/* ***** BEGIN LICENSE BLOCK ***** * Version: MPL 1.1/GPL 2.0/LGPL 2.1 * * The contents of this file are subject to the Mozilla Public License Version * 1.1 (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" basis, * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License * for the specific language governing rights and limitations under the * License. * * The Original Code is the Netscape security libraries. * * The Initial Developer of the Original Code is * Netscape Communications Corporation. * Portions created by the Initial Developer are Copyright (C) 1994-2000 * the Initial Developer. All Rights Reserved. * * Contributor(s): * * Alternatively, the contents of this file may be used under the terms of * either the GNU General Public License Version 2 or later (the "GPL"), or * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), * in which case the provisions of the GPL or the LGPL are applicable instead * of those above. If you wish to allow use of your version of this file only * under the terms of either the GPL or the LGPL, and not to allow others to * use your version of this file under the terms of the MPL, indicate your * decision by deleting the provisions above and replace them with the notice * and other provisions required by the GPL or the LGPL. If you do not delete * the provisions above, a recipient may use your version of this file under * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ #ifndef __JAR_h_ #define __JAR_h_ /* * In general, any functions that return pointers * have memory owned by the caller. * */ /* security includes */ #include "cert.h" #include "hasht.h" /* nspr 2.0 includes */ #include "prio.h" #define ZHUGEP #include /* various types */ typedef enum { jarTypeMF = 2, jarTypeSF = 3, jarTypeMeta = 6, jarTypePhy = 7, jarTypeSign = 10, jarTypeSect = 11, jarTypeOwner = 13 } jarType; /* void data in ZZList's contain JAR_Item type */ typedef struct JAR_Item_ { char *pathname; /* relative. inside zip file */ jarType type; /* various types */ size_t size; /* size of data below */ void *data; /* totally opaque */ } JAR_Item; /* hashes */ typedef enum { jarHashNone = 0, jarHashBad = 1, jarHashPresent = 2 } jarHash; typedef struct JAR_Digest_ { jarHash md5_status; unsigned char md5 [MD5_LENGTH]; jarHash sha1_status; unsigned char sha1 [SHA1_LENGTH]; } JAR_Digest; /* physical archive formats */ typedef enum { jarArchGuess = 0, jarArchNone = 1, jarArchZip = 2, jarArchTar = 3 } jarArch; #include "jar-ds.h" struct JAR_; typedef int jar_settable_callback_fn(int status, struct JAR_ *jar, const char *metafile, char *pathname, char *errortext); /* jar object */ typedef struct JAR_ { jarArch format; /* physical archive format */ char *url; /* Where it came from */ char *filename; /* Disk location */ FILE *fp; /* For multiple extractions */ /* JAR_FILE */ /* various linked lists */ ZZList *manifest; /* Digests of MF sections */ ZZList *hashes; /* Digests of actual signed files */ ZZList *phy; /* Physical layout of JAR file */ ZZList *metainfo; /* Global metainfo */ JAR_Digest *globalmeta; /* digest of .MF global portion */ /* Below will change to a linked list to support multiple sigs */ int pkcs7; /* Enforced opaqueness */ int valid; /* PKCS7 signature validated */ ZZList *signers; /* the above, per signer */ /* Window context, very necessary for PKCS11 now */ void *mw; /* MWContext window context */ /* Signal callback function */ jar_settable_callback_fn *signal; } JAR; /* * Iterator * * Context for iterative operations. Certain operations * require iterating multiple linked lists because of * multiple signers. "nextsign" is used for this purpose. * */ typedef struct JAR_Context_ { JAR *jar; /* Jar we are searching */ char *pattern; /* Regular expression */ jarType finding; /* Type of item to find */ ZZLink *next; /* Next item in find */ ZZLink *nextsign; /* Next signer, sometimes */ } JAR_Context; typedef struct JAR_Signer_ { int pkcs7; /* Enforced opaqueness */ int valid; /* PKCS7 signature validated */ char *owner; /* name of .RSA file */ JAR_Digest *digest; /* of .SF file */ ZZList *sf; /* Linked list of .SF file contents */ ZZList *certs; /* Signing information */ } JAR_Signer; /* Meta informaton, or "policy", from the manifest file. Right now just one tuple per JAR_Item. */ typedef struct JAR_Metainfo_ { char *header; char *info; } JAR_Metainfo; /* This should not be global */ typedef struct JAR_Physical_ { unsigned char compression; unsigned long offset; unsigned long length; unsigned long uncompressed_length; #if defined(XP_UNIX) || defined(XP_BEOS) uint16 mode; #endif } JAR_Physical; typedef struct JAR_Cert_ { size_t length; void *key; CERTCertificate *cert; } JAR_Cert; /* certificate stuff */ typedef enum { jarCertCompany = 1, jarCertCA = 2, jarCertSerial = 3, jarCertExpires = 4, jarCertNickname = 5, jarCertFinger = 6, jarCertJavaHack = 100 } jarCert; /* callback types */ #define JAR_CB_SIGNAL 1 /* * This is the base for the JAR error codes. It will * change when these are incorporated into allxpstr.c, * but right now they won't let me put them there. * */ #ifndef SEC_ERR_BASE #define SEC_ERR_BASE (-0x2000) #endif #define JAR_BASE SEC_ERR_BASE + 300 /* Jar specific error definitions */ #define JAR_ERR_GENERAL (JAR_BASE + 1) #define JAR_ERR_FNF (JAR_BASE + 2) #define JAR_ERR_CORRUPT (JAR_BASE + 3) #define JAR_ERR_MEMORY (JAR_BASE + 4) #define JAR_ERR_DISK (JAR_BASE + 5) #define JAR_ERR_ORDER (JAR_BASE + 6) #define JAR_ERR_SIG (JAR_BASE + 7) #define JAR_ERR_METADATA (JAR_BASE + 8) #define JAR_ERR_ENTRY (JAR_BASE + 9) #define JAR_ERR_HASH (JAR_BASE + 10) #define JAR_ERR_PK7 (JAR_BASE + 11) #define JAR_ERR_PNF (JAR_BASE + 12) /* Function declarations */ extern JAR *JAR_new (void); extern void PR_CALLBACK JAR_destroy (JAR *jar); extern char *JAR_get_error (int status); extern int JAR_set_callback(int type, JAR *jar, jar_settable_callback_fn *fn); extern void JAR_init_callbacks(char *(*string_cb)(int), void *(*find_cx)(void), void *(*init_cx)(void) ); /* * JAR_set_context * * PKCS11 may require a password to be entered by the user * before any crypto routines may be called. This will require * a window context if used from inside Mozilla. * * Call this routine with your context before calling * verifying or signing. If you have no context, call with NULL * and one will be chosen for you. * */ int JAR_set_context (JAR *jar, void /*MWContext*/ *mw); /* * Iterative operations * * JAR_find sets up for repeated calls with JAR_find_next. * I never liked findfirst and findnext, this is nicer. * * Pattern contains a relative pathname to match inside the * archive. It is currently assumed to be "*". * * To use: * * JAR_Item *item; * JAR_find (jar, "*.class", jarTypeMF); * while (JAR_find_next (jar, &item) >= 0) * { do stuff } * */ /* Replacement functions with an external context */ extern JAR_Context *JAR_find (JAR *jar, char *pattern, jarType type); extern int JAR_find_next (JAR_Context *ctx, JAR_Item **it); extern void JAR_find_end (JAR_Context *ctx); /* * Function to parse manifest file: * * Many signatures may be attached to a single filename located * inside the zip file. We only support one. * * Several manifests may be included in the zip file. * * You must pass the MANIFEST.MF file before any .SF files. * * Right now this returns a big ole list, privately in the jar structure. * If you need to traverse it, use JAR_find if possible. * * The path is needed to determine what type of binary signature is * being passed, though it is technically not needed for manifest files. * * When parsing an ASCII file, null terminate the ASCII raw_manifest * prior to sending it, and indicate a length of 0. For binary digital * signatures only, indicate the true length of the signature. * (This is legacy behavior.) * * You may free the manifest after parsing it. * */ extern int JAR_parse_manifest(JAR *jar, char *raw_manifest, long length, const char *path, const char *url); /* * Verify data (nonstreaming). The signature is actually * checked by JAR_parse_manifest or JAR_pass_archive. * */ extern JAR_Digest * PR_CALLBACK JAR_calculate_digest(void *data, long length); extern int PR_CALLBACK JAR_verify_digest(JAR *jar, const char *name, JAR_Digest *dig); extern int JAR_digest_file(char *filename, JAR_Digest *dig); /* * Get attribute from certificate: * * Returns any special signed attribute associated with this cert * or signature (passed in "data"). Attributes jarCert*. Most of the time * this will return a zero terminated string. * */ extern int PR_CALLBACK JAR_cert_attribute(JAR *jar, jarCert attrib, long keylen, void *key, void **result, unsigned long *length); /* * Meta information * * Currently, since this call does not support passing of an owner * (certificate, or physical name of the .sf file), it is restricted to * returning information located in the manifest.mf file. * * Meta information is a name/value pair inside the archive file. Here, * the name is passed in *header and value returned in **info. * * Pass a NULL as the name to retrieve metainfo from the global section. * * Data is returned in **info, of size *length. The return value * will indicate if no data was found. * */ extern int JAR_get_metainfo(JAR *jar, char *name, char *header, void **info, unsigned long *length); extern char *JAR_get_filename (JAR *jar); extern char *JAR_get_url (JAR *jar); /* save the certificate with this fingerprint in persistent storage, somewhere, for retrieval in a future session when there is no corresponding JAR structure. */ extern int PR_CALLBACK JAR_stash_cert(JAR *jar, long keylen, void *key); /* retrieve a certificate presumably stashed with the above function, but may be any certificate. Type is &CERTCertificate */ CERTCertificate * JAR_fetch_cert(long length, void *key); /* * New functions to handle archives alone * (call JAR_new beforehand) * * JAR_pass_archive acts much like parse_manifest. Certificates * are returned in the JAR structure but as opaque data. When calling * JAR_verified_extract you still need to decide which of these * certificates to honor. * * Code to examine a JAR structure is in jarbert.c. You can obtain both * a list of filenames and certificates from traversing the linked list. * */ extern int JAR_pass_archive(JAR *jar, jarArch format, char *filename, const char *url); /* * Same thing, but don't check signatures */ extern int JAR_pass_archive_unverified(JAR *jar, jarArch format, char *filename, const char *url); /* * Extracts a relative pathname from the archive and places it * in the filename specified. * * Call JAR_set_nailed if you want to keep the file descriptors * open between multiple calls to JAR_verify_extract. * */ extern int JAR_verified_extract(JAR *jar, char *path, char *outpath); /* * JAR_extract does no crypto checking. This can be used if you * need to extract a manifest file or signature, etc. * */ extern int JAR_extract(JAR *jar, char *path, char *outpath); #endif /* __JAR_h_ */