/security/nss/cmd/signtool/verify.c
http://github.com/zpao/v8monkey · C · 371 lines · 246 code · 73 blank · 52 comment · 86 complexity · b3e8fabda97b5e3468a8db4d739acc49 MD5 · raw file
- /* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the Netscape security libraries.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1994-2000
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
- #include "signtool.h"
- static int jar_cb(int status, JAR *jar, const char *metafile,
- char *pathname, char *errortext);
- static int verify_global (JAR *jar);
- /*************************************************************************
- *
- * V e r i f y J a r
- */
- int
- VerifyJar(char *filename)
- {
- FILE * fp;
- int ret;
- int status;
- int failed = 0;
- char *err;
- JAR * jar;
- JAR_Context * ctx;
- JAR_Item * it;
- jar = JAR_new();
- if ((fp = fopen (filename, "r")) == NULL) {
- perror (filename);
- exit (ERRX);
- } else
- fclose (fp);
- JAR_set_callback (JAR_CB_SIGNAL, jar, jar_cb);
- status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
- if (status < 0 || jar->valid < 0) {
- failed = 1;
- PR_fprintf(outputFD,
- "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
- filename);
- if (status < 0) {
- char *errtext;
- if (status >= JAR_BASE && status <= JAR_BASE_END) {
- errtext = JAR_get_error (status);
- } else {
- errtext = SECU_Strerror(PORT_GetError());
- }
- PR_fprintf(outputFD, " (reported reason: %s)\n\n",
- errtext);
- /* corrupt files should not have their contents listed */
- if (status == JAR_ERR_CORRUPT)
- return - 1;
- }
- PR_fprintf(outputFD,
- "entries shown below will have their digests checked only.\n");
- jar->valid = 0;
- } else
- PR_fprintf(outputFD,
- "archive \"%s\" has passed crypto verification.\n", filename);
- if (verify_global (jar))
- failed = 1;
- PR_fprintf(outputFD, "\n");
- PR_fprintf(outputFD, "%16s %s\n", "status", "path");
- PR_fprintf(outputFD, "%16s %s\n", "------------", "-------------------");
- ctx = JAR_find (jar, NULL, jarTypeMF);
- while (JAR_find_next (ctx, &it) >= 0) {
- if (it && it->pathname) {
- rm_dash_r(TMP_OUTPUT);
- ret = JAR_verified_extract (jar, it->pathname, TMP_OUTPUT);
- /* if (ret < 0) printf ("error %d on %s\n", ret, it->pathname); */
- if (ret < 0)
- failed = 1;
- if (ret == JAR_ERR_PNF)
- err = "NOT PRESENT";
- else if (ret == JAR_ERR_HASH)
- err = "HASH FAILED";
- else
- err = "NOT VERIFIED";
- PR_fprintf(outputFD, "%16s %s\n",
- ret >= 0 ? "verified" : err, it->pathname);
- if (ret != 0 && ret != JAR_ERR_PNF && ret != JAR_ERR_HASH)
- PR_fprintf(outputFD, " (reason: %s)\n",
- JAR_get_error (ret));
- }
- }
- JAR_find_end (ctx);
- if (status < 0 || jar->valid < 0) {
- failed = 1;
- PR_fprintf(outputFD,
- "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
- filename);
- give_help (status);
- }
- JAR_destroy (jar);
- if (failed)
- return - 1;
- return 0;
- }
- /***************************************************************************
- *
- * v e r i f y _ g l o b a l
- */
- static int
- verify_global (JAR *jar)
- {
- FILE * fp;
- JAR_Context * ctx;
- JAR_Item * it;
- JAR_Digest * globaldig;
- char * ext;
- unsigned char *md5_digest, *sha1_digest;
- unsigned int sha1_length, md5_length;
- int retval = 0;
- char buf [BUFSIZ];
- ctx = JAR_find (jar, "*", jarTypePhy);
- while (JAR_find_next (ctx, &it) >= 0) {
- if (!PORT_Strncmp (it->pathname, "META-INF", 8)) {
- for (ext = it->pathname; *ext; ext++)
- ;
- while (ext > it->pathname && *ext != '.')
- ext--;
- if (verbosity >= 0) {
- if (!PORT_Strcasecmp (ext, ".rsa")) {
- PR_fprintf(outputFD, "found a RSA signature file: %s\n",
- it->pathname);
- }
- if (!PORT_Strcasecmp (ext, ".dsa")) {
- PR_fprintf(outputFD, "found a DSA signature file: %s\n",
- it->pathname);
- }
- if (!PORT_Strcasecmp (ext, ".mf")) {
- PR_fprintf(outputFD,
- "found a MF master manifest file: %s\n",
- it->pathname);
- }
- }
- if (!PORT_Strcasecmp (ext, ".sf")) {
- if (verbosity >= 0) {
- PR_fprintf(outputFD,
- "found a SF signature manifest file: %s\n",
- it->pathname);
- }
- rm_dash_r(TMP_OUTPUT);
- if (JAR_extract (jar, it->pathname, TMP_OUTPUT) < 0) {
- PR_fprintf(errorFD, "%s: error extracting %s\n",
- PROGRAM_NAME, it->pathname);
- errorCount++;
- retval = -1;
- continue;
- }
- md5_digest = NULL;
- sha1_digest = NULL;
- if ((fp = fopen (TMP_OUTPUT, "rb")) != NULL) {
- while (fgets (buf, BUFSIZ, fp)) {
- char *s;
- if (*buf == 0 || *buf == '\n' || *buf == '\r')
- break;
- for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
- ;
- *s = 0;
- if (!PORT_Strncmp (buf, "MD5-Digest: ", 12)) {
- md5_digest =
- ATOB_AsciiToData (buf + 12, &md5_length);
- }
- if (!PORT_Strncmp (buf, "SHA1-Digest: ", 13)) {
- sha1_digest =
- ATOB_AsciiToData (buf + 13, &sha1_length);
- }
- if (!PORT_Strncmp (buf, "SHA-Digest: ", 12)) {
- sha1_digest =
- ATOB_AsciiToData (buf + 12, &sha1_length);
- }
- }
- globaldig = jar->globalmeta;
- if (globaldig && md5_digest && verbosity >= 0) {
- PR_fprintf(outputFD,
- " md5 digest on global metainfo: %s\n",
- PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH)
- ? "no match" : "match");
- }
- if (globaldig && sha1_digest && verbosity >= 0) {
- PR_fprintf(outputFD,
- " sha digest on global metainfo: %s\n",
- PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH)
- ? "no match" : "match");
- }
- if (globaldig == NULL && verbosity >= 0) {
- PR_fprintf(outputFD,
- "global metadigest is not available, strange.\n");
- }
- fclose (fp);
- }
- }
- }
- }
- JAR_find_end (ctx);
- return retval;
- }
- /************************************************************************
- *
- * J a r W h o
- */
- int
- JarWho(char *filename)
- {
- FILE * fp;
- JAR * jar;
- JAR_Context * ctx;
- int status;
- int retval = 0;
- JAR_Item * it;
- JAR_Cert * fing;
- CERTCertificate * cert, *prev = NULL;
- jar = JAR_new();
- if ((fp = fopen (filename, "r")) == NULL) {
- perror (filename);
- exit (ERRX);
- }
- fclose (fp);
- status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
- if (status < 0 || jar->valid < 0) {
- PR_fprintf(outputFD,
- "NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
- filename);
- retval = -1;
- if (jar->valid < 0 || status != -1) {
- char *errtext;
- if (status >= JAR_BASE && status <= JAR_BASE_END) {
- errtext = JAR_get_error (status);
- } else {
- errtext = SECU_Strerror(PORT_GetError());
- }
- PR_fprintf(outputFD, " (reported reason: %s)\n\n", errtext);
- }
- }
- PR_fprintf(outputFD, "\nSigner information:\n\n");
- ctx = JAR_find (jar, NULL, jarTypeSign);
- while (JAR_find_next (ctx, &it) >= 0) {
- fing = (JAR_Cert * ) it->data;
- cert = fing->cert;
- if (cert) {
- if (prev == cert)
- break;
- if (cert->nickname)
- PR_fprintf(outputFD, "nickname: %s\n", cert->nickname);
- if (cert->subjectName)
- PR_fprintf(outputFD, "subject name: %s\n",
- cert->subjectName);
- if (cert->issuerName)
- PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName);
- } else {
- PR_fprintf(outputFD, "no certificate could be found\n");
- retval = -1;
- }
- prev = cert;
- }
- JAR_find_end (ctx);
- JAR_destroy (jar);
- return retval;
- }
- /************************************************************************
- * j a r _ c b
- */
- static int jar_cb(int status, JAR *jar, const char *metafile,
- char *pathname, char *errortext)
- {
- PR_fprintf(errorFD, "error %d: %s IN FILE %s\n", status, errortext,
- pathname);
- errorCount++;
- return 0;
- }