Index: cmd/signtool/sign.c |
=================================================================== |
--- a/cmd/signtool/sign.c |
+++ b/cmd/signtool/sign.c |
@@ -1,837 +1,769 @@ |
/* This Source Code Form is subject to the terms of the Mozilla Public |
* License, v. 2.0. If a copy of the MPL was not distributed with this |
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
#include "signtool.h" |
-#include "zip.h" |
+#include "zip.h" |
#include "prmem.h" |
#include "blapi.h" |
-#include "sechash.h" /* for HASH_GetHashObject() */ |
+#include "sechash.h" /* for HASH_GetHashObject() */ |
-static int create_pk7 (char *dir, char *keyName, int *keyType); |
-static int jar_find_key_type (CERTCertificate *cert); |
-static int manifesto (char *dirname, char *install_script, PRBool recurse); |
-static int manifesto_fn(char *relpath, char *basedir, char *reldir, |
- char *filename, void *arg); |
-static int manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, |
- char *filename, void *arg); |
-static int sign_all_arc_fn(char *relpath, char *basedir, char *reldir, |
- char *filename, void *arg); |
-static int add_meta (FILE *fp, char *name); |
-static int SignFile (FILE *outFile, FILE *inFile, CERTCertificate *cert); |
-static int generate_SF_file (char *manifile, char *who); |
-static int calculate_MD5_range (FILE *fp, long r1, long r2, |
- JAR_Digest *dig); |
-static void SignOut (void *arg, const char *buf, unsigned long len); |
+static int create_pk7(char *dir, char *keyName, int *keyType); |
+static int jar_find_key_type(CERTCertificate *cert); |
+static int manifesto(char *dirname, char *install_script, PRBool recurse); |
+static int manifesto_fn(char *relpath, char *basedir, char *reldir, |
+ char *filename, void *arg); |
+static int manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, |
+ char *filename, void *arg); |
+static int sign_all_arc_fn(char *relpath, char *basedir, char *reldir, |
+ char *filename, void *arg); |
+static int add_meta(FILE *fp, char *name); |
+static int SignFile(FILE *outFile, FILE *inFile, CERTCertificate *cert); |
+static int generate_SF_file(char *manifile, char *who); |
+static int calculate_MD5_range(FILE *fp, long r1, long r2, JAR_Digest *dig); |
+static void SignOut(void *arg, const char *buf, unsigned long len); |
-static char *metafile = NULL; |
-static int optimize = 0; |
+static char *metafile = NULL; |
+static int optimize = 0; |
static FILE *mf; |
static ZIPfile *zipfile = NULL; |
-/* |
+/* |
* S i g n A r c h i v e |
* |
- * Sign an individual archive tree. A directory |
+ * Sign an individual archive tree. A directory |
* called META-INF is created underneath this. |
* |
*/ |
-int |
-SignArchive(char *tree, char *keyName, char *zip_file, int javascript, |
- char *meta_file, char *install_script, int _optimize, PRBool recurse) |
-{ |
- int status; |
- char tempfn [FNSIZE], fullfn [FNSIZE]; |
- int keyType = rsaKey; |
+int SignArchive(char *tree, char *keyName, char *zip_file, int javascript, |
+ char *meta_file, char *install_script, int _optimize, |
+ PRBool recurse) { |
+ int status; |
+ char tempfn[FNSIZE], fullfn[FNSIZE]; |
+ int keyType = rsaKey; |
- metafile = meta_file; |
- optimize = _optimize; |
+ metafile = meta_file; |
+ optimize = _optimize; |
- /* To create XPI compatible Archive manifesto() must be run before |
- * the zipfile is opened. This is so the signed files are not added |
- * the archive before the crucial rsa/dsa file*/ |
- if (xpi_arc) { |
- manifesto (tree, install_script, recurse); |
+ /* To create XPI compatible Archive manifesto() must be run before |
+ * the zipfile is opened. This is so the signed files are not added |
+ * the archive before the crucial rsa/dsa file*/ |
+ if (xpi_arc) { |
+ manifesto(tree, install_script, recurse); |
+ } |
+ |
+ if (zip_file) { |
+ zipfile = JzipOpen(zip_file, NULL /*no comment*/); |
+ } |
+ |
+ /*Sign and add files to the archive normally with manifesto()*/ |
+ if (!xpi_arc) { |
+ manifesto(tree, install_script, recurse); |
+ } |
+ |
+ if (keyName) { |
+ status = create_pk7(tree, keyName, &keyType); |
+ if (status < 0) { |
+ PR_fprintf(errorFD, "the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n", |
+ tree); |
+ errorCount++; |
+ exit(ERRX); |
+ } |
+ } |
+ |
+ /* Add the rsa/dsa file as the first file in the archive. This is crucial |
+ * for a XPInstall compatible archive */ |
+ if (xpi_arc) { |
+ if (verbosity >= 0) { |
+ PR_fprintf(outputFD, "%s \n", XPI_TEXT); |
} |
- if (zip_file) { |
- zipfile = JzipOpen(zip_file, NULL /*no comment*/); |
- } |
- |
- /*Sign and add files to the archive normally with manifesto()*/ |
- if (!xpi_arc) { |
- manifesto (tree, install_script, recurse); |
- } |
- |
- if (keyName) { |
- status = create_pk7 (tree, keyName, &keyType); |
- if (status < 0) { |
- PR_fprintf(errorFD, "the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n", |
- tree); |
- errorCount++; |
- exit (ERRX); |
- } |
- } |
- |
- /* Add the rsa/dsa file as the first file in the archive. This is crucial |
- * for a XPInstall compatible archive */ |
- if (xpi_arc) { |
- if (verbosity >= 0) { |
- PR_fprintf(outputFD, "%s \n", XPI_TEXT); |
- } |
- |
- /* rsa/dsa to zip */ |
- sprintf (tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? |
- "dsa" : "rsa")); |
- sprintf (fullfn, "%s/%s", tree, tempfn); |
- JzipAdd(fullfn, tempfn, zipfile, compression_level); |
- |
- /* Loop through all files & subdirectories, add to archive */ |
- foreach (tree, "", manifesto_xpi_fn, recurse, PR_FALSE /*include dirs */, |
- (void * )NULL); |
- } |
- /* mf to zip */ |
- strcpy (tempfn, "META-INF/manifest.mf"); |
- sprintf (fullfn, "%s/%s", tree, tempfn); |
+ /* rsa/dsa to zip */ |
+ sprintf(tempfn, "META-INF/%s.%s", base, |
+ (keyType == dsaKey ? "dsa" : "rsa")); |
+ sprintf(fullfn, "%s/%s", tree, tempfn); |
JzipAdd(fullfn, tempfn, zipfile, compression_level); |
- /* sf to zip */ |
- sprintf (tempfn, "META-INF/%s.sf", base); |
- sprintf (fullfn, "%s/%s", tree, tempfn); |
+ /* Loop through all files & subdirectories, add to archive */ |
+ foreach(tree, "", manifesto_xpi_fn, recurse, PR_FALSE /*include dirs */, |
+ (void *)NULL); |
+ } |
+ /* mf to zip */ |
+ strcpy(tempfn, "META-INF/manifest.mf"); |
+ sprintf(fullfn, "%s/%s", tree, tempfn); |
+ JzipAdd(fullfn, tempfn, zipfile, compression_level); |
+ |
+ /* sf to zip */ |
+ sprintf(tempfn, "META-INF/%s.sf", base); |
+ sprintf(fullfn, "%s/%s", tree, tempfn); |
+ JzipAdd(fullfn, tempfn, zipfile, compression_level); |
+ |
+ /* Add the rsa/dsa file to the zip archive normally */ |
+ if (!xpi_arc) { |
+ /* rsa/dsa to zip */ |
+ sprintf(tempfn, "META-INF/%s.%s", base, |
+ (keyType == dsaKey ? "dsa" : "rsa")); |
+ sprintf(fullfn, "%s/%s", tree, tempfn); |
JzipAdd(fullfn, tempfn, zipfile, compression_level); |
+ } |
- /* Add the rsa/dsa file to the zip archive normally */ |
- if (!xpi_arc) { |
- /* rsa/dsa to zip */ |
- sprintf (tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ? |
- "dsa" : "rsa")); |
- sprintf (fullfn, "%s/%s", tree, tempfn); |
- JzipAdd(fullfn, tempfn, zipfile, compression_level); |
+ JzipClose(zipfile); |
+ |
+ if (verbosity >= 0) { |
+ if (javascript) { |
+ PR_fprintf(outputFD, "jarfile \"%s\" signed successfully\n", zip_file); |
+ } else { |
+ PR_fprintf(outputFD, "tree \"%s\" signed successfully\n", tree); |
} |
+ } |
- JzipClose(zipfile); |
- |
- if (verbosity >= 0) { |
- if (javascript) { |
- PR_fprintf(outputFD, "jarfile \"%s\" signed successfully\n", |
- zip_file); |
- } else { |
- PR_fprintf(outputFD, "tree \"%s\" signed successfully\n", |
- tree); |
- } |
- } |
- |
- return 0; |
+ return 0; |
} |
- |
typedef struct { |
- char *keyName; |
- int javascript; |
- char *metafile; |
- char *install_script; |
- int optimize; |
+ char *keyName; |
+ int javascript; |
+ char *metafile; |
+ char *install_script; |
+ int optimize; |
} SignArcInfo; |
-/* |
+/* |
* S i g n A l l A r c |
* |
* Javascript may generate multiple .arc directories, one |
* for each jar archive needed. Sign them all. |
* |
*/ |
-int |
-SignAllArc(char *jartree, char *keyName, int javascript, char *metafile, |
-char *install_script, int optimize, PRBool recurse) |
-{ |
- SignArcInfo info; |
+int SignAllArc(char *jartree, char *keyName, int javascript, char *metafile, |
+ char *install_script, int optimize, PRBool recurse) { |
+ SignArcInfo info; |
- info.keyName = keyName; |
- info.javascript = javascript; |
- info.metafile = metafile; |
- info.install_script = install_script; |
- info.optimize = optimize; |
+ info.keyName = keyName; |
+ info.javascript = javascript; |
+ info.metafile = metafile; |
+ info.install_script = install_script; |
+ info.optimize = optimize; |
- return foreach(jartree, "", sign_all_arc_fn, recurse, |
- PR_TRUE /*include dirs*/, (void * )&info); |
+ return foreach(jartree, "", sign_all_arc_fn, recurse, |
+ PR_TRUE /*include dirs*/, (void *)&info); |
} |
+static int sign_all_arc_fn(char *relpath, char *basedir, char *reldir, |
+ char *filename, void *arg) { |
+ char *zipfile = NULL; |
+ char *arc = NULL, *archive = NULL; |
+ int retval = 0; |
+ SignArcInfo *infop = (SignArcInfo *)arg; |
-static int |
-sign_all_arc_fn(char *relpath, char *basedir, char *reldir, char *filename, |
- void *arg) |
-{ |
- char *zipfile = NULL; |
- char *arc = NULL, *archive = NULL; |
- int retval = 0; |
- SignArcInfo * infop = (SignArcInfo * )arg; |
+ /* Make sure there is one and only one ".arc" in the relative path, |
+ * and that it is at the end of the path (don't sign .arcs within .arcs) */ |
+ if ((PL_strcaserstr(relpath, ".arc") == relpath + strlen(relpath) - 4) && |
+ (PL_strcasestr(relpath, ".arc") == relpath + strlen(relpath) - 4)) { |
- /* Make sure there is one and only one ".arc" in the relative path, |
- * and that it is at the end of the path (don't sign .arcs within .arcs) */ |
- if ( (PL_strcaserstr(relpath, ".arc") == relpath + strlen(relpath) - |
- 4) && |
- (PL_strcasestr(relpath, ".arc") == relpath + strlen(relpath) - 4) ) { |
+ if (!infop) { |
+ PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME); |
+ errorCount++; |
+ retval = -1; |
+ goto finish; |
+ } |
+ archive = PR_smprintf("%s/%s", basedir, relpath); |
- if (!infop) { |
- PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME); |
- errorCount++; |
- retval = -1; |
- goto finish; |
- } |
- archive = PR_smprintf("%s/%s", basedir, relpath); |
+ zipfile = PL_strdup(archive); |
+ arc = PORT_Strrchr(zipfile, '.'); |
- zipfile = PL_strdup(archive); |
- arc = PORT_Strrchr (zipfile, '.'); |
+ if (arc == NULL) { |
+ PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME); |
+ errorCount++; |
+ retval = -1; |
+ goto finish; |
+ } |
- if (arc == NULL) { |
- PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME); |
- errorCount++; |
- retval = -1; |
- goto finish; |
- } |
+ PL_strcpy(arc, ".jar"); |
- PL_strcpy (arc, ".jar"); |
+ if (verbosity >= 0) { |
+ PR_fprintf(outputFD, "\nsigning: %s\n", zipfile); |
+ } |
+ retval = SignArchive(archive, infop->keyName, zipfile, infop->javascript, |
+ infop->metafile, infop->install_script, |
+ infop->optimize, PR_TRUE /* recurse */); |
+ } |
+finish: |
+ if (archive) PR_Free(archive); |
+ if (zipfile) PR_Free(zipfile); |
- if (verbosity >= 0) { |
- PR_fprintf(outputFD, "\nsigning: %s\n", zipfile); |
- } |
- retval = SignArchive(archive, infop->keyName, zipfile, |
- infop->javascript, infop->metafile, infop->install_script, |
- infop->optimize, PR_TRUE /* recurse */); |
- } |
-finish: |
- if (archive) |
- PR_Free(archive); |
- if (zipfile) |
- PR_Free(zipfile); |
- |
- return retval; |
+ return retval; |
} |
- |
/********************************************************************* |
* |
* c r e a t e _ p k 7 |
*/ |
-static int |
-create_pk7 (char *dir, char *keyName, int *keyType) |
-{ |
- int status = 0; |
- char *file_ext; |
+static int create_pk7(char *dir, char *keyName, int *keyType) { |
+ int status = 0; |
+ char *file_ext; |
- CERTCertificate * cert; |
- CERTCertDBHandle * db; |
+ CERTCertificate *cert; |
+ CERTCertDBHandle *db; |
- FILE * in, *out; |
+ FILE *in, *out; |
- char sf_file [FNSIZE]; |
- char pk7_file [FNSIZE]; |
+ char sf_file[FNSIZE]; |
+ char pk7_file[FNSIZE]; |
- /* open cert database */ |
- db = CERT_GetDefaultCertDB(); |
+ /* open cert database */ |
+ db = CERT_GetDefaultCertDB(); |
- if (db == NULL) |
- return - 1; |
+ if (db == NULL) return -1; |
- /* find cert */ |
- /*cert = CERT_FindCertByNicknameOrEmailAddr(db, keyName);*/ |
- cert = PK11_FindCertFromNickname(keyName, &pwdata); |
+ /* find cert */ |
+ /*cert = CERT_FindCertByNicknameOrEmailAddr(db, keyName);*/ |
+ cert = PK11_FindCertFromNickname(keyName, &pwdata); |
- if (cert == NULL) { |
- SECU_PrintError ( PROGRAM_NAME, |
- "Cannot find the cert \"%s\"", keyName); |
- return -1; |
- } |
+ if (cert == NULL) { |
+ SECU_PrintError(PROGRAM_NAME, "Cannot find the cert \"%s\"", keyName); |
+ return -1; |
+ } |
+ /* determine the key type, which sets the extension for pkcs7 object */ |
- /* determine the key type, which sets the extension for pkcs7 object */ |
+ *keyType = jar_find_key_type(cert); |
+ file_ext = (*keyType == dsaKey) ? "dsa" : "rsa"; |
- *keyType = jar_find_key_type (cert); |
- file_ext = (*keyType == dsaKey) ? "dsa" : "rsa"; |
+ sprintf(sf_file, "%s/META-INF/%s.sf", dir, base); |
+ sprintf(pk7_file, "%s/META-INF/%s.%s", dir, base, file_ext); |
- sprintf (sf_file, "%s/META-INF/%s.sf", dir, base); |
- sprintf (pk7_file, "%s/META-INF/%s.%s", dir, base, file_ext); |
+ if ((in = fopen(sf_file, "rb")) == NULL) { |
+ PR_fprintf(errorFD, "%s: Can't open %s for reading\n", PROGRAM_NAME, |
+ sf_file); |
+ errorCount++; |
+ exit(ERRX); |
+ } |
- if ((in = fopen (sf_file, "rb")) == NULL) { |
- PR_fprintf(errorFD, "%s: Can't open %s for reading\n", PROGRAM_NAME, |
- sf_file); |
- errorCount++; |
- exit (ERRX); |
- } |
+ if ((out = fopen(pk7_file, "wb")) == NULL) { |
+ PR_fprintf(errorFD, "%s: Can't open %s for writing\n", PROGRAM_NAME, |
+ sf_file); |
+ errorCount++; |
+ exit(ERRX); |
+ } |
- if ((out = fopen (pk7_file, "wb")) == NULL) { |
- PR_fprintf(errorFD, "%s: Can't open %s for writing\n", PROGRAM_NAME, |
- sf_file); |
- errorCount++; |
- exit (ERRX); |
- } |
+ status = SignFile(out, in, cert); |
- status = SignFile (out, in, cert); |
+ CERT_DestroyCertificate(cert); |
+ fclose(in); |
+ fclose(out); |
- CERT_DestroyCertificate (cert); |
- fclose (in); |
- fclose (out); |
+ if (status) { |
+ PR_fprintf(errorFD, "%s: PROBLEM signing data (%s)\n", PROGRAM_NAME, |
+ SECU_Strerror(PORT_GetError())); |
+ errorCount++; |
+ return -1; |
+ } |
- if (status) { |
- PR_fprintf(errorFD, "%s: PROBLEM signing data (%s)\n", |
- PROGRAM_NAME, SECU_Strerror(PORT_GetError())); |
- errorCount++; |
- return - 1; |
- } |
- |
- return 0; |
+ return 0; |
} |
- |
/* |
* j a r _ f i n d _ k e y _ t y p e |
- * |
- * Determine the key type for a given cert, which |
+ * |
+ * Determine the key type for a given cert, which |
* should be rsaKey or dsaKey. Any error return 0. |
* |
*/ |
-static int |
-jar_find_key_type (CERTCertificate *cert) |
-{ |
- SECKEYPrivateKey * privk = NULL; |
- KeyType keyType; |
+static int jar_find_key_type(CERTCertificate *cert) { |
+ SECKEYPrivateKey *privk = NULL; |
+ KeyType keyType; |
- /* determine its type */ |
- privk = PK11_FindKeyByAnyCert (cert, &pwdata); |
- if (privk == NULL) { |
- PR_fprintf(errorFD, "warning - can't find private key for this cert\n"); |
- warningCount++; |
- return 0; |
- } |
+ /* determine its type */ |
+ privk = PK11_FindKeyByAnyCert(cert, &pwdata); |
+ if (privk == NULL) { |
+ PR_fprintf(errorFD, "warning - can't find private key for this cert\n"); |
+ warningCount++; |
+ return 0; |
+ } |
- keyType = privk->keyType; |
- SECKEY_DestroyPrivateKey (privk); |
- return keyType; |
+ keyType = privk->keyType; |
+ SECKEY_DestroyPrivateKey(privk); |
+ return keyType; |
} |
- |
/* |
* m a n i f e s t o |
* |
- * Run once for every subdirectory in which a |
+ * Run once for every subdirectory in which a |
* manifest is to be created -- usually exactly once. |
* |
*/ |
-static int |
-manifesto (char *dirname, char *install_script, PRBool recurse) |
-{ |
- char metadir [FNSIZE], sfname [FNSIZE]; |
+static int manifesto(char *dirname, char *install_script, PRBool recurse) { |
+ char metadir[FNSIZE], sfname[FNSIZE]; |
- /* Create the META-INF directory to hold signing info */ |
+ /* Create the META-INF directory to hold signing info */ |
- if (PR_Access (dirname, PR_ACCESS_READ_OK)) { |
- PR_fprintf(errorFD, "%s: unable to read your directory: %s\n", |
- PROGRAM_NAME, dirname); |
- errorCount++; |
- perror (dirname); |
- exit (ERRX); |
- } |
+ if (PR_Access(dirname, PR_ACCESS_READ_OK)) { |
+ PR_fprintf(errorFD, "%s: unable to read your directory: %s\n", PROGRAM_NAME, |
+ dirname); |
+ errorCount++; |
+ perror(dirname); |
+ exit(ERRX); |
+ } |
- if (PR_Access (dirname, PR_ACCESS_WRITE_OK)) { |
- PR_fprintf(errorFD, "%s: unable to write to your directory: %s\n", |
- PROGRAM_NAME, dirname); |
- errorCount++; |
- perror(dirname); |
- exit(ERRX); |
- } |
+ if (PR_Access(dirname, PR_ACCESS_WRITE_OK)) { |
+ PR_fprintf(errorFD, "%s: unable to write to your directory: %s\n", |
+ PROGRAM_NAME, dirname); |
+ errorCount++; |
+ perror(dirname); |
+ exit(ERRX); |
+ } |
- sprintf (metadir, "%s/META-INF", dirname); |
+ sprintf(metadir, "%s/META-INF", dirname); |
- strcpy (sfname, metadir); |
+ strcpy(sfname, metadir); |
- PR_MkDir (metadir, 0777); |
+ PR_MkDir(metadir, 0777); |
- strcat (metadir, "/"); |
- strcat (metadir, MANIFEST); |
+ strcat(metadir, "/"); |
+ strcat(metadir, MANIFEST); |
- if ((mf = fopen (metadir, "wb")) == NULL) { |
- perror (MANIFEST); |
- PR_fprintf(errorFD, "%s: Probably, the directory you are trying to" |
- " sign has\n", PROGRAM_NAME); |
- PR_fprintf(errorFD, "%s: permissions problems or may not exist.\n", |
- PROGRAM_NAME); |
- errorCount++; |
- exit (ERRX); |
- } |
+ if ((mf = fopen(metadir, "wb")) == NULL) { |
+ perror(MANIFEST); |
+ PR_fprintf(errorFD, |
+ "%s: Probably, the directory you are trying to" |
+ " sign has\n", |
+ PROGRAM_NAME); |
+ PR_fprintf(errorFD, "%s: permissions problems or may not exist.\n", |
+ PROGRAM_NAME); |
+ errorCount++; |
+ exit(ERRX); |
+ } |
- if (verbosity >= 0) { |
- PR_fprintf(outputFD, "Generating %s file..\n", metadir); |
- } |
+ if (verbosity >= 0) { |
+ PR_fprintf(outputFD, "Generating %s file..\n", metadir); |
+ } |
- fprintf(mf, "Manifest-Version: 1.0\n"); |
- fprintf (mf, "Created-By: %s\n", CREATOR); |
- fprintf (mf, "Comments: %s\n", BREAKAGE); |
+ fprintf(mf, "Manifest-Version: 1.0\n"); |
+ fprintf(mf, "Created-By: %s\n", CREATOR); |
+ fprintf(mf, "Comments: %s\n", BREAKAGE); |
- if (scriptdir) { |
- fprintf (mf, "Comments: --\n"); |
- fprintf (mf, "Comments: --\n"); |
- fprintf (mf, "Comments: -- This archive signs Javascripts which may not necessarily\n"); |
- fprintf (mf, "Comments: -- be included in the physical jar file.\n"); |
- fprintf (mf, "Comments: --\n"); |
- fprintf (mf, "Comments: --\n"); |
- } |
+ if (scriptdir) { |
+ fprintf(mf, "Comments: --\n"); |
+ fprintf(mf, "Comments: --\n"); |
+ fprintf(mf, |
+ "Comments: -- This archive signs Javascripts which may not " |
+ "necessarily\n"); |
+ fprintf(mf, "Comments: -- be included in the physical jar file.\n"); |
+ fprintf(mf, "Comments: --\n"); |
+ fprintf(mf, "Comments: --\n"); |
+ } |
- if (install_script) |
- fprintf (mf, "Install-Script: %s\n", install_script); |
+ if (install_script) fprintf(mf, "Install-Script: %s\n", install_script); |
- if (metafile) |
- add_meta (mf, "+"); |
+ if (metafile) add_meta(mf, "+"); |
- /* Loop through all files & subdirectories */ |
- foreach (dirname, "", manifesto_fn, recurse, PR_FALSE /*include dirs */, |
- (void * )NULL); |
+ /* Loop through all files & subdirectories */ |
+ foreach(dirname, "", manifesto_fn, recurse, PR_FALSE /*include dirs */, |
+ (void *)NULL); |
- fclose (mf); |
+ fclose(mf); |
- strcat (sfname, "/"); |
- strcat (sfname, base); |
- strcat (sfname, ".sf"); |
+ strcat(sfname, "/"); |
+ strcat(sfname, base); |
+ strcat(sfname, ".sf"); |
- if (verbosity >= 0) { |
- PR_fprintf(outputFD, "Generating %s.sf file..\n", base); |
- } |
- generate_SF_file (metadir, sfname); |
+ if (verbosity >= 0) { |
+ PR_fprintf(outputFD, "Generating %s.sf file..\n", base); |
+ } |
+ generate_SF_file(metadir, sfname); |
- return 0; |
+ return 0; |
} |
- |
/* |
* m a n i f e s t o _ x p i _ f n |
* |
* Called by pointer from SignArchive(), once for |
* each file within the directory. This function |
* is only used for adding to XPI compatible archive |
* |
*/ |
-static int manifesto_xpi_fn |
-(char *relpath, char *basedir, char *reldir, char *filename, void *arg) |
-{ |
- char fullname [FNSIZE]; |
+static int manifesto_xpi_fn(char *relpath, char *basedir, char *reldir, |
+ char *filename, void *arg) { |
+ char fullname[FNSIZE]; |
- if (verbosity >= 0) { |
- PR_fprintf(outputFD, "--> %s\n", relpath); |
- } |
+ if (verbosity >= 0) { |
+ PR_fprintf(outputFD, "--> %s\n", relpath); |
+ } |
- /* extension matching */ |
- if (extensionsGiven) { |
- char *ext = PL_strrchr(relpath, '.'); |
- if (!ext) |
- return 0; |
- if (!PL_HashTableLookup(extensions, ext)) |
- return 0; |
- } |
- sprintf (fullname, "%s/%s", basedir, relpath); |
- JzipAdd(fullname, relpath, zipfile, compression_level); |
+ /* extension matching */ |
+ if (extensionsGiven) { |
+ char *ext = PL_strrchr(relpath, '.'); |
+ if (!ext) return 0; |
+ if (!PL_HashTableLookup(extensions, ext)) return 0; |
+ } |
+ sprintf(fullname, "%s/%s", basedir, relpath); |
+ JzipAdd(fullname, relpath, zipfile, compression_level); |
- return 0; |
+ return 0; |
} |
- |
/* |
* m a n i f e s t o _ f n |
* |
* Called by pointer from manifesto(), once for |
* each file within the directory. |
* |
*/ |
-static int manifesto_fn |
-(char *relpath, char *basedir, char *reldir, char *filename, void *arg) |
-{ |
- int use_js; |
+static int manifesto_fn(char *relpath, char *basedir, char *reldir, |
+ char *filename, void *arg) { |
+ int use_js; |
- JAR_Digest dig; |
- char fullname [FNSIZE]; |
+ JAR_Digest dig; |
+ char fullname[FNSIZE]; |
- if (verbosity >= 0) { |
- PR_fprintf(outputFD, "--> %s\n", relpath); |
- } |
+ if (verbosity >= 0) { |
+ PR_fprintf(outputFD, "--> %s\n", relpath); |
+ } |
- /* extension matching */ |
- if (extensionsGiven) { |
- char *ext = PL_strrchr(relpath, '.'); |
- if (!ext) |
- return 0; |
- if (!PL_HashTableLookup(extensions, ext)) |
- return 0; |
- } |
+ /* extension matching */ |
+ if (extensionsGiven) { |
+ char *ext = PL_strrchr(relpath, '.'); |
+ if (!ext) return 0; |
+ if (!PL_HashTableLookup(extensions, ext)) return 0; |
+ } |
- sprintf (fullname, "%s/%s", basedir, relpath); |
+ sprintf(fullname, "%s/%s", basedir, relpath); |
- fprintf (mf, "\n"); |
+ fprintf(mf, "\n"); |
- use_js = 0; |
+ use_js = 0; |
- if (scriptdir && !PORT_Strcmp (scriptdir, reldir)) |
- use_js++; |
+ if (scriptdir && !PORT_Strcmp(scriptdir, reldir)) use_js++; |
- /* sign non-.js files inside .arc directories using the javascript magic */ |
+ /* sign non-.js files inside .arc directories using the javascript magic */ |
- if ( (PL_strcaserstr(filename, ".js") != filename + strlen(filename) - 3) |
- && (PL_strcaserstr(reldir, ".arc") == reldir + strlen(filename) - 4)) |
- use_js++; |
+ if ((PL_strcaserstr(filename, ".js") != filename + strlen(filename) - 3) && |
+ (PL_strcaserstr(reldir, ".arc") == reldir + strlen(filename) - 4)) |
+ use_js++; |
- if (use_js) { |
- fprintf (mf, "Name: %s\n", filename); |
- fprintf (mf, "Magic: javascript\n"); |
+ if (use_js) { |
+ fprintf(mf, "Name: %s\n", filename); |
+ fprintf(mf, "Magic: javascript\n"); |
- if (optimize == 0) |
- fprintf (mf, "javascript.id: %s\n", filename); |
+ if (optimize == 0) fprintf(mf, "javascript.id: %s\n", filename); |
- if (metafile) |
- add_meta (mf, filename); |
- } else { |
- fprintf (mf, "Name: %s\n", relpath); |
- if (metafile) |
- add_meta (mf, relpath); |
- } |
+ if (metafile) add_meta(mf, filename); |
+ } else { |
+ fprintf(mf, "Name: %s\n", relpath); |
+ if (metafile) add_meta(mf, relpath); |
+ } |
- JAR_digest_file (fullname, &dig); |
+ JAR_digest_file(fullname, &dig); |
+ if (optimize == 0) { |
+ fprintf(mf, "Digest-Algorithms: MD5 SHA1\n"); |
+ fprintf(mf, "MD5-Digest: %s\n", BTOA_DataToAscii(dig.md5, MD5_LENGTH)); |
+ } |
- if (optimize == 0) { |
- fprintf (mf, "Digest-Algorithms: MD5 SHA1\n"); |
- fprintf (mf, "MD5-Digest: %s\n", BTOA_DataToAscii (dig.md5, |
- MD5_LENGTH)); |
- } |
+ fprintf(mf, "SHA1-Digest: %s\n", BTOA_DataToAscii(dig.sha1, SHA1_LENGTH)); |
- fprintf (mf, "SHA1-Digest: %s\n", BTOA_DataToAscii (dig.sha1, SHA1_LENGTH)); |
+ if (!use_js) { |
+ JzipAdd(fullname, relpath, zipfile, compression_level); |
+ } |
- if (!use_js) { |
- JzipAdd(fullname, relpath, zipfile, compression_level); |
- } |
- |
- return 0; |
+ return 0; |
} |
- |
/* |
* a d d _ m e t a |
* |
* Parse the metainfo file, and add any details |
* necessary to the manifest file. In most cases you |
* should be using the -i option (ie, for SmartUpdate). |
* |
*/ |
-static int add_meta (FILE *fp, char *name) |
-{ |
- FILE * met; |
- char buf [BUFSIZ]; |
+static int add_meta(FILE *fp, char *name) { |
+ FILE *met; |
+ char buf[BUFSIZ]; |
- int place; |
- char *pattern, *meta; |
+ int place; |
+ char *pattern, *meta; |
- int num = 0; |
+ int num = 0; |
- if ((met = fopen (metafile, "r")) != NULL) { |
- while (fgets (buf, BUFSIZ, met)) { |
- char *s; |
+ if ((met = fopen(metafile, "r")) != NULL) { |
+ while (fgets(buf, BUFSIZ, met)) { |
+ char *s; |
- for (s = buf; *s && *s != '\n' && *s != '\r'; s++) |
- ; |
- *s = 0; |
+ for (s = buf; *s && *s != '\n' && *s != '\r'; s++) |
+ ; |
+ *s = 0; |
- if (*buf == 0) |
- continue; |
+ if (*buf == 0) continue; |
- pattern = buf; |
+ pattern = buf; |
- /* skip to whitespace */ |
- for (s = buf; *s && *s != ' ' && *s != '\t'; s++) |
- ; |
+ /* skip to whitespace */ |
+ for (s = buf; *s && *s != ' ' && *s != '\t'; s++) |
+ ; |
- /* terminate pattern */ |
- if (*s == ' ' || *s == '\t') |
- *s++ = 0; |
+ /* terminate pattern */ |
+ if (*s == ' ' || *s == '\t') *s++ = 0; |
- /* eat through whitespace */ |
- while (*s == ' ' || *s == '\t') |
- s++; |
+ /* eat through whitespace */ |
+ while (*s == ' ' || *s == '\t') s++; |
- meta = s; |
+ meta = s; |
- /* this will eventually be regexp matching */ |
+ /* this will eventually be regexp matching */ |
- place = 0; |
- if (!PORT_Strcmp (pattern, name)) |
- place = 1; |
+ place = 0; |
+ if (!PORT_Strcmp(pattern, name)) place = 1; |
- if (place) { |
- num++; |
- if (verbosity >= 0) { |
- PR_fprintf(outputFD, "[%s] %s\n", name, meta); |
- } |
- fprintf (fp, "%s\n", meta); |
- } |
- } |
- fclose (met); |
- } else { |
- PR_fprintf(errorFD, "%s: can't open metafile: %s\n", PROGRAM_NAME, |
- metafile); |
- errorCount++; |
- exit (ERRX); |
+ if (place) { |
+ num++; |
+ if (verbosity >= 0) { |
+ PR_fprintf(outputFD, "[%s] %s\n", name, meta); |
+ } |
+ fprintf(fp, "%s\n", meta); |
+ } |
} |
+ fclose(met); |
+ } else { |
+ PR_fprintf(errorFD, "%s: can't open metafile: %s\n", PROGRAM_NAME, |
+ metafile); |
+ errorCount++; |
+ exit(ERRX); |
+ } |
- return num; |
+ return num; |
} |
- |
/********************************************************************** |
* |
* S i g n F i l e |
*/ |
-static int |
-SignFile (FILE *outFile, FILE *inFile, CERTCertificate *cert) |
-{ |
- int nb; |
- char ibuf[4096], digestdata[32]; |
- const SECHashObject *hashObj; |
- void *hashcx; |
- unsigned int len; |
+static int SignFile(FILE *outFile, FILE *inFile, CERTCertificate *cert) { |
+ int nb; |
+ char ibuf[4096], digestdata[32]; |
+ const SECHashObject *hashObj; |
+ void *hashcx; |
+ unsigned int len; |
- SECItem digest; |
- SEC_PKCS7ContentInfo * cinfo; |
- SECStatus rv; |
+ SECItem digest; |
+ SEC_PKCS7ContentInfo *cinfo; |
+ SECStatus rv; |
- if (outFile == NULL || inFile == NULL || cert == NULL) |
- return - 1; |
+ if (outFile == NULL || inFile == NULL || cert == NULL) return -1; |
- /* XXX probably want to extend interface to allow other hash algorithms */ |
- hashObj = HASH_GetHashObject(HASH_AlgSHA1); |
+ /* XXX probably want to extend interface to allow other hash algorithms */ |
+ hashObj = HASH_GetHashObject(HASH_AlgSHA1); |
- hashcx = (*hashObj->create)(); |
- if (hashcx == NULL) |
- return - 1; |
+ hashcx = (*hashObj->create)(); |
+ if (hashcx == NULL) return -1; |
- (*hashObj->begin)(hashcx); |
+ (*hashObj->begin)(hashcx); |
- for (; ; ) { |
- if (feof(inFile)) |
- break; |
- nb = fread(ibuf, 1, sizeof(ibuf), inFile); |
- if (nb == 0) { |
- if (ferror(inFile)) { |
- PORT_SetError(SEC_ERROR_IO); |
- (*hashObj->destroy)(hashcx, PR_TRUE); |
- return - 1; |
- } |
- /* eof */ |
- break; |
- } |
- (*hashObj->update)(hashcx, (unsigned char *) ibuf, nb); |
+ for (;;) { |
+ if (feof(inFile)) break; |
+ nb = fread(ibuf, 1, sizeof(ibuf), inFile); |
+ if (nb == 0) { |
+ if (ferror(inFile)) { |
+ PORT_SetError(SEC_ERROR_IO); |
+ (*hashObj->destroy)(hashcx, PR_TRUE); |
+ return -1; |
+ } |
+ /* eof */ |
+ break; |
} |
+ (*hashObj->update)(hashcx, (unsigned char *)ibuf, nb); |
+ } |
- (*hashObj->end)(hashcx, (unsigned char *) digestdata, &len, 32); |
- (*hashObj->destroy)(hashcx, PR_TRUE); |
+ (*hashObj->end)(hashcx, (unsigned char *)digestdata, &len, 32); |
+ (*hashObj->destroy)(hashcx, PR_TRUE); |
- digest.data = (unsigned char *) digestdata; |
- digest.len = len; |
+ digest.data = (unsigned char *)digestdata; |
+ digest.len = len; |
- cinfo = SEC_PKCS7CreateSignedData |
- (cert, certUsageObjectSigner, NULL, |
- SEC_OID_SHA1, &digest, NULL, NULL); |
+ cinfo = SEC_PKCS7CreateSignedData(cert, certUsageObjectSigner, NULL, |
+ SEC_OID_SHA1, &digest, NULL, NULL); |
- if (cinfo == NULL) |
- return - 1; |
+ if (cinfo == NULL) return -1; |
- rv = SEC_PKCS7IncludeCertChain (cinfo, NULL); |
+ rv = SEC_PKCS7IncludeCertChain(cinfo, NULL); |
+ if (rv != SECSuccess) { |
+ SEC_PKCS7DestroyContentInfo(cinfo); |
+ return -1; |
+ } |
+ |
+ if (no_time == 0) { |
+ rv = SEC_PKCS7AddSigningTime(cinfo); |
if (rv != SECSuccess) { |
- SEC_PKCS7DestroyContentInfo (cinfo); |
- return - 1; |
+ /* don't check error */ |
} |
+ } |
- if (no_time == 0) { |
- rv = SEC_PKCS7AddSigningTime (cinfo); |
- if (rv != SECSuccess) { |
- /* don't check error */ |
- } |
- } |
+ rv = SEC_PKCS7Encode(cinfo, SignOut, outFile, NULL, NULL, &pwdata); |
- rv = SEC_PKCS7Encode(cinfo, SignOut, outFile, NULL, NULL, &pwdata); |
+ SEC_PKCS7DestroyContentInfo(cinfo); |
- SEC_PKCS7DestroyContentInfo (cinfo); |
+ if (rv != SECSuccess) return -1; |
- if (rv != SECSuccess) |
- return - 1; |
- |
- return 0; |
+ return 0; |
} |
- |
/* |
- * g e n e r a t e _ S F _ f i l e |
+ * g e n e r a t e _ S F _ f i l e |
* |
* From the supplied manifest file, calculates |
* digests on the various sections, creating a .SF |
* file in the process. |
- * |
+ * |
*/ |
-static int generate_SF_file (char *manifile, char *who) |
-{ |
- FILE * sf; |
- FILE * mf; |
- long r1, r2, r3; |
- char whofile [FNSIZE]; |
- char *buf, *name = NULL; |
- JAR_Digest dig; |
- int line = 0; |
+static int generate_SF_file(char *manifile, char *who) { |
+ FILE *sf; |
+ FILE *mf; |
+ long r1, r2, r3; |
+ char whofile[FNSIZE]; |
+ char *buf, *name = NULL; |
+ JAR_Digest dig; |
+ int line = 0; |
- strcpy (whofile, who); |
+ strcpy(whofile, who); |
- if ((mf = fopen (manifile, "rb")) == NULL) { |
- perror (manifile); |
- exit (ERRX); |
+ if ((mf = fopen(manifile, "rb")) == NULL) { |
+ perror(manifile); |
+ exit(ERRX); |
+ } |
+ |
+ if ((sf = fopen(whofile, "wb")) == NULL) { |
+ perror(who); |
+ exit(ERRX); |
+ } |
+ |
+ buf = (char *)PORT_ZAlloc(BUFSIZ); |
+ |
+ if (buf) name = (char *)PORT_ZAlloc(BUFSIZ); |
+ |
+ if (buf == NULL || name == NULL) out_of_memory(); |
+ |
+ fprintf(sf, "Signature-Version: 1.0\n"); |
+ fprintf(sf, "Created-By: %s\n", CREATOR); |
+ fprintf(sf, "Comments: %s\n", BREAKAGE); |
+ |
+ if (fgets(buf, BUFSIZ, mf) == NULL) { |
+ PR_fprintf(errorFD, "%s: empty manifest file!\n", PROGRAM_NAME); |
+ errorCount++; |
+ exit(ERRX); |
+ } |
+ |
+ if (strncmp(buf, "Manifest-Version:", 17)) { |
+ PR_fprintf(errorFD, "%s: not a manifest file!\n", PROGRAM_NAME); |
+ errorCount++; |
+ exit(ERRX); |
+ } |
+ |
+ fseek(mf, 0L, SEEK_SET); |
+ |
+ /* Process blocks of headers, and calculate their hashen */ |
+ |
+ while (1) { |
+ /* Beginning range */ |
+ r1 = ftell(mf); |
+ |
+ if (fgets(name, BUFSIZ, mf) == NULL) break; |
+ |
+ line++; |
+ |
+ if (r1 != 0 && strncmp(name, "Name:", 5)) { |
+ PR_fprintf( |
+ errorFD, |
+ "warning: unexpected input in manifest file \"%s\" at line %d:\n", |
+ manifile, line); |
+ PR_fprintf(errorFD, "%s\n", name); |
+ warningCount++; |
} |
- if ((sf = fopen (whofile, "wb")) == NULL) { |
- perror (who); |
- exit (ERRX); |
+ r2 = r1; |
+ while (fgets(buf, BUFSIZ, mf)) { |
+ if (*buf == 0 || *buf == '\n' || *buf == '\r') break; |
+ |
+ line++; |
+ |
+ /* Ending range for hashing */ |
+ r2 = ftell(mf); |
} |
- buf = (char *) PORT_ZAlloc (BUFSIZ); |
+ r3 = ftell(mf); |
- if (buf) |
- name = (char *) PORT_ZAlloc (BUFSIZ); |
- |
- if (buf == NULL || name == NULL) |
- out_of_memory(); |
- |
- fprintf (sf, "Signature-Version: 1.0\n"); |
- fprintf (sf, "Created-By: %s\n", CREATOR); |
- fprintf (sf, "Comments: %s\n", BREAKAGE); |
- |
- if (fgets (buf, BUFSIZ, mf) == NULL) { |
- PR_fprintf(errorFD, "%s: empty manifest file!\n", PROGRAM_NAME); |
- errorCount++; |
- exit (ERRX); |
+ if (r1) { |
+ fprintf(sf, "\n"); |
+ fprintf(sf, "%s", name); |
} |
- if (strncmp (buf, "Manifest-Version:", 17)) { |
- PR_fprintf(errorFD, "%s: not a manifest file!\n", PROGRAM_NAME); |
- errorCount++; |
- exit (ERRX); |
+ calculate_MD5_range(mf, r1, r2, &dig); |
+ |
+ if (optimize == 0) { |
+ fprintf(sf, "Digest-Algorithms: MD5 SHA1\n"); |
+ fprintf(sf, "MD5-Digest: %s\n", BTOA_DataToAscii(dig.md5, MD5_LENGTH)); |
} |
- fseek (mf, 0L, SEEK_SET); |
+ fprintf(sf, "SHA1-Digest: %s\n", BTOA_DataToAscii(dig.sha1, SHA1_LENGTH)); |
- /* Process blocks of headers, and calculate their hashen */ |
+ /* restore normalcy after changing offset position */ |
+ fseek(mf, r3, SEEK_SET); |
+ } |
- while (1) { |
- /* Beginning range */ |
- r1 = ftell (mf); |
+ PORT_Free(buf); |
+ PORT_Free(name); |
- if (fgets (name, BUFSIZ, mf) == NULL) |
- break; |
+ fclose(sf); |
+ fclose(mf); |
- line++; |
- |
- if (r1 != 0 && strncmp (name, "Name:", 5)) { |
- PR_fprintf(errorFD, |
- "warning: unexpected input in manifest file \"%s\" at line %d:\n", |
- manifile, line); |
- PR_fprintf(errorFD, "%s\n", name); |
- warningCount++; |
- } |
- |
- r2 = r1; |
- while (fgets (buf, BUFSIZ, mf)) { |
- if (*buf == 0 || *buf == '\n' || *buf == '\r') |
- break; |
- |
- line++; |
- |
- /* Ending range for hashing */ |
- r2 = ftell (mf); |
- } |
- |
- r3 = ftell (mf); |
- |
- if (r1) { |
- fprintf (sf, "\n"); |
- fprintf (sf, "%s", name); |
- } |
- |
- calculate_MD5_range (mf, r1, r2, &dig); |
- |
- if (optimize == 0) { |
- fprintf (sf, "Digest-Algorithms: MD5 SHA1\n"); |
- fprintf (sf, "MD5-Digest: %s\n", |
- BTOA_DataToAscii (dig.md5, MD5_LENGTH)); |
- } |
- |
- fprintf (sf, "SHA1-Digest: %s\n", |
- BTOA_DataToAscii (dig.sha1, SHA1_LENGTH)); |
- |
- /* restore normalcy after changing offset position */ |
- fseek (mf, r3, SEEK_SET); |
- } |
- |
- PORT_Free (buf); |
- PORT_Free (name); |
- |
- fclose (sf); |
- fclose (mf); |
- |
- return 0; |
+ return 0; |
} |
- |
/* |
* c a l c u l a t e _ M D 5 _ r a n g e |
* |
* Calculate the MD5 digest on a range of bytes in |
* the specified fopen'd file. Returns base64. |
* |
*/ |
-static int |
-calculate_MD5_range (FILE *fp, long r1, long r2, JAR_Digest *dig) |
-{ |
- int num; |
- int range; |
- unsigned char *buf; |
- SECStatus rv; |
+static int calculate_MD5_range(FILE *fp, long r1, long r2, JAR_Digest *dig) { |
+ int num; |
+ int range; |
+ unsigned char *buf; |
+ SECStatus rv; |
- range = r2 - r1; |
+ range = r2 - r1; |
- /* position to the beginning of range */ |
- fseek (fp, r1, SEEK_SET); |
+ /* position to the beginning of range */ |
+ fseek(fp, r1, SEEK_SET); |
- buf = (unsigned char *) PORT_ZAlloc (range); |
- if (buf == NULL) |
- out_of_memory(); |
+ buf = (unsigned char *)PORT_ZAlloc(range); |
+ if (buf == NULL) out_of_memory(); |
- if ((num = fread (buf, 1, range, fp)) != range) { |
- PR_fprintf(errorFD, "%s: expected %d bytes, got %d\n", PROGRAM_NAME, |
- range, num); |
- errorCount++; |
- exit (ERRX); |
- } |
+ if ((num = fread(buf, 1, range, fp)) != range) { |
+ PR_fprintf(errorFD, "%s: expected %d bytes, got %d\n", PROGRAM_NAME, range, |
+ num); |
+ errorCount++; |
+ exit(ERRX); |
+ } |
- rv = PK11_HashBuf(SEC_OID_MD5, dig->md5, buf, range); |
- if (rv == SECSuccess) { |
- rv =PK11_HashBuf(SEC_OID_SHA1, dig->sha1, buf, range); |
- } |
- if (rv != SECSuccess) { |
- PR_fprintf(errorFD, "%s: can't generate digest context\n", |
- PROGRAM_NAME); |
- errorCount++; |
- exit (ERRX); |
- } |
+ rv = PK11_HashBuf(SEC_OID_MD5, dig->md5, buf, range); |
+ if (rv == SECSuccess) { |
+ rv = PK11_HashBuf(SEC_OID_SHA1, dig->sha1, buf, range); |
+ } |
+ if (rv != SECSuccess) { |
+ PR_fprintf(errorFD, "%s: can't generate digest context\n", PROGRAM_NAME); |
+ errorCount++; |
+ exit(ERRX); |
+ } |
- PORT_Free (buf); |
+ PORT_Free(buf); |
- return 0; |
+ return 0; |
} |
- |
-static void SignOut (void *arg, const char *buf, unsigned long len) |
-{ |
- fwrite (buf, len, 1, (FILE * ) arg); |
+static void SignOut(void *arg, const char *buf, unsigned long len) { |
+ fwrite(buf, len, 1, (FILE *)arg); |
} |
- |
- |