1
/* ***** BEGIN LICENSE BLOCK *****
2
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
4
* The contents of this file are subject to the Mozilla Public License Version
5
* 1.1 (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
7
* http://www.mozilla.org/MPL/
9
* Software distributed under the License is distributed on an "AS IS" basis,
10
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11
* for the specific language governing rights and limitations under the
14
* The Original Code is the Netscape security libraries.
16
* The Initial Developer of the Original Code is
17
* Netscape Communications Corporation.
18
* Portions created by the Initial Developer are Copyright (C) 1994-2000
19
* the Initial Developer. All Rights Reserved.
23
* Alternatively, the contents of this file may be used under the terms of
24
* either the GNU General Public License Version 2 or later (the "GPL"), or
25
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26
* in which case the provisions of the GPL or the LGPL are applicable instead
27
* of those above. If you wish to allow use of your version of this file only
28
* under the terms of either the GPL or the LGPL, and not to allow others to
29
* use your version of this file under the terms of the MPL, indicate your
30
* decision by deleting the provisions above and replace them with the notice
31
* and other provisions required by the GPL or the LGPL. If you do not delete
32
* the provisions above, a recipient may use your version of this file under
33
* the terms of any one of the MPL, the GPL or the LGPL.
35
* ***** END LICENSE BLOCK ***** */
40
static int jar_cb(int status, JAR *jar, const char *metafile,
41
char *pathname, char *errortext);
42
static int verify_global (JAR *jar);
44
/*************************************************************************
49
VerifyJar(char *filename)
65
if ((fp = fopen (filename, "r")) == NULL) {
71
JAR_set_callback (JAR_CB_SIGNAL, jar, jar_cb);
74
status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
76
if (status < 0 || jar->valid < 0) {
79
"\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
84
if (status >= JAR_BASE && status <= JAR_BASE_END) {
85
errtext = JAR_get_error (status);
87
errtext = SECU_ErrorString ((int16) PORT_GetError());
90
PR_fprintf(outputFD, " (reported reason: %s)\n\n",
93
/* corrupt files should not have their contents listed */
95
if (status == JAR_ERR_CORRUPT)
99
"entries shown below will have their digests checked only.\n");
103
"archive \"%s\" has passed crypto verification.\n", filename);
105
if (verify_global (jar))
108
PR_fprintf(outputFD, "\n");
109
PR_fprintf(outputFD, "%16s %s\n", "status", "path");
110
PR_fprintf(outputFD, "%16s %s\n", "------------", "-------------------");
112
ctx = JAR_find (jar, NULL, jarTypeMF);
114
while (JAR_find_next (ctx, &it) >= 0) {
115
if (it && it->pathname) {
116
rm_dash_r(TMP_OUTPUT);
117
ret = JAR_verified_extract (jar, it->pathname, TMP_OUTPUT);
118
/* if (ret < 0) printf ("error %d on %s\n", ret, it->pathname); */
122
if (ret == JAR_ERR_PNF)
124
else if (ret == JAR_ERR_HASH)
127
err = "NOT VERIFIED";
129
PR_fprintf(outputFD, "%16s %s\n",
130
ret >= 0 ? "verified" : err, it->pathname);
132
if (ret != 0 && ret != JAR_ERR_PNF && ret != JAR_ERR_HASH)
133
PR_fprintf(outputFD, " (reason: %s)\n",
134
JAR_get_error (ret));
140
if (status < 0 || jar->valid < 0) {
143
"\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
156
/***************************************************************************
158
* v e r i f y _ g l o b a l
161
verify_global (JAR *jar)
166
JAR_Digest * globaldig;
168
unsigned char *md5_digest, *sha1_digest;
169
unsigned int sha1_length, md5_length;
173
ctx = JAR_find (jar, "*", jarTypePhy);
175
while (JAR_find_next (ctx, &it) >= 0) {
176
if (!PORT_Strncmp (it->pathname, "META-INF", 8)) {
177
for (ext = it->pathname; *ext; ext++)
179
while (ext > it->pathname && *ext != '.')
182
if (verbosity >= 0) {
183
if (!PORT_Strcasecmp (ext, ".rsa")) {
184
PR_fprintf(outputFD, "found a RSA signature file: %s\n",
188
if (!PORT_Strcasecmp (ext, ".dsa")) {
189
PR_fprintf(outputFD, "found a DSA signature file: %s\n",
193
if (!PORT_Strcasecmp (ext, ".mf")) {
195
"found a MF master manifest file: %s\n",
200
if (!PORT_Strcasecmp (ext, ".sf")) {
201
if (verbosity >= 0) {
203
"found a SF signature manifest file: %s\n",
207
rm_dash_r(TMP_OUTPUT);
208
if (JAR_extract (jar, it->pathname, TMP_OUTPUT) < 0) {
209
PR_fprintf(errorFD, "%s: error extracting %s\n",
210
PROGRAM_NAME, it->pathname);
219
if ((fp = fopen (TMP_OUTPUT, "rb")) != NULL) {
220
while (fgets (buf, BUFSIZ, fp)) {
223
if (*buf == 0 || *buf == '\n' || *buf == '\r')
226
for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
230
if (!PORT_Strncmp (buf, "MD5-Digest: ", 12)) {
232
ATOB_AsciiToData (buf + 12, &md5_length);
234
if (!PORT_Strncmp (buf, "SHA1-Digest: ", 13)) {
236
ATOB_AsciiToData (buf + 13, &sha1_length);
238
if (!PORT_Strncmp (buf, "SHA-Digest: ", 12)) {
240
ATOB_AsciiToData (buf + 12, &sha1_length);
244
globaldig = jar->globalmeta;
246
if (globaldig && md5_digest && verbosity >= 0) {
248
" md5 digest on global metainfo: %s\n",
249
PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH)
250
? "no match" : "match");
253
if (globaldig && sha1_digest && verbosity >= 0) {
255
" sha digest on global metainfo: %s\n",
256
PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH)
257
? "no match" : "match");
260
if (globaldig == NULL && verbosity >= 0) {
262
"global metadigest is not available, strange.\n");
277
/************************************************************************
282
JarWho(char *filename)
295
CERTCertificate * cert, *prev = NULL;
299
if ((fp = fopen (filename, "r")) == NULL) {
305
status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
307
if (status < 0 || jar->valid < 0) {
309
"NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
312
if (jar->valid < 0 || status != -1) {
315
if (status >= JAR_BASE && status <= JAR_BASE_END) {
316
errtext = JAR_get_error (status);
318
errtext = SECU_ErrorString ((int16) PORT_GetError());
321
PR_fprintf(outputFD, " (reported reason: %s)\n\n", errtext);
325
PR_fprintf(outputFD, "\nSigner information:\n\n");
327
ctx = JAR_find (jar, NULL, jarTypeSign);
329
while (JAR_find_next (ctx, &it) >= 0) {
330
fing = (JAR_Cert * ) it->data;
338
PR_fprintf(outputFD, "nickname: %s\n", cert->nickname);
339
if (cert->subjectName)
340
PR_fprintf(outputFD, "subject name: %s\n",
342
if (cert->issuerName)
343
PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName);
345
PR_fprintf(outputFD, "no certificate could be found\n");
359
/************************************************************************
362
static int jar_cb(int status, JAR *jar, const char *metafile,
363
char *pathname, char *errortext)
365
PR_fprintf(errorFD, "error %d: %s IN FILE %s\n", status, errortext,