pjs/security/nss/lib/fortcrypt/inst.js

269 строки
12 KiB
JavaScript

//
// The contents of this file are subject to the Mozilla Public
// License Version 1.1 (the "License"); you may not use this file
// except in compliance with the License. You may obtain a copy of
// the License at http://www.mozilla.org/MPL/
//
// Software distributed under the License is distributed on an "AS
// IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
// implied. See the License for the specific language governing
// rights and limitations under the License.
//
// The Original Code is the Netscape security libraries.
//
// The Initial Developer of the Original Code is Netscape
// Communications Corporation. Portions created by Netscape are
// Copyright (C) 1994-2000 Netscape Communications Corporation. All
// Rights Reserved.
//
// Contributor(s):
//
// Alternatively, the contents of this file may be used under the
// terms of the GNU General Public License Version 2 or later (the
// "GPL"), in which case the provisions of the GPL are applicable
// instead of those above. If you wish to allow use of your
// version of this file only under the terms of the GPL and not to
// allow others to use your version of this file under the MPL,
// indicate your decision by deleting the provisions above and
// replace them with the notice and other provisions required by
// the GPL. If you do not delete the provisions above, a recipient
// may use your version of this file under either the MPL or the
// GPL.
//
////////////////////////////////////////////////////////////////////////////////////////
// Crypto Mechanism Flags
PKCS11_MECH_RSA_FLAG = 0x1<<0;
PKCS11_MECH_DSA_FLAG = 0x1<<1;
PKCS11_MECH_RC2_FLAG = 0x1<<2;
PKCS11_MECH_RC4_FLAG = 0x1<<3;
PKCS11_MECH_DES_FLAG = 0x1<<4;
PKCS11_MECH_DH_FLAG = 0x1<<5; //Diffie-Hellman
PKCS11_MECH_SKIPJACK_FLAG = 0x1<<6; //SKIPJACK algorithm as in Fortezza cards
PKCS11_MECH_RC5_FLAG = 0x1<<7;
PKCS11_MECH_SHA1_FLAG = 0x1<<8;
PKCS11_MECH_MD5_FLAG = 0x1<<9;
PKCS11_MECH_MD2_FLAG = 0x1<<10;
PKCS11_MECH_RANDOM_FLAG = 0x1<<27; //Random number generator
PKCS11_PUB_READABLE_CERT_FLAG = 0x1<<28; //Stored certs can be read off the token w/o logging in
PKCS11_DISABLE_FLAG = 0x1<<30; //tell Navigator to disable this slot by default
// Important:
// 0x1<<11, 0x1<<12, ... , 0x1<<26, 0x1<<29, and 0x1<<31 are reserved
// for internal use in Navigator.
// Therefore, these bits should always be set to 0; otherwise,
// Navigator might exhibit unpredictable behavior.
// These flags indicate which mechanisms should be turned on by
var pkcs11MechanismFlags = PKCS11_MECH_RANDOM_FLAG;
////////////////////////////////////////////////////////////////////////////////////////
// Ciphers that support SSL or S/MIME
PKCS11_CIPHER_FORTEZZA_FLAG = 0x1<<0;
// Important:
// 0x1<<1, 0x1<<2, ... , 0x1<<31 are reserved
// for internal use in Navigator.
// Therefore, these bits should ALWAYS be set to 0; otherwise,
// Navigator might exhibit unpredictable behavior.
// These flags indicate which SSL ciphers are supported
var pkcs11CipherFlags = PKCS11_CIPHER_FORTEZZA_FLAG;
////////////////////////////////////////////////////////////////////////////////////////
// Return values of pkcs11.addmodule() & pkcs11.delmodule()
// success codes
JS_OK_ADD_MODULE = 3; // Successfully added a module
JS_OK_DEL_EXTERNAL_MODULE = 2; // Successfully deleted ext. module
JS_OK_DEL_INTERNAL_MODULE = 1; // Successfully deleted int. module
// failure codes
JS_ERR_OTHER = -1; // Other errors than the followings
JS_ERR_USER_CANCEL_ACTION = -2; // User abort an action
JS_ERR_INCORRECT_NUM_OF_ARGUMENTS= -3; // Calling a method w/ incorrect # of arguments
JS_ERR_DEL_MODULE = -4; // Error deleting a module
JS_ERR_ADD_MODULE = -5; // Error adding a module
JS_ERR_BAD_MODULE_NAME = -6; // The module name is invalid
JS_ERR_BAD_DLL_NAME = -7; // The DLL name is bad
JS_ERR_BAD_MECHANISM_FLAGS = -8; // The mechanism flags are invalid
JS_ERR_BAD_CIPHER_ENABLE_FLAGS = -9; // The SSL, S/MIME cipher flags are invalid
JS_ERR_ADD_MODULE_DULICATE =-10; // Module with the same name already installed
////////////////////////////////////////////////////////////////////////////////////////
// Find out which library is to be installed depending on the platform
// pathname seperator is platform specific
var sep = "/";
var vendor = "netscape";
var moduleName = "not_supported";
var plat = navigator.platform;
var dir = "pkcs11/" + vendor + "/" + plat + "/";
if (plat == "Win16") {
dir = "pkcs11/";
}
bAbort = false;
if (plat == "Win32") {
moduleName = "fort32.dll";
sep = "\\";
} else if (plat == "Win16") {
moduleName = "FORT16.DLL";
sep = "\\";
} else if (plat == "MacPPC") {
moduleName = "FortPK11Lib";
sep = ":";
} else if (plat == "AIX4.1") {
moduleName = "libfort_shr.a";
} else if (plat == "SunOS4.1.3_U1") {
moduleName = "libfort.so.1.0";
} else if ((plat == "SunOS5.4") || (plat == "SunOS5.5.1")){
moduleName = "libfort.so";
} else if ((plat == "HP-UXA.09") || (plat == "HP-UXB.10")){
moduleName = "libfort.sl";
} else if (plat == "IRIX6.2"){
// The module only works on 6.3, but Communicator returns 6.2 even when
// running 6.3. So in order to prevent the user from thinking
// the module actually works on 6.2, we will force the name to
// say 6.3 instead of 6.2. In the even the user tries to install
// on 6.2, the user will see 6.3 instead. If they don't get it that
// it's not going to work at this point in time, then the entire install
// process wil just fail miserably, and that is OK.
plat = "IRIX6.3";
moduleName = "libfort.so";
} else {
window.alert("Sorry, platform "+plat+" is not supported.");
bAbort = true;
}
////////////////////////////////////////////////////////////////////////////////////////
// Installation Begins...
if (!bAbort) {
if (confirm("This script will install a security module. \nIt may over-write older files having the same name. \nDo you want to continue?")) {
// Step 1. Create a version object and a software update object
vi = new netscape.softupdate.VersionInfo(1, 6, 0, 0);
su = new netscape.softupdate.SoftwareUpdate(this, "Fortezza Card PKCS#11 Module");
// "Fortezza ... Module" is the logical name of the bundle
////////////////////////////////////////
// Step 2. Start the install process
bAbort = false;
err = su.StartInstall("NSfortezza", // NSfortezza is the component folder (logical)
vi,
netscape.softupdate.SoftwareUpdate.FULL_INSTALL);
bAbort = (err!=0);
if (err == 0) {
////////////////////////////////////////
// Step 3. Find out the physical location of the Program dir
Folder = su.GetFolder("Program");
////////////////////////////////////////
// Step 4. Install the files. Unpack them and list where they go
err = su.AddSubcomponent("FortezzaLibrary_"+plat, //component name (logical)
vi, // version info
moduleName, // source file in JAR (physical)
Folder, // target folder (physical)
dir + moduleName, // target path & filename (physical)
true); // forces update
if (err != 0) {
if (err == -200) {
errmsg = "Bad Package Name.";
} else if (err == -201) {
errmsg = "Unexpected error.";
} else if (err == -203) {
errmsg = "Installation script was signed by more than one certificate.";
} else if (err == -204) {
errmsg = "Installation script was not signed."
} else if (err == -205) {
errmsg = "The file to be installed is not signed."
} else if (err == -206) {
errmsg = "The file to be installed is not present, or it was signed with a different certificate than the one used to sign the install script.";
} else if (err == -207) {
errmsg = "JAR archive has not been opened."
} else if (err == -208) {
errmsg = "Bad arguments to AddSubcomponent( )."
} else if (err == -209) {
errmsg = "Illegal relative path( )."
} else if (err == -210) {
errmsg = "User cancelled installation."
} else if (err == -211) {
errmsg = "A problem occurred with the StartInstall( )."
} else {
errmsg = "Unknown error";
}
window.alert("Error adding sub-component: "+"("+err+")"+errmsg);
//window.alert("Aborting, Folder="+Folder+" module="+dir+moduleName);
bAbort = true;
}
}
////////////////////////////////////////
// Step 5. Unless there was a problem, move files to final location
// and update the Client Version Registry
if (bAbort) {
su.AbortInstall();
} else {
err = su.FinalizeInstall();
if (err != 0) {
if (err == -900) {
errmsg = "Restart the computer, and install again.";
} else if (err == -201) {
errmsg = "Unexpected error.";
} else if (err == -202) {
errmsg = "Access denied. Make sure you have the permissions to write to the disk.";
} else if (err == -203) {
errmsg = "Installation script was signed by more than one certificate.";
} else if (err == -204) {
errmsg = "Installation script was not signed."
} else if (err == -205) {
errmsg = "The file to be installed is not signed."
} else if (err == -206) {
errmsg = "The file to be installed is not present, or it was signed with a different certificate than the one used to sign the install script."
} else if (err == -207) {
errmsg = "JAR archive has not been opened."
} else if (err == -208) {
errmsg = "Bad arguments to AddSubcomponent( )."
} else if (err == -209) {
errmsg = "Illegal relative path( )."
} else if (err == -210) {
errmsg = "User cancelled installation."
} else if (err == -211) {
errmsg = "A problem occurred with the StartInstall( )."
} else {
errmsg = "\nIf you have FORTEZZA module already installed, try deleting it first.";
}
window.alert("Error Finalizing Install: "+"("+err+")"+errmsg);
//window.alert("Aborting, Folder="+Folder+" module="+dir+moduleName);
} else {
// Platform specific full path
if (plat=="Win16") {
fullpath = Folder + "pkcs11" + sep + moduleName;
} else {
fullpath = Folder + "pkcs11" + sep + vendor + sep + plat + sep + moduleName;
}
////////////////////////////////////////
// Step 6: Call pkcs11.addmodule() to register the newly downloaded module
moduleCommonName = "Netscape FORTEZZA Module " + plat;
result = pkcs11.addmodule(moduleCommonName,
fullpath,
pkcs11MechanismFlags,
pkcs11CipherFlags);
if (result == -10) {
window.alert("New module was copied to destination, \nbut setup failed because a module "
+"with the same name has been installed. \nTry deleting the module "
+ moduleCommonName +" first.")
} else if (result < 0) {
window.alert("New module was copied to destination, but setup failed. Error code: " + result);
}
}
}
}
}