Back to index

lightning-sunbird  0.9+nobinonly
Defines | Functions | Variables
signtool.h File Reference
#include <stdio.h>
#include <string.h>
#include <errno.h>
#include "prprf.h"
#include "prio.h"
#include "secutil.h"
#include "ocsp.h"
#include "jar.h"
#include "jarfile.h"
#include "secpkcs7.h"
#include "pk11func.h"
#include "secmod.h"
#include "secmodi.h"
#include "plhash.h"
#include "nss.h"
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Defines

#define DJN_TEST
#define JAR_BASE_END   JAR_BASE + 100
#define ERRX   (-1) /* the exit code used on failure */
#define FNSIZE   256 /* the maximum length for filenames */
#define MAX_RSA_KEY_SIZE   4096
#define DEFAULT_RSA_KEY_SIZE   1024
#define MANIFEST   "manifest.mf"
#define DEFAULT_X509_BASENAME   "x509"
#define DEFAULT_COMMON_NAME   "Signtool " NSS_VERSION " Testing Certificate"
#define CREATOR   "Signtool (signtool " NSS_VERSION ")"
#define BREAKAGE   "PLEASE DO NOT EDIT THIS FILE. YOU WILL BREAK IT."
#define MIN_COMPRESSION_LEVEL   (-1)
#define MAX_COMPRESSION_LEVEL   9
#define DEFAULT_COMPRESSION_LEVEL   (-1) /* zlib understands this to be default*/
#define STDIN_BUF_SIZE   160
#define PROGRAM_NAME   "signtool"
#define LONG_PROGRAM_NAME   "Signing Tool"
#define DEFAULT_BASE_NAME   "zigbert"
#define TMP_OUTPUT   "signtool.tmp"
#define XPI_TEXT   "Creating XPI Compatible Archive"

Functions

int GenerateCert (char *nickname, int keysize, char *token)
int ListCerts (char *key, int list_certs)
int VerifyJar (char *filename)
int SignArchive (char *tree, char *keyName, char *zip_file, int javascript, char *meta_file, char *install_script, int _optimize, PRBool recurse)
int SignAllArc (char *jartree, char *keyName, int javascript, char *metafile, char *install_script, int optimize, PRBool recurse)
int InlineJavaScript (char *dir, PRBool recurse)
int JarWho (char *filename)
void JarListModules (void)
CERTCertDBHandle * OpenCertDB (PRBool readOnly)
int RemoveAllArc (char *tree)
void VerifyCertDir (char *dir, char *keyName)
int InitCrypto (char *cert_dir, PRBool readOnly)
int foreach (char *dirname, char *prefix, int(*fn)(char *filename, char *dirname, char *basedir, char *base, void *arg), PRBool recurse, PRBool includeDirs, void *arg)
void print_error (int i)
void give_help (int status)
const char * secErrorString (long code)
void displayVerifyLog (CERTVerifyLog *log)
void usage (void)
char * chop (char *)
void out_of_memory (void)
void FatalError (char *msg)
char * get_default_cert_dir (void)
SECItem * password_hardcode (void *arg, void *handle)
char * pk11_password_hardcode (PK11SlotInfo *slot, PRBool retry, void *arg)
int rm_dash_r (char *path)
char * pr_fgets (char *buf, int size, PRFileDesc *file)

Variables

char * password
PLHashTableexcludeDirs
int no_time
int xpi_arc
char * base
longmozilla_event_queue
char * progName
PLHashTableextensions
PRBool extensionsGiven
char * scriptdir
int compression_level
PRFileDescoutputFD
PRFileDescerrorFD
int verbosity
int errorCount
int warningCount

Define Documentation

#define BREAKAGE   "PLEASE DO NOT EDIT THIS FILE. YOU WILL BREAK IT."

Definition at line 75 of file signtool.h.

#define CREATOR   "Signtool (signtool " NSS_VERSION ")"

Definition at line 74 of file signtool.h.

#define DEFAULT_BASE_NAME   "zigbert"

Definition at line 82 of file signtool.h.

#define DEFAULT_COMMON_NAME   "Signtool " NSS_VERSION " Testing Certificate"

Definition at line 73 of file signtool.h.

#define DEFAULT_COMPRESSION_LEVEL   (-1) /* zlib understands this to be default*/

Definition at line 78 of file signtool.h.

Definition at line 70 of file signtool.h.

Definition at line 72 of file signtool.h.

Definition at line 40 of file signtool.h.

#define ERRX   (-1) /* the exit code used on failure */

Definition at line 67 of file signtool.h.

#define FNSIZE   256 /* the maximum length for filenames */

Definition at line 68 of file signtool.h.

Definition at line 66 of file signtool.h.

#define LONG_PROGRAM_NAME   "Signing Tool"

Definition at line 81 of file signtool.h.

#define MANIFEST   "manifest.mf"

Definition at line 71 of file signtool.h.

Definition at line 77 of file signtool.h.

Definition at line 69 of file signtool.h.

Definition at line 76 of file signtool.h.

#define PROGRAM_NAME   "signtool"

Definition at line 80 of file signtool.h.

Definition at line 79 of file signtool.h.

#define TMP_OUTPUT   "signtool.tmp"

Definition at line 83 of file signtool.h.

#define XPI_TEXT   "Creating XPI Compatible Archive"

Definition at line 84 of file signtool.h.


Function Documentation

char* chop ( char *  )

Definition at line 749 of file util.c.

{
    char      *start, *end;

    if (str) {
       start = str;

       /* Nip leading whitespace */
       while (isspace(*start)) {
           start++;
       }

       /* Nip trailing whitespace */
       if (*start) {
           end = start + strlen(start) - 1;
           while (isspace(*end) && end > start) {
              end--;
           }
           *(end + 1) = '\0';
       }

       return start;
    } else {
       return NULL;
    }
}

Here is the caller graph for this function:

void displayVerifyLog ( CERTVerifyLog *  log)

Definition at line 625 of file util.c.

{
    CERTVerifyLogNode        * node;
    CERTCertificate          * cert;
    char      *name;

    if ( !log  || (log->count <= 0) ) {
       return;
    }

    for (node = log->head; node != NULL; node = node->next) {

       if ( !(cert = node->cert) ) {
           continue;
       }

       /* Get a name for this cert */
       if (cert->nickname != NULL) {
           name = cert->nickname;
       } else if (cert->emailAddr && cert->emailAddr[0]) {
           name = cert->emailAddr;
       } else {
           name = cert->subjectName;
       }

       printf( "%s%s:\n", name,
           (node->depth > 0) ? " [Certificate Authority]" : "");

       printf("\t%s\n", secErrorString(node->error));

    }
}

Here is the caller graph for this function:

void FatalError ( char *  msg)

Definition at line 784 of file util.c.

{
    if (!msg) 
       msg = "";

    PR_fprintf(errorFD, "FATAL ERROR: %s\n", msg);
    errorCount++;
    exit(ERRX);
}

Here is the caller graph for this function:

int foreach ( char *  dirname,
char *  prefix,
int(*)(char *filename, char *dirname, char *basedir, char *base, void *arg fn,
PRBool  recurse,
PRBool  includeDirs,
void arg 
)
int GenerateCert ( char *  nickname,
int  keysize,
char *  token 
)

Definition at line 70 of file certgen.c.

{
    CERTCertDBHandle * db;
    CERTCertificate * cert;
    char      *subject;
    unsigned long    serial;
    char      stdinbuf[160];

    /* Print warning about having the browser open */
    PR_fprintf(PR_STDOUT /*always go to console*/,
        "\nWARNING: Performing this operation while the browser is running could cause"
        "\ncorruption of your security databases. If the browser is currently running,"
        "\nyou should exit the browser before continuing this operation. Enter "
        "\n\"y\" to continue, or anything else to abort: ");
    pr_fgets(stdinbuf, 160, PR_STDIN);
    PR_fprintf(PR_STDOUT, "\n");
    if (tolower(stdinbuf[0]) != 'y') {
       PR_fprintf(errorFD, "Operation aborted at user's request.\n");
       errorCount++;
       return - 1;
    }

    db = CERT_GetDefaultCertDB();
    if (!db) {
       FatalError("Unable to open certificate database");
    }

    if (PK11_FindCertFromNickname(nickname, NULL)) {
       PR_fprintf(errorFD,
           "ERROR: Certificate with nickname \"%s\" already exists in database. You\n"
           "must choose a different nickname.\n", nickname);
       errorCount++;
       exit(ERRX);
    }

    LL_L2UI(serial, PR_Now());

    subject = GetSubjectFromUser(serial);

    cert = GenerateSelfSignedObjectSigningCert(nickname, db, subject,
                     serial, keysize, token);

    if (cert) {
       output_ca_cert(cert, db);
       CERT_DestroyCertificate(cert);
    }

    PORT_Free(subject);
    return 0;
}

Definition at line 889 of file util.c.

{
    char      *home;

    char      *cd = NULL;
    static char      db [FNSIZE];

#ifdef XP_UNIX
    home = getenv ("HOME");

    if (home && *home) {
       sprintf (db, "%s/.netscape", home);
       cd = db;
    }
#endif

#ifdef XP_PC
    FILE * fp;

    /* first check the environment override */

    home = getenv ("JAR_HOME");

    if (home && *home) {
       sprintf (db, "%s/cert7.db", home);

       if ((fp = fopen (db, "r")) != NULL) {
           fclose (fp);
           cd = home;
       }
    }

    /* try the old navigator directory */

    if (cd == NULL) {
       home = "c:/Program Files/Netscape/Navigator";

       sprintf (db, "%s/cert7.db", home);

       if ((fp = fopen (db, "r")) != NULL) {
           fclose (fp);
           cd = home;
       }
    }

    /* Try the current directory, I wonder if this
     is really a good idea. Remember, Windows only.. */

    if (cd == NULL) {
       home = ".";

       sprintf (db, "%s/cert7.db", home);

       if ((fp = fopen (db, "r")) != NULL) {
           fclose (fp);
           cd = home;
       }
    }

#endif

    if (!cd) {
       PR_fprintf(errorFD,
           "You must specify the location of your certificate directory\n");
       PR_fprintf(errorFD,
           "with the -d option. Example: -d ~/.netscape in many cases with Unix.\n");
       errorCount++;
       exit (ERRX);
    }

    return cd;
}

Here is the caller graph for this function:

void give_help ( int  status)

Definition at line 966 of file util.c.

{
    if (status == SEC_ERROR_UNKNOWN_ISSUER) {
       PR_fprintf(errorFD,
           "The Certificate Authority (CA) for this certificate\n");
       PR_fprintf(errorFD,
           "does not appear to be in your database. You should contact\n");
       PR_fprintf(errorFD,
           "the organization which issued this certificate to obtain\n");
       PR_fprintf(errorFD, "a copy of its CA Certificate.\n");
    }
}

Here is the caller graph for this function:

int InitCrypto ( char *  cert_dir,
PRBool  readOnly 
)

Definition at line 800 of file util.c.

{
    SECStatus rv;
    static int       prior = 0;
    PK11SlotInfo * slotinfo;

    if (prior == 0) {
       /* some functions such as OpenKeyDB expect this path to be
        * implicitly set prior to calling */
       if (readOnly) {
           rv = NSS_Init(cert_dir);
       } else {
           rv = NSS_InitReadWrite(cert_dir);
       }
       if (rv != SECSuccess) {
           SECU_PrintPRandOSError(PROGRAM_NAME);
           exit(-1);
       }

       SECU_ConfigDirectory (cert_dir);

       /* Been there done that */
       prior++;

       if (password) {
           PK11_SetPasswordFunc(pk11_password_hardcode);
       } else {
           PK11_SetPasswordFunc(SECU_GetModulePassword);
       }

       /* Must login to FIPS before you do anything else */
       if (PK11_IsFIPS()) {
           slotinfo = PK11_GetInternalSlot();
           if (!slotinfo) {
              fprintf(stderr, "%s: Unable to get PKCS #11 Internal Slot."
                                "\n", PROGRAM_NAME);
              return - 1;
           }
           if (PK11_Authenticate(slotinfo, PR_FALSE /*loadCerts*/,
                                     NULL /*wincx*/) != SECSuccess) {
              fprintf(stderr, "%s: Unable to authenticate to %s.\n",
                                PROGRAM_NAME, PK11_GetSlotName(slotinfo));
              PK11_FreeSlot(slotinfo);
              return - 1;
           }
           PK11_FreeSlot(slotinfo);
       }

       /* Make sure there is a password set on the internal key slot */
       slotinfo = PK11_GetInternalKeySlot();
       if (!slotinfo) {
           fprintf(stderr, "%s: Unable to get PKCS #11 Internal Key Slot."
               "\n", PROGRAM_NAME);
           return - 1;
       }
       if (PK11_NeedUserInit(slotinfo)) {
           PR_fprintf(errorFD,
               "\nWARNING: No password set on internal key database.  Most operations will fail."
               "\nYou must create a password.\n");
           warningCount++;
       }

       /* Make sure we can authenticate to the key slot in FIPS mode */
       if (PK11_IsFIPS()) {
           if (PK11_Authenticate(slotinfo, PR_FALSE /*loadCerts*/,
                                     NULL /*wincx*/) != SECSuccess) {
              fprintf(stderr, "%s: Unable to authenticate to %s.\n",
                            PROGRAM_NAME, PK11_GetSlotName(slotinfo));
              PK11_FreeSlot(slotinfo);
              return - 1;
           }
       }
       PK11_FreeSlot(slotinfo);
    }

    return 0;
}

Here is the caller graph for this function:

int InlineJavaScript ( char *  dir,
PRBool  recurse 
)

Definition at line 92 of file javascript.c.

{
    jartree = dir;
    if (verbosity >= 0) {
       PR_fprintf(outputFD, "\nGenerating inline signatures from HTML files in: %s\n",
            dir);
    }
    if (PR_GetEnv("SIGNTOOL_DUMP_PARSE")) {
       dumpParse = PR_TRUE;
    }

    return foreach(dir, "", javascript_fn, recurse, PR_FALSE /*include dirs*/,
                     (void * )NULL);

}

Definition at line 668 of file util.c.

{
    int       i;
    int       count = 0;

    SECMODModuleList * modules = NULL;
    static SECMODListLock *moduleLock = NULL;

    SECMODModuleList * mlp;

    modules = SECMOD_GetDefaultModuleList();

    if (modules == NULL) {
       PR_fprintf(errorFD, "%s: Can't get module list\n", PROGRAM_NAME);
       errorCount++;
       exit (ERRX);
    }

    if ((moduleLock = SECMOD_NewListLock()) == NULL) {
       /* this is the wrong text */
       PR_fprintf(errorFD, "%s: unable to acquire lock on module list\n",
                     PROGRAM_NAME);
       errorCount++;
       exit (ERRX);
    }

    SECMOD_GetReadLock (moduleLock);

    PR_fprintf(outputFD, "\nListing of PKCS11 modules\n");
    PR_fprintf(outputFD, "-----------------------------------------------\n");

    for (mlp = modules; mlp != NULL; mlp = mlp->next) {
       count++;
       PR_fprintf(outputFD, "%3d. %s\n", count, mlp->module->commonName);

       if (mlp->module->internal)
           PR_fprintf(outputFD, "          (this module is internally loaded)\n");
       else
           PR_fprintf(outputFD, "          (this is an external module)\n");

       if (mlp->module->dllName)
           PR_fprintf(outputFD, "          DLL name: %s\n",
               mlp->module->dllName);

       if (mlp->module->slotCount == 0)
           PR_fprintf(outputFD, "          slots: There are no slots attached to this module\n");
       else
           PR_fprintf(outputFD, "          slots: %d slots attached\n",
                mlp->module->slotCount);

       if (mlp->module->loaded == 0)
           PR_fprintf(outputFD, "          status: Not loaded\n");
       else
           PR_fprintf(outputFD, "          status: loaded\n");

       for (i = 0; i < mlp->module->slotCount; i++) {
           PK11SlotInfo * slot = mlp->module->slots[i];

           PR_fprintf(outputFD, "\n");
           PR_fprintf(outputFD, "    slot: %s\n", PK11_GetSlotName(slot));
           PR_fprintf(outputFD, "   token: %s\n", PK11_GetTokenName(slot));
       }
    }

    PR_fprintf(outputFD, "-----------------------------------------------\n");

    if (count == 0)
       PR_fprintf(outputFD,
           "Warning: no modules were found (should have at least one)\n");

    SECMOD_ReleaseReadLock (moduleLock);
}

Here is the caller graph for this function:

int JarWho ( char *  filename)

Definition at line 282 of file verify.c.

{
    FILE * fp;

    JAR * jar;
    JAR_Context * ctx;

    int       status;
    int       retval = 0;

    JAR_Item * it;
    JAR_Cert * fing;

    CERTCertificate * cert, *prev = NULL;

    jar = JAR_new();

    if ((fp = fopen (filename, "r")) == NULL) {
       perror (filename);
       exit (ERRX);
    } 
    fclose (fp);

    status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");

    if (status < 0 || jar->valid < 0) {
       PR_fprintf(outputFD,
           "NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
            filename);
       retval = -1;
       if (jar->valid < 0 || status != -1) {
           char      *errtext;

           if (status >= JAR_BASE && status <= JAR_BASE_END) {
              errtext = JAR_get_error (status);
           } else {
              errtext = SECU_ErrorString ((int16) PORT_GetError());
           }

           PR_fprintf(outputFD, "  (reported reason: %s)\n\n", errtext);
       }
    }

    PR_fprintf(outputFD, "\nSigner information:\n\n");

    ctx = JAR_find (jar, NULL, jarTypeSign);

    while (JAR_find_next (ctx, &it) >= 0) {
       fing = (JAR_Cert * ) it->data;
       cert = fing->cert;

       if (cert) {
           if (prev == cert)
              break;

           if (cert->nickname)
              PR_fprintf(outputFD, "nickname: %s\n", cert->nickname);
           if (cert->subjectName)
              PR_fprintf(outputFD, "subject name: %s\n",
                   cert->subjectName);
           if (cert->issuerName)
              PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName);
       } else {
           PR_fprintf(outputFD, "no certificate could be found\n");
           retval = -1;
       }

       prev = cert;
    }

    JAR_find_end (ctx);

    JAR_destroy (jar);
    return retval;
}

Here is the caller graph for this function:

int ListCerts ( char *  key,
int  list_certs 
)

Definition at line 50 of file list.c.

{
    int       failed = 0;
    SECStatus rv;
    char      *ugly_list;
    CERTCertDBHandle * db;

    CERTCertificate * cert;
    CERTVerifyLog errlog;

    errlog.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
    if ( errlog.arena == NULL) {
       out_of_memory();
    }
    errlog.head = NULL;
    errlog.tail = NULL;
    errlog.count = 0;

    ugly_list = PORT_ZAlloc (16);

    if (ugly_list == NULL) {
       out_of_memory();
    }

    *ugly_list = 0;

    db = CERT_GetDefaultCertDB();

    if (list_certs == 2) {
       PR_fprintf(outputFD, "\nS Certificates\n");
       PR_fprintf(outputFD, "- ------------\n");
    } else {
       PR_fprintf(outputFD, "\nObject signing certificates\n");
       PR_fprintf(outputFD, "---------------------------------------\n");
    }

    num_trav_certs = 0;

    /* Traverse non-internal DBs */
    rv = PK11_TraverseSlotCerts(cert_trav_callback, (void * )&list_certs,
                     NULL /*wincx*/);

    if (rv) {
       PR_fprintf(outputFD, "**Traverse of non-internal DBs failed**\n");
       return - 1;
    }

    if (num_trav_certs == 0) {
       PR_fprintf(outputFD,
           "You don't appear to have any object signing certificates.\n");
    }

    if (list_certs == 2) {
       PR_fprintf(outputFD, "- ------------\n");
    } else {
       PR_fprintf(outputFD, "---------------------------------------\n");
    }

    if (list_certs == 1) {
       PR_fprintf(outputFD,
           "For a list including CA's, use \"%s -L\"\n", PROGRAM_NAME);
    }

    if (list_certs == 2) {
       PR_fprintf(outputFD,
           "Certificates that can be used to sign objects have *'s to "
           "their left.\n");
    }

    if (key) {
       /* Do an analysis of the given cert */

       cert = PK11_FindCertFromNickname(key, NULL /*wincx*/);

       if (cert) {
           PR_fprintf(outputFD,
               "\nThe certificate with nickname \"%s\" was found:\n",
                                    cert->nickname);
           PR_fprintf(outputFD, "\tsubject name: %s\n", cert->subjectName);
           PR_fprintf(outputFD, "\tissuer name: %s\n", cert->issuerName);

           PR_fprintf(outputFD, "\n");

           rv = CERT_CertTimesValid (cert);
           if (rv != SECSuccess) {
              PR_fprintf(outputFD, "**This certificate is expired**\n");
           } else {
              PR_fprintf(outputFD, "This certificate is not expired.\n");
           }

           rv = CERT_VerifyCert (db, cert, PR_TRUE,
               certUsageObjectSigner, PR_Now(), NULL, &errlog);

           if (rv != SECSuccess) {
              failed = 1;
              if (errlog.count > 0) {
                  PR_fprintf(outputFD,
                      "**Certificate validation failed for the "
                      "following reason(s):**\n");
              } else {
                  PR_fprintf(outputFD, "**Certificate validation failed**");
              }
           } else {
              PR_fprintf(outputFD, "This certificate is valid.\n");
           }
           displayVerifyLog(&errlog);


       } else {
           failed = 1;
           PR_fprintf(outputFD,
               "The certificate with nickname \"%s\" was NOT FOUND\n", key);
       }
    }

    if (errlog.arena != NULL) {
       PORT_FreeArena(errlog.arena, PR_FALSE);
    }

    if (failed) {
       return - 1;
    }
    return 0;
}
CERTCertDBHandle* OpenCertDB ( PRBool  readOnly)

Definition at line 938 of file modutil.c.

SECItem* password_hardcode ( void arg,
void handle 
)

Definition at line 486 of file util.c.

{
    SECItem * pw = NULL;
    if (password) {
       pw = SECITEM_AllocItem(NULL, NULL, PL_strlen(password));
       pw->data = (unsigned char *)PL_strdup(password);
       password = NULL;
    }
    return pw;
}

Here is the caller graph for this function:

char* pk11_password_hardcode ( PK11SlotInfo *  slot,
PRBool  retry,
void arg 
)

Definition at line 499 of file util.c.

{
    char      *pw;
    if (retry) {
       return NULL; /* the password is incorrect, fail */
    }
    pw = password ? PORT_Strdup (password) : NULL;
    /* XXX don't do this, or FIPS won't work */
    /*password = NULL;*/
    return pw;
}

Here is the caller graph for this function:

char* pr_fgets ( char *  buf,
int  size,
PRFileDesc file 
)

Definition at line 987 of file util.c.

{
    int       i;
    int       status;
    char      c;

    i = 0;
    while (i < size - 1) {
       status = PR_Read(file, (void * ) &c, 1);
       if (status == -1) {
           return NULL;
       } else if (status == 0) {
           break;
       }
       buf[i++] = c;
       if (c == '\n') {
           break;
       }
    }
    buf[i] = '\0';

    return buf;
}

Here is the caller graph for this function:

Definition at line 278 of file util.c.

{
    PR_fprintf(errorFD, "Error %d: %s\n", err, JAR_get_error (err));
    errorCount++;
    give_help (err);
}
int RemoveAllArc ( char *  tree)

Definition at line 88 of file util.c.

{
    PRDir * dir;
    PRDirEntry * entry;
    char      *archive = NULL;
    int       retval = 0;

    dir = PR_OpenDir (tree);
    if (!dir) 
       return - 1;

    for (entry = PR_ReadDir (dir, 0); entry; entry = PR_ReadDir (dir,
         0)) {

       if (entry->name[0] == '.') {
           continue;
       }

       if (archive) 
           PR_Free(archive);
       archive = PR_smprintf("%s/%s", tree, entry->name);

       if (PL_strcaserstr (entry->name, ".arc")
            == (entry->name + strlen(entry->name) - 4) ) {

           if (verbosity >= 0) {
              PR_fprintf(outputFD, "removing: %s\n", archive);
           }

           if (rm_dash_r(archive)) {
              PR_fprintf(errorFD, "Error removing %s\n", archive);
              errorCount++;
              retval = -1;
              goto finish;
           }
       } else if (is_dir(archive)) {
           if (RemoveAllArc(archive)) {
              retval = -1;
              goto finish;
           }
       }
    }

finish:
    PR_CloseDir (dir);
    if (archive) 
       PR_Free(archive);

    return retval;
}

Here is the caller graph for this function:

static int rm_dash_r ( char *  path)

Definition at line 845 of file install.c.

{
    PRDir   *dir;
    PRDirEntry *entry;
    PRFileInfo fileinfo;
    char filename[240];

    if(PR_GetFileInfo(path, &fileinfo) != PR_SUCCESS) {
        /*fprintf(stderr, "Error: Unable to access %s\n", filename);*/
        return -1;
    }
    if(fileinfo.type == PR_FILE_DIRECTORY) {

        dir = PR_OpenDir(path);
        if(!dir) {
            return -1;
        }

        /* Recursively delete all entries in the directory */
        while((entry = PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
            sprintf(filename, "%s/%s", path, entry->name);
            if(rm_dash_r(filename)) return -1;
        }

        if(PR_CloseDir(dir) != PR_SUCCESS) {
            return -1;
        }

        /* Delete the directory itself */
        if(PR_RmDir(path) != PR_SUCCESS) {
            return -1;
        }
    } else {
        if(PR_Delete(path) != PR_SUCCESS) {
            return -1;
        }
    }
    return 0;
}

Here is the call graph for this function:

const char* secErrorString ( long  code)

Definition at line 521 of file util.c.

{
    static char      errstring[80]; /* dynamically constructed error string */
    char      *c; /* the returned string */

    switch (code) {
    case SEC_ERROR_IO: 
       c = "io error";
       break;
    case SEC_ERROR_LIBRARY_FAILURE: 
       c = "security library failure";
       break;
    case SEC_ERROR_BAD_DATA: 
       c = "bad data";
       break;
    case SEC_ERROR_OUTPUT_LEN: 
       c = "output length";
       break;
    case SEC_ERROR_INPUT_LEN: 
       c = "input length";
       break;
    case SEC_ERROR_INVALID_ARGS: 
       c = "invalid args";
       break;
    case SEC_ERROR_EXPIRED_CERTIFICATE: 
       c = "expired certificate";
       break;
    case SEC_ERROR_REVOKED_CERTIFICATE: 
       c = "revoked certificate";
       break;
    case SEC_ERROR_INADEQUATE_KEY_USAGE: 
       c = "inadequate key usage";
       break;
    case SEC_ERROR_INADEQUATE_CERT_TYPE: 
       c = "inadequate certificate type";
       break;
    case SEC_ERROR_UNTRUSTED_CERT: 
       c = "untrusted cert";
       break;
    case SEC_ERROR_NO_KRL: 
       c = "no key revocation list";
       break;
    case SEC_ERROR_KRL_BAD_SIGNATURE: 
       c = "key revocation list: bad signature";
       break;
    case SEC_ERROR_KRL_EXPIRED: 
       c = "key revocation list expired";
       break;
    case SEC_ERROR_REVOKED_KEY: 
       c = "revoked key";
       break;
    case SEC_ERROR_CRL_BAD_SIGNATURE:
       c = "certificate revocation list: bad signature";
       break;
    case SEC_ERROR_CRL_EXPIRED: 
       c = "certificate revocation list expired";
       break;
    case SEC_ERROR_CRL_NOT_YET_VALID:
       c = "certificate revocation list not yet valid";
       break;
    case SEC_ERROR_UNKNOWN_ISSUER: 
       c = "unknown issuer";
       break;
    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: 
       c = "expired issuer certificate";
       break;
    case SEC_ERROR_BAD_SIGNATURE: 
       c = "bad signature";
       break;
    case SEC_ERROR_BAD_KEY: 
       c = "bad key";
       break;
    case SEC_ERROR_NOT_FORTEZZA_ISSUER: 
       c = "not fortezza issuer";
       break;
    case SEC_ERROR_CA_CERT_INVALID:
       c = "Certificate Authority certificate invalid";
       break;
    case SEC_ERROR_EXTENSION_NOT_FOUND: 
       c = "extension not found";
       break;
    case SEC_ERROR_CERT_NOT_IN_NAME_SPACE: 
       c = "certificate not in name space";
       break;
    case SEC_ERROR_UNTRUSTED_ISSUER: 
       c = "untrusted issuer";
       break;
    default:
       sprintf(errstring, "security error %ld", code);
       c = errstring;
       break;
    }

    return c;
}

Here is the caller graph for this function:

int SignAllArc ( char *  jartree,
char *  keyName,
int  javascript,
char *  metafile,
char *  install_script,
int  optimize,
PRBool  recurse 
)

Definition at line 176 of file sign.c.

{
    SignArcInfo info;

    info.keyName = keyName;
    info.javascript = javascript;
    info.metafile = metafile;
    info.install_script = install_script;
    info.optimize = optimize;

    return foreach(jartree, "", sign_all_arc_fn, recurse,
        PR_TRUE /*include dirs*/, (void * )&info);
}
int SignArchive ( char *  tree,
char *  keyName,
char *  zip_file,
int  javascript,
char *  meta_file,
char *  install_script,
int  _optimize,
PRBool  recurse 
)

Definition at line 72 of file sign.c.

{
    int       status;
    char      tempfn [FNSIZE], fullfn [FNSIZE];
    int       keyType = rsaKey;

    metafile = meta_file;
    optimize = _optimize;

    /* To create XPI compatible Archive manifesto() must be run before 
     * the zipfile is opened. This is so the signed files are not added
     * the archive before the crucial rsa/dsa file*/
    if (xpi_arc) {
       manifesto (tree, install_script, recurse);
    }

    if (zip_file) {
       zipfile = JzipOpen(zip_file, NULL /*no comment*/);
    }

    /*Sign and add files to the archive normally with manifesto()*/
    if (!xpi_arc) {
       manifesto (tree, install_script, recurse);
    }

    if (keyName) {
       status = create_pk7 (tree, keyName, &keyType);
       if (status < 0) {
           PR_fprintf(errorFD, "the tree \"%s\" was NOT SUCCESSFULLY SIGNED\n",
                tree);
           errorCount++;
           exit (ERRX);
       }
    }

    /* Add the rsa/dsa file as the first file in the archive. This is crucial
     * for a XPInstall compatible archive */
    if (xpi_arc) {
       if (verbosity >= 0) {
           PR_fprintf(outputFD, "%s \n", XPI_TEXT);
       }

       /* rsa/dsa to zip */
       sprintf (tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ?
           "dsa" : "rsa"));
       sprintf (fullfn, "%s/%s", tree, tempfn);
       JzipAdd(fullfn, tempfn, zipfile, compression_level);

       /* Loop through all files & subdirectories, add to archive */
       foreach (tree, "", manifesto_xpi_fn, recurse, PR_FALSE /*include dirs */,
                     (void * )NULL);
    }
    /* mf to zip */
    strcpy (tempfn, "META-INF/manifest.mf");
    sprintf (fullfn, "%s/%s", tree, tempfn);
    JzipAdd(fullfn, tempfn, zipfile, compression_level);

    /* sf to zip */
    sprintf (tempfn, "META-INF/%s.sf", base);
    sprintf (fullfn, "%s/%s", tree, tempfn);
    JzipAdd(fullfn, tempfn, zipfile, compression_level);

    /* Add the rsa/dsa file to the zip archive normally */
    if (!xpi_arc) {
       /* rsa/dsa to zip */
       sprintf (tempfn, "META-INF/%s.%s", base, (keyType == dsaKey ?
           "dsa" : "rsa"));
       sprintf (fullfn, "%s/%s", tree, tempfn);
       JzipAdd(fullfn, tempfn, zipfile, compression_level);
    }

    JzipClose(zipfile);

    if (verbosity >= 0) {
       if (javascript) {
           PR_fprintf(outputFD, "jarfile \"%s\" signed successfully\n",
                                          zip_file);
       } else {
           PR_fprintf(outputFD, "tree \"%s\" signed successfully\n",
                tree);
       }
    }

    return 0;
}
void usage ( void  )

Definition at line 53 of file UniversalChardetTest.cpp.

             {
   printf("Usage: DetectFile blocksize\n"
        "    blocksize: 1 ~ %ld\n"
          "  Data are passed in from STDIN\n"
          ,  MAXBSIZE);
}
void VerifyCertDir ( char *  dir,
char *  keyName 
)

Definition at line 309 of file util.c.

{
    char      fn [FNSIZE];

    /* don't try verifying if we don't have a local directory */
    if (strncmp(dir, "multiaccess:", sizeof("multiaccess:") - 1) == 0) {
       return;
    }

    /* This code is really broken because it makes underlying assumptions about
   * how the NSS profile directory is laid out, but these names can change
   * from release to release. */
    sprintf (fn, "%s/cert8.db", dir);

    if (PR_Access (fn, PR_ACCESS_EXISTS)) {
       PR_fprintf(errorFD, "%s: No certificate database in \"%s\"\n",
                      PROGRAM_NAME, dir);
       PR_fprintf(errorFD, "%s: Check the -d arguments that you gave\n",
                     PROGRAM_NAME);
       errorCount++;
       exit (ERRX);
    }

    if (verbosity >= 0) {
       PR_fprintf(outputFD, "using certificate directory: %s\n", dir);
    }

    if (keyName == NULL)
       return;

    /* if the user gave the -k key argument, verify that 
     a key database already exists */

    sprintf (fn, "%s/key3.db", dir);

    if (PR_Access (fn, PR_ACCESS_EXISTS)) {
       PR_fprintf(errorFD, "%s: No private key database in \"%s\"\n",
            PROGRAM_NAME,
           dir);
       PR_fprintf(errorFD, "%s: Check the -d arguments that you gave\n",
                     PROGRAM_NAME);
       errorCount++;
       exit (ERRX);
    }
}

Here is the caller graph for this function:

int VerifyJar ( char *  filename)

Definition at line 49 of file verify.c.

{
    FILE * fp;

    int       ret;
    int       status;
    int       failed = 0;
    char      *err;

    JAR * jar;
    JAR_Context * ctx;

    JAR_Item * it;

    jar = JAR_new();

    if ((fp = fopen (filename, "r")) == NULL) {
       perror (filename);
       exit (ERRX);
    } else
       fclose (fp);

    JAR_set_callback (JAR_CB_SIGNAL, jar, jar_cb);


    status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");

    if (status < 0 || jar->valid < 0) {
       failed = 1;
       PR_fprintf(outputFD, 
           "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
            filename);
       if (status < 0) {
           char      *errtext;

           if (status >= JAR_BASE && status <= JAR_BASE_END) {
              errtext = JAR_get_error (status);
           } else {
              errtext = SECU_ErrorString ((int16) PORT_GetError());
           }

           PR_fprintf(outputFD, "  (reported reason: %s)\n\n",
                errtext);

           /* corrupt files should not have their contents listed */

           if (status == JAR_ERR_CORRUPT)
              return - 1;
       }
       PR_fprintf(outputFD,
           "entries shown below will have their digests checked only.\n");
       jar->valid = 0;
    } else
       PR_fprintf(outputFD,
           "archive \"%s\" has passed crypto verification.\n", filename);

    if (verify_global (jar))
       failed = 1;

    PR_fprintf(outputFD, "\n");
    PR_fprintf(outputFD, "%16s   %s\n", "status", "path");
    PR_fprintf(outputFD, "%16s   %s\n", "------------", "-------------------");

    ctx = JAR_find (jar, NULL, jarTypeMF);

    while (JAR_find_next (ctx, &it) >= 0) {
       if (it && it->pathname) {
           rm_dash_r(TMP_OUTPUT);
           ret = JAR_verified_extract (jar, it->pathname, TMP_OUTPUT);
           /* if (ret < 0) printf ("error %d on %s\n", ret, it->pathname); */
           if (ret < 0) 
              failed = 1;

           if (ret == JAR_ERR_PNF)
              err = "NOT PRESENT";
           else if (ret == JAR_ERR_HASH)
              err = "HASH FAILED";
           else
              err = "NOT VERIFIED";

           PR_fprintf(outputFD, "%16s   %s\n", 
               ret >= 0 ? "verified" : err, it->pathname);

           if (ret != 0 && ret != JAR_ERR_PNF && ret != JAR_ERR_HASH)
              PR_fprintf(outputFD, "      (reason: %s)\n",
                   JAR_get_error (ret));
       }
    }

    JAR_find_end (ctx);

    if (status < 0 || jar->valid < 0) {
       failed = 1;
       PR_fprintf(outputFD,
           "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
            filename);
       give_help (status);
    }

    JAR_destroy (jar);

    if (failed)
       return - 1;
    return 0;
}

Here is the caller graph for this function:


Variable Documentation

char* base

Definition at line 314 of file ldap-standard-tmpl.h.

Definition at line 83 of file signtool.c.

Definition at line 81 of file signtool.c.

Definition at line 79 of file signtool.c.

Definition at line 62 of file signtool.c.

Definition at line 72 of file signtool.c.

Definition at line 73 of file signtool.c.

Definition at line 48 of file util.c.

Definition at line 66 of file signtool.c.

Definition at line 79 of file signtool.c.

char* password

Definition at line 59 of file signtool.c.

char* progName

Definition at line 70 of file blapitest.c.

char* scriptdir

Definition at line 75 of file signtool.c.

Definition at line 65 of file pollable.c.

Definition at line 81 of file signtool.c.

Definition at line 86 of file signtool.c.