Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(85)

Unified Diff: cmd/signtool/sign.c

Issue 201830043: Bug 1118245 - Apply uniform style across NSS
Patch Set: Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « cmd/signtool/list.c ('k') | cmd/signtool/signtool.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: cmd/signtool/sign.c
===================================================================
--- a/cmd/signtool/sign.c
+++ b/cmd/signtool/sign.c
@@ -1,837 +1,769 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "signtool.h"
-#include "zip.h"
+#include "zip.h"
#include "prmem.h"
#include "blapi.h"
-#include "sechash.h" /* for HASH_GetHashObject() */
+#include "sechash.h" /* for HASH_GetHashObject() */
-static int create_pk7 (char *dir, char *keyName, int *keyType);
-static int jar_find_key_type (CERTCertificate *cert);
-static int manifesto (char *dirname, char *install_script, PRBool recurse);
-static int manifesto_fn(char *relpath, char *basedir, char *reldir,
- char *filename, void *arg);
-static int manifesto_xpi_fn(char *relpath, char *basedir, char *reldir,
- char *filename, void *arg);
-static int sign_all_arc_fn(char *relpath, char *basedir, char *reldir,
- char *filename, void *arg);
-static int add_meta (FILE *fp, char *name);
-static int SignFile (FILE *outFile, FILE *inFile, CERTCertificate *cert);
-static int generate_SF_file (char *manifile, char *who);
-static int calculate_MD5_range (FILE *fp, long r1, long r2,
- JAR_Digest *dig);
-static void SignOut (void *arg, const char *buf, unsigned long len);
+static int create_pk7(char *dir, char *keyName, int *keyType);
+static int jar_find_key_type(CERTCertificate *cert);
+static int manifesto(char *dirname, char *install_script, PRBool recurse);
+static int manifesto_fn(char *relpath, char *basedir, char *reldir,
+ char *filename, void *arg);
+static int manifesto_xpi_fn(char *relpath, char *basedir, char *reldir,
+ char *filename, void *arg);
+static int sign_all_arc_fn(char *relpath, char *basedir, char *reldir,
+ char *filename, void *arg);
+static int add_meta(FILE *fp, char *name);
+static int SignFile(FILE *outFile, FILE *inFile, CERTCertificate *cert);
+static int generate_SF_file(char *manifile, char *who);
+static int calculate_MD5_range(FILE *fp, long r1, long r2, JAR_Digest *dig);
+static void SignOut(void *arg, const char *buf, unsigned long len);
-static char *metafile = NULL;
-static int optimize = 0;
+static char *metafile = NULL;
+static int optimize = 0;
static FILE *mf;
static ZIPfile *zipfile = NULL;
-/*
+/*
* S i g n A r c h i v e
*
- * Sign an individual archive tree. A directory
+ * Sign an individual archive tree. A directory
* called META-INF is created underneath this.
*
*/
-int
-SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
- char *meta_file, char *install_script, int _optimize, PRBool recurse)
-{
- int status;
- char tempfn [FNSIZE], fullfn [FNSIZE];
- int keyType = rsaKey;
+int SignArchive(char *tree, char *keyName, char *zip_file, int javascript,
+ char *meta_file, char *install_script, int _optimize,
+ PRBool recurse) {
+ int status;
+ char tempfn[FNSIZE], fullfn[FNSIZE];
+ int keyType = rsaKey;
- metafile = meta_file;
- optimize = _optimize;
+ metafile = meta_file;
+ optimize = _optimize;
- /* To create XPI compatible Archive manifesto() must be run before
- * the zipfile is opened. This is so the signed files are not added
- * the archive before the crucial rsa/dsa file*/
- if (xpi_arc) {
- manifesto (tree, install_script, recurse);
+ /* To create XPI compatible Archive manifesto() must be run before
+ * the zipfile is opened. This is so the signed files are not added
+ * the archive before the crucial rsa/dsa file*/
+ if (xpi_arc) {
+ manifesto(tree, install_script, recurse);
+ }
+
+ if (zip_file) {
+ zipfile = JzipOpen(zip_file, NULL /*no comment*/);
+ }
+
+ /*Sign and add files to the archive normally with manifesto()*/
+ if (!xpi_arc) {
+ manifesto(tree, install_script, recurse);
+ }
+
+ if (keyName) {
+ status = create_pk7(tree, keyName, &keyType);
+ if (status < 0) {
+ PR_fprintf(errorFD, "the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n",
+ tree);
+ errorCount++;
+ exit(ERRX);
+ }
+ }
+
+ /* Add the rsa/dsa file as the first file in the archive. This is crucial
+ * for a XPInstall compatible archive */
+ if (xpi_arc) {
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD, "%s \n", XPI_TEXT);
}
- if (zip_file) {
- zipfile = JzipOpen(zip_file, NULL /*no comment*/);
- }
-
- /*Sign and add files to the archive normally with manifesto()*/
- if (!xpi_arc) {
- manifesto (tree, install_script, recurse);
- }
-
- if (keyName) {
- status = create_pk7 (tree, keyName, &keyType);
- if (status < 0) {
- PR_fprintf(errorFD, "the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n",
- tree);
- errorCount++;
- exit (ERRX);
- }
- }
-
- /* Add the rsa/dsa file as the first file in the archive. This is crucial
- * for a XPInstall compatible archive */
- if (xpi_arc) {
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "%s \n", XPI_TEXT);
- }
-
- /* rsa/dsa to zip */
- sprintf (tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ?
- "dsa" : "rsa"));
- sprintf (fullfn, "%s/%s", tree, tempfn);
- JzipAdd(fullfn, tempfn, zipfile, compression_level);
-
- /* Loop through all files & subdirectories, add to archive */
- foreach (tree, "", manifesto_xpi_fn, recurse, PR_FALSE /*include dirs */,
- (void * )NULL);
- }
- /* mf to zip */
- strcpy (tempfn, "META-INF/manifest.mf");
- sprintf (fullfn, "%s/%s", tree, tempfn);
+ /* rsa/dsa to zip */
+ sprintf(tempfn, "META-INF/%s.%s", base,
+ (keyType == dsaKey ? "dsa" : "rsa"));
+ sprintf(fullfn, "%s/%s", tree, tempfn);
JzipAdd(fullfn, tempfn, zipfile, compression_level);
- /* sf to zip */
- sprintf (tempfn, "META-INF/%s.sf", base);
- sprintf (fullfn, "%s/%s", tree, tempfn);
+ /* Loop through all files & subdirectories, add to archive */
+ foreach(tree, "", manifesto_xpi_fn, recurse, PR_FALSE /*include dirs */,
+ (void *)NULL);
+ }
+ /* mf to zip */
+ strcpy(tempfn, "META-INF/manifest.mf");
+ sprintf(fullfn, "%s/%s", tree, tempfn);
+ JzipAdd(fullfn, tempfn, zipfile, compression_level);
+
+ /* sf to zip */
+ sprintf(tempfn, "META-INF/%s.sf", base);
+ sprintf(fullfn, "%s/%s", tree, tempfn);
+ JzipAdd(fullfn, tempfn, zipfile, compression_level);
+
+ /* Add the rsa/dsa file to the zip archive normally */
+ if (!xpi_arc) {
+ /* rsa/dsa to zip */
+ sprintf(tempfn, "META-INF/%s.%s", base,
+ (keyType == dsaKey ? "dsa" : "rsa"));
+ sprintf(fullfn, "%s/%s", tree, tempfn);
JzipAdd(fullfn, tempfn, zipfile, compression_level);
+ }
- /* Add the rsa/dsa file to the zip archive normally */
- if (!xpi_arc) {
- /* rsa/dsa to zip */
- sprintf (tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ?
- "dsa" : "rsa"));
- sprintf (fullfn, "%s/%s", tree, tempfn);
- JzipAdd(fullfn, tempfn, zipfile, compression_level);
+ JzipClose(zipfile);
+
+ if (verbosity >= 0) {
+ if (javascript) {
+ PR_fprintf(outputFD, "jarfile \"%s\" signed successfully\n", zip_file);
+ } else {
+ PR_fprintf(outputFD, "tree \"%s\" signed successfully\n", tree);
}
+ }
- JzipClose(zipfile);
-
- if (verbosity >= 0) {
- if (javascript) {
- PR_fprintf(outputFD, "jarfile \"%s\" signed successfully\n",
- zip_file);
- } else {
- PR_fprintf(outputFD, "tree \"%s\" signed successfully\n",
- tree);
- }
- }
-
- return 0;
+ return 0;
}
-
typedef struct {
- char *keyName;
- int javascript;
- char *metafile;
- char *install_script;
- int optimize;
+ char *keyName;
+ int javascript;
+ char *metafile;
+ char *install_script;
+ int optimize;
} SignArcInfo;
-/*
+/*
* S i g n A l l A r c
*
* Javascript may generate multiple .arc directories, one
* for each jar archive needed. Sign them all.
*
*/
-int
-SignAllArc(char *jartree, char *keyName, int javascript, char *metafile,
-char *install_script, int optimize, PRBool recurse)
-{
- SignArcInfo info;
+int SignAllArc(char *jartree, char *keyName, int javascript, char *metafile,
+ char *install_script, int optimize, PRBool recurse) {
+ SignArcInfo info;
- info.keyName = keyName;
- info.javascript = javascript;
- info.metafile = metafile;
- info.install_script = install_script;
- info.optimize = optimize;
+ info.keyName = keyName;
+ info.javascript = javascript;
+ info.metafile = metafile;
+ info.install_script = install_script;
+ info.optimize = optimize;
- return foreach(jartree, "", sign_all_arc_fn, recurse,
- PR_TRUE /*include dirs*/, (void * )&info);
+ return foreach(jartree, "", sign_all_arc_fn, recurse,
+ PR_TRUE /*include dirs*/, (void *)&info);
}
+static int sign_all_arc_fn(char *relpath, char *basedir, char *reldir,
+ char *filename, void *arg) {
+ char *zipfile = NULL;
+ char *arc = NULL, *archive = NULL;
+ int retval = 0;
+ SignArcInfo *infop = (SignArcInfo *)arg;
-static int
-sign_all_arc_fn(char *relpath, char *basedir, char *reldir, char *filename,
- void *arg)
-{
- char *zipfile = NULL;
- char *arc = NULL, *archive = NULL;
- int retval = 0;
- SignArcInfo * infop = (SignArcInfo * )arg;
+ /* Make sure there is one and only one ".arc" in the relative path,
+ * and that it is at the end of the path (don't sign .arcs within .arcs) */
+ if ((PL_strcaserstr(relpath, ".arc") == relpath + strlen(relpath) - 4) &&
+ (PL_strcasestr(relpath, ".arc") == relpath + strlen(relpath) - 4)) {
- /* Make sure there is one and only one ".arc" in the relative path,
- * and that it is at the end of the path (don't sign .arcs within .arcs) */
- if ( (PL_strcaserstr(relpath, ".arc") == relpath + strlen(relpath) -
- 4) &&
- (PL_strcasestr(relpath, ".arc") == relpath + strlen(relpath) - 4) ) {
+ if (!infop) {
+ PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
+ errorCount++;
+ retval = -1;
+ goto finish;
+ }
+ archive = PR_smprintf("%s/%s", basedir, relpath);
- if (!infop) {
- PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
- errorCount++;
- retval = -1;
- goto finish;
- }
- archive = PR_smprintf("%s/%s", basedir, relpath);
+ zipfile = PL_strdup(archive);
+ arc = PORT_Strrchr(zipfile, '.');
- zipfile = PL_strdup(archive);
- arc = PORT_Strrchr (zipfile, '.');
+ if (arc == NULL) {
+ PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
+ errorCount++;
+ retval = -1;
+ goto finish;
+ }
- if (arc == NULL) {
- PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
- errorCount++;
- retval = -1;
- goto finish;
- }
+ PL_strcpy(arc, ".jar");
- PL_strcpy (arc, ".jar");
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD, "\nsigning: %s\n", zipfile);
+ }
+ retval = SignArchive(archive, infop->keyName, zipfile, infop->javascript,
+ infop->metafile, infop->install_script,
+ infop->optimize, PR_TRUE /* recurse */);
+ }
+finish:
+ if (archive) PR_Free(archive);
+ if (zipfile) PR_Free(zipfile);
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "\nsigning: %s\n", zipfile);
- }
- retval = SignArchive(archive, infop->keyName, zipfile,
- infop->javascript, infop->metafile, infop->install_script,
- infop->optimize, PR_TRUE /* recurse */);
- }
-finish:
- if (archive)
- PR_Free(archive);
- if (zipfile)
- PR_Free(zipfile);
-
- return retval;
+ return retval;
}
-
/*********************************************************************
*
* c r e a t e _ p k 7
*/
-static int
-create_pk7 (char *dir, char *keyName, int *keyType)
-{
- int status = 0;
- char *file_ext;
+static int create_pk7(char *dir, char *keyName, int *keyType) {
+ int status = 0;
+ char *file_ext;
- CERTCertificate * cert;
- CERTCertDBHandle * db;
+ CERTCertificate *cert;
+ CERTCertDBHandle *db;
- FILE * in, *out;
+ FILE *in, *out;
- char sf_file [FNSIZE];
- char pk7_file [FNSIZE];
+ char sf_file[FNSIZE];
+ char pk7_file[FNSIZE];
- /* open cert database */
- db = CERT_GetDefaultCertDB();
+ /* open cert database */
+ db = CERT_GetDefaultCertDB();
- if (db == NULL)
- return - 1;
+ if (db == NULL) return -1;
- /* find cert */
- /*cert = CERT_FindCertByNicknameOrEmailAddr(db, keyName);*/
- cert = PK11_FindCertFromNickname(keyName, &pwdata);
+ /* find cert */
+ /*cert = CERT_FindCertByNicknameOrEmailAddr(db, keyName);*/
+ cert = PK11_FindCertFromNickname(keyName, &pwdata);
- if (cert == NULL) {
- SECU_PrintError ( PROGRAM_NAME,
- "Cannot find the cert \"%s\"", keyName);
- return -1;
- }
+ if (cert == NULL) {
+ SECU_PrintError(PROGRAM_NAME, "Cannot find the cert \"%s\"", keyName);
+ return -1;
+ }
+ /* determine the key type, which sets the extension for pkcs7 object */
- /* determine the key type, which sets the extension for pkcs7 object */
+ *keyType = jar_find_key_type(cert);
+ file_ext = (*keyType == dsaKey) ? "dsa" : "rsa";
- *keyType = jar_find_key_type (cert);
- file_ext = (*keyType == dsaKey) ? "dsa" : "rsa";
+ sprintf(sf_file, "%s/META-INF/%s.sf", dir, base);
+ sprintf(pk7_file, "%s/META-INF/%s.%s", dir, base, file_ext);
- sprintf (sf_file, "%s/META-INF/%s.sf", dir, base);
- sprintf (pk7_file, "%s/META-INF/%s.%s", dir, base, file_ext);
+ if ((in = fopen(sf_file, "rb")) == NULL) {
+ PR_fprintf(errorFD, "%s: Can't open %s for reading\n", PROGRAM_NAME,
+ sf_file);
+ errorCount++;
+ exit(ERRX);
+ }
- if ((in = fopen (sf_file, "rb")) == NULL) {
- PR_fprintf(errorFD, "%s: Can't open %s for reading\n", PROGRAM_NAME,
- sf_file);
- errorCount++;
- exit (ERRX);
- }
+ if ((out = fopen(pk7_file, "wb")) == NULL) {
+ PR_fprintf(errorFD, "%s: Can't open %s for writing\n", PROGRAM_NAME,
+ sf_file);
+ errorCount++;
+ exit(ERRX);
+ }
- if ((out = fopen (pk7_file, "wb")) == NULL) {
- PR_fprintf(errorFD, "%s: Can't open %s for writing\n", PROGRAM_NAME,
- sf_file);
- errorCount++;
- exit (ERRX);
- }
+ status = SignFile(out, in, cert);
- status = SignFile (out, in, cert);
+ CERT_DestroyCertificate(cert);
+ fclose(in);
+ fclose(out);
- CERT_DestroyCertificate (cert);
- fclose (in);
- fclose (out);
+ if (status) {
+ PR_fprintf(errorFD, "%s: PROBLEM signing data (%s)\n", PROGRAM_NAME,
+ SECU_Strerror(PORT_GetError()));
+ errorCount++;
+ return -1;
+ }
- if (status) {
- PR_fprintf(errorFD, "%s: PROBLEM signing data (%s)\n",
- PROGRAM_NAME, SECU_Strerror(PORT_GetError()));
- errorCount++;
- return - 1;
- }
-
- return 0;
+ return 0;
}
-
/*
* j a r _ f i n d _ k e y _ t y p e
- *
- * Determine the key type for a given cert, which
+ *
+ * Determine the key type for a given cert, which
* should be rsaKey or dsaKey. Any error return 0.
*
*/
-static int
-jar_find_key_type (CERTCertificate *cert)
-{
- SECKEYPrivateKey * privk = NULL;
- KeyType keyType;
+static int jar_find_key_type(CERTCertificate *cert) {
+ SECKEYPrivateKey *privk = NULL;
+ KeyType keyType;
- /* determine its type */
- privk = PK11_FindKeyByAnyCert (cert, &pwdata);
- if (privk == NULL) {
- PR_fprintf(errorFD, "warning - can't find private key for this cert\n");
- warningCount++;
- return 0;
- }
+ /* determine its type */
+ privk = PK11_FindKeyByAnyCert(cert, &pwdata);
+ if (privk == NULL) {
+ PR_fprintf(errorFD, "warning - can't find private key for this cert\n");
+ warningCount++;
+ return 0;
+ }
- keyType = privk->keyType;
- SECKEY_DestroyPrivateKey (privk);
- return keyType;
+ keyType = privk->keyType;
+ SECKEY_DestroyPrivateKey(privk);
+ return keyType;
}
-
/*
* m a n i f e s t o
*
- * Run once for every subdirectory in which a
+ * Run once for every subdirectory in which a
* manifest is to be created -- usually exactly once.
*
*/
-static int
-manifesto (char *dirname, char *install_script, PRBool recurse)
-{
- char metadir [FNSIZE], sfname [FNSIZE];
+static int manifesto(char *dirname, char *install_script, PRBool recurse) {
+ char metadir[FNSIZE], sfname[FNSIZE];
- /* Create the META-INF directory to hold signing info */
+ /* Create the META-INF directory to hold signing info */
- if (PR_Access (dirname, PR_ACCESS_READ_OK)) {
- PR_fprintf(errorFD, "%s: unable to read your directory: %s\n",
- PROGRAM_NAME, dirname);
- errorCount++;
- perror (dirname);
- exit (ERRX);
- }
+ if (PR_Access(dirname, PR_ACCESS_READ_OK)) {
+ PR_fprintf(errorFD, "%s: unable to read your directory: %s\n", PROGRAM_NAME,
+ dirname);
+ errorCount++;
+ perror(dirname);
+ exit(ERRX);
+ }
- if (PR_Access (dirname, PR_ACCESS_WRITE_OK)) {
- PR_fprintf(errorFD, "%s: unable to write to your directory: %s\n",
- PROGRAM_NAME, dirname);
- errorCount++;
- perror(dirname);
- exit(ERRX);
- }
+ if (PR_Access(dirname, PR_ACCESS_WRITE_OK)) {
+ PR_fprintf(errorFD, "%s: unable to write to your directory: %s\n",
+ PROGRAM_NAME, dirname);
+ errorCount++;
+ perror(dirname);
+ exit(ERRX);
+ }
- sprintf (metadir, "%s/META-INF", dirname);
+ sprintf(metadir, "%s/META-INF", dirname);
- strcpy (sfname, metadir);
+ strcpy(sfname, metadir);
- PR_MkDir (metadir, 0777);
+ PR_MkDir(metadir, 0777);
- strcat (metadir, "/");
- strcat (metadir, MANIFEST);
+ strcat(metadir, "/");
+ strcat(metadir, MANIFEST);
- if ((mf = fopen (metadir, "wb")) == NULL) {
- perror (MANIFEST);
- PR_fprintf(errorFD, "%s: Probably, the directory you are trying to"
- " sign has\n", PROGRAM_NAME);
- PR_fprintf(errorFD, "%s: permissions problems or may not exist.\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
+ if ((mf = fopen(metadir, "wb")) == NULL) {
+ perror(MANIFEST);
+ PR_fprintf(errorFD,
+ "%s: Probably, the directory you are trying to"
+ " sign has\n",
+ PROGRAM_NAME);
+ PR_fprintf(errorFD, "%s: permissions problems or may not exist.\n",
+ PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
+ }
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "Generating %s file..\n", metadir);
- }
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD, "Generating %s file..\n", metadir);
+ }
- fprintf(mf, "Manifest-Version: 1.0\n");
- fprintf (mf, "Created-By: %s\n", CREATOR);
- fprintf (mf, "Comments: %s\n", BREAKAGE);
+ fprintf(mf, "Manifest-Version: 1.0\n");
+ fprintf(mf, "Created-By: %s\n", CREATOR);
+ fprintf(mf, "Comments: %s\n", BREAKAGE);
- if (scriptdir) {
- fprintf (mf, "Comments: --\n");
- fprintf (mf, "Comments: --\n");
- fprintf (mf, "Comments: -- This archive signs Javascripts which may not necessarily\n");
- fprintf (mf, "Comments: -- be included in the physical jar file.\n");
- fprintf (mf, "Comments: --\n");
- fprintf (mf, "Comments: --\n");
- }
+ if (scriptdir) {
+ fprintf(mf, "Comments: --\n");
+ fprintf(mf, "Comments: --\n");
+ fprintf(mf,
+ "Comments: -- This archive signs Javascripts which may not "
+ "necessarily\n");
+ fprintf(mf, "Comments: -- be included in the physical jar file.\n");
+ fprintf(mf, "Comments: --\n");
+ fprintf(mf, "Comments: --\n");
+ }
- if (install_script)
- fprintf (mf, "Install-Script: %s\n", install_script);
+ if (install_script) fprintf(mf, "Install-Script: %s\n", install_script);
- if (metafile)
- add_meta (mf, "+");
+ if (metafile) add_meta(mf, "+");
- /* Loop through all files & subdirectories */
- foreach (dirname, "", manifesto_fn, recurse, PR_FALSE /*include dirs */,
- (void * )NULL);
+ /* Loop through all files & subdirectories */
+ foreach(dirname, "", manifesto_fn, recurse, PR_FALSE /*include dirs */,
+ (void *)NULL);
- fclose (mf);
+ fclose(mf);
- strcat (sfname, "/");
- strcat (sfname, base);
- strcat (sfname, ".sf");
+ strcat(sfname, "/");
+ strcat(sfname, base);
+ strcat(sfname, ".sf");
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "Generating %s.sf file..\n", base);
- }
- generate_SF_file (metadir, sfname);
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD, "Generating %s.sf file..\n", base);
+ }
+ generate_SF_file(metadir, sfname);
- return 0;
+ return 0;
}
-
/*
* m a n i f e s t o _ x p i _ f n
*
* Called by pointer from SignArchive(), once for
* each file within the directory. This function
* is only used for adding to XPI compatible archive
*
*/
-static int manifesto_xpi_fn
-(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
-{
- char fullname [FNSIZE];
+static int manifesto_xpi_fn(char *relpath, char *basedir, char *reldir,
+ char *filename, void *arg) {
+ char fullname[FNSIZE];
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "--> %s\n", relpath);
- }
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD, "--> %s\n", relpath);
+ }
- /* extension matching */
- if (extensionsGiven) {
- char *ext = PL_strrchr(relpath, '.');
- if (!ext)
- return 0;
- if (!PL_HashTableLookup(extensions, ext))
- return 0;
- }
- sprintf (fullname, "%s/%s", basedir, relpath);
- JzipAdd(fullname, relpath, zipfile, compression_level);
+ /* extension matching */
+ if (extensionsGiven) {
+ char *ext = PL_strrchr(relpath, '.');
+ if (!ext) return 0;
+ if (!PL_HashTableLookup(extensions, ext)) return 0;
+ }
+ sprintf(fullname, "%s/%s", basedir, relpath);
+ JzipAdd(fullname, relpath, zipfile, compression_level);
- return 0;
+ return 0;
}
-
/*
* m a n i f e s t o _ f n
*
* Called by pointer from manifesto(), once for
* each file within the directory.
*
*/
-static int manifesto_fn
-(char *relpath, char *basedir, char *reldir, char *filename, void *arg)
-{
- int use_js;
+static int manifesto_fn(char *relpath, char *basedir, char *reldir,
+ char *filename, void *arg) {
+ int use_js;
- JAR_Digest dig;
- char fullname [FNSIZE];
+ JAR_Digest dig;
+ char fullname[FNSIZE];
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "--> %s\n", relpath);
- }
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD, "--> %s\n", relpath);
+ }
- /* extension matching */
- if (extensionsGiven) {
- char *ext = PL_strrchr(relpath, '.');
- if (!ext)
- return 0;
- if (!PL_HashTableLookup(extensions, ext))
- return 0;
- }
+ /* extension matching */
+ if (extensionsGiven) {
+ char *ext = PL_strrchr(relpath, '.');
+ if (!ext) return 0;
+ if (!PL_HashTableLookup(extensions, ext)) return 0;
+ }
- sprintf (fullname, "%s/%s", basedir, relpath);
+ sprintf(fullname, "%s/%s", basedir, relpath);
- fprintf (mf, "\n");
+ fprintf(mf, "\n");
- use_js = 0;
+ use_js = 0;
- if (scriptdir && !PORT_Strcmp (scriptdir, reldir))
- use_js++;
+ if (scriptdir && !PORT_Strcmp(scriptdir, reldir)) use_js++;
- /* sign non-.js files inside .arc directories using the javascript magic */
+ /* sign non-.js files inside .arc directories using the javascript magic */
- if ( (PL_strcaserstr(filename, ".js") != filename + strlen(filename) - 3)
- && (PL_strcaserstr(reldir, ".arc") == reldir + strlen(filename) - 4))
- use_js++;
+ if ((PL_strcaserstr(filename, ".js") != filename + strlen(filename) - 3) &&
+ (PL_strcaserstr(reldir, ".arc") == reldir + strlen(filename) - 4))
+ use_js++;
- if (use_js) {
- fprintf (mf, "Name: %s\n", filename);
- fprintf (mf, "Magic: javascript\n");
+ if (use_js) {
+ fprintf(mf, "Name: %s\n", filename);
+ fprintf(mf, "Magic: javascript\n");
- if (optimize == 0)
- fprintf (mf, "javascript.id: %s\n", filename);
+ if (optimize == 0) fprintf(mf, "javascript.id: %s\n", filename);
- if (metafile)
- add_meta (mf, filename);
- } else {
- fprintf (mf, "Name: %s\n", relpath);
- if (metafile)
- add_meta (mf, relpath);
- }
+ if (metafile) add_meta(mf, filename);
+ } else {
+ fprintf(mf, "Name: %s\n", relpath);
+ if (metafile) add_meta(mf, relpath);
+ }
- JAR_digest_file (fullname, &dig);
+ JAR_digest_file(fullname, &dig);
+ if (optimize == 0) {
+ fprintf(mf, "Digest-Algorithms: MD5 SHA1\n");
+ fprintf(mf, "MD5-Digest: %s\n", BTOA_DataToAscii(dig.md5, MD5_LENGTH));
+ }
- if (optimize == 0) {
- fprintf (mf, "Digest-Algorithms: MD5 SHA1\n");
- fprintf (mf, "MD5-Digest: %s\n", BTOA_DataToAscii (dig.md5,
- MD5_LENGTH));
- }
+ fprintf(mf, "SHA1-Digest: %s\n", BTOA_DataToAscii(dig.sha1, SHA1_LENGTH));
- fprintf (mf, "SHA1-Digest: %s\n", BTOA_DataToAscii (dig.sha1, SHA1_LENGTH));
+ if (!use_js) {
+ JzipAdd(fullname, relpath, zipfile, compression_level);
+ }
- if (!use_js) {
- JzipAdd(fullname, relpath, zipfile, compression_level);
- }
-
- return 0;
+ return 0;
}
-
/*
* a d d _ m e t a
*
* Parse the metainfo file, and add any details
* necessary to the manifest file. In most cases you
* should be using the -i option (ie, for SmartUpdate).
*
*/
-static int add_meta (FILE *fp, char *name)
-{
- FILE * met;
- char buf [BUFSIZ];
+static int add_meta(FILE *fp, char *name) {
+ FILE *met;
+ char buf[BUFSIZ];
- int place;
- char *pattern, *meta;
+ int place;
+ char *pattern, *meta;
- int num = 0;
+ int num = 0;
- if ((met = fopen (metafile, "r")) != NULL) {
- while (fgets (buf, BUFSIZ, met)) {
- char *s;
+ if ((met = fopen(metafile, "r")) != NULL) {
+ while (fgets(buf, BUFSIZ, met)) {
+ char *s;
- for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
- ;
- *s = 0;
+ for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
+ ;
+ *s = 0;
- if (*buf == 0)
- continue;
+ if (*buf == 0) continue;
- pattern = buf;
+ pattern = buf;
- /* skip to whitespace */
- for (s = buf; *s && *s != ' ' && *s != '\t'; s++)
- ;
+ /* skip to whitespace */
+ for (s = buf; *s && *s != ' ' && *s != '\t'; s++)
+ ;
- /* terminate pattern */
- if (*s == ' ' || *s == '\t')
- *s++ = 0;
+ /* terminate pattern */
+ if (*s == ' ' || *s == '\t') *s++ = 0;
- /* eat through whitespace */
- while (*s == ' ' || *s == '\t')
- s++;
+ /* eat through whitespace */
+ while (*s == ' ' || *s == '\t') s++;
- meta = s;
+ meta = s;
- /* this will eventually be regexp matching */
+ /* this will eventually be regexp matching */
- place = 0;
- if (!PORT_Strcmp (pattern, name))
- place = 1;
+ place = 0;
+ if (!PORT_Strcmp(pattern, name)) place = 1;
- if (place) {
- num++;
- if (verbosity >= 0) {
- PR_fprintf(outputFD, "[%s] %s\n", name, meta);
- }
- fprintf (fp, "%s\n", meta);
- }
- }
- fclose (met);
- } else {
- PR_fprintf(errorFD, "%s: can't open metafile: %s\n", PROGRAM_NAME,
- metafile);
- errorCount++;
- exit (ERRX);
+ if (place) {
+ num++;
+ if (verbosity >= 0) {
+ PR_fprintf(outputFD, "[%s] %s\n", name, meta);
+ }
+ fprintf(fp, "%s\n", meta);
+ }
}
+ fclose(met);
+ } else {
+ PR_fprintf(errorFD, "%s: can't open metafile: %s\n", PROGRAM_NAME,
+ metafile);
+ errorCount++;
+ exit(ERRX);
+ }
- return num;
+ return num;
}
-
/**********************************************************************
*
* S i g n F i l e
*/
-static int
-SignFile (FILE *outFile, FILE *inFile, CERTCertificate *cert)
-{
- int nb;
- char ibuf[4096], digestdata[32];
- const SECHashObject *hashObj;
- void *hashcx;
- unsigned int len;
+static int SignFile(FILE *outFile, FILE *inFile, CERTCertificate *cert) {
+ int nb;
+ char ibuf[4096], digestdata[32];
+ const SECHashObject *hashObj;
+ void *hashcx;
+ unsigned int len;
- SECItem digest;
- SEC_PKCS7ContentInfo * cinfo;
- SECStatus rv;
+ SECItem digest;
+ SEC_PKCS7ContentInfo *cinfo;
+ SECStatus rv;
- if (outFile == NULL || inFile == NULL || cert == NULL)
- return - 1;
+ if (outFile == NULL || inFile == NULL || cert == NULL) return -1;
- /* XXX probably want to extend interface to allow other hash algorithms */
- hashObj = HASH_GetHashObject(HASH_AlgSHA1);
+ /* XXX probably want to extend interface to allow other hash algorithms */
+ hashObj = HASH_GetHashObject(HASH_AlgSHA1);
- hashcx = (*hashObj->create)();
- if (hashcx == NULL)
- return - 1;
+ hashcx = (*hashObj->create)();
+ if (hashcx == NULL) return -1;
- (*hashObj->begin)(hashcx);
+ (*hashObj->begin)(hashcx);
- for (; ; ) {
- if (feof(inFile))
- break;
- nb = fread(ibuf, 1, sizeof(ibuf), inFile);
- if (nb == 0) {
- if (ferror(inFile)) {
- PORT_SetError(SEC_ERROR_IO);
- (*hashObj->destroy)(hashcx, PR_TRUE);
- return - 1;
- }
- /* eof */
- break;
- }
- (*hashObj->update)(hashcx, (unsigned char *) ibuf, nb);
+ for (;;) {
+ if (feof(inFile)) break;
+ nb = fread(ibuf, 1, sizeof(ibuf), inFile);
+ if (nb == 0) {
+ if (ferror(inFile)) {
+ PORT_SetError(SEC_ERROR_IO);
+ (*hashObj->destroy)(hashcx, PR_TRUE);
+ return -1;
+ }
+ /* eof */
+ break;
}
+ (*hashObj->update)(hashcx, (unsigned char *)ibuf, nb);
+ }
- (*hashObj->end)(hashcx, (unsigned char *) digestdata, &len, 32);
- (*hashObj->destroy)(hashcx, PR_TRUE);
+ (*hashObj->end)(hashcx, (unsigned char *)digestdata, &len, 32);
+ (*hashObj->destroy)(hashcx, PR_TRUE);
- digest.data = (unsigned char *) digestdata;
- digest.len = len;
+ digest.data = (unsigned char *)digestdata;
+ digest.len = len;
- cinfo = SEC_PKCS7CreateSignedData
- (cert, certUsageObjectSigner, NULL,
- SEC_OID_SHA1, &digest, NULL, NULL);
+ cinfo = SEC_PKCS7CreateSignedData(cert, certUsageObjectSigner, NULL,
+ SEC_OID_SHA1, &digest, NULL, NULL);
- if (cinfo == NULL)
- return - 1;
+ if (cinfo == NULL) return -1;
- rv = SEC_PKCS7IncludeCertChain (cinfo, NULL);
+ rv = SEC_PKCS7IncludeCertChain(cinfo, NULL);
+ if (rv != SECSuccess) {
+ SEC_PKCS7DestroyContentInfo(cinfo);
+ return -1;
+ }
+
+ if (no_time == 0) {
+ rv = SEC_PKCS7AddSigningTime(cinfo);
if (rv != SECSuccess) {
- SEC_PKCS7DestroyContentInfo (cinfo);
- return - 1;
+ /* don't check error */
}
+ }
- if (no_time == 0) {
- rv = SEC_PKCS7AddSigningTime (cinfo);
- if (rv != SECSuccess) {
- /* don't check error */
- }
- }
+ rv = SEC_PKCS7Encode(cinfo, SignOut, outFile, NULL, NULL, &pwdata);
- rv = SEC_PKCS7Encode(cinfo, SignOut, outFile, NULL, NULL, &pwdata);
+ SEC_PKCS7DestroyContentInfo(cinfo);
- SEC_PKCS7DestroyContentInfo (cinfo);
+ if (rv != SECSuccess) return -1;
- if (rv != SECSuccess)
- return - 1;
-
- return 0;
+ return 0;
}
-
/*
- * g e n e r a t e _ S F _ f i l e
+ * g e n e r a t e _ S F _ f i l e
*
* From the supplied manifest file, calculates
* digests on the various sections, creating a .SF
* file in the process.
- *
+ *
*/
-static int generate_SF_file (char *manifile, char *who)
-{
- FILE * sf;
- FILE * mf;
- long r1, r2, r3;
- char whofile [FNSIZE];
- char *buf, *name = NULL;
- JAR_Digest dig;
- int line = 0;
+static int generate_SF_file(char *manifile, char *who) {
+ FILE *sf;
+ FILE *mf;
+ long r1, r2, r3;
+ char whofile[FNSIZE];
+ char *buf, *name = NULL;
+ JAR_Digest dig;
+ int line = 0;
- strcpy (whofile, who);
+ strcpy(whofile, who);
- if ((mf = fopen (manifile, "rb")) == NULL) {
- perror (manifile);
- exit (ERRX);
+ if ((mf = fopen(manifile, "rb")) == NULL) {
+ perror(manifile);
+ exit(ERRX);
+ }
+
+ if ((sf = fopen(whofile, "wb")) == NULL) {
+ perror(who);
+ exit(ERRX);
+ }
+
+ buf = (char *)PORT_ZAlloc(BUFSIZ);
+
+ if (buf) name = (char *)PORT_ZAlloc(BUFSIZ);
+
+ if (buf == NULL || name == NULL) out_of_memory();
+
+ fprintf(sf, "Signature-Version: 1.0\n");
+ fprintf(sf, "Created-By: %s\n", CREATOR);
+ fprintf(sf, "Comments: %s\n", BREAKAGE);
+
+ if (fgets(buf, BUFSIZ, mf) == NULL) {
+ PR_fprintf(errorFD, "%s: empty manifest file!\n", PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
+ }
+
+ if (strncmp(buf, "Manifest-Version:", 17)) {
+ PR_fprintf(errorFD, "%s: not a manifest file!\n", PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
+ }
+
+ fseek(mf, 0L, SEEK_SET);
+
+ /* Process blocks of headers, and calculate their hashen */
+
+ while (1) {
+ /* Beginning range */
+ r1 = ftell(mf);
+
+ if (fgets(name, BUFSIZ, mf) == NULL) break;
+
+ line++;
+
+ if (r1 != 0 && strncmp(name, "Name:", 5)) {
+ PR_fprintf(
+ errorFD,
+ "warning: unexpected input in manifest file \"%s\" at line %d:\n",
+ manifile, line);
+ PR_fprintf(errorFD, "%s\n", name);
+ warningCount++;
}
- if ((sf = fopen (whofile, "wb")) == NULL) {
- perror (who);
- exit (ERRX);
+ r2 = r1;
+ while (fgets(buf, BUFSIZ, mf)) {
+ if (*buf == 0 || *buf == '\n' || *buf == '\r') break;
+
+ line++;
+
+ /* Ending range for hashing */
+ r2 = ftell(mf);
}
- buf = (char *) PORT_ZAlloc (BUFSIZ);
+ r3 = ftell(mf);
- if (buf)
- name = (char *) PORT_ZAlloc (BUFSIZ);
-
- if (buf == NULL || name == NULL)
- out_of_memory();
-
- fprintf (sf, "Signature-Version: 1.0\n");
- fprintf (sf, "Created-By: %s\n", CREATOR);
- fprintf (sf, "Comments: %s\n", BREAKAGE);
-
- if (fgets (buf, BUFSIZ, mf) == NULL) {
- PR_fprintf(errorFD, "%s: empty manifest file!\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
+ if (r1) {
+ fprintf(sf, "\n");
+ fprintf(sf, "%s", name);
}
- if (strncmp (buf, "Manifest-Version:", 17)) {
- PR_fprintf(errorFD, "%s: not a manifest file!\n", PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
+ calculate_MD5_range(mf, r1, r2, &dig);
+
+ if (optimize == 0) {
+ fprintf(sf, "Digest-Algorithms: MD5 SHA1\n");
+ fprintf(sf, "MD5-Digest: %s\n", BTOA_DataToAscii(dig.md5, MD5_LENGTH));
}
- fseek (mf, 0L, SEEK_SET);
+ fprintf(sf, "SHA1-Digest: %s\n", BTOA_DataToAscii(dig.sha1, SHA1_LENGTH));
- /* Process blocks of headers, and calculate their hashen */
+ /* restore normalcy after changing offset position */
+ fseek(mf, r3, SEEK_SET);
+ }
- while (1) {
- /* Beginning range */
- r1 = ftell (mf);
+ PORT_Free(buf);
+ PORT_Free(name);
- if (fgets (name, BUFSIZ, mf) == NULL)
- break;
+ fclose(sf);
+ fclose(mf);
- line++;
-
- if (r1 != 0 && strncmp (name, "Name:", 5)) {
- PR_fprintf(errorFD,
- "warning: unexpected input in manifest file \"%s\" at line %d:\n",
- manifile, line);
- PR_fprintf(errorFD, "%s\n", name);
- warningCount++;
- }
-
- r2 = r1;
- while (fgets (buf, BUFSIZ, mf)) {
- if (*buf == 0 || *buf == '\n' || *buf == '\r')
- break;
-
- line++;
-
- /* Ending range for hashing */
- r2 = ftell (mf);
- }
-
- r3 = ftell (mf);
-
- if (r1) {
- fprintf (sf, "\n");
- fprintf (sf, "%s", name);
- }
-
- calculate_MD5_range (mf, r1, r2, &dig);
-
- if (optimize == 0) {
- fprintf (sf, "Digest-Algorithms: MD5 SHA1\n");
- fprintf (sf, "MD5-Digest: %s\n",
- BTOA_DataToAscii (dig.md5, MD5_LENGTH));
- }
-
- fprintf (sf, "SHA1-Digest: %s\n",
- BTOA_DataToAscii (dig.sha1, SHA1_LENGTH));
-
- /* restore normalcy after changing offset position */
- fseek (mf, r3, SEEK_SET);
- }
-
- PORT_Free (buf);
- PORT_Free (name);
-
- fclose (sf);
- fclose (mf);
-
- return 0;
+ return 0;
}
-
/*
* c a l c u l a t e _ M D 5 _ r a n g e
*
* Calculate the MD5 digest on a range of bytes in
* the specified fopen'd file. Returns base64.
*
*/
-static int
-calculate_MD5_range (FILE *fp, long r1, long r2, JAR_Digest *dig)
-{
- int num;
- int range;
- unsigned char *buf;
- SECStatus rv;
+static int calculate_MD5_range(FILE *fp, long r1, long r2, JAR_Digest *dig) {
+ int num;
+ int range;
+ unsigned char *buf;
+ SECStatus rv;
- range = r2 - r1;
+ range = r2 - r1;
- /* position to the beginning of range */
- fseek (fp, r1, SEEK_SET);
+ /* position to the beginning of range */
+ fseek(fp, r1, SEEK_SET);
- buf = (unsigned char *) PORT_ZAlloc (range);
- if (buf == NULL)
- out_of_memory();
+ buf = (unsigned char *)PORT_ZAlloc(range);
+ if (buf == NULL) out_of_memory();
- if ((num = fread (buf, 1, range, fp)) != range) {
- PR_fprintf(errorFD, "%s: expected %d bytes, got %d\n", PROGRAM_NAME,
- range, num);
- errorCount++;
- exit (ERRX);
- }
+ if ((num = fread(buf, 1, range, fp)) != range) {
+ PR_fprintf(errorFD, "%s: expected %d bytes, got %d\n", PROGRAM_NAME, range,
+ num);
+ errorCount++;
+ exit(ERRX);
+ }
- rv = PK11_HashBuf(SEC_OID_MD5, dig->md5, buf, range);
- if (rv == SECSuccess) {
- rv =PK11_HashBuf(SEC_OID_SHA1, dig->sha1, buf, range);
- }
- if (rv != SECSuccess) {
- PR_fprintf(errorFD, "%s: can't generate digest context\n",
- PROGRAM_NAME);
- errorCount++;
- exit (ERRX);
- }
+ rv = PK11_HashBuf(SEC_OID_MD5, dig->md5, buf, range);
+ if (rv == SECSuccess) {
+ rv = PK11_HashBuf(SEC_OID_SHA1, dig->sha1, buf, range);
+ }
+ if (rv != SECSuccess) {
+ PR_fprintf(errorFD, "%s: can't generate digest context\n", PROGRAM_NAME);
+ errorCount++;
+ exit(ERRX);
+ }
- PORT_Free (buf);
+ PORT_Free(buf);
- return 0;
+ return 0;
}
-
-static void SignOut (void *arg, const char *buf, unsigned long len)
-{
- fwrite (buf, len, 1, (FILE * ) arg);
+static void SignOut(void *arg, const char *buf, unsigned long len) {
+ fwrite(buf, len, 1, (FILE *)arg);
}
-
-
« no previous file with comments | « cmd/signtool/list.c ('k') | cmd/signtool/signtool.h » ('j') | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b