| blob | 8cf28c65ba1c65aa6b501929dc834ef51068374f |
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* ***** BEGIN LICENSE BLOCK *****
3 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 *
5 * The contents of this file are subject to the Mozilla Public License Version
6 * 1.1 (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
8 * http://www.mozilla.org/MPL/
9 *
10 * Software distributed under the License is distributed on an "AS IS" basis,
11 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
12 * for the specific language governing rights and limitations under the
13 * License.
14 *
15 * The Original Code is Mozilla Communicator client code, released
16 * March 31, 1998.
17 *
18 * The Initial Developer of the Original Code is
19 * Netscape Communications Corporation.
20 * Portions created by the Initial Developer are Copyright (C) 1998
21 * the Initial Developer. All Rights Reserved.
22 *
23 * Contributor(s):
24 * Daniel Veditz <dveditz@netscape.com>
25 * Samir Gehani <sgehani@netscape.com>
26 * Mitch Stoltz <mstoltz@netsape.com>
27 * Pierre Phaneuf <pp@ludusdesign.com>
28 * Jeff Walden <jwalden+code@mit.edu>
29 *
30 * Alternatively, the contents of this file may be used under the terms of
31 * either the GNU General Public License Version 2 or later (the "GPL"), or
32 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
33 * in which case the provisions of the GPL or the LGPL are applicable instead
34 * of those above. If you wish to allow use of your version of this file only
35 * under the terms of either the GPL or the LGPL, and not to allow others to
36 * use your version of this file under the terms of the MPL, indicate your
37 * decision by deleting the provisions above and replace them with the notice
38 * and other provisions required by the GPL or the LGPL. If you do not delete
39 * the provisions above, a recipient may use your version of this file under
40 * the terms of any one of the MPL, the GPL or the LGPL.
41 *
42 * ***** END LICENSE BLOCK ***** */
43 #include <string.h>
51 #ifdef XP_UNIX
52 #include <sys/stat.h>
53 #elif defined (XP_WIN) || defined(XP_OS2)
54 #include <io.h>
55 #endif
57 //----------------------------------------------
58 // nsJARManifestItem declaration
59 //----------------------------------------------
60 /*
61 * nsJARManifestItem contains meta-information pertaining
62 * to an individual JAR entry, taken from the
63 * META-INF/MANIFEST.MF and META-INF/ *.SF files.
64 * This is security-critical information, defined here so it is not
65 * accessible from anywhere else.
66 */
68 {
74 class nsJARManifestItem
75 {
77 JARManifestItemType mType;
79 // True if the second step of verification (VerifyEntry)
80 // has taken place:
81 PRBool entryVerified;
83 // Not signed, valid, or failure code
84 PRInt16 status;
86 // Internal storage of digests
87 nsCString calculatedSectionDigest;
88 nsCString storedEntryDigest;
92 };
94 //-------------------------------------------------
95 // nsJARManifestItem constructors and destructor
96 //-------------------------------------------------
100 {
101 }
104 {
105 }
107 //----------------------------------------------
108 // nsJAR constructor/destructor
109 //----------------------------------------------
110 static PRBool
112 {
113 //-- deletes an entry in mManifestData.
116 }
118 // The following initialization makes a guess of 10 entries per jarfile.
126 {
127 }
130 {
132 }
137 // Custom Release method works with nsZipReaderCache...
139 {
140 nsrefcnt count;
146 /* enable this to find non-threadsafe destructors: */
147 /* NS_ASSERT_OWNINGTHREAD(nsJAR); */
150 }
154 }
156 }
158 //----------------------------------------------
159 // nsIZipReader implementation
160 //----------------------------------------------
162 NS_IMETHODIMP
164 {
180 }
182 NS_IMETHODIMP
184 {
188 }
190 NS_IMETHODIMP
192 {
196 }
204 }
206 NS_IMETHODIMP
208 {
210 }
212 NS_IMETHODIMP
214 {
215 // nsZipArchive and zlib are not thread safe
216 // we need to use a lock to prevent bug #51267
219 nsresult rv;
226 // Remove existing file or directory so we set permissions correctly.
227 // If it's a directory that already exists and contains files, throw
228 // an exception and return.
230 //XXX Bug 332139:
231 //XXX If we guarantee that rv in the case of a non-empty directory
232 //XXX is always FILE_DIR_NOT_EMPTY, we can remove
233 //XXX |rv == NS_ERROR_FAILURE| - bug 322183 needs to be completely
234 //XXX fixed before that can happen
241 {
243 //XXX Do this in nsZipArchive? It would be nice to keep extraction
244 //XXX code completely there, but that would require a way to get a
245 //XXX PRDir from localFile.
246 }
247 else
248 {
253 // ExtractFile also closes the fd handle and resolves the symlink if needed
254 nsCAutoString path;
259 }
263 // nsIFile needs milliseconds, while prtime is in microseconds.
268 // non-fatal if this fails, ignore errors
272 }
274 NS_IMETHODIMP
276 {
285 }
287 NS_IMETHODIMP
289 {
292 }
294 NS_IMETHODIMP
296 {
307 }
311 }
313 NS_IMETHODIMP
315 {
317 }
319 NS_IMETHODIMP
322 {
326 // Watch out for the jar:foo.zip!/ (aDir is empty) top-level special case!
329 // First check if item exists in jar
332 }
334 // addref now so we can call InitFile/InitDirectory()
343 }
346 }
348 }
350 //----------------------------------------------
351 // nsIJAR implementation
352 //----------------------------------------------
354 NS_IMETHODIMP
356 {
357 //-- Parameter check
362 //-- Parse the manifest
368 PRInt16 requestedStatus;
370 {
371 //-- Find the item
376 //-- Verify the item against the manifest
378 {
379 nsXPIDLCString entryData;
380 PRUint32 entryDataLen;
385 }
387 }
394 {
397 }
399 }
401 NS_IMETHODIMP
403 {
406 }
408 nsresult
410 {
414 }
416 PRFileDesc*
418 {
419 nsresult rv;
428 }
430 //----------------------------------------------
431 // nsJAR private implementation
432 //----------------------------------------------
433 nsresult
435 {
436 //-- Get a stream for reading the file
437 nsresult rv;
442 //-- Read the manifest file into memory
444 PRUint32 len;
451 PRUint32 bytesRead;
458 }
464 }
467 PRInt32
469 {
470 //--Moves pointer to beginning of next line and returns line length
471 // not including CR/LF.
472 PRInt32 length;
476 {
482 }
483 else
484 {
490 }
492 }
494 //-- The following #defines are used by ParseManifest()
495 // and ParseOneFile(). The header strings are defined in the JAR specification.
496 #define JAR_MF 1
497 #define JAR_SF 2
503 nsresult
505 {
506 //-- Verification Step 1
509 //-- (1)Manifest (MF) file
515 //-- Load the file into memory
516 PRBool more;
520 {
524 }
526 nsCAutoString manifestFilename;
530 // Check if there is more than one manifest, if so then error!
534 {
537 }
539 nsXPIDLCString manifestBuffer;
540 PRUint32 manifestLen;
544 //-- Parse it
548 //-- (2)Signature (SF) file
549 // If there are multiple signatures, we select one.
553 //-- Get an SF file
557 {
561 }
568 //-- Get its corresponding signature file
573 nsXPIDLCString sigBuffer;
574 PRUint32 sigLen;
575 {
578 }
580 {
583 }
585 {
589 }
591 //-- Get the signature verifier service
595 {
599 }
601 //-- Verify that the signature file is a valid signature of the SF file
602 PRInt32 verifyError;
610 else
613 //-- Parse the SF file. If the verification above failed, principal
614 // is null, and ParseOneFile will mark the relevant entries as invalid.
615 // if ParseOneFile fails, then it has no effect, and we can safely
616 // continue to the next SF file, or return.
621 }
623 nsresult
625 {
626 //-- Check file header
628 nsCAutoString curLine;
629 PRInt32 linelen;
637 //-- Skip header section
642 //-- Set up parsing variables
652 nsCAutoString curItemName;
653 nsCAutoString storedSectionDigest;
656 {
661 // end of section (blank line or end-of-file)
662 {
664 {
665 mTotalItemsInManifest++;
667 {
668 //-- Did this section have a name: line?
671 else
672 {
673 //-- If it's an internal item, it must correspond
674 // to a valid jar entry
676 {
677 PRBool exists;
681 }
682 //-- Check for duplicates
686 }
687 }
692 {
696 //-- Save item in the hashtable
699 }
707 else
708 //-- file type is SF, compare digest with calculated
709 // section digests from MF file.
710 {
712 {
717 {
725 else
726 {
731 }
743 //-- Look for continuations (beginning with a space) on subsequent lines
744 // and append them to the current line.
746 {
752 }
754 //-- Find colon in current line, this separates name from value
758 //-- Break down the line
759 nsCAutoString lineName;
761 nsCAutoString lineData;
764 //-- Lines to look for:
765 // (1) Digest:
767 //-- This is a digest line, save the data in the appropriate place
768 {
771 else
774 }
776 // (2) Name: associates this manifest section with a file in the jar.
778 {
782 }
784 // (3) Magic: this may be an inline Javascript.
785 // We can't do any other kind of magic.
787 {
790 else
793 }
799 nsresult
801 PRUint32 aLen)
802 {
804 {
806 // No entry digests in manifest file. Entry is unsigned.
808 else
810 nsCString calculatedEntryDigest;
816 }
817 }
820 }
823 {
824 //-- Generate error message
825 nsAutoString message;
829 else
833 {
838 message.AppendLiteral("the digital signature (*.RSA) file is not a valid signature of the signature instruction file (*.SF).");
844 message.AppendLiteral("the signature instruction file (*.SF) does not contain a valid hash of the MANIFEST.MF file.");
847 message.AppendLiteral("the MANIFEST.MF file does not contain a valid hash of the file being verified.");
854 }
856 // Report error in JS console
859 {
861 }
862 #ifdef DEBUG
867 #endif
868 }
873 {
874 nsresult rv;
886 }
890 //----------------------------------------------
891 // nsJAREnumerator::HasMore
892 //----------------------------------------------
893 NS_IMETHODIMP
895 {
896 // try to get the next element
903 }
905 }
909 }
911 //----------------------------------------------
912 // nsJAREnumerator::GetNext
913 //----------------------------------------------
914 NS_IMETHODIMP
916 {
917 // check if the current item is "stale"
919 PRBool bMore;
923 }
927 }
941 {
942 }
944 //------------------------------------------
945 // nsJARItem::GetCompression
946 //------------------------------------------
947 NS_IMETHODIMP
949 {
954 }
956 //------------------------------------------
957 // nsJARItem::GetSize
958 //------------------------------------------
959 NS_IMETHODIMP
961 {
966 }
968 //------------------------------------------
969 // nsJARItem::GetRealSize
970 //------------------------------------------
971 NS_IMETHODIMP
973 {
978 }
980 //------------------------------------------
981 // nsJARItem::GetCrc32
982 //------------------------------------------
983 NS_IMETHODIMP
985 {
990 }
992 //------------------------------------------
993 // nsJARItem::GetIsDirectory
994 //------------------------------------------
995 NS_IMETHODIMP
997 {
1002 }
1004 //------------------------------------------
1005 // nsJARItem::GetIsSynthetic
1006 //------------------------------------------
1007 NS_IMETHODIMP
1009 {
1014 }
1016 //------------------------------------------
1017 // nsJARItem::GetLastModifiedTime
1018 //------------------------------------------
1019 NS_IMETHODIMP
1021 {
1026 }
1028 ////////////////////////////////////////////////////////////////////////////////
1029 // nsIZipReaderCache
1031 NS_IMPL_THREADSAFE_ISUPPORTS3(nsZipReaderCache, nsIZipReaderCache, nsIObserver, nsISupportsWeakReference)
1036 #ifdef ZIP_CACHE_HIT_RATE
1037 ,
1042 #endif
1043 {
1044 }
1046 NS_IMETHODIMP
1048 {
1051 // Register as a memory pressure observer
1055 {
1058 }
1059 // ignore failure of the observer registration.
1063 }
1065 static PRBool
1067 {
1071 }
1074 {
1079 #ifdef ZIP_CACHE_HIT_RATE
1084 #endif
1085 }
1087 NS_IMETHODIMP
1089 {
1091 nsresult rv;
1095 #ifdef ZIP_CACHE_HIT_RATE
1096 mZipCacheLookups++;
1097 #endif
1099 nsCAutoString path;
1106 #ifdef ZIP_CACHE_HIT_RATE
1107 mZipCacheHits++;
1108 #endif
1110 }
1115 }
1126 }
1130 }
1133 }
1135 static PRBool
1137 {
1146 }
1147 }
1149 }
1153 static PRBool
1155 {
1161 }
1163 }
1165 nsresult
1167 {
1168 nsresult rv;
1171 // It is possible that two thread compete for this zip. The dangerous
1172 // case is where one thread Releases the zip and discovers that the ref
1173 // count has gone to one. Before it can call this ReleaseZip method
1174 // another thread calls our GetZip method. The ref count goes to two. That
1175 // second thread then Releases the zip and the ref count goes to one. It
1176 // then tries to enter this ReleaseZip method and blocks while the first
1177 // thread is still here. The first thread continues and remove the zip from
1178 // the cache and calls its Release method sending the ref count to 0 and
1179 // deleting the zip. However, the second thread is still blocked at the
1180 // start of ReleaseZip, but the 'zip' param now hold a reference to a
1181 // deleted zip!
1182 //
1183 // So, we are going to try safeguarding here by searching our hashtable while
1184 // locked here for the zip. We return fast if it is not found.
1189 #ifdef ZIP_CACHE_HIT_RATE
1190 mZipSyncMisses++;
1191 #endif
1193 }
1203 // Because of the craziness above it is possible that there is no zip that
1204 // needs removing.
1208 #ifdef ZIP_CACHE_HIT_RATE
1209 mZipCacheFlushes++;
1210 #endif
1212 // Clear the cache pointer in case we gave out this oldest guy while
1213 // his Release call was being made. Otherwise we could nest on ReleaseZip
1214 // when the second owner calls Release and we are still here in this lock.
1217 // remove from hashtable
1218 nsCAutoString path;
1227 }
1229 static PRBool
1231 {
1239 }
1241 }
1243 NS_IMETHODIMP
1247 {
1258 #ifdef xDEBUG_jband
1260 #endif
1261 }
1262 }
1266 }
1268 }
1271 {
1272 PRExplodedTime time;
1291 }
1293 ////////////////////////////////////////////////////////////////////////////////