prev = NULL;
296
297    jar = JAR_new();
298
299    if ((fp = fopen (filename, "r")) == NULL) {
300	perror (filename);
301	exit (ERRX);
302    } 
303    fclose (fp);
304
305    status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
306
307    if (status < 0 || jar->valid < 0) {
308	PR_fprintf(outputFD,
309	    "NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
310	     filename);
311	retval = -1;
312	if (jar->valid < 0 || status != -1) {
313	    char	*errtext;
314
315	    if (status >= JAR_BASE && status <= JAR_BASE_END) {
316		errtext = JAR_get_error (status);
317	    } else {
318		errtext = SECU_Strerror(PORT_GetError());
319	    }
320
321	    PR_fprintf(outputFD, "  (reported reason: %s)\n\n", errtext);
322	}
323    }
324
325    PR_fprintf(outputFD, "\nSigner information:\n\n");
326
327    ctx = JAR_find (jar, NULL, jarTypeSign);
328
329    while (JAR_find_next (ctx, &it) >= 0) {
330	fing = (JAR_Cert * ) it->data;
331	cert = fing->cert;
332
333	if (cert) {
334	    if (prev == cert)
335		break;
336
337	    if (cert->nickname)
338		PR_fprintf(outputFD, "nickname: %s\n", cert->nickname);
339	    if (cert->subjectName)
340		PR_fprintf(outputFD, "subject name: %s\n",
341		     cert->subjectName);
342	    if (cert->issuerName)
343		PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName);
344	} else {
345	    PR_fprintf(outputFD, "no certificate could be found\n");
346	    retval = -1;
347	}
348
349	prev = cert;
350    }
351
352    JAR_find_end (ctx);
353
354    JAR_destroy (jar);
355    return retval;
356}
357
358
359/************************************************************************
360 * j a r _ c b
361 */
362static int	jar_cb(int status, JAR *jar, const char *metafile,
363char *pathname, char *errortext)
364{
365    PR_fprintf(errorFD, "error %d: %s IN FILE %s\n", status, errortext,
366         pathname);
367    errorCount++;
368    return 0;
369}
370
371