1
/* ***** BEGIN LICENSE BLOCK *****
2
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
4
* The contents of this file are subject to the Mozilla Public License Version
5
* 1.1 (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
7
* http://www.mozilla.org/MPL/
9
* Software distributed under the License is distributed on an "AS IS" basis,
10
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11
* for the specific language governing rights and limitations under the
14
* The Original Code is the Netscape security libraries.
16
* The Initial Developer of the Original Code is
17
* Netscape Communications Corporation.
18
* Portions created by the Initial Developer are Copyright (C) 1994-2000
19
* the Initial Developer. All Rights Reserved.
23
* Alternatively, the contents of this file may be used under the terms of
24
* either the GNU General Public License Version 2 or later (the "GPL"), or
25
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26
* in which case the provisions of the GPL or the LGPL are applicable instead
27
* of those above. If you wish to allow use of your version of this file only
28
* under the terms of either the GPL or the LGPL, and not to allow others to
29
* use your version of this file under the terms of the MPL, indicate your
30
* decision by deleting the provisions above and replace them with the notice
31
* and other provisions required by the GPL or the LGPL. If you do not delete
32
* the provisions above, a recipient may use your version of this file under
33
* the terms of any one of the MPL, the GPL or the LGPL.
35
* ***** END LICENSE BLOCK ***** */
40
* JAR functions used by Jartool
43
/* This allows manifest files above 64k to be
44
processed on non-win16 platforms */
49
#include "blapi.h" /* JAR is supposed to be above the line!! */
50
#include "pk11func.h" /* PK11 wrapper funcs are all above the line. */
54
#define CERTDB_USER (1<<6)
57
* S O B _ l i s t _ c e r t s
59
* Return a list of newline separated certificate nicknames
60
* (this function used by the Jartool)
64
static SECStatus jar_list_cert_callback
65
(CERTCertificate *cert, SECItem *k, void *data)
72
ugly_list = (char **) data;
76
name = cert->nickname;
78
trusted = cert->trust->objectSigningFlags & CERTDB_USER;
80
/* Add this name or email to list */
84
*ugly_list = (char*)PORT_Realloc
85
(*ugly_list, PORT_Strlen (*ugly_list) + PORT_Strlen (name) + 2);
90
PORT_Strcat (*ugly_list, "\n");
92
PORT_Strcat (*ugly_list, name);
101
* S O B _ J A R _ l i s t _ c e r t s
103
* Return a linfeed separated ascii list of certificate
104
* nicknames for the Jartool.
108
char *JAR_JAR_list_certs (void)
110
SECStatus status = SECFailure;
111
CERTCertDBHandle *certdb;
113
CERTCertListNode *node;
117
certdb = JAR_open_database();
119
/* a little something */
120
ugly_list = (char*)PORT_ZAlloc (16);
126
certs = PK11_ListCerts(PK11CertListUnique, NULL/* pwarg*/);
129
for (node = CERT_LIST_HEAD(certs); !CERT_LIST_END(node,certs);
130
node = CERT_LIST_NEXT(node))
132
jar_list_cert_callback(node->cert, NULL, (void *)&ugly_list);
134
CERT_DestroyCertList(certs);
139
JAR_close_database (certdb);
141
return (status != SECSuccess) ? NULL : ugly_list;
144
int JAR_JAR_validate_archive (char *filename)
153
status = JAR_pass_archive (jar, jarArchGuess, filename, "");
164
char *JAR_JAR_get_error (int status)
166
return JAR_get_error (status);
170
* S O B _ J A R _ h a s h
172
* Hash algorithm interface for use by the Jartool. Since we really
173
* don't know the private sizes of the context, and Java does need to
174
* know this number, allocate 512 bytes for it.
176
* In april 1997 hashes in this file were changed to call PKCS11,
177
* as FIPS requires that when a smartcard has failed validation,
178
* hashes are not to be performed. But because of the difficulty of
179
* preserving pointer context between calls to the JAR_JAR hashing
180
* functions, the hash routines are called directly, though after
181
* checking to see if hashing is allowed.
185
void *JAR_JAR_new_hash (int alg)
192
/* this is a hack because this whole PORT_ZAlloc stuff looks scary */
194
if (!PK11_HashOK (alg == 1 ? SEC_OID_MD5 : SEC_OID_SHA1))
197
context = PORT_ZAlloc (512);
204
md5 = (MD5Context *) context;
209
sha1 = (SHA1Context *) context;
218
void *JAR_JAR_hash (int alg, void *cookie, int length, void *data)
223
/* this is a hack because this whole PORT_ZAlloc stuff looks scary */
225
if (!PK11_HashOK (alg == 1 ? SEC_OID_MD5 : SEC_OID_SHA1))
233
md5 = (MD5Context *) cookie;
234
MD5_Update (md5, (unsigned char*)data, length);
238
sha1 = (SHA1Context *) cookie;
239
SHA1_Update (sha1, (unsigned char*)data, length);
247
void *JAR_JAR_end_hash (int alg, void *cookie)
256
unsigned int md5_length;
257
unsigned char md5_digest [MD5_LENGTH];
259
unsigned int sha1_length;
260
unsigned char sha1_digest [SHA1_LENGTH];
262
/* this is a hack because this whole PORT_ZAlloc stuff looks scary */
264
if (!PK11_HashOK (alg == 1 ? SEC_OID_MD5 : SEC_OID_SHA1))
271
md5 = (MD5Context *) cookie;
273
MD5_End (md5, md5_digest, &md5_length, MD5_LENGTH);
274
/* MD5_DestroyContext (md5, PR_TRUE); */
283
sha1 = (SHA1Context *) cookie;
285
SHA1_End (sha1, sha1_digest, &sha1_length, SHA1_LENGTH);
286
/* SHA1_DestroyContext (sha1, PR_TRUE); */
289
length = sha1_length;
293
default: return NULL;
296
/* Instead of destroy context, since we created it */
297
/* PORT_Free (cookie); */
299
ascii = BTOA_DataToAscii(data, length);
301
return ascii ? PORT_Strdup (ascii) : NULL;
305
* S O B _ J A R _ s i g n _ a r c h i v e
307
* A simple API to sign a JAR archive.
311
int JAR_JAR_sign_archive
312
(char *nickname, char *password, char *sf, char *outsig)
314
int status = JAR_ERR_GENERAL;
318
CERTCertDBHandle *certdb;
321
CERTCertificate *cert;
323
if (PORT_Strlen (sf) < 5)
325
return JAR_ERR_GENERAL;
328
/* open cert and key databases */
330
certdb = JAR_open_database();
332
return JAR_ERR_GENERAL;
334
keydb = jar_open_key_database();
337
JAR_close_database(certdb);
338
return JAR_ERR_GENERAL;
341
sf_fp = JAR_FOPEN (sf, "rb");
342
out_fp = JAR_FOPEN (outsig, "wb");
344
cert = CERT_FindCertByNickname (certdb, nickname);
346
if (cert && sf_fp && out_fp)
348
status = jar_create_pk7 (certdb, keydb, cert, password, sf_fp, out_fp);
351
/* remove password from prying eyes */
352
PORT_Memset (password, 0, PORT_Strlen (password));
357
JAR_close_database (certdb);
358
jar_close_key_database (keydb);