diff options
Diffstat (limited to 'nss/cmd/signtool/verify.c')
| -rw-r--r-- | nss/cmd/signtool/verify.c | 496 |
1 files changed, 247 insertions, 249 deletions
diff --git a/nss/cmd/signtool/verify.c b/nss/cmd/signtool/verify.c index d6b430e..41656a1 100644 --- a/nss/cmd/signtool/verify.c +++ b/nss/cmd/signtool/verify.c @@ -4,10 +4,9 @@ #include "signtool.h" - -static int jar_cb(int status, JAR *jar, const char *metafile, -char *pathname, char *errortext); -static int verify_global (JAR *jar); +static int jar_cb(int status, JAR *jar, const char *metafile, + char *pathname, char *errortext); +static int verify_global(JAR *jar); /************************************************************************* * @@ -16,232 +15,233 @@ static int verify_global (JAR *jar); int VerifyJar(char *filename) { - FILE * fp; + FILE *fp; - int ret; - int status; - int failed = 0; - char *err; + int ret; + int status; + int failed = 0; + char *err; - JAR * jar; - JAR_Context * ctx; + JAR *jar; + JAR_Context *ctx; - JAR_Item * it; + JAR_Item *it; jar = JAR_new(); - if ((fp = fopen (filename, "r")) == NULL) { - perror (filename); - exit (ERRX); + if ((fp = fopen(filename, "r")) == NULL) { + perror(filename); + exit(ERRX); } else - fclose (fp); - - JAR_set_callback (JAR_CB_SIGNAL, jar, jar_cb); + fclose(fp); + JAR_set_callback(JAR_CB_SIGNAL, jar, jar_cb); - status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url"); + status = JAR_pass_archive(jar, jarArchGuess, filename, "some-url"); if (status < 0 || jar->valid < 0) { - failed = 1; - PR_fprintf(outputFD, - "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", - filename); - if (status < 0) { - const char *errtext; - - if (status >= JAR_BASE && status <= JAR_BASE_END) { - errtext = JAR_get_error (status); - } else { - errtext = SECU_Strerror(PORT_GetError()); - } - - PR_fprintf(outputFD, " (reported reason: %s)\n\n", - errtext); - - /* corrupt files should not have their contents listed */ - - if (status == JAR_ERR_CORRUPT) - return - 1; - } - PR_fprintf(outputFD, - "entries shown below will have their digests checked only.\n"); - jar->valid = 0; + failed = 1; + PR_fprintf(outputFD, + "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", + filename); + if (status < 0) { + const char *errtext; + + if (status >= JAR_BASE && status <= JAR_BASE_END) { + errtext = JAR_get_error(status); + } else { + errtext = SECU_Strerror(PORT_GetError()); + } + + PR_fprintf(outputFD, " (reported reason: %s)\n\n", + errtext); + + /* corrupt files should not have their contents listed */ + + if (status == JAR_ERR_CORRUPT) + return -1; + } + PR_fprintf(outputFD, + "entries shown below will have their digests checked only.\n"); + jar->valid = 0; } else - PR_fprintf(outputFD, - "archive \"%s\" has passed crypto verification.\n", filename); + PR_fprintf(outputFD, + "archive \"%s\" has passed crypto verification.\n", filename); - if (verify_global (jar)) - failed = 1; + if (verify_global(jar)) + failed = 1; PR_fprintf(outputFD, "\n"); PR_fprintf(outputFD, "%16s %s\n", "status", "path"); PR_fprintf(outputFD, "%16s %s\n", "------------", "-------------------"); - ctx = JAR_find (jar, NULL, jarTypeMF); - - while (JAR_find_next (ctx, &it) >= 0) { - if (it && it->pathname) { - rm_dash_r(TMP_OUTPUT); - ret = JAR_verified_extract (jar, it->pathname, TMP_OUTPUT); - /* if (ret < 0) printf ("error %d on %s\n", ret, it->pathname); */ - if (ret < 0) - failed = 1; - - if (ret == JAR_ERR_PNF) - err = "NOT PRESENT"; - else if (ret == JAR_ERR_HASH) - err = "HASH FAILED"; - else - err = "NOT VERIFIED"; - - PR_fprintf(outputFD, "%16s %s\n", - ret >= 0 ? "verified" : err, it->pathname); - - if (ret != 0 && ret != JAR_ERR_PNF && ret != JAR_ERR_HASH) - PR_fprintf(outputFD, " (reason: %s)\n", - JAR_get_error (ret)); - } + ctx = JAR_find(jar, NULL, jarTypeMF); + + while (JAR_find_next(ctx, &it) >= 0) { + if (it && it->pathname) { + rm_dash_r(TMP_OUTPUT); + ret = JAR_verified_extract(jar, it->pathname, TMP_OUTPUT); + /* if (ret < 0) printf ("error %d on %s\n", ret, it->pathname); */ + if (ret < 0) + failed = 1; + + if (ret == JAR_ERR_PNF) + err = "NOT PRESENT"; + else if (ret == JAR_ERR_HASH) + err = "HASH FAILED"; + else + err = "NOT VERIFIED"; + + PR_fprintf(outputFD, "%16s %s\n", + ret >= 0 ? "verified" : err, it->pathname); + + if (ret != 0 && ret != JAR_ERR_PNF && ret != JAR_ERR_HASH) + PR_fprintf(outputFD, " (reason: %s)\n", + JAR_get_error(ret)); + } } - JAR_find_end (ctx); + JAR_find_end(ctx); if (status < 0 || jar->valid < 0) { - failed = 1; - PR_fprintf(outputFD, - "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", - filename); - give_help (status); + failed = 1; + PR_fprintf(outputFD, + "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", + filename); + give_help(status); } - JAR_destroy (jar); + JAR_destroy(jar); if (failed) - return - 1; + return -1; return 0; } - /*************************************************************************** * * v e r i f y _ g l o b a l */ -static int -verify_global (JAR *jar) +static int +verify_global(JAR *jar) { - FILE * fp; - JAR_Context * ctx; - JAR_Item * it; - JAR_Digest * globaldig; - char * ext; + FILE *fp; + JAR_Context *ctx; + JAR_Item *it; + JAR_Digest *globaldig; + char *ext; unsigned char *md5_digest, *sha1_digest; - unsigned int sha1_length, md5_length; - int retval = 0; - char buf [BUFSIZ]; - - ctx = JAR_find (jar, "*", jarTypePhy); - - while (JAR_find_next (ctx, &it) >= 0) { - if (!PORT_Strncmp (it->pathname, "META-INF", 8)) { - for (ext = it->pathname; *ext; ext++) - ; - while (ext > it->pathname && *ext != '.') - ext--; - - if (verbosity >= 0) { - if (!PORT_Strcasecmp (ext, ".rsa")) { - PR_fprintf(outputFD, "found a RSA signature file: %s\n", - it->pathname); - } - - if (!PORT_Strcasecmp (ext, ".dsa")) { - PR_fprintf(outputFD, "found a DSA signature file: %s\n", - it->pathname); - } - - if (!PORT_Strcasecmp (ext, ".mf")) { - PR_fprintf(outputFD, - "found a MF master manifest file: %s\n", - it->pathname); - } - } - - if (!PORT_Strcasecmp (ext, ".sf")) { - if (verbosity >= 0) { - PR_fprintf(outputFD, - "found a SF signature manifest file: %s\n", - it->pathname); - } - - rm_dash_r(TMP_OUTPUT); - if (JAR_extract (jar, it->pathname, TMP_OUTPUT) < 0) { - PR_fprintf(errorFD, "%s: error extracting %s\n", - PROGRAM_NAME, it->pathname); - errorCount++; - retval = -1; - continue; - } - - md5_digest = NULL; - sha1_digest = NULL; - - if ((fp = fopen (TMP_OUTPUT, "rb")) != NULL) { - while (fgets (buf, BUFSIZ, fp)) { - char *s; - - if (*buf == 0 || *buf == '\n' || *buf == '\r') - break; - - for (s = buf; *s && *s != '\n' && *s != '\r'; s++) - ; - *s = 0; - - if (!PORT_Strncmp (buf, "MD5-Digest: ", 12)) { - md5_digest = - ATOB_AsciiToData (buf + 12, &md5_length); - } - if (!PORT_Strncmp (buf, "SHA1-Digest: ", 13)) { - sha1_digest = - ATOB_AsciiToData (buf + 13, &sha1_length); - } - if (!PORT_Strncmp (buf, "SHA-Digest: ", 12)) { - sha1_digest = - ATOB_AsciiToData (buf + 12, &sha1_length); - } - } - - globaldig = jar->globalmeta; - - if (globaldig && md5_digest && verbosity >= 0) { - PR_fprintf(outputFD, - " md5 digest on global metainfo: %s\n", - PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH) - ? "no match" : "match"); - } - - if (globaldig && sha1_digest && verbosity >= 0) { - PR_fprintf(outputFD, - " sha digest on global metainfo: %s\n", - PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH) - ? "no match" : "match"); - } - - if (globaldig == NULL && verbosity >= 0) { - PR_fprintf(outputFD, - "global metadigest is not available, strange.\n"); - } - - fclose (fp); - } - } - } + unsigned int sha1_length, md5_length; + int retval = 0; + char buf[BUFSIZ]; + + ctx = JAR_find(jar, "*", jarTypePhy); + + while (JAR_find_next(ctx, &it) >= 0) { + if (!PORT_Strncmp(it->pathname, "META-INF", 8)) { + for (ext = it->pathname; *ext; ext++) + ; + while (ext > it->pathname && *ext != '.') + ext--; + + if (verbosity >= 0) { + if (!PORT_Strcasecmp(ext, ".rsa")) { + PR_fprintf(outputFD, "found a RSA signature file: %s\n", + it->pathname); + } + + if (!PORT_Strcasecmp(ext, ".dsa")) { + PR_fprintf(outputFD, "found a DSA signature file: %s\n", + it->pathname); + } + + if (!PORT_Strcasecmp(ext, ".mf")) { + PR_fprintf(outputFD, + "found a MF master manifest file: %s\n", + it->pathname); + } + } + + if (!PORT_Strcasecmp(ext, ".sf")) { + if (verbosity >= 0) { + PR_fprintf(outputFD, + "found a SF signature manifest file: %s\n", + it->pathname); + } + + rm_dash_r(TMP_OUTPUT); + if (JAR_extract(jar, it->pathname, TMP_OUTPUT) < 0) { + PR_fprintf(errorFD, "%s: error extracting %s\n", + PROGRAM_NAME, it->pathname); + errorCount++; + retval = -1; + continue; + } + + md5_digest = NULL; + sha1_digest = NULL; + + if ((fp = fopen(TMP_OUTPUT, "rb")) != NULL) { + while (fgets(buf, BUFSIZ, fp)) { + char *s; + + if (*buf == 0 || *buf == '\n' || *buf == '\r') + break; + + for (s = buf; *s && *s != '\n' && *s != '\r'; s++) + ; + *s = 0; + + if (!PORT_Strncmp(buf, "MD5-Digest: ", 12)) { + md5_digest = + ATOB_AsciiToData(buf + 12, &md5_length); + } + if (!PORT_Strncmp(buf, "SHA1-Digest: ", 13)) { + sha1_digest = + ATOB_AsciiToData(buf + 13, &sha1_length); + } + if (!PORT_Strncmp(buf, "SHA-Digest: ", 12)) { + sha1_digest = + ATOB_AsciiToData(buf + 12, &sha1_length); + } + } + + globaldig = jar->globalmeta; + + if (globaldig && md5_digest && verbosity >= 0) { + PR_fprintf(outputFD, + " md5 digest on global metainfo: %s\n", + PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH) + ? "no match" + : "match"); + } + + if (globaldig && sha1_digest && verbosity >= 0) { + PR_fprintf(outputFD, + " sha digest on global metainfo: %s\n", + PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH) + ? "no match" + : "match"); + } + + if (globaldig == NULL && verbosity >= 0) { + PR_fprintf(outputFD, + "global metadigest is not available, strange.\n"); + } + + PORT_Free(md5_digest); + PORT_Free(sha1_digest); + fclose(fp); + } + } + } } - JAR_find_end (ctx); + JAR_find_end(ctx); return retval; } - /************************************************************************ * * J a r W h o @@ -249,91 +249,89 @@ verify_global (JAR *jar) int JarWho(char *filename) { - FILE * fp; + FILE *fp; - JAR * jar; - JAR_Context * ctx; + JAR *jar; + JAR_Context *ctx; - int status; - int retval = 0; + int status; + int retval = 0; - JAR_Item * it; - JAR_Cert * fing; + JAR_Item *it; + JAR_Cert *fing; - CERTCertificate * cert, *prev = NULL; + CERTCertificate *cert, *prev = NULL; jar = JAR_new(); - if ((fp = fopen (filename, "r")) == NULL) { - perror (filename); - exit (ERRX); - } - fclose (fp); + if ((fp = fopen(filename, "r")) == NULL) { + perror(filename); + exit(ERRX); + } + fclose(fp); - status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url"); + status = JAR_pass_archive(jar, jarArchGuess, filename, "some-url"); if (status < 0 || jar->valid < 0) { - PR_fprintf(outputFD, - "NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", - filename); - retval = -1; - if (jar->valid < 0 || status != -1) { - const char *errtext; - - if (status >= JAR_BASE && status <= JAR_BASE_END) { - errtext = JAR_get_error (status); - } else { - errtext = SECU_Strerror(PORT_GetError()); - } - - PR_fprintf(outputFD, " (reported reason: %s)\n\n", errtext); - } + PR_fprintf(outputFD, + "NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", + filename); + retval = -1; + if (jar->valid < 0 || status != -1) { + const char *errtext; + + if (status >= JAR_BASE && status <= JAR_BASE_END) { + errtext = JAR_get_error(status); + } else { + errtext = SECU_Strerror(PORT_GetError()); + } + + PR_fprintf(outputFD, " (reported reason: %s)\n\n", errtext); + } } PR_fprintf(outputFD, "\nSigner information:\n\n"); - ctx = JAR_find (jar, NULL, jarTypeSign); - - while (JAR_find_next (ctx, &it) >= 0) { - fing = (JAR_Cert * ) it->data; - cert = fing->cert; - - if (cert) { - if (prev == cert) - break; - - if (cert->nickname) - PR_fprintf(outputFD, "nickname: %s\n", cert->nickname); - if (cert->subjectName) - PR_fprintf(outputFD, "subject name: %s\n", - cert->subjectName); - if (cert->issuerName) - PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName); - } else { - PR_fprintf(outputFD, "no certificate could be found\n"); - retval = -1; - } - - prev = cert; + ctx = JAR_find(jar, NULL, jarTypeSign); + + while (JAR_find_next(ctx, &it) >= 0) { + fing = (JAR_Cert *)it->data; + cert = fing->cert; + + if (cert) { + if (prev == cert) + break; + + if (cert->nickname) + PR_fprintf(outputFD, "nickname: %s\n", cert->nickname); + if (cert->subjectName) + PR_fprintf(outputFD, "subject name: %s\n", + cert->subjectName); + if (cert->issuerName) + PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName); + } else { + PR_fprintf(outputFD, "no certificate could be found\n"); + retval = -1; + } + + prev = cert; } - JAR_find_end (ctx); + JAR_find_end(ctx); - JAR_destroy (jar); + JAR_destroy(jar); return retval; } - /************************************************************************ * j a r _ c b */ -static int jar_cb(int status, JAR *jar, const char *metafile, -char *pathname, char *errortext) +static int +jar_cb(int status, JAR *jar, const char *metafile, + char *pathname, char *errortext) { PR_fprintf(errorFD, "error %d: %s IN FILE %s\n", status, errortext, - pathname); + pathname); errorCount++; return 0; } - - |