/security/nss/cmd/signtool/verify.c

http://github.com/zpao/v8monkey · C · 371 lines · 246 code · 73 blank · 52 comment · 86 complexity · b3e8fabda97b5e3468a8db4d739acc49 MD5 · raw file

  1. /* ***** BEGIN LICENSE BLOCK *****
  2. * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3. *
  4. * The contents of this file are subject to the Mozilla Public License Version
  5. * 1.1 (the "License"); you may not use this file except in compliance with
  6. * the License. You may obtain a copy of the License at
  7. * http://www.mozilla.org/MPL/
  8. *
  9. * Software distributed under the License is distributed on an "AS IS" basis,
  10. * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11. * for the specific language governing rights and limitations under the
  12. * License.
  13. *
  14. * The Original Code is the Netscape security libraries.
  15. *
  16. * The Initial Developer of the Original Code is
  17. * Netscape Communications Corporation.
  18. * Portions created by the Initial Developer are Copyright (C) 1994-2000
  19. * the Initial Developer. All Rights Reserved.
  20. *
  21. * Contributor(s):
  22. *
  23. * Alternatively, the contents of this file may be used under the terms of
  24. * either the GNU General Public License Version 2 or later (the "GPL"), or
  25. * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  26. * in which case the provisions of the GPL or the LGPL are applicable instead
  27. * of those above. If you wish to allow use of your version of this file only
  28. * under the terms of either the GPL or the LGPL, and not to allow others to
  29. * use your version of this file under the terms of the MPL, indicate your
  30. * decision by deleting the provisions above and replace them with the notice
  31. * and other provisions required by the GPL or the LGPL. If you do not delete
  32. * the provisions above, a recipient may use your version of this file under
  33. * the terms of any one of the MPL, the GPL or the LGPL.
  34. *
  35. * ***** END LICENSE BLOCK ***** */
  36. #include "signtool.h"
  37. static int jar_cb(int status, JAR *jar, const char *metafile,
  38. char *pathname, char *errortext);
  39. static int verify_global (JAR *jar);
  40. /*************************************************************************
  41. *
  42. * V e r i f y J a r
  43. */
  44. int
  45. VerifyJar(char *filename)
  46. {
  47. FILE * fp;
  48. int ret;
  49. int status;
  50. int failed = 0;
  51. char *err;
  52. JAR * jar;
  53. JAR_Context * ctx;
  54. JAR_Item * it;
  55. jar = JAR_new();
  56. if ((fp = fopen (filename, "r")) == NULL) {
  57. perror (filename);
  58. exit (ERRX);
  59. } else
  60. fclose (fp);
  61. JAR_set_callback (JAR_CB_SIGNAL, jar, jar_cb);
  62. status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
  63. if (status < 0 || jar->valid < 0) {
  64. failed = 1;
  65. PR_fprintf(outputFD,
  66. "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
  67. filename);
  68. if (status < 0) {
  69. char *errtext;
  70. if (status >= JAR_BASE && status <= JAR_BASE_END) {
  71. errtext = JAR_get_error (status);
  72. } else {
  73. errtext = SECU_Strerror(PORT_GetError());
  74. }
  75. PR_fprintf(outputFD, " (reported reason: %s)\n\n",
  76. errtext);
  77. /* corrupt files should not have their contents listed */
  78. if (status == JAR_ERR_CORRUPT)
  79. return - 1;
  80. }
  81. PR_fprintf(outputFD,
  82. "entries shown below will have their digests checked only.\n");
  83. jar->valid = 0;
  84. } else
  85. PR_fprintf(outputFD,
  86. "archive \"%s\" has passed crypto verification.\n", filename);
  87. if (verify_global (jar))
  88. failed = 1;
  89. PR_fprintf(outputFD, "\n");
  90. PR_fprintf(outputFD, "%16s %s\n", "status", "path");
  91. PR_fprintf(outputFD, "%16s %s\n", "------------", "-------------------");
  92. ctx = JAR_find (jar, NULL, jarTypeMF);
  93. while (JAR_find_next (ctx, &it) >= 0) {
  94. if (it && it->pathname) {
  95. rm_dash_r(TMP_OUTPUT);
  96. ret = JAR_verified_extract (jar, it->pathname, TMP_OUTPUT);
  97. /* if (ret < 0) printf ("error %d on %s\n", ret, it->pathname); */
  98. if (ret < 0)
  99. failed = 1;
  100. if (ret == JAR_ERR_PNF)
  101. err = "NOT PRESENT";
  102. else if (ret == JAR_ERR_HASH)
  103. err = "HASH FAILED";
  104. else
  105. err = "NOT VERIFIED";
  106. PR_fprintf(outputFD, "%16s %s\n",
  107. ret >= 0 ? "verified" : err, it->pathname);
  108. if (ret != 0 && ret != JAR_ERR_PNF && ret != JAR_ERR_HASH)
  109. PR_fprintf(outputFD, " (reason: %s)\n",
  110. JAR_get_error (ret));
  111. }
  112. }
  113. JAR_find_end (ctx);
  114. if (status < 0 || jar->valid < 0) {
  115. failed = 1;
  116. PR_fprintf(outputFD,
  117. "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
  118. filename);
  119. give_help (status);
  120. }
  121. JAR_destroy (jar);
  122. if (failed)
  123. return - 1;
  124. return 0;
  125. }
  126. /***************************************************************************
  127. *
  128. * v e r i f y _ g l o b a l
  129. */
  130. static int
  131. verify_global (JAR *jar)
  132. {
  133. FILE * fp;
  134. JAR_Context * ctx;
  135. JAR_Item * it;
  136. JAR_Digest * globaldig;
  137. char * ext;
  138. unsigned char *md5_digest, *sha1_digest;
  139. unsigned int sha1_length, md5_length;
  140. int retval = 0;
  141. char buf [BUFSIZ];
  142. ctx = JAR_find (jar, "*", jarTypePhy);
  143. while (JAR_find_next (ctx, &it) >= 0) {
  144. if (!PORT_Strncmp (it->pathname, "META-INF", 8)) {
  145. for (ext = it->pathname; *ext; ext++)
  146. ;
  147. while (ext > it->pathname && *ext != '.')
  148. ext--;
  149. if (verbosity >= 0) {
  150. if (!PORT_Strcasecmp (ext, ".rsa")) {
  151. PR_fprintf(outputFD, "found a RSA signature file: %s\n",
  152. it->pathname);
  153. }
  154. if (!PORT_Strcasecmp (ext, ".dsa")) {
  155. PR_fprintf(outputFD, "found a DSA signature file: %s\n",
  156. it->pathname);
  157. }
  158. if (!PORT_Strcasecmp (ext, ".mf")) {
  159. PR_fprintf(outputFD,
  160. "found a MF master manifest file: %s\n",
  161. it->pathname);
  162. }
  163. }
  164. if (!PORT_Strcasecmp (ext, ".sf")) {
  165. if (verbosity >= 0) {
  166. PR_fprintf(outputFD,
  167. "found a SF signature manifest file: %s\n",
  168. it->pathname);
  169. }
  170. rm_dash_r(TMP_OUTPUT);
  171. if (JAR_extract (jar, it->pathname, TMP_OUTPUT) < 0) {
  172. PR_fprintf(errorFD, "%s: error extracting %s\n",
  173. PROGRAM_NAME, it->pathname);
  174. errorCount++;
  175. retval = -1;
  176. continue;
  177. }
  178. md5_digest = NULL;
  179. sha1_digest = NULL;
  180. if ((fp = fopen (TMP_OUTPUT, "rb")) != NULL) {
  181. while (fgets (buf, BUFSIZ, fp)) {
  182. char *s;
  183. if (*buf == 0 || *buf == '\n' || *buf == '\r')
  184. break;
  185. for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
  186. ;
  187. *s = 0;
  188. if (!PORT_Strncmp (buf, "MD5-Digest: ", 12)) {
  189. md5_digest =
  190. ATOB_AsciiToData (buf + 12, &md5_length);
  191. }
  192. if (!PORT_Strncmp (buf, "SHA1-Digest: ", 13)) {
  193. sha1_digest =
  194. ATOB_AsciiToData (buf + 13, &sha1_length);
  195. }
  196. if (!PORT_Strncmp (buf, "SHA-Digest: ", 12)) {
  197. sha1_digest =
  198. ATOB_AsciiToData (buf + 12, &sha1_length);
  199. }
  200. }
  201. globaldig = jar->globalmeta;
  202. if (globaldig && md5_digest && verbosity >= 0) {
  203. PR_fprintf(outputFD,
  204. " md5 digest on global metainfo: %s\n",
  205. PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH)
  206. ? "no match" : "match");
  207. }
  208. if (globaldig && sha1_digest && verbosity >= 0) {
  209. PR_fprintf(outputFD,
  210. " sha digest on global metainfo: %s\n",
  211. PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH)
  212. ? "no match" : "match");
  213. }
  214. if (globaldig == NULL && verbosity >= 0) {
  215. PR_fprintf(outputFD,
  216. "global metadigest is not available, strange.\n");
  217. }
  218. fclose (fp);
  219. }
  220. }
  221. }
  222. }
  223. JAR_find_end (ctx);
  224. return retval;
  225. }
  226. /************************************************************************
  227. *
  228. * J a r W h o
  229. */
  230. int
  231. JarWho(char *filename)
  232. {
  233. FILE * fp;
  234. JAR * jar;
  235. JAR_Context * ctx;
  236. int status;
  237. int retval = 0;
  238. JAR_Item * it;
  239. JAR_Cert * fing;
  240. CERTCertificate * cert, *prev = NULL;
  241. jar = JAR_new();
  242. if ((fp = fopen (filename, "r")) == NULL) {
  243. perror (filename);
  244. exit (ERRX);
  245. }
  246. fclose (fp);
  247. status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
  248. if (status < 0 || jar->valid < 0) {
  249. PR_fprintf(outputFD,
  250. "NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
  251. filename);
  252. retval = -1;
  253. if (jar->valid < 0 || status != -1) {
  254. char *errtext;
  255. if (status >= JAR_BASE && status <= JAR_BASE_END) {
  256. errtext = JAR_get_error (status);
  257. } else {
  258. errtext = SECU_Strerror(PORT_GetError());
  259. }
  260. PR_fprintf(outputFD, " (reported reason: %s)\n\n", errtext);
  261. }
  262. }
  263. PR_fprintf(outputFD, "\nSigner information:\n\n");
  264. ctx = JAR_find (jar, NULL, jarTypeSign);
  265. while (JAR_find_next (ctx, &it) >= 0) {
  266. fing = (JAR_Cert * ) it->data;
  267. cert = fing->cert;
  268. if (cert) {
  269. if (prev == cert)
  270. break;
  271. if (cert->nickname)
  272. PR_fprintf(outputFD, "nickname: %s\n", cert->nickname);
  273. if (cert->subjectName)
  274. PR_fprintf(outputFD, "subject name: %s\n",
  275. cert->subjectName);
  276. if (cert->issuerName)
  277. PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName);
  278. } else {
  279. PR_fprintf(outputFD, "no certificate could be found\n");
  280. retval = -1;
  281. }
  282. prev = cert;
  283. }
  284. JAR_find_end (ctx);
  285. JAR_destroy (jar);
  286. return retval;
  287. }
  288. /************************************************************************
  289. * j a r _ c b
  290. */
  291. static int jar_cb(int status, JAR *jar, const char *metafile,
  292. char *pathname, char *errortext)
  293. {
  294. PR_fprintf(errorFD, "error %d: %s IN FILE %s\n", status, errortext,
  295. pathname);
  296. errorCount++;
  297. return 0;
  298. }