Added signed script support in Mozilla. bug=7270 r=norris (this is mstoltz's checkin)

This commit is contained in:
norris%netscape.com 2000-03-21 04:21:28 +00:00
Родитель 3ea8eb578d
Коммит 537881b1fb
6 изменённых файлов: 242 добавлений и 175 удалений

Просмотреть файл

@ -34,7 +34,6 @@ CPPSRCS = \
nsJARInputStream.cpp \
nsZipArchive.cpp \
nsJAR.cpp \
nsJARStubs.cpp \
nsJARFactory.cpp \
nsWildCard.cpp \
$(NULL)

Просмотреть файл

@ -46,10 +46,10 @@ OBJS=.\$(OBJDIR)\nsZipArchive.obj \
.\$(OBJDIR)\nsJARFactory.obj \
.\$(OBJDIR)\nsJARInputStream.obj \
.\$(OBJDIR)\nsWildCard.obj \
.\$(OBJDIR)\nsJARStubs.obj \
$(NULL)
LINCS= \
-I$(PUBLIC)\security \
-I$(XPDIST)\public\nspr \
-I$(XPDIST)\public\raptor \
-I$(XPDIST)\public\xpcom \

Просмотреть файл

@ -45,6 +45,14 @@ interface nsIZipEntry : nsISupports
[scriptable, uuid(6ff6a966-9632-11d3-8cd9-0060b0fc14a3)]
interface nsIZipReader : nsISupports
{
const short NOT_SIGNED = 0;
const short VALID = 1;
const short INVALID_SIG = 2;
const short INVALID_UNKNOWN_CA = 3;
const short INVALID_MANIFEST = 4;
const short INVALID_ENTRY = 5;
/**
* Initializes a zip reader after construction.
*/
@ -88,14 +96,15 @@ interface nsIZipReader : nsISupports
nsIInputStream getInputStream(in string zipEntry);
/**
* Returns an object describing the owner (origin and/or signer) of
* Returns an object describing the entity which signed
* an entry. parseManifest must be called first. If aEntryName is an
* entry in the jar, getInputStream must be called after parseManifest.
* If aEntryName is an external file which has meta-information
* stored in the jar, verifyExternalFile (not yet implemented) must
* be called before getPrincipal.
*/
nsIPrincipal getPrincipal(in string aEntryName);
void getCertificatePrincipal(in string aEntryName, out nsIPrincipal aPrincipal,
out short result);
};
%{C++

Просмотреть файл

@ -30,6 +30,12 @@
#include "nsJARInputStream.h"
#include "nsJAR.h"
#include "nsXPIDLString.h"
#include "nsIServiceManager.h"
#include "plbase64.h"
#ifndef XP_MAC
#include "nsIPSMComponent.h"
#endif
#ifdef XP_UNIX
#include <sys/stat.h>
@ -90,28 +96,24 @@ ziperr2nsresult(PRInt32 ziperr)
typedef enum
{
JAR_INVALID = 1,
JAR_GLOBAL = 2,
JAR_INTERNAL = 3,
JAR_EXTERNAL = 4
JAR_INTERNAL = 2,
JAR_EXTERNAL = 3
} JARManifestItemType;
// Use this macro to look up global data (from the manifest file header)
#define JAR_GLOBALMETA ""
class nsJARManifestItem
{
public:
JARManifestItemType mType;
// the entity which signed this item
nsIPrincipal* mPrincipal;
nsCOMPtr<nsIPrincipal> mPrincipal;
// True if the second step of verification (VerifyEntryDigests)
// True if the second step of verification (VerifyEntry)
// has taken place:
PRBool step2Complete;
// True unless one or more verification steps failed
PRBool valid;
// Not signed, valid, or failure code
PRInt16 status;
// Internal storage of digests
char* calculatedSectionDigest;
@ -125,9 +127,8 @@ public:
// nsJARManifestItem constructors and destructor
//-------------------------------------------------
nsJARManifestItem::nsJARManifestItem(): mType(JAR_INTERNAL),
mPrincipal(nsnull),
step2Complete(PR_FALSE),
valid(PR_TRUE),
status(nsIZipReader::NOT_SIGNED),
calculatedSectionDigest(nsnull),
storedEntryDigest(nsnull)
{
@ -138,7 +139,6 @@ nsJARManifestItem::~nsJARManifestItem()
// Delete digests if necessary
PR_FREEIF(calculatedSectionDigest);
PR_FREEIF(storedEntryDigest);
NS_IF_RELEASE(mPrincipal);
}
//----------------------------------------------
@ -154,15 +154,13 @@ DeleteManifestEntry(nsHashKey* aKey, void* aData, void* closure)
// The following initialization makes a guess of 25 entries per jarfile.
nsJAR::nsJAR(): mManifestData(nsnull, nsnull, DeleteManifestEntry, nsnull, 25),
step1Complete(PR_FALSE),
mVerificationService(nsnull)
step1Complete(PR_FALSE)
{
NS_INIT_REFCNT();
}
nsJAR::~nsJAR()
{
NS_IF_RELEASE(mVerificationService);
}
NS_IMPL_ISUPPORTS1(nsJAR, nsIZipReader);
@ -288,128 +286,127 @@ nsJAR::GetInputStream(const char *aFilename, nsIInputStream **result)
NS_IMETHODIMP
nsJAR::ParseManifest()
{
PRInt32 extension; // early declaration required on some platforms due to use of goto
#ifdef XP_MAC
return NS_OK;
#else
//-- Verification Step 1
if (step1Complete || !SupportsRSAVerification())
if (step1Complete)
return NS_OK;
nsresult rv;
nsCOMPtr<nsISimpleEnumerator> files;
nsCOMPtr<nsJARItem> file;
char* manifestBuffer = nsnull;
char* rsaBuffer = nsnull;
PRUint32 rsaLen;
nsXPIDLCString manifestFilename;
nsCAutoString rsaFilename;
nsCOMPtr<nsIPrincipal> principal;
step1Complete = PR_TRUE;
//-- (1)Manifest (MF) file
nsresult rv;
nsCOMPtr<nsISimpleEnumerator> files;
rv = FindEntries(JAR_MF_SEARCH_STRING, getter_AddRefs(files));
if (!files) rv = NS_ERROR_FAILURE;
if (NS_FAILED(rv)) goto cleanup;
if (NS_FAILED(rv)) return rv;
//-- Load the file into memory
nsCOMPtr<nsJARItem> file;
rv = files->GetNext(getter_AddRefs(file));
if (NS_FAILED(rv) || !file) goto cleanup;
if (NS_FAILED(rv) || !file) return rv;
PRBool more;
rv = files->HasMoreElements(&more);
if (NS_FAILED(rv)) goto cleanup;
if (more) { rv = NS_ERROR_FILE_CORRUPTED; goto cleanup; } // More than one MF file
if (NS_FAILED(rv)) return rv;
if (more) return NS_ERROR_FILE_CORRUPTED; // More than one MF file
nsXPIDLCString manifestFilename;
rv = file->GetName(getter_Copies(manifestFilename));
if (!manifestFilename || NS_FAILED(rv)) return rv;
rv = LoadEntry(manifestFilename, (const char**)&manifestBuffer);
if (NS_FAILED(rv)) goto cleanup;
nsXPIDLCString manifestBuffer;
rv = LoadEntry(manifestFilename, getter_Copies(manifestBuffer));
if (NS_FAILED(rv)) return rv;
//-- Parse it
rv = ParseOneFile(manifestBuffer, JAR_MF);
if (NS_FAILED(rv)) goto cleanup;
JAR_NULLFREE(manifestBuffer)
rv = ParseOneFile(manifestBuffer, JAR_MF, nsnull, 0);
if (NS_FAILED(rv)) return rv;
DumpMetadata("PM Pass 1 End");
//-- (2)Signature (SF) file
// If there are multiple signatures, we select one at random.
rv = FindEntries(JAR_SF_SEARCH_STRING, getter_AddRefs(files));
if (!files) rv = NS_ERROR_FAILURE;
if (NS_FAILED(rv)) goto cleanup;
if (NS_FAILED(rv)) return rv;
//-- Get an SF file
rv = files->GetNext(getter_AddRefs(file));
if (NS_FAILED(rv) || !file) goto cleanup;
if (NS_FAILED(rv) || !file) return rv;
rv = file->GetName(getter_Copies(manifestFilename));
if (NS_FAILED(rv)) goto cleanup;
if (NS_FAILED(rv)) return rv;
PRUint32 manifestLen;
rv = LoadEntry(manifestFilename, getter_Copies(manifestBuffer), &manifestLen);
if (NS_FAILED(rv)) return rv;
rv = LoadEntry(manifestFilename, (const char**)&manifestBuffer);
if (NS_FAILED(rv)) goto cleanup;
//-- Get its corresponding RSA file
rsaFilename = manifestFilename;
extension = rsaFilename.RFindChar('.') + 1;
//-- Get its corresponding signature file
nsCAutoString sigFilename;
sigFilename = manifestFilename;
PRInt32 extension = sigFilename.RFindChar('.') + 1;
NS_ASSERTION(extension != 0, "Manifest Parser: Missing file extension.");
(void)rsaFilename.Cut(extension, 2);
(void)rsaFilename.Append("rsa");
rv = LoadEntry(rsaFilename, (const char**)&rsaBuffer, &rsaLen);
if (NS_FAILED(rv)) // Try uppercase
{
JAR_NULLFREE(rsaBuffer)
(void)rsaFilename.Cut(extension, 3);
(void)rsaFilename.Append("RSA");
rv = LoadEntry(rsaFilename, (const char**)&rsaBuffer, &rsaLen);
}
if (NS_FAILED(rv)) goto cleanup;
(void)sigFilename.Cut(extension, 2);
nsXPIDLCString sigBuffer;
PRUint32 sigLen;
rv = LoadEntry(sigFilename+"rsa", getter_Copies(sigBuffer), &sigLen);
if (NS_FAILED(rv))
rv = LoadEntry(sigFilename+"RSA", getter_Copies(sigBuffer), &sigLen);
if (NS_FAILED(rv))
rv = LoadEntry(sigFilename+"dsa", getter_Copies(sigBuffer), &sigLen);
if (NS_FAILED(rv))
rv = LoadEntry(sigFilename+"DSA", getter_Copies(sigBuffer), &sigLen);
if (NS_FAILED(rv)) return rv;
//-- Verify that the RSA file is a valid signature of the SF file
rv = VerifySignature(manifestBuffer, rsaBuffer, rsaLen, getter_AddRefs(principal));
if (NS_FAILED(rv)) goto cleanup;
JAR_NULLFREE(rsaBuffer);
//-- Verify that the signature file is a valid signature of the SF file
nsCOMPtr<nsIPrincipal> principal;
PRInt16 preStatus;
rv = VerifySignature(manifestBuffer, manifestLen,
sigBuffer, sigLen, getter_AddRefs(principal), &preStatus);
if (NS_FAILED(rv)) return rv;
//-- Parse the SF file. If the verification above failed, principal
// is null, and ParseOneFile will mark the relevant entries as invalid.
// if ParseOneFile fails, then it has no effect, and we can safely
// continue to the next SF file, or return.
ParseOneFile(manifestBuffer, JAR_SF, principal);
JAR_NULLFREE(manifestBuffer)
ParseOneFile(manifestBuffer, JAR_SF, principal, preStatus);
DumpMetadata("PM Pass 2 End");
// End of signature file parsing
cleanup:
JAR_NULLFREE(manifestBuffer)
JAR_NULLFREE(rsaBuffer)
step1Complete = NS_SUCCEEDED(rv);
return rv;
return NS_OK;
#endif
}
NS_IMETHODIMP
nsJAR::GetPrincipal(const char* aFilename, nsIPrincipal** result)
nsJAR::GetCertificatePrincipal(const char* aFilename, nsIPrincipal** aPrincipal,
PRInt16* result)
{
#ifdef XP_MAC
return NS_ERROR_NOT_IMPLEMENTED;
#else
//-- Parameter check
if (!aFilename)
return NS_ERROR_ILLEGAL_VALUE;
if (!result)
if (!aPrincipal)
return NS_ERROR_NULL_POINTER;
*aPrincipal = nsnull;
DumpMetadata("GetPrincipal");
//-- Find the item
nsStringKey key(aFilename);
nsJARManifestItem* manItem = (nsJARManifestItem*)mManifestData.Get(&key);
if(!manItem)
if (manItem)
NS_ASSERTION(manItem->step2Complete,
"Attempt to get principal before verifying signature.");
if(!manItem || !manItem->step2Complete)
{
*result = nsnull;
*result = nsIZipReader::NOT_SIGNED;
return NS_OK;
}
NS_ASSERTION(step1Complete && manItem->step2Complete,
"Attempt to get principal before verifying signature.");
*result = manItem->status;
if (manItem->status == nsIZipReader::VALID)
{
*aPrincipal = manItem->mPrincipal;
NS_IF_ADDREF(*aPrincipal);
}
if (step1Complete && manItem->step2Complete && manItem->valid)
{
*result = manItem->mPrincipal;
NS_IF_ADDREF(*result);
return NS_OK;
}
else
{
*result = nsnull;
return NS_ERROR_FAILURE;
}
return NS_OK;
#endif
}
//----------------------------------------------
@ -433,7 +430,7 @@ nsJAR::CreateInputStream(const char* aFilename, nsJAR* aJAR, nsIInputStream **is
}
nsresult
nsJAR::LoadEntry(const char* aFilename, const char** aBuf,
nsJAR::LoadEntry(const char* aFilename, char** aBuf,
PRUint32* aBufLen)
{
//-- Get a stream for reading the manifest file
@ -492,31 +489,34 @@ nsJAR::ReadLine(const char** src)
nsresult
nsJAR::ParseOneFile(const char* filebuf, PRInt16 aFileType,
nsIPrincipal* aPrincipal)
nsIPrincipal* aPrincipal, PRInt16 aPreStatus)
{
//-- Set up parsing variables
nsJARManifestItem* curItem;
if (aFileType == JAR_MF)
{
curItem = new nsJARManifestItem();
curItem->mType = JAR_GLOBAL; // First section is the global section
}
PRBool foundName = PR_TRUE;
nsCAutoString curItemName(JAR_GLOBALMETA);
const char* sectionStart = filebuf;
const char* curPos = filebuf;
//-- Check file header
const char* nextLineStart = filebuf;
nsCAutoString curLine;
PRInt32 linelen;
nsCAutoString storedSectionDigest;
//-- Check file header
linelen = ReadLine(&nextLineStart);
curLine.Assign(curPos, linelen);
curLine.Assign(filebuf, linelen);
if ( ((aFileType == JAR_MF) && (curLine != JAR_MF_HEADER) ) ||
((aFileType == JAR_SF) && (curLine != JAR_SF_HEADER) ) )
return NS_ERROR_FILE_CORRUPTED;
//-- Skip header section
do {
linelen = ReadLine(&nextLineStart);
} while (linelen > 0);
//-- Set up parsing variables
const char* curPos;
const char* sectionStart = nextLineStart;
nsJARManifestItem* curItemMF;
PRBool foundName = PR_FALSE;
if (aFileType == JAR_MF)
curItemMF = new nsJARManifestItem();
nsCAutoString curItemName;
nsCAutoString storedSectionDigest;
for(;;)
{
curPos = nextLineStart;
@ -527,46 +527,45 @@ nsJAR::ParseOneFile(const char* filebuf, PRInt16 aFileType,
{
if (aFileType == JAR_MF)
{
if (curItem->mType != JAR_INVALID)
if (curItemMF->mType != JAR_INVALID)
{
//-- Did this section have a name: line?
if(!foundName)
curItem->mType = JAR_INVALID;
curItemMF->mType = JAR_INVALID;
else
{
if (curItem->mType == JAR_INTERNAL)
if (curItemMF->mType == JAR_INTERNAL)
{
//-- If it's an internal item, it must correspond
// to a valid jar entry
{
nsIZipEntry* entry;
PRInt32 result = GetEntry(curItemName, &entry);
if (result != ZIP_OK || !entry)
curItem->mType = JAR_INVALID;
curItemMF->mType = JAR_INVALID;
}
//-- Check for duplicates
nsStringKey key(curItemName);
if (mManifestData.Exists(&key))
curItem->mType = JAR_INVALID;
curItemMF->mType = JAR_INVALID;
}
}
if (curItem->mType == JAR_INVALID ||
curItem->mType == JAR_GLOBAL)
delete curItem;
if (curItemMF->mType == JAR_INVALID)
delete curItemMF;
else //-- calculate section digest
{
PRUint32 sectionLength = curPos - sectionStart;
CalculateDigest(sectionStart, sectionLength,
&(curItem->calculatedSectionDigest));
&(curItemMF->calculatedSectionDigest));
//-- Save item in the hashtable
nsStringKey itemKey(curItemName);
mManifestData.Put(&itemKey, (void*)curItem);
mManifestData.Put(&itemKey, (void*)curItemMF);
}
if (nextLineStart == nsnull) // end-of-file
break;
sectionStart = nextLineStart;
curItem = new nsJARManifestItem();
curItemMF = new nsJARManifestItem();
} // (aFileType == JAR_MF)
else
//-- file type is SF, compare digest with calculated
@ -574,31 +573,30 @@ nsJAR::ParseOneFile(const char* filebuf, PRInt16 aFileType,
{
if (foundName)
{
nsJARManifestItem* curSFItem;
nsJARManifestItem* curItemSF;
nsStringKey key(curItemName);
curSFItem = (nsJARManifestItem*)mManifestData.Get(&key);
if(curSFItem)
curItemSF = (nsJARManifestItem*)mManifestData.Get(&key);
if(curItemSF)
{
if (aPrincipal == nsnull)
// SF file failed verification
curSFItem->valid = PR_FALSE;
else // Compare digests
{
if (storedSectionDigest.Length() > 0)
NS_ASSERTION(curItemSF->status == nsJAR::NOT_SIGNED,
"SECURITY ERROR: nsJARManifestItem not correctly initialized");
curItemSF->status = aPreStatus;
if (curItemSF->status == nsIZipReader::VALID)
{ // Compare digests
if (storedSectionDigest.Length() == 0)
curItemSF->status = nsIZipReader::NOT_SIGNED;
else
{
if (storedSectionDigest !=
(const char*)curSFItem->calculatedSectionDigest)
curSFItem->valid = PR_FALSE;
(const char*)curItemSF->calculatedSectionDigest)
curItemSF->status = nsIZipReader::INVALID_MANIFEST;
else
{
curSFItem->mPrincipal = aPrincipal;
NS_ADDREF(curSFItem->mPrincipal);
}
JAR_NULLFREE(curSFItem->calculatedSectionDigest)
curItemSF->mPrincipal = aPrincipal;
JAR_NULLFREE(curItemSF->calculatedSectionDigest)
storedSectionDigest = "";
}
} // (aPrincipal != nsnull)
} // if(curSFItem)
} // if(curItemSF)
} // if(foundName)
if(nextLineStart == nsnull) // end-of-file
@ -636,10 +634,10 @@ nsJAR::ParseOneFile(const char* filebuf, PRInt16 aFileType,
{
if(aFileType == JAR_MF)
{
curItem->storedEntryDigest = (char*)PR_MALLOC(lineData.Length()+1);
if (!(curItem->storedEntryDigest))
continue; // Out of memory, just skip this line instead of returning.
PL_strcpy(curItem->storedEntryDigest, lineData);
curItemMF->storedEntryDigest = (char*)PR_MALLOC(lineData.Length()+1);
if (!(curItemMF->storedEntryDigest))
return NS_ERROR_OUT_OF_MEMORY;
PL_strcpy(curItemMF->storedEntryDigest, lineData);
}
else
storedSectionDigest = lineData;
@ -649,8 +647,7 @@ nsJAR::ParseOneFile(const char* filebuf, PRInt16 aFileType,
// (2) Name: associates this manifest section with a file in the jar.
if (!foundName && lineName.Compare("Name", PR_TRUE) == 0)
{
if (!(aFileType == JAR_MF && curItem->mType == JAR_GLOBAL))
curItemName = lineData;
curItemName = lineData;
foundName = PR_TRUE;
continue;
}
@ -658,13 +655,12 @@ nsJAR::ParseOneFile(const char* filebuf, PRInt16 aFileType,
// (3) Magic: this may be an inline Javascript.
// We can't do any other kind of magic.
if ( aFileType == JAR_MF &&
curItem->mType == JAR_INTERNAL &&
lineName.Compare("Magic", PR_TRUE) == 0)
{
if(lineData.Compare("javascript",PR_TRUE) == 0)
curItem->mType = JAR_EXTERNAL;
if(lineData.Compare("javascript", PR_TRUE) == 0)
curItemMF->mType = JAR_EXTERNAL;
else
curItem->mType = JAR_INVALID;
curItemMF->mType = JAR_INVALID;
continue;
}
@ -676,10 +672,12 @@ nsresult
nsJAR::VerifyEntry(const char* aEntryName, char* aEntryData,
PRUint32 aLen)
{
#ifdef XP_MAC
return NS_OK;
#else
//-- Verification Step 2
// Check that verification is supported and step 1 has been done
if (!SupportsRSAVerification()) return NS_OK;
NS_ASSERTION(step1Complete,
"Verification step 2 called before step 1 complete");
if (!step1Complete) return NS_ERROR_FAILURE;
@ -689,34 +687,97 @@ nsJAR::VerifyEntry(const char* aEntryName, char* aEntryData,
nsJARManifestItem* manItem = (nsJARManifestItem*)mManifestData.Get(&key);
if (!manItem)
return NS_OK;
if (manItem->mPrincipal && manItem->valid)
if (manItem->status == nsIZipReader::VALID)
{
if(!manItem->storedEntryDigest)
{ // No entry digests in manifest file. Entry is unsigned.
NS_IF_RELEASE(manItem->mPrincipal);
manItem->mPrincipal = nsnull;
}
if(!manItem->storedEntryDigest)
// No entry digests in manifest file. Entry is unsigned.
manItem->status = nsIZipReader::NOT_SIGNED;
else
{ //-- Calculate and compare digests
char* calculatedEntryDigest;
nsresult rv = CalculateDigest(aEntryData, aLen, &calculatedEntryDigest);
if (NS_FAILED(rv)) return rv;
if (PL_strcmp(manItem->storedEntryDigest, calculatedEntryDigest) != 0)
{
manItem->valid = PR_FALSE;
NS_IF_RELEASE(manItem->mPrincipal);
manItem->mPrincipal = nsnull;
}
manItem->status = nsIZipReader::INVALID_ENTRY;
JAR_NULLFREE(calculatedEntryDigest)
JAR_NULLFREE(manItem->storedEntryDigest)
NS_IF_RELEASE(mVerificationService);
mVerificationService = nsnull;
}
if(manItem->status != nsIZipReader::VALID)
manItem->mPrincipal = null_nsCOMPtr();
}
manItem->step2Complete = PR_TRUE;
DumpMetadata("VerifyEntry end");
return NS_OK;
#endif
}
//----------------------------------------------
// Hashing and verification functions
//----------------------------------------------
nsresult nsJAR::CalculateDigest(const char* aInBuf, PRUint32 aLen,
char** digest)
{
#ifndef XP_MAC
*digest = nsnull;
nsresult rv;
NS_WITH_SERVICE(nsIPSMComponent, psmComp, PSM_COMPONENT_PROGID, &rv);
if (NS_FAILED(rv)) return rv;
//-- Calculate the digest
PRUint32 id;
rv = psmComp->HashBegin(nsIPSMComponent::SHA1, &id);
if (NS_FAILED(rv)) return rv;
rv = psmComp->HashUpdate(id, aInBuf, aLen);
if (NS_FAILED(rv)) return rv;
PRUint32 len;
char* rawDigest = (char*)PR_MALLOC(nsIPSMComponent::SHA1_LENGTH);
if (rawDigest == nsnull) return NS_ERROR_OUT_OF_MEMORY;
rv = psmComp->HashEnd(id, &rawDigest, &len, nsIPSMComponent::SHA1_LENGTH);
if (NS_FAILED(rv)) { PR_FREEIF(rawDigest); return rv; }
//-- Encode the digest in base64
*digest = PL_Base64Encode(rawDigest, len, *digest);
if (!(*digest)) { PR_FREEIF(rawDigest); return NS_ERROR_OUT_OF_MEMORY; }
PR_FREEIF(rawDigest);
#endif
return NS_OK;
}
nsresult nsJAR::VerifySignature(const char* sfBuf, PRUint32 sfBufLen,
const char* rsaBuf, PRUint32 rsaBufLen,
nsIPrincipal** aPrincipal, PRInt16* status)
{
nsresult rv = NS_OK;
#ifndef XP_MAC
NS_WITH_SERVICE(nsIPSMComponent, psmComp, PSM_COMPONENT_PROGID, &rv);
if (NS_FAILED(rv)) return rv;
PRUint32 id;
rv = psmComp->VerifyRSABegin(&id);
if (NS_SUCCEEDED(rv))
rv = psmComp->VerifyRSAUpdate(id, rsaBuf, rsaBufLen);
PRInt32 psmStatus;
if (NS_SUCCEEDED(rv))
rv = psmComp->VerifyRSAEnd(id, sfBuf, sfBufLen, PR_TRUE, aPrincipal, &psmStatus);
switch (psmStatus)
{
case nsIPSMComponent::VERIFY_NOSIG:
*status = nsIZipReader::NOT_SIGNED; break;
case nsIPSMComponent::VERIFY_OK:
*status = nsIZipReader::VALID; break;
case nsIPSMComponent::VERIFY_ERROR_UNKNOWN_CA:
*status = nsIZipReader::INVALID_UNKNOWN_CA; break;
default:
*status = nsIZipReader::INVALID_SIG;
}
#endif
return rv;
}
//----------------------------------------------

Просмотреть файл

@ -76,32 +76,30 @@ class nsJAR : public nsIZipReader
private:
//-- Private data members
nsCOMPtr<nsIFile> mZipFile; // The zip/jar file on disk
nsZipArchive mZip; // The underlying zip archive
nsObjectHashtable mManifestData; // Stores metadata for each entry
PRBool step1Complete; // True if manifest has been parsed
nsISupports* mVerificationService;
nsCOMPtr<nsIFile> mZipFile; // The zip/jar file on disk
nsZipArchive mZip; // The underlying zip archive
nsObjectHashtable mManifestData; // Stores metadata for each entry
PRBool step1Complete; // True if manifest has been parsed
//-- Private functions
nsresult CreateInputStream(const char* aFilename, nsJAR* aJAR,
nsIInputStream** is);
nsresult LoadEntry(const char* aFilename, const char** aBuf,
nsresult LoadEntry(const char* aFilename, char** aBuf,
PRUint32* aBufLen = nsnull);
PRInt32 ReadLine(const char** src);
nsresult ParseOneFile(const char* filebuf, PRInt16 aFileType,
nsIPrincipal* aPrincipal = nsnull);
nsresult ParseOneFile(const char* filebuf, PRInt16 aFileType,
nsIPrincipal* aPrincipal, PRInt16 aPreStatus);
nsresult VerifyEntry(const char* aEntryName, char* aEntryData,
PRUint32 aLen);
//-- Debugging
void DumpMetadata(const char* aMessage);
//-- The following private functions are implemented in nsJARStubs.cpp
static PRBool SupportsRSAVerification();
nsresult CalculateDigest(const char* aInBuf, PRUint32 aInBufLen,
char** digest);
nsresult VerifySignature(const char* sfBuf, const char* rsaBuf,
PRUint32 rsaBufLen, nsIPrincipal** aPrincipal);
nsresult VerifySignature(const char* sfBuf, PRUint32 sfBufLen,
const char* rsaBuf, PRUint32 rsaBufLen,
nsIPrincipal** aPrincipal, PRInt16* status);
//-- Debugging
void DumpMetadata(const char* aMessage);
};
/**

Просмотреть файл