RetroZilla/security/nss/cmd/signtool/signtool.c

1109 lines
25 KiB
C
Raw Normal View History

2015-10-21 05:03:22 +02:00
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
/*
* SIGNTOOL
*
* A command line tool to create manifest files
* from a directory hierarchy. It is assumed that
* the tree will be equivalent to what resides
* or will reside in an archive.
*
*
*/
#include "nss.h"
#include "signtool.h"
#include "prmem.h"
#include "prio.h"
/***********************************************************************
* Global Variable Definitions
*/
char *progName; /* argv[0] */
/* password data */
secuPWData pwdata = { PW_NONE, 0 };
/* directories or files to exclude in descent */
PLHashTable *excludeDirs = NULL;
static PRBool exclusionsGiven = PR_FALSE;
/* zatharus is the man who knows no time, dies tragic death */
int no_time = 0;
/* -b basename of .rsa, .sf files */
char *base = DEFAULT_BASE_NAME;
/* Only sign files with this extension */
PLHashTable *extensions = NULL;
PRBool extensionsGiven = PR_FALSE;
char *scriptdir = NULL;
int verbosity = 0;
PRFileDesc *outputFD = NULL, *errorFD = NULL;
int errorCount = 0, warningCount = 0;
int compression_level = DEFAULT_COMPRESSION_LEVEL;
PRBool compression_level_specified = PR_FALSE;
int xpi_arc = 0;
/* Command-line arguments */
static char *genkey = NULL;
static char *verify = NULL;
static char *zipfile = NULL;
static char *cert_dir = NULL;
static int javascript = 0;
static char *jartree = NULL;
static char *keyName = NULL;
static char *metafile = NULL;
static char *install_script = NULL;
static int list_certs = 0;
static int list_modules = 0;
static int optimize = 0;
static int enableOCSP = 0;
static char *tell_who = NULL;
static char *outfile = NULL;
static char *cmdFile = NULL;
static PRBool noRecurse = PR_FALSE;
static PRBool leaveArc = PR_FALSE;
static int keySize = -1;
static char *token = NULL;
typedef enum {
UNKNOWN_OPT,
HELP_OPT,
LONG_HELP_OPT,
BASE_OPT,
COMPRESSION_OPT,
CERT_DIR_OPT,
EXTENSION_OPT,
INSTALL_SCRIPT_OPT,
SCRIPTDIR_OPT,
CERTNAME_OPT,
LIST_OBJSIGN_CERTS_OPT,
LIST_ALL_CERTS_OPT,
METAFILE_OPT,
OPTIMIZE_OPT,
ENABLE_OCSP_OPT,
PASSWORD_OPT,
VERIFY_OPT,
WHO_OPT,
EXCLUDE_OPT,
NO_TIME_OPT,
JAVASCRIPT_OPT,
ZIPFILE_OPT,
GENKEY_OPT,
MODULES_OPT,
NORECURSE_OPT,
SIGNDIR_OPT,
OUTFILE_OPT,
COMMAND_FILE_OPT,
LEAVE_ARC_OPT,
VERBOSITY_OPT,
KEYSIZE_OPT,
TOKEN_OPT,
XPI_ARC_OPT
}
OPT_TYPE;
typedef enum {
DUPLICATE_OPTION_ERR = 0,
OPTION_NEEDS_ARG_ERR
}
Error;
static char *errStrings[] = {
"warning: %s option specified more than once.\n"
"Only last specification will be used.\n",
"ERROR: option \"%s\" requires an argument.\n"
};
static int ProcessOneOpt(OPT_TYPE type, char *arg);
/*********************************************************************
*
* P r o c e s s C o m m a n d F i l e
*/
int
ProcessCommandFile()
{
PRFileDesc * fd;
#define CMD_FILE_BUFSIZE 1024
char buf[CMD_FILE_BUFSIZE];
char *equals;
int linenum = 0;
int retval = -1;
OPT_TYPE type;
fd = PR_Open(cmdFile, PR_RDONLY, 0777);
if (!fd) {
PR_fprintf(errorFD, "ERROR: Unable to open command file %s.\n");
errorCount++;
return - 1;
}
while (pr_fgets(buf, CMD_FILE_BUFSIZE, fd)) {
char *eol;
linenum++;
/* Chop off final newline */
eol = PL_strchr(buf, '\r');
if (!eol) {
eol = PL_strchr(buf, '\n');
}
if (eol)
*eol = '\0';
equals = PL_strchr(buf, '=');
if (!equals) {
continue;
}
*equals = '\0';
equals++;
/* Now buf points to the attribute, and equals points to the value. */
/* This is pretty straightforward, just deal with whatever attribute
* this is */
if (!PL_strcasecmp(buf, "basename")) {
type = BASE_OPT;
} else if (!PL_strcasecmp(buf, "compression")) {
type = COMPRESSION_OPT;
} else if (!PL_strcasecmp(buf, "certdir")) {
type = CERT_DIR_OPT;
} else if (!PL_strcasecmp(buf, "extension")) {
type = EXTENSION_OPT;
} else if (!PL_strcasecmp(buf, "generate")) {
type = GENKEY_OPT;
} else if (!PL_strcasecmp(buf, "installScript")) {
type = INSTALL_SCRIPT_OPT;
} else if (!PL_strcasecmp(buf, "javascriptdir")) {
type = SCRIPTDIR_OPT;
} else if (!PL_strcasecmp(buf, "htmldir")) {
type = JAVASCRIPT_OPT;
if (jartree) {
PR_fprintf(errorFD,
"warning: directory to be signed specified more than once."
" Only last specification will be used.\n");
warningCount++;
PR_Free(jartree);
jartree = NULL;
}
jartree = PL_strdup(equals);
} else if (!PL_strcasecmp(buf, "certname")) {
type = CERTNAME_OPT;
} else if (!PL_strcasecmp(buf, "signdir")) {
type = SIGNDIR_OPT;
} else if (!PL_strcasecmp(buf, "list")) {
type = LIST_OBJSIGN_CERTS_OPT;
} else if (!PL_strcasecmp(buf, "listall")) {
type = LIST_ALL_CERTS_OPT;
} else if (!PL_strcasecmp(buf, "metafile")) {
type = METAFILE_OPT;
} else if (!PL_strcasecmp(buf, "modules")) {
type = MODULES_OPT;
} else if (!PL_strcasecmp(buf, "optimize")) {
type = OPTIMIZE_OPT;
} else if (!PL_strcasecmp(buf, "ocsp")) {
type = ENABLE_OCSP_OPT;
} else if (!PL_strcasecmp(buf, "password")) {
type = PASSWORD_OPT;
} else if (!PL_strcasecmp(buf, "verify")) {
type = VERIFY_OPT;
} else if (!PL_strcasecmp(buf, "who")) {
type = WHO_OPT;
} else if (!PL_strcasecmp(buf, "exclude")) {
type = EXCLUDE_OPT;
} else if (!PL_strcasecmp(buf, "notime")) {
type = NO_TIME_OPT;
} else if (!PL_strcasecmp(buf, "jarfile")) {
type = ZIPFILE_OPT;
} else if (!PL_strcasecmp(buf, "outfile")) {
type = OUTFILE_OPT;
} else if (!PL_strcasecmp(buf, "leavearc")) {
type = LEAVE_ARC_OPT;
} else if (!PL_strcasecmp(buf, "verbosity")) {
type = VERBOSITY_OPT;
} else if (!PL_strcasecmp(buf, "keysize")) {
type = KEYSIZE_OPT;
} else if (!PL_strcasecmp(buf, "token")) {
type = TOKEN_OPT;
} else if (!PL_strcasecmp(buf, "xpi")) {
type = XPI_ARC_OPT;
} else {
PR_fprintf(errorFD,
"warning: unknown attribute \"%s\" in command file, line %d.\n",
buf, linenum);
warningCount++;
type = UNKNOWN_OPT;
}
/* Process the option, whatever it is */
if (type != UNKNOWN_OPT) {
if (ProcessOneOpt(type, equals) == -1) {
goto finish;
}
}
}
retval = 0;
finish:
PR_Close(fd);
return retval;
}
/*********************************************************************
*
* p a r s e _ a r g s
*/
static int
parse_args(int argc, char *argv[])
{
char *opt;
char *arg;
int needsInc = 0;
int i;
OPT_TYPE type;
/* Loop over all arguments */
for (i = 1; i < argc; i++) {
opt = argv[i];
arg = NULL;
if (opt[0] == '-') {
if (opt[1] == '-') {
/* word option */
if (i < argc - 1) {
needsInc = 1;
arg = argv[i+1];
} else {
arg = NULL;
}
if ( !PL_strcasecmp(opt + 2, "norecurse")) {
type = NORECURSE_OPT;
} else if ( !PL_strcasecmp(opt + 2, "leavearc")) {
type = LEAVE_ARC_OPT;
} else if ( !PL_strcasecmp(opt + 2, "verbosity")) {
type = VERBOSITY_OPT;
} else if ( !PL_strcasecmp(opt + 2, "outfile")) {
type = OUTFILE_OPT;
} else if ( !PL_strcasecmp(opt + 2, "keysize")) {
type = KEYSIZE_OPT;
} else if ( !PL_strcasecmp(opt + 2, "token")) {
type = TOKEN_OPT;
} else {
PR_fprintf(errorFD, "warning: unknown option: %s\n",
opt);
warningCount++;
type = UNKNOWN_OPT;
}
} else {
/* char option */
if (opt[2] != '\0') {
arg = opt + 2;
} else if (i < argc - 1) {
needsInc = 1;
arg = argv[i+1];
} else {
arg = NULL;
}
switch (opt[1]) {
case 'b':
type = BASE_OPT;
break;
case 'c':
type = COMPRESSION_OPT;
break;
case 'd':
type = CERT_DIR_OPT;
break;
case 'e':
type = EXTENSION_OPT;
break;
case 'f':
type = COMMAND_FILE_OPT;
break;
case 'h':
type = HELP_OPT;
break;
case 'H':
type = LONG_HELP_OPT;
break;
case 'i':
type = INSTALL_SCRIPT_OPT;
break;
case 'j':
type = SCRIPTDIR_OPT;
break;
case 'k':
type = CERTNAME_OPT;
break;
case 'l':
type = LIST_OBJSIGN_CERTS_OPT;
break;
case 'L':
type = LIST_ALL_CERTS_OPT;
break;
case 'm':
type = METAFILE_OPT;
break;
case 'o':
type = OPTIMIZE_OPT;
break;
case 'O':
type = ENABLE_OCSP_OPT;
break;
case 'p':
type = PASSWORD_OPT;
break;
case 'v':
type = VERIFY_OPT;
break;
case 'w':
type = WHO_OPT;
break;
case 'x':
type = EXCLUDE_OPT;
break;
case 'X':
type = XPI_ARC_OPT;
break;
case 'z':
type = NO_TIME_OPT;
break;
case 'J':
type = JAVASCRIPT_OPT;
break;
case 'Z':
type = ZIPFILE_OPT;
break;
case 'G':
type = GENKEY_OPT;
break;
case 'M':
type = MODULES_OPT;
break;
case 's':
type = KEYSIZE_OPT;
break;
case 't':
type = TOKEN_OPT;
break;
default:
type = UNKNOWN_OPT;
PR_fprintf(errorFD, "warning: unrecognized option: -%c.\n",
opt[1]);
warningCount++;
break;
}
}
} else {
type = UNKNOWN_OPT;
if (i == argc - 1) {
if (jartree) {
PR_fprintf(errorFD,
"warning: directory to be signed specified more than once.\n"
" Only last specification will be used.\n");
warningCount++;
PR_Free(jartree);
jartree = NULL;
}
jartree = PL_strdup(opt);
} else {
PR_fprintf(errorFD, "warning: unrecognized option: %s\n", opt);
warningCount++;
}
}
if (type != UNKNOWN_OPT) {
short ateArg = ProcessOneOpt(type, arg);
if (ateArg == -1) {
/* error */
return - 1;
}
if (ateArg && needsInc) {
i++;
}
}
}
return 0;
}
/*********************************************************************
*
* P r o c e s s O n e O p t
*
* Since options can come from different places (command file, word options,
* char options), this is a central function that is called to deal with
* them no matter where they come from.
*
* type is the type of option.
* arg is the argument to the option, possibly NULL.
* Returns 1 if the argument was eaten, 0 if it wasn't, and -1 for error.
*/
static int
ProcessOneOpt(OPT_TYPE type, char *arg)
{
int ate = 0;
switch (type) {
case HELP_OPT:
Usage();
break;
case LONG_HELP_OPT:
LongUsage();
break;
case BASE_OPT:
if (base) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-b");
warningCount++;
PR_Free(base);
base = NULL;
}
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-b");
errorCount++;
goto loser;
}
base = PL_strdup(arg);
ate = 1;
break;
case COMPRESSION_OPT:
if (compression_level_specified) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-c");
warningCount++;
}
if ( !arg ) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-c");
errorCount++;
goto loser;
}
compression_level = atoi(arg);
compression_level_specified = PR_TRUE;
ate = 1;
break;
case CERT_DIR_OPT:
if (cert_dir) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-d");
warningCount++;
PR_Free(cert_dir);
cert_dir = NULL;
}
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-d");
errorCount++;
goto loser;
}
cert_dir = PL_strdup(arg);
ate = 1;
break;
case EXTENSION_OPT:
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
"extension (-e)");
errorCount++;
goto loser;
}
PL_HashTableAdd(extensions, arg, arg);
extensionsGiven = PR_TRUE;
ate = 1;
break;
case INSTALL_SCRIPT_OPT:
if (install_script) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
"installScript (-i)");
warningCount++;
PR_Free(install_script);
install_script = NULL;
}
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
"installScript (-i)");
errorCount++;
goto loser;
}
install_script = PL_strdup(arg);
ate = 1;
break;
case SCRIPTDIR_OPT:
if (scriptdir) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
"javascriptdir (-j)");
warningCount++;
PR_Free(scriptdir);
scriptdir = NULL;
}
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
"javascriptdir (-j)");
errorCount++;
goto loser;
}
scriptdir = PL_strdup(arg);
ate = 1;
break;
case CERTNAME_OPT:
if (keyName) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
"keyName (-k)");
warningCount++;
PR_Free(keyName);
keyName = NULL;
}
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
"keyName (-k)");
errorCount++;
goto loser;
}
keyName = PL_strdup(arg);
ate = 1;
break;
case LIST_OBJSIGN_CERTS_OPT:
case LIST_ALL_CERTS_OPT:
if (list_certs != 0) {
PR_fprintf(errorFD,
"warning: only one of -l and -L may be specified.\n");
warningCount++;
}
list_certs = (type == LIST_OBJSIGN_CERTS_OPT ? 1 : 2);
break;
case METAFILE_OPT:
if (metafile) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
"metafile (-m)");
warningCount++;
PR_Free(metafile);
metafile = NULL;
}
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
"metafile (-m)");
errorCount++;
goto loser;
}
metafile = PL_strdup(arg);
ate = 1;
break;
case OPTIMIZE_OPT:
optimize = 1;
break;
case ENABLE_OCSP_OPT:
enableOCSP = 1;
break;
case PASSWORD_OPT:
if (pwdata.data) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
"password (-p)");
warningCount++;
PR_Free(pwdata.data);
pwdata.data = NULL;
}
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
"password (-p)");
errorCount++;
goto loser;
}
pwdata.source = PW_PLAINTEXT;
pwdata.data = PL_strdup(arg);
ate = 1;
break;
case VERIFY_OPT:
if (verify) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
"verify (-v)");
warningCount++;
PR_Free(verify);
verify = NULL;
}
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
"verify (-v)");
errorCount++;
goto loser;
}
verify = PL_strdup(arg);
ate = 1;
break;
case WHO_OPT:
if (tell_who) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
"who (-v)");
warningCount++;
PR_Free(tell_who);
tell_who = NULL;
}
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
"who (-w)");
errorCount++;
goto loser;
}
tell_who = PL_strdup(arg);
ate = 1;
break;
case EXCLUDE_OPT:
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
"exclude (-x)");
errorCount++;
goto loser;
}
PL_HashTableAdd(excludeDirs, arg, arg);
exclusionsGiven = PR_TRUE;
ate = 1;
break;
case NO_TIME_OPT:
no_time = 1;
break;
case JAVASCRIPT_OPT:
javascript++;
break;
case ZIPFILE_OPT:
if (zipfile) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
"jarfile (-Z)");
warningCount++;
PR_Free(zipfile);
zipfile = NULL;
}
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
"jarfile (-Z)");
errorCount++;
goto loser;
}
zipfile = PL_strdup(arg);
ate = 1;
break;
case GENKEY_OPT:
if (genkey) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
"generate (-G)");
warningCount++;
PR_Free(zipfile);
zipfile = NULL;
}
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
"generate (-G)");
errorCount++;
goto loser;
}
genkey = PL_strdup(arg);
ate = 1;
break;
case MODULES_OPT:
list_modules++;
break;
case SIGNDIR_OPT:
if (jartree) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
"signdir");
warningCount++;
PR_Free(jartree);
jartree = NULL;
}
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
"signdir");
errorCount++;
goto loser;
}
jartree = PL_strdup(arg);
ate = 1;
break;
case OUTFILE_OPT:
if (outfile) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
"outfile");
warningCount++;
PR_Free(outfile);
outfile = NULL;
}
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
"outfile");
errorCount++;
goto loser;
}
outfile = PL_strdup(arg);
ate = 1;
break;
case COMMAND_FILE_OPT:
if (cmdFile) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR],
"-f");
warningCount++;
PR_Free(cmdFile);
cmdFile = NULL;
}
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
"-f");
errorCount++;
goto loser;
}
cmdFile = PL_strdup(arg);
ate = 1;
break;
case NORECURSE_OPT:
noRecurse = PR_TRUE;
break;
case LEAVE_ARC_OPT:
leaveArc = PR_TRUE;
break;
case VERBOSITY_OPT:
if (!arg) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR],
"--verbosity");
errorCount++;
goto loser;
}
verbosity = atoi(arg);
ate = 1;
break;
case KEYSIZE_OPT:
if ( keySize != -1 ) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-s");
warningCount++;
}
keySize = atoi(arg);
ate = 1;
if ( keySize < 1 || keySize > MAX_RSA_KEY_SIZE ) {
PR_fprintf(errorFD, "Invalid key size: %d.\n", keySize);
errorCount++;
goto loser;
}
break;
case TOKEN_OPT:
if ( token ) {
PR_fprintf(errorFD, errStrings[DUPLICATE_OPTION_ERR], "-t");
PR_Free(token);
token = NULL;
}
if ( !arg ) {
PR_fprintf(errorFD, errStrings[OPTION_NEEDS_ARG_ERR], "-t");
errorCount++;
goto loser;
}
token = PL_strdup(arg);
ate = 1;
break;
case XPI_ARC_OPT:
xpi_arc = 1;
break;
default:
PR_fprintf(errorFD, "warning: unknown option\n");
warningCount++;
break;
}
return ate;
loser:
return - 1;
}
/*********************************************************************
*
* m a i n
*/
int
main(int argc, char *argv[])
{
PRBool readOnly;
int retval = 0;
outputFD = PR_STDOUT;
errorFD = PR_STDERR;
progName = argv[0];
if (argc < 2) {
Usage();
}
excludeDirs = PL_NewHashTable(10, PL_HashString, PL_CompareStrings,
PL_CompareStrings, NULL, NULL);
extensions = PL_NewHashTable(10, PL_HashString, PL_CompareStrings,
PL_CompareStrings, NULL, NULL);
if (parse_args(argc, argv)) {
retval = -1;
goto cleanup;
}
/* Parse the command file if one was given */
if (cmdFile) {
if (ProcessCommandFile()) {
retval = -1;
goto cleanup;
}
}
/* Set up output redirection */
if (outfile) {
if (PR_Access(outfile, PR_ACCESS_EXISTS) == PR_SUCCESS) {
/* delete the file if it is already present */
PR_fprintf(errorFD,
"warning: %s already exists and will be overwritten.\n",
outfile);
warningCount++;
if (PR_Delete(outfile) != PR_SUCCESS) {
PR_fprintf(errorFD, "ERROR: unable to delete %s.\n", outfile);
errorCount++;
exit(ERRX);
}
}
outputFD = PR_Open(outfile,
PR_WRONLY | PR_CREATE_FILE | PR_TRUNCATE, 0777);
if (!outputFD) {
PR_fprintf(errorFD, "ERROR: Unable to create %s.\n",
outfile);
errorCount++;
exit(ERRX);
}
errorFD = outputFD;
}
/* This seems to be a fairly common user error */
if (verify && list_certs > 0) {
PR_fprintf (errorFD, "%s: Can't use -l and -v at the same time\n",
PROGRAM_NAME);
errorCount++;
retval = -1;
goto cleanup;
}
/* -J assumes -Z now */
if (javascript && zipfile) {
PR_fprintf (errorFD, "%s: Can't use -J and -Z at the same time\n",
PROGRAM_NAME);
PR_fprintf (errorFD, "%s: -J option will create the jar files for you\n",
PROGRAM_NAME);
errorCount++;
retval = -1;
goto cleanup;
}
/* -X needs -Z */
if (xpi_arc && !zipfile) {
PR_fprintf (errorFD, "%s: option XPI (-X) requires option jarfile (-Z)\n",
PROGRAM_NAME);
errorCount++;
retval = -1;
goto cleanup;
}
/* Less common mixing of -L with various options */
if (list_certs > 0 &&
(tell_who || zipfile || javascript ||
scriptdir || extensionsGiven || exclusionsGiven || install_script)) {
PR_fprintf(errorFD, "%s: Can't use -l or -L with that option\n",
PROGRAM_NAME);
errorCount++;
retval = -1;
goto cleanup;
}
if (!cert_dir)
cert_dir = get_default_cert_dir();
VerifyCertDir(cert_dir, keyName);
if ( compression_level < MIN_COMPRESSION_LEVEL ||
compression_level > MAX_COMPRESSION_LEVEL) {
PR_fprintf(errorFD, "Compression level must be between %d and %d.\n",
MIN_COMPRESSION_LEVEL, MAX_COMPRESSION_LEVEL);
errorCount++;
retval = -1;
goto cleanup;
}
if (jartree && !keyName) {
PR_fprintf(errorFD, "You must specify a key with which to sign.\n");
errorCount++;
retval = -1;
goto cleanup;
}
readOnly = (genkey == NULL); /* only key generation requires write */
if (InitCrypto(cert_dir, readOnly)) {
PR_fprintf(errorFD, "ERROR: Cryptographic initialization failed.\n");
errorCount++;
retval = -1;
goto cleanup;
}
if (enableOCSP) {
SECStatus rv = CERT_EnableOCSPChecking(CERT_GetDefaultCertDB());
if (rv != SECSuccess) {
PR_fprintf(errorFD, "ERROR: Attempt to enable OCSP Checking failed.\n");
errorCount++;
retval = -1;
}
}
if (verify) {
if (VerifyJar(verify)) {
errorCount++;
retval = -1;
goto cleanup;
}
} else if (list_certs) {
if (ListCerts(keyName, list_certs)) {
errorCount++;
retval = -1;
goto cleanup;
}
} else if (list_modules) {
JarListModules();
} else if (genkey) {
if (GenerateCert(genkey, keySize, token)) {
errorCount++;
retval = -1;
goto cleanup;
}
} else if (tell_who) {
if (JarWho(tell_who)) {
errorCount++;
retval = -1;
goto cleanup;
}
} else if (javascript && jartree) {
/* make sure directory exists */
PRDir * dir;
dir = PR_OpenDir(jartree);
if (!dir) {
PR_fprintf(errorFD, "ERROR: unable to open directory %s.\n",
jartree);
errorCount++;
retval = -1;
goto cleanup;
} else {
PR_CloseDir(dir);
}
/* undo junk from prior runs of signtool*/
if (RemoveAllArc(jartree)) {
PR_fprintf(errorFD, "Error removing archive directories under %s\n",
jartree);
errorCount++;
retval = -1;
goto cleanup;
}
/* traverse all the htm|html files in the directory */
if (InlineJavaScript(jartree, !noRecurse)) {
retval = -1;
goto cleanup;
}
/* sign any resultant .arc directories created in above step */
if (SignAllArc(jartree, keyName, javascript, metafile, install_script,
optimize, !noRecurse)) {
retval = -1;
goto cleanup;
}
if (!leaveArc) {
RemoveAllArc(jartree);
}
if (errorCount > 0 || warningCount > 0) {
PR_fprintf(outputFD, "%d error%s, %d warning%s.\n",
errorCount,
errorCount == 1 ? "" : "s", warningCount, warningCount
== 1 ? "" : "s");
} else {
PR_fprintf(outputFD, "Directory %s signed successfully.\n",
jartree);
}
} else if (jartree) {
SignArchive(jartree, keyName, zipfile, javascript, metafile,
install_script, optimize, !noRecurse);
} else
Usage();
cleanup:
if (extensions) {
PL_HashTableDestroy(extensions);
extensions = NULL;
}
if (excludeDirs) {
PL_HashTableDestroy(excludeDirs);
excludeDirs = NULL;
}
if (outputFD != PR_STDOUT) {
PR_Close(outputFD);
}
rm_dash_r(TMP_OUTPUT);
if (retval == 0) {
if (NSS_Shutdown() != SECSuccess) {
exit(1);
}
}
return retval;
}