Back to index

lightning-sunbird  0.9+nobinonly
Functions
verify.c File Reference
#include "signtool.h"

Go to the source code of this file.

Functions

static int jar_cb (int status, JAR *jar, const char *metafile, char *pathname, char *errortext)
static int verify_global (JAR *jar)
int VerifyJar (char *filename)
int JarWho (char *filename)

Function Documentation

static int jar_cb ( int  status,
JAR jar,
const char *  metafile,
char *  pathname,
char *  errortext 
) [static]

Definition at line 362 of file verify.c.

{
    PR_fprintf(errorFD, "error %d: %s IN FILE %s\n", status, errortext,
         pathname);
    errorCount++;
    return 0;
}

Here is the caller graph for this function:

int JarWho ( char *  filename)

Definition at line 282 of file verify.c.

{
    FILE * fp;

    JAR * jar;
    JAR_Context * ctx;

    int       status;
    int       retval = 0;

    JAR_Item * it;
    JAR_Cert * fing;

    CERTCertificate * cert, *prev = NULL;

    jar = JAR_new();

    if ((fp = fopen (filename, "r")) == NULL) {
       perror (filename);
       exit (ERRX);
    } 
    fclose (fp);

    status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");

    if (status < 0 || jar->valid < 0) {
       PR_fprintf(outputFD,
           "NOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
            filename);
       retval = -1;
       if (jar->valid < 0 || status != -1) {
           char      *errtext;

           if (status >= JAR_BASE && status <= JAR_BASE_END) {
              errtext = JAR_get_error (status);
           } else {
              errtext = SECU_ErrorString ((int16) PORT_GetError());
           }

           PR_fprintf(outputFD, "  (reported reason: %s)\n\n", errtext);
       }
    }

    PR_fprintf(outputFD, "\nSigner information:\n\n");

    ctx = JAR_find (jar, NULL, jarTypeSign);

    while (JAR_find_next (ctx, &it) >= 0) {
       fing = (JAR_Cert * ) it->data;
       cert = fing->cert;

       if (cert) {
           if (prev == cert)
              break;

           if (cert->nickname)
              PR_fprintf(outputFD, "nickname: %s\n", cert->nickname);
           if (cert->subjectName)
              PR_fprintf(outputFD, "subject name: %s\n",
                   cert->subjectName);
           if (cert->issuerName)
              PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName);
       } else {
           PR_fprintf(outputFD, "no certificate could be found\n");
           retval = -1;
       }

       prev = cert;
    }

    JAR_find_end (ctx);

    JAR_destroy (jar);
    return retval;
}

Here is the call graph for this function:

Here is the caller graph for this function:

static int verify_global ( JAR jar) [static]

Definition at line 161 of file verify.c.

{
    FILE        * fp;
    JAR_Context * ctx;
    JAR_Item    * it;
    JAR_Digest  * globaldig;
    char      * ext;
    unsigned char *md5_digest, *sha1_digest;
    unsigned int  sha1_length, md5_length;
    int                 retval = 0;
    char        buf [BUFSIZ];

    ctx = JAR_find (jar, "*", jarTypePhy);

    while (JAR_find_next (ctx, &it) >= 0) {
       if (!PORT_Strncmp (it->pathname, "META-INF", 8)) {
           for (ext = it->pathname; *ext; ext++)
              ;
           while (ext > it->pathname && *ext != '.') 
              ext--;

           if (verbosity >= 0) {
              if (!PORT_Strcasecmp (ext, ".rsa")) {
                  PR_fprintf(outputFD, "found a RSA signature file: %s\n",
                                                   it->pathname);
              }

              if (!PORT_Strcasecmp (ext, ".dsa")) {
                  PR_fprintf(outputFD, "found a DSA signature file: %s\n",
                                                   it->pathname);
              }

              if (!PORT_Strcasecmp (ext, ".mf")) {
                  PR_fprintf(outputFD,
                      "found a MF master manifest file: %s\n",
                       it->pathname);
              }
           }

           if (!PORT_Strcasecmp (ext, ".sf")) {
              if (verbosity >= 0) {
                  PR_fprintf(outputFD,
                      "found a SF signature manifest file: %s\n",
                       it->pathname);
              }

              rm_dash_r(TMP_OUTPUT);
              if (JAR_extract (jar, it->pathname, TMP_OUTPUT) < 0) {
                  PR_fprintf(errorFD, "%s: error extracting %s\n",
                       PROGRAM_NAME, it->pathname);
                  errorCount++;
                  retval = -1;
                  continue;
              }

              md5_digest = NULL;
              sha1_digest = NULL;

              if ((fp = fopen (TMP_OUTPUT, "rb")) != NULL) {
                  while (fgets (buf, BUFSIZ, fp)) {
                     char   *s;

                     if (*buf == 0 || *buf == '\n' || *buf == '\r') 
                         break;

                     for (s = buf; *s && *s != '\n' && *s != '\r'; s++)
                         ;
                     *s = 0;

                     if (!PORT_Strncmp (buf, "MD5-Digest: ", 12)) {
                         md5_digest = 
                            ATOB_AsciiToData (buf + 12, &md5_length);
                     }
                     if (!PORT_Strncmp (buf, "SHA1-Digest: ", 13)) {
                         sha1_digest = 
                            ATOB_AsciiToData (buf + 13, &sha1_length);
                     }
                     if (!PORT_Strncmp (buf, "SHA-Digest: ", 12)) {
                         sha1_digest = 
                            ATOB_AsciiToData (buf + 12, &sha1_length);
                     }
                  }

                  globaldig = jar->globalmeta;

                  if (globaldig && md5_digest && verbosity >= 0) {
                     PR_fprintf(outputFD,
                        "  md5 digest on global metainfo: %s\n",
                         PORT_Memcmp(md5_digest, globaldig->md5, MD5_LENGTH)
                         ? "no match" : "match");
                  }

                  if (globaldig && sha1_digest && verbosity >= 0) {
                     PR_fprintf(outputFD,
                         "  sha digest on global metainfo: %s\n",
                         PORT_Memcmp(sha1_digest, globaldig->sha1, SHA1_LENGTH) 
                         ? "no match" : "match");
                  }

                  if (globaldig == NULL && verbosity >= 0) {
                     PR_fprintf(outputFD,
                          "global metadigest is not available, strange.\n");
                  }

                  fclose (fp);
              }
           }
       }
    }

    JAR_find_end (ctx);

    return retval;
}

Here is the call graph for this function:

Here is the caller graph for this function:

int VerifyJar ( char *  filename)

Definition at line 49 of file verify.c.

{
    FILE * fp;

    int       ret;
    int       status;
    int       failed = 0;
    char      *err;

    JAR * jar;
    JAR_Context * ctx;

    JAR_Item * it;

    jar = JAR_new();

    if ((fp = fopen (filename, "r")) == NULL) {
       perror (filename);
       exit (ERRX);
    } else
       fclose (fp);

    JAR_set_callback (JAR_CB_SIGNAL, jar, jar_cb);


    status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");

    if (status < 0 || jar->valid < 0) {
       failed = 1;
       PR_fprintf(outputFD, 
           "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
            filename);
       if (status < 0) {
           char      *errtext;

           if (status >= JAR_BASE && status <= JAR_BASE_END) {
              errtext = JAR_get_error (status);
           } else {
              errtext = SECU_ErrorString ((int16) PORT_GetError());
           }

           PR_fprintf(outputFD, "  (reported reason: %s)\n\n",
                errtext);

           /* corrupt files should not have their contents listed */

           if (status == JAR_ERR_CORRUPT)
              return - 1;
       }
       PR_fprintf(outputFD,
           "entries shown below will have their digests checked only.\n");
       jar->valid = 0;
    } else
       PR_fprintf(outputFD,
           "archive \"%s\" has passed crypto verification.\n", filename);

    if (verify_global (jar))
       failed = 1;

    PR_fprintf(outputFD, "\n");
    PR_fprintf(outputFD, "%16s   %s\n", "status", "path");
    PR_fprintf(outputFD, "%16s   %s\n", "------------", "-------------------");

    ctx = JAR_find (jar, NULL, jarTypeMF);

    while (JAR_find_next (ctx, &it) >= 0) {
       if (it && it->pathname) {
           rm_dash_r(TMP_OUTPUT);
           ret = JAR_verified_extract (jar, it->pathname, TMP_OUTPUT);
           /* if (ret < 0) printf ("error %d on %s\n", ret, it->pathname); */
           if (ret < 0) 
              failed = 1;

           if (ret == JAR_ERR_PNF)
              err = "NOT PRESENT";
           else if (ret == JAR_ERR_HASH)
              err = "HASH FAILED";
           else
              err = "NOT VERIFIED";

           PR_fprintf(outputFD, "%16s   %s\n", 
               ret >= 0 ? "verified" : err, it->pathname);

           if (ret != 0 && ret != JAR_ERR_PNF && ret != JAR_ERR_HASH)
              PR_fprintf(outputFD, "      (reason: %s)\n",
                   JAR_get_error (ret));
       }
    }

    JAR_find_end (ctx);

    if (status < 0 || jar->valid < 0) {
       failed = 1;
       PR_fprintf(outputFD,
           "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n",
            filename);
       give_help (status);
    }

    JAR_destroy (jar);

    if (failed)
       return - 1;
    return 0;
}

Here is the call graph for this function:

Here is the caller graph for this function: