--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/javatools/javasecuritycustomization/javasecuritycustomizationtool.pl Tue Apr 27 16:30:29 2010 +0300
@@ -0,0 +1,1356 @@
+#
+# Copyright (c) 2009 Nokia Corporation and/or its subsidiary(-ies).
+# All rights reserved.
+# This component and the accompanying materials are made available
+# under the terms of "Eclipse Public License v1.0"
+# which accompanies this distribution, and is available
+# at the URL "http://www.eclipse.org/legal/epl-v10.html".
+#
+# Initial Contributors:
+# Nokia Corporation - initial contribution.
+#
+# Contributors:
+#
+# Description:
+#
+##################################################################
+## Tool used to managing the security policies and the set of ##
+## X.509 certificates used as trust anchors in verifying the ##
+## authenticity of signing certificates used for signing ##
+## java applications ##
+## ##
+## This tool can be used at two different phases: ##
+## 1) at ROM image creation time (used by variant engineers) ##
+## before generating the variant ROM image and before ##
+## using S60 Configuration tool. ##
+## When used at this phase, ##
+## the tool instructs the ROM image creation process on ##
+## which policies and certificates to include into the ROM ##
+## image ##
+## 2) after ROM image creation time. When used at this phase ##
+## the tool generates deployment packages (SIS) to be ##
+## installed into "already flashed ROM images" ##
+## ##
+## This tool assumes the existence of a S60 environment, ##
+## therefore it must be used from within a S60 environment ##
+##################################################################
+
+#use strict;
+use Getopt::Std;
+use XML::Simple;
+use File::Spec;
+use File::Copy;
+
+# s60 specific paths
+my $CERTS_BUILD_DIR_1 = "/epoc32/data/z/private/200211dc/security/trustroots/device/certificates/";
+my $CERTS_BUILD_DIR_2 = "/epoc32/release/armv5/urel/z/private/200211dc/security/trustroots/device/certificates/";
+my $POLICIES_BUILD_DIR_1 = "/epoc32/data/z/resource/java/security/policies/";
+my $POLICIES_BUILD_DIR_2 = "/epoc32/release/armv5/urel/z/resource/java/security/policies/";
+my $IBY_DIR = "/epoc32/rom/include/core/app/";
+my $IBY_TEST_DIR = "/epoc32/rom/include/core/tools/";
+my $CONFML_DATA_DIR = "/epoc32/rom/config/confml_data/s60/";
+# global variables
+my $config_file;
+my $cert_to_remove;
+my $policy_to_remove;
+my $deployment_destination;
+my $signing_cert;
+my $signing_key;
+my $add_header = 0;
+my $deploy = 1;
+my $iby_file_name;
+my $iby_name;
+my $sis_file_name;
+my $pkg_file_name;
+my $pkg_name;
+my $package_type;
+my $signed_sis = "false";
+my $ROM = "rom";
+my $SIS = "sis";
+my $openssl = "openssl.exe";
+my $METADATA_EXT = ".metadata";
+my $STATE_EXT = ".state";
+my $JAVA_IBY_FILENAME = "java.iby";
+my $JAVA_TEST_IBY_FILENAME = "javatest.iby";
+my $JAVA_VARIANT_CERTS_IBY_FILENAME = "java_variant_certs.iby";
+my $JAVA_VARIANT_CERTS_PKG_FILENAME = "java_variant_certs.pkg";
+my $JAVA_VARIANT_CERTS_SIS_FILENAME = "java_variant_certs.sis";
+my $JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME = "java_variant_certs_policies.iby";
+my $JAVA_VARIANT_CERTS_AND_POLICIES_PKG_FILENAME = "java_variant_certs_policies.pkg";
+my $JAVA_VARIANT_CERTS_AND_POLICIES_SIS_FILENAME = "java_variant_certs_policies.sis";
+my $JAVA_VARIANT_POLICY_IBY_FILENAME = "java_variant_policy.iby";
+my $JAVA_VARIANT_POLICY_PKG_FILENAME = "java_variant_policy.pkg";
+my $JAVA_VARIANT_POLICY_SIS_FILENAME = "java_variant_policy.sis";
+my $JAVA_CUSTOM_SECURITY_PKG_FILENAME = "java_custom_security.pkg";
+my $JAVA_CUSTOM_SECURITY_SIS_FILENAME = "java_custom_security.sis";
+my $NON_REMOVABLE_PACKAGE_TYPE = ",(0x2001FD68), 1,0,0, TYPE=PU,RU\n%{\"Nokia\"}\n:\"Nokia\"\n[0x1028315F], 0, 0, 0, {\"Series60ProductID\"}\n";
+my $REMOVABLE_PACKAGE_TYPE = ",(0x2001FD68), 1,0,0, TYPE=SP,RU\n%{\"Nokia\"}\n:\"Nokia\"\n[0x1028315F], 0, 0, 0, {\"Series60ProductID\"}\n";
+# IBY and PKG data
+my $CERTS_DATACAGE = "\\private\\200211dc\\security\\trustroots\\device\\certificates\\";
+my $CERTS_STATE_DATACAGE = "\\private\\200211dc\\security\\trustroots\\device\\state\\";
+my $POLICIES_DATACAGE_SRC = "\\resource\\java\\security\\policies\\";
+my $POLICIES_DATACAGE_SRC_5_0 = "\\private\\102033E6\\resource\\security\\policies\\";
+my $POLICIES_DATACAGE_DEST = "RESOURCE_FILES_DIR\\java\\security\\policies\\";
+
+##############################################################
+## Displays the usage help ##
+##############################################################
+sub usage
+{
+ system("cls");
+ print "\nUsage:\n\javasecuritycustomizationtool.pl listcerts | addcerts | deploycerts | removecert <cert_name> | listpolicies | addpolicy | deploypolicy | removepolicy <policy_name> | addall | deployall | setpolicy | setwarningsmode \n";
+ print "\nWhere:\n";
+ print "listcerts Lists all the X.509 certificates used as trust anchors in\n";
+ print " verifying the authenticity of signed java applications and\n";
+ print " also used in binding java applications to protection domains\n";
+ print "addcerts Adds new X.509 certificates into the existing collection\n";
+ print " of X.509 certificates used as trust anchors in verifying the\n";
+ print " authenticity of signed java applications and also used in\n";
+ print " binding java applications to protection domains\n";
+ print " The properties of the certificates to be added are specified\n";
+ print " by the file 'configdata.xml'\n";
+ print "deploycerts Creates a SIS package, containing new X.509 certificates,\n";
+ print " to be installed into a device having java security system in \n";
+ print " place. These new certificates are used as trust anchors in\n";
+ print " verifying the authenticity of signed java applications and\n";
+ print " also used in binding java applications to protection domains\n";
+ print " The properties of the certificates to be deployed are specified\n";
+ print " by the file 'configdata.xml'\n";
+ print "removecert Removes a single X.509 certificate from the existing collection\n";
+ print " of X.509 certificates used as trust anchors in verifying the\n";
+ print " authenticity of signed java applications and also used in\n";
+ print " binding java applications to protection domains\n";
+ print "listpolicies Lists all the policies used for granting permissions to java\n";
+ print " applications\n";
+ print "addpolicy Adds a new policy into the existing collection of policies\n";
+ print " used for granting permissions to java applications\n";
+ print " The properties of the policy to be added are specified\n";
+ print " by the file 'configdata.xml'\n";
+ print "deploypolicy Creates a SIS package, containing a new policy, to be\n";
+ print " installed into a device having java security system in place\n";
+ print " The properties of the policy to be deployed are specified by\n";
+ print " the file 'configdata.xml'\n";
+ print "removepolicy Removes a single policy from the collection of policies\n";
+ print " used for granting permissions to java applications\n";
+ print "addall Adds new X.509 certificates and a new policy into the existing\n";
+ print " collection of certificates/policies used for\n";
+ print " authentication/authorization of java applications. This is the\n";
+ print " equivalent of the combined command line arguments 'addcerts'\n";
+ print " and 'addpolicy'\n";
+ print "deployall Creates a SIS package, containing new X.509 certificates and a\n";
+ print " new policy, to be installed into a device having java security\n";
+ print " system in place. This is a the equivalent of the combined\n";
+ print " command line arguments 'deploycerts' and 'deploypolicy'\n";
+ print " The properties of the certificates and policy to be deployed\n";
+ print " are specified by the file 'configdata.xml'\n";
+ print "setpolicy Creates a SIS package, which selects the policy to be used for\n";
+ print " granting permissions to java applications. This SIS is to be\n";
+ print " installed into a device having java security system in place\n";
+ print " The name of the selected policy is specified by the file\n";
+ print " 'configdata.xml'\n";
+ print "setwarningsmode Creates a SIS package, which selects the mode used for handling\n";
+ print " security warnings. This SIS is to be installed into a device\n";
+ print " having java security system in place\n";
+ print " The warnings mode is specified by the file 'configdata.xml'\n";
+ print "\n\nThis tool can be used at two different phases:\n";
+ print " 1) at ROM image creation time (used by variant engineers) before generating\n";
+ print " the variant ROM image and before using S60 Configuration tool. Used at\n";
+ print " this phase the tool produces configuration data for the ROM image creation\n";
+ print " process. The command line arguments to be used at this phase are:\n";
+ print " 'listcerts', 'addcerts', 'removecert', 'listpolicies', 'addpolicy',\n";
+ print " 'removepolicy', and 'addall'\n";
+ print " 2) after ROM image creation time. Used at this phase the tool generates\n";
+ print " deployment packages (SIS) to be installed into 'already flashed ROM\n";
+ print " images'. The command line arguments to be used at this phase are:\n";
+ print " 'deploycerts', 'deploypolicy', 'setpolicy', 'setwarningsmode' and\n";
+ print " 'deployall'\n";
+ print "\nThis tool assumes the existence of a S60 environment, therefore it must be used\n";
+ print "from within a S60 environment\n";
+ exit;
+}
+
+##############################################################
+## Lists all the certificates ##
+##############################################################
+sub list_certs()
+{
+ @files = <$CERTS_BUILD_DIR_1*>;
+ @certs;
+ @domains;
+ @paths;
+ foreach $file (@files) {
+ if (rindex($file, $METADATA_EXT) < 0)
+ {
+ $ext = rindex($file, ".");
+ my $file_without_ext = substr($file, 0, $ext);
+ $cert_name = substr($file, length("$CERTS_BUILD_DIR_1"));
+ if (! grep {$_ eq $cert_name} @certs) {
+ push(@certs, $cert_name);
+ push(@paths, $CERTS_BUILD_DIR_1);
+ open (METADATA_FILE, "$file_without_ext$METADATA_EXT") or die "Cannot open $file_without_ext$METADATA_EXT\n";
+ my @metadata = <METADATA_FILE>;
+ close(METADATA_FILE);
+ my $domain;
+ foreach $metadata_item (@metadata) {
+ $metadata_item_key = substr($metadata_item, 0, rindex($metadata_item, "="));
+ if ($metadata_item_key eq "name")
+ {
+ $domain = substr($metadata_item, rindex($metadata_item, "=") + 1);
+ push(@domains, $domain);
+ break;
+ }
+ }
+ }
+ }
+ }
+
+ @files = <$CERTS_BUILD_DIR_2*>;
+ foreach $file (@files) {
+ if (rindex($file, $METADATA_EXT) < 0)
+ {
+ $ext = rindex($file, ".");
+ my $file_without_ext = substr($file, 0, $ext);
+ $cert_name = substr($file, length("$CERTS_BUILD_DIR_2"));
+ if (! grep {$_ eq $cert_name} @certs) {
+ push(@certs, $cert_name);
+ push(@paths, $CERTS_BUILD_DIR_2);
+ open (METADATA_FILE, "$file_without_ext$METADATA_EXT") or die "Cannot open $file_without_ext$METADATA_EXT\n";
+ my @metadata = <METADATA_FILE>;
+ close(METADATA_FILE);
+ my $domain;
+ foreach $metadata_item (@metadata) {
+ $metadata_item_key = substr($metadata_item, 0, rindex($metadata_item, "="));
+ if ($metadata_item_key eq "name")
+ {
+ $domain = substr($metadata_item, rindex($metadata_item, "=") + 1);
+ push(@domains, $domain);
+ break;
+ }
+ }
+ }
+ }
+ }
+
+ # display only the files which are found inside java.iby or javatest.iby
+ open (JAVA_IBY, "$IBY_DIR$JAVA_IBY_FILENAME");
+ my @java_iby_lines = <JAVA_IBY>;
+ close(JAVA_IBY);
+ my @java_test_iby_lines;
+ if (-f "$IBY_TEST_DIR$JAVA_TEST_IBY_FILENAME")
+ {
+ open (JAVA_TEST_IBY, "$IBY_TEST_DIR$JAVA_TEST_IBY_FILENAME");
+ @java_test_iby_lines = <JAVA_TEST_IBY>;
+ close(JAVA_TEST_IBY);
+ }
+ my @java_variant_certs_iby_lines;
+ if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_IBY_FILENAME")
+ {
+ open (JAVA_VARIANT_CERTS_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_IBY_FILENAME");
+ @java_variant_certs_iby_lines = <JAVA_VARIANT_CERTS_IBY>;
+ close(JAVA_VARIANT_CERTS_IBY);
+ }
+ my @java_variant_certs_policies_iby_lines;
+ if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME")
+ {
+ open (JAVA_VARIANT_CERTS_POLICIES_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME");
+ @java_variant_certs_policies_iby_lines = <JAVA_VARIANT_CERTS_POLICIES_IBY>;
+ close(JAVA_VARIANT_CERTS_POLICIES_IBY);
+ }
+ $index = 0;
+ my $found = 0;
+ foreach $cert (@certs) {
+ $found = 0;
+ foreach $java_iby_line (@java_iby_lines) {
+ if (rindex($java_iby_line, $cert) >= 0) {
+ $found = 1;
+ last;
+ }
+ }
+ if ($found == 0)
+ {
+ foreach $java_variant_certs_iby_line (@java_variant_certs_iby_lines) {
+ if (rindex($java_variant_certs_iby_line, $cert) >= 0) {
+ $found = 1;
+ last;
+ }
+ }
+ }
+ if ($found == 0)
+ {
+ foreach $java_variant_certs_policies_iby_line (@java_variant_certs_policies_iby_lines) {
+ if (rindex($java_variant_certs_policies_iby_line, $cert) >= 0) {
+ $found = 1;
+ last;
+ }
+ }
+ }
+ #if ($found == 0)
+ #{
+ #foreach $java_test_iby_line (@java_test_iby_lines) {
+ #if (rindex($java_test_iby_line, $cert) >= 0) {
+ #$found = 1;
+ #last;
+ #}
+ #}
+ #}
+ if ($found == 1)
+ {
+ print "Certificate:\n";
+ print " Name: ", $cert , "\n";
+ print " Domain: ", $domains[$index];
+ print " Path: ", $paths[$index], "\n\n";
+ }
+ $index = $index + 1;
+ }
+}
+
+##############################################################
+## Removes a certain certificate ##
+##############################################################
+sub remove_cert()
+{
+ if (! -f "$CERTS_BUILD_DIR_1$cert_to_remove")
+ {
+ print "\n\nERROR: ", $cert_to_remove, " not found.\n";
+ exit;
+ } else
+ {
+
+ $ext = rindex($cert_to_remove, ".");
+ $file_without_ext = substr($cert_to_remove, 0, $ext);
+
+ # modify java.iby
+ mkdir "tmp";
+ open (JAVA_IBY, "$IBY_DIR$JAVA_IBY_FILENAME");
+ open (JAVA_NEW_IBY, "+>tmp/$JAVA_IBY_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_IBY_FILENAME)\n";
+ my @java_iby_lines = <JAVA_IBY>;
+ my $found = 0;
+ foreach $java_iby_line (@java_iby_lines) {
+ if (rindex($java_iby_line, $cert_to_remove) < 0 && rindex($java_iby_line, "$file_without_ext$METADATA_EXT") < 0)
+ {
+ print JAVA_NEW_IBY $java_iby_line;
+ }
+ else
+ {
+ $found = 1;
+ }
+ }
+ close(JAVA_IBY);
+ close(JAVA_NEW_IBY);
+ move("tmp/$JAVA_IBY_FILENAME", "$IBY_DIR");
+ if ($found == 0)
+ {
+ if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_IBY_FILENAME")
+ {
+ open (JAVA_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_IBY_FILENAME");
+ open (JAVA_NEW_IBY, "+>tmp/$JAVA_VARIANT_CERTS_IBY_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_VARIANT_CERTS_IBY_FILENAME)\n";
+ my @java_iby_lines = <JAVA_IBY>;
+ my $found = 0;
+ foreach $java_iby_line (@java_iby_lines) {
+ if (rindex($java_iby_line, $cert_to_remove) < 0 && rindex($java_iby_line, "$file_without_ext$METADATA_EXT") < 0)
+ {
+ print JAVA_NEW_IBY $java_iby_line;
+ }
+ }
+ close(JAVA_IBY);
+ close(JAVA_NEW_IBY);
+ move("tmp/$JAVA_VARIANT_CERTS_IBY_FILENAME", "$IBY_DIR");
+ }
+ # check the combined iby file as well
+ if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME")
+ {
+ open (JAVA_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME");
+ open (JAVA_NEW_IBY, "+>tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME)\n";
+ my @java_iby_lines = <JAVA_IBY>;
+ my $found = 0;
+ foreach $java_iby_line (@java_iby_lines) {
+ if (rindex($java_iby_line, $cert_to_remove) < 0 && rindex($java_iby_line, "$file_without_ext$METADATA_EXT") < 0)
+ {
+ print JAVA_NEW_IBY $java_iby_line;
+ }
+ }
+ close(JAVA_IBY);
+ close(JAVA_NEW_IBY);
+ move("tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME", "$IBY_DIR");
+ }
+
+ }
+
+ unlink("$CERTS_BUILD_DIR_1$cert_to_remove");
+ unlink("$CERTS_BUILD_DIR_1$file_without_ext$METADATA_EXT");
+
+ unlink("$CERTS_BUILD_DIR_2$cert_to_remove");
+ unlink("$CERTS_BUILD_DIR_2$file_without_ext$METADATA_EXT");
+
+ system("rmdir tmp /s /q");
+ }
+}
+
+##############################################################
+## Adds new certificates ##
+##############################################################
+sub add_certs()
+{
+ $config_file = "./configdata.xml";
+
+ my $xml = new XML::Simple(suppressempty => '');
+ my $xmldata = $xml->XMLin($config_file, forcearray => 1);
+
+ my $root_file;
+ my $root_domain;
+ my $root_canDelete;
+ my $root_canDisable;
+ my $root_file_without_ext;
+ my $root_file_with_ext;
+ my $root_state;
+
+ mkdir "tmp";
+ mkdir "tmp/certs/";
+ if ($deployment_destination eq $ROM)
+ {
+ open (IBY_FILE, "+>tmp/$iby_file_name") or die "Cannot create tmp file (tmp/$iby_file_name)\n";
+ print IBY_FILE "#ifndef __" . "$iby_name" ."__\n#define __" . "$iby_name" ."__\n\n#include <data_caging_paths_for_iby.hrh>\n\n";
+ }
+ else
+ {
+ open (PKG_FILE, "+>tmp/$pkg_file_name") or die "Cannot create tmp file (tmp/$pkg_file_name)\n";
+ print PKG_FILE "&EN\n#{\"$pkg_name\"}" ."$package_type";
+ open (POLICY_FILE, "+>tmp/update_certs") or die "Cannot create tmp file (tmp/update_certs)\n";
+ close POLICY_FILE;
+ }
+
+ foreach my $root (@{$xmldata->{root}}) {
+
+ # read the xml node
+ $root_file = $root->{file}->[0];
+ $root_domain = $root->{domain}->[0];
+ $root_canDelete = $root->{canDelete}->[0];
+ $root_canDisable = $root->{canDisable}->[0];
+
+ if ($deployment_destination eq $SIS)
+ {
+ $root_state = $root->{state}->[0];
+ if (($root_state ne "") && ($root_state ne "enabled") && ($root_state ne "disabled") && ($root_state ne "removed")) {
+ print "ERROR: The values for \"state\" can be either \"enabled\" or \"disabled\" or \"removed\". Please check the configuration file $config_file\n";
+ close IBY_FILE;
+ close PKG_FILE;
+ system("rmdir tmp /s /q");
+ exit;
+ }
+ }
+
+ # validate the root file
+ if (! -f $root_file) {
+ print "\nERROR: root file $root_file doesn't exist. Please check the configuration file $config_file\n";
+ close IBY_FILE;
+ close PKG_FILE;
+ system("rmdir tmp /s /q");
+ exit;
+ }
+ # validate start date of the root
+ ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
+ $current_year = $year + 1900;
+ system("openssl x509 -inform DER -in $root_file -noout -startdate > tmp/startdate.txt");
+ open(start_date_file, "tmp/startdate.txt");
+ my @start_date = <start_date_file>;
+ close(start_date_file);
+ unlink("tmp/startdate.txt");
+ @start_date_details = split(/ /, $start_date[0]);
+ my $start_date_year = $start_date_details[3];
+ if ($start_date_year > $current_year) {
+ print "\nERROR: root $root_file not yet valid.\n";
+ close IBY_FILE;
+ close PKG_FILE;
+ system("rmdir tmp /s /q");
+ exit;
+ }
+ # validate end date of the root
+ system("openssl x509 -inform DER -in $root_file -noout -enddate > tmp/enddate.txt");
+ open(end_date_file, "tmp/enddate.txt");
+ my @end_date = <end_date_file>;
+ close(end_date_file);
+ unlink("tmp/enddate.txt");
+ @end_date_details = split(/ /, $end_date[0]);
+ $year_index = 0;
+ $found_items = 0;
+ foreach $end_date_detail (@end_date_details) {
+ if ($found_items == 3)
+ {
+ last;
+ }
+ if ($end_date_detail ne "")
+ {
+ $found_items = $found_items + 1;
+ }
+ $year_index = $year_index + 1;
+ }
+ my $end_date_year = $end_date_details[$year_index];
+ if ($end_date_year < $current_year) {
+ print "\nERROR: root $root_file is expired.\n";
+ close IBY_FILE;
+ close PKG_FILE;
+ system("rmdir tmp /s /q");
+ exit;
+ }
+ #validate the domain
+ if (($root_domain ne "Manufacturer") && ($root_domain ne "Operator") && ($root_domain ne "OperatorExtra") && ($root_domain ne "IdentifiedThirdParty")) {
+ print "\nERROR: the values for \"domain\" can be either \"Manufacturer\" or \"Operator\" or \"OperatorExtra\" or \"IdentifiedThirdParty\". Please check the configuration file $config_file\n";
+ close IBY_FILE;
+ close PKG_FILE;
+ system("rmdir tmp /s /q");
+ exit;
+ }
+ #validate the canDelete element
+ if (($root_canDelete ne "") && ($root_canDelete ne "true") && ($root_canDelete ne "false")) {
+ print "\nERROR: the values for \"canDelete\" can be either \"true\" or \"false\". Please check the configuration file $config_file\n";
+ close IBY_FILE;
+ close PKG_FILE;
+ system("rmdir tmp /s /q");
+ exit;
+ }
+ #validate the canDisable element
+ if (($root_canDisable ne "") && ($root_canDisable ne "true") && ($root_canDisable ne "false")) {
+ print "ERROR: The values for \"canDisable\" can be either \"true\" or \"false\". Please check the configuration file $config_file\n";
+ close IBY_FILE;
+ close PKG_FILE;
+ system("rmdir tmp /s /q");
+ exit;
+ }
+ # generate the cert metadata and copy the cert & metadata to a tmp folder
+ system("openssl x509 -inform DER -in $root_file -noout -issuer_hash > tmp/hash.txt");
+ open(hash_file, "tmp/hash.txt");
+ my @lines = <hash_file>;
+ close(hash_file);
+ unlink("tmp/hash.txt");
+ $start_index = rindex($root_file, "/");
+ $end_index = rindex($root_file, ".");
+ if ($start_index >= 0)
+ {
+ $root_file_without_ext = substr($root_file, $start_index + 1, $end_index - $start_index - 1);
+ $root_file_with_ext = substr($root_file, $start_index + 1);
+ }
+ else
+ {
+ $root_file_without_ext = substr($root_file, 0, $end_index);
+ $root_file_with_ext = $root_file;
+ }
+ open (EXT_FILE, "+>tmp/certs/$root_file_without_ext$METADATA_EXT") or die "Cannot create temp file (tmp/certs/$root_file_without_ext$METADATA_EXT)\n";
+ print EXT_FILE "name=$root_domain\n";
+ if ($root_domain eq "Manufacturer")
+ {
+ print EXT_FILE "category=MFD\n";
+ }
+ if ($root_domain eq "Operator")
+ {
+ print EXT_FILE "category=OPD\n";
+ }
+ if ($root_domain eq "OperatorExtra")
+ {
+ print EXT_FILE "category=OPD\n";
+ }
+ if ($root_domain eq "IdentifiedThirdParty")
+ {
+ print EXT_FILE "category=ITPD\n";
+ }
+ if ($root_canDelete eq "" || $root_canDelete eq "false") {
+ print EXT_FILE "removable=0\n";
+ }
+ else
+ {
+ print EXT_FILE "removable=1\n";
+ }
+ if ($root_canDisable eq "" || $root_canDisable eq "false") {
+ print EXT_FILE "disablable=0\n";
+ }
+ else
+ {
+ print EXT_FILE "disablable=1\n";
+ }
+ print EXT_FILE "hash=$lines[0]\n";
+ close EXT_FILE;
+ copy($root_file, "tmp/certs/") or die "File $root_file cannot be copied to tmp/";
+ # strip off the path
+ if ($deployment_destination eq $ROM)
+ {
+ print IBY_FILE "data=ABI_DIR\\BUILD_DIR\\z" ."$CERTS_DATACAGE";
+ print IBY_FILE $root_file_with_ext;
+ print IBY_FILE " " ."$CERTS_DATACAGE";
+ print IBY_FILE $root_file_with_ext;
+ print IBY_FILE "\ndata=ABI_DIR\\BUILD_DIR\\z" ."$CERTS_DATACAGE";
+ print IBY_FILE $root_file_without_ext;
+ print IBY_FILE "$METADATA_EXT " ."$CERTS_DATACAGE";
+ print IBY_FILE $root_file_without_ext;
+ print IBY_FILE "$METADATA_EXT\n";
+ }
+ else
+ {
+ print PKG_FILE "\"./tmp/certs/";
+ print PKG_FILE $root_file_with_ext;
+ print PKG_FILE "\"-\"c:" . "$CERTS_DATACAGE";
+ print PKG_FILE $root_file_with_ext;
+ print PKG_FILE "\"\n\"./tmp/certs/";
+ print PKG_FILE $root_file_without_ext;
+ print PKG_FILE "$METADATA_EXT\"-\"c:" ."$CERTS_DATACAGE";
+ print PKG_FILE $root_file_without_ext;
+ print PKG_FILE "$METADATA_EXT\"\n";
+ if ($root_state ne "")
+ {
+ open (STATE_FILE, "+>tmp/certs/$root_file_without_ext$STATE_EXT") or die "Cannot create temp file (tmp/certs/$root_file_without_ext$STATE_EXT)\n";
+ binmode STATE_FILE;
+ my $state;
+ if ($root_state eq "enabled")
+ {
+ $state = pack("h8", "3000");
+ }
+ else
+ {
+ if ($root_state eq "disabled")
+ {
+ $state = pack("h8", "2000");
+ }
+ else
+ {
+ if ($root_state eq "removed")
+ {
+ $state = pack("h8", "1000");
+ }
+ }
+ }
+ print STATE_FILE $state;
+ close STATE_FILE;
+ print PKG_FILE "\"./tmp/certs/";
+ print PKG_FILE $root_file_without_ext;
+ print PKG_FILE "$STATE_EXT\"-\"c:" ."$CERTS_STATE_DATACAGE";
+ print PKG_FILE $root_file_without_ext;
+ print PKG_FILE "$STATE_EXT\"\n";
+ }
+ }
+ }
+ if ($deployment_destination eq $SIS)
+ {
+ print PKG_FILE "\"./tmp/update_certs\"-\"c:\\private\\102033E6\\security\\tmp\\update_certs\"\n";
+ }
+ if ($deploy == 1)
+ {
+ print PKG_FILE "\"\\epoc32\\release\\armv5\\urel\\javasecuritycustomization.exe\"-\"c:\\sys\\bin\\javasecuritycustomization.exe\", FR, RB, RW\n";
+ }
+
+ # copy all the certificates and coresponding metadatas to right locations
+ @files = <tmp/certs/*>;
+ foreach $file (@files) {
+ if ($deployment_destination eq $ROM)
+ {
+ copy($file, $CERTS_BUILD_DIR_2);
+ copy($file, $CERTS_BUILD_DIR_1);
+ }
+ }
+ if ($deployment_destination eq $ROM)
+ {
+ if ($deploy == 1)
+ {
+ print IBY_FILE "\n\n#endif\n";
+ }
+ close IBY_FILE;
+ }
+ else
+ {
+ close PKG_FILE;
+ }
+
+ if ($deploy == 1)
+ {
+ # generate the iby file and copy it to right location
+ if ($deployment_destination eq $ROM)
+ {
+ move("tmp/$iby_file_name", "$IBY_DIR");
+ }
+ else
+ {
+ system("makesis ./tmp/$pkg_file_name ./tmp/tmp.sis");
+ if (-f $signing_cert && -f $signing_key)
+ {
+ $ret = system("signsis ./tmp/tmp.sis $sis_file_name $signing_cert $signing_key");
+ if ($ret != 0)
+ {
+ $signed_sis = false;
+ }
+ else
+ {
+ $signed_sis = true;
+ }
+ unlink("./tmp/tmp.sis");
+ }
+ else
+ {
+ move("./tmp/tmp.sis", "./$sis_file_name");
+ }
+ unlink("./tmp/$pkg_file_name");
+ }
+ system("rmdir tmp /s /q");
+ }
+}
+
+##############################################################
+## Adds a new policy ##
+##############################################################
+sub add_policy()
+{
+ $config_file = "./configdata.xml";
+
+ my $xml = new XML::Simple(suppressempty => '');
+ my $xmldata = $xml->XMLin($config_file);
+
+ my $policy_name;
+ my $utp_policy_path;
+ my $ttp_policy_path;
+ my $operator_policy_path;
+ my $manufacturer_policy_path;
+
+ # create tmp directory
+ mkdir "tmp";
+ mkdir "tmp/policies/";
+ mkdir "tmp/policies/external/";
+ mkdir "tmp/policies/internal/";
+
+ # read the xml node
+ $policy_name = $xmldata->{policy}->{name};
+ $s60_version = $xmldata->{s60_version};
+ $utp_policy_path = $xmldata->{policy}->{unidentifiedthirdparty};
+ $ttp_policy_path = $xmldata->{policy}->{identifiedthirdparty};
+ $operator_policy_path = $xmldata->{policy}->{operator};
+ $manufacturer_policy_path = $xmldata->{policy}->{manufacturer};
+
+ # validate the policy name
+ $tmp_str = lc $policy_name;
+ if (($policy_name eq "") || ($tmp_str eq "s60") || ($tmp_str eq "msa") || ($tmp_str eq "att"))
+ {
+ if ($policy_name eq "")
+ {
+ print "\nERROR: the name of the policy is mandatory. Please check the configuration file $config_file\n";
+ }
+ else
+ {
+ print "\nERROR: the names \"s60\", \"msa\" and \"att\" are reserved therefore the new policy can not use any of these names. Please check the configuration file $config_file\n";
+ }
+ close IBY_FILE;
+ system("rmdir tmp /s /q");
+ exit;
+ }
+
+ # validate the policy files
+ if (! -f $utp_policy_path || ! -f $ttp_policy_path || ! -f $operator_policy_path || ! -f $manufacturer_policy_path)
+ {
+ print "\nERROR: the new policy must contain specifications for all the four protection domains. Please check the configuration file $config_file\n";
+ system("rmdir tmp /s /q");
+ exit;
+ }
+
+ # prepare the data for the securitypolicyeditor tool
+ copy($utp_policy_path, "tmp/policies/external/" . "$policy_name" . "_untrusted.txt") or die "File $utp_policy_path cannot be copied to tmp/policies/external/";
+ copy($ttp_policy_path, "tmp/policies/external/" . "$policy_name" . "_trustedthirdparty.txt") or die "File $ttp_policy_path cannot be copied to tmp/policies/external/";
+ copy($operator_policy_path, "tmp/policies/external/" . "$policy_name" . "_operator.txt") or die "File $operator_policy_path cannot be copied to tmp/policies/external/";
+ copy($manufacturer_policy_path, "tmp/policies/external/" . "$policy_name" . "_manufacturer.txt") or die "File $manufacturer_policy_path cannot be copied tmp/policies/external/";
+
+ # delegate the securitypolicytool to generate the internal policies
+ $ret = system("java -cp ./policyeditor/bin/securitypolicyeditor.jar;./policyeditor/lib/engine.jar com.nokia.mj.tools.security.midp.PolicyEditor tmp/policies/external/ tmp/policies/internal/");
+ if ($ret != 0)
+ {
+ system("rmdir tmp /s /q");
+ exit;
+ }
+
+ if ($deployment_destination eq $SIS)
+ {
+ open (POLICY_FILE, "+>tmp/policies/new_policy.txt") or die "Cannot create tmp file (tmp/policies/new_policy.txt)\n";
+ print POLICY_FILE "$policy_name";
+ close POLICY_FILE;
+ $policies_dest = "c:" ."$POLICIES_DATACAGE_SRC";
+ if ($s60_version eq "5.0")
+ {
+ $policies_dest = "c:" ."$POLICIES_DATACAGE_SRC_5_0";
+ }
+
+ if ($add_header == 1)
+ {
+ open (PKG_FILE, "+>tmp/$pkg_file_name") or die "Cannot create tmp file (tmp/$pkg_file_name)\n";
+ print PKG_FILE "&EN\n#{\"$pkg_name\"}" ."$package_type";
+ }
+ else
+ {
+ open (PKG_FILE, ">>tmp/$pkg_file_name") or die "Cannot open tmp file (tmp/$pkg_file_name)\n";
+ }
+ print PKG_FILE "\"./tmp/policies/internal/" . "$policy_name" . "_untrusted.ser\"-\"$policies_dest" . "$policy_name" . "_untrusted.ser\"\n";
+ print PKG_FILE "\"./tmp/policies/internal/" . "$policy_name" . "_trustedthirdparty.ser\"-\"$policies_dest" . "$policy_name" . "_trustedthirdparty.ser\"\n";
+ print PKG_FILE "\"./tmp/policies/internal/" . "$policy_name" . "_operator.ser\"-\"$policies_dest" . "$policy_name" . "_operator.ser\"\n";
+ print PKG_FILE "\"./tmp/policies/internal/" . "$policy_name" . "_manufacturer.ser\"-\"$policies_dest" . "$policy_name" . "_manufacturer.ser\"\n";
+ print PKG_FILE "\"./tmp/policies/new_policy.txt\"-\"c:\\private\\102033E6\\security\\tmp\\new_policy.txt\"\n";
+ print PKG_FILE "\"\\epoc32\\release\\armv5\\urel\\javasecuritycustomization.exe\"-\"c:\\sys\\bin\\javasecuritycustomization.exe\", FR, RB, RW\n";
+ close PKG_FILE;
+ }
+ else
+ {
+ if ($add_header == 1)
+ {
+ open (IBY_FILE, "+>tmp/$iby_file_name") or die "Cannot create tmp file (tmp/$iby_file_name)\n";
+ print IBY_FILE "#ifndef __" ."$iby_name" ."__\n#define __" . "$iby_name" ."__\n\n#include <data_caging_paths_for_iby.hrh>\n\n";
+ }
+ else
+ {
+ open (IBY_FILE, ">>tmp/$iby_file_name") or die "Cannot open tmp file (tmp/$iby_file_name)\n";
+ }
+ print IBY_FILE "data=ABI_DIR\\BUILD_DIR\\z" ."$POLICIES_DATACAGE_SRC" . "$policy_name" . "_untrusted.ser " ."$POLICIES_DATACAGE_DEST" . "$policy_name" . "_untrusted.ser\n";
+ print IBY_FILE "data=ABI_DIR\\BUILD_DIR\\z" ."$POLICIES_DATACAGE_SRC" . "$policy_name" . "_trustedthirdparty.ser ". "$POLICIES_DATACAGE_DEST" . "$policy_name" . "_trustedthirdparty.ser\n";
+ print IBY_FILE "data=ABI_DIR\\BUILD_DIR\\z" ."$POLICIES_DATACAGE_SRC" . "$policy_name" . "_operator.ser " ."$POLICIES_DATACAGE_DEST" . "$policy_name" . "_operator.ser\n";
+ print IBY_FILE "data=ABI_DIR\\BUILD_DIR\\z" ."$POLICIES_DATACAGE_SRC" . "$policy_name" . "_manufacturer.ser " ."$POLICIES_DATACAGE_DEST" . "$policy_name" . "_manufacturer.ser\n";
+ print IBY_FILE "\n\n#endif\n";
+ close IBY_FILE;
+ }
+
+ # deploy the policy
+ if ($deploy == 1)
+ {
+ if ($deployment_destination eq $SIS)
+ {
+ system("makesis ./tmp/$pkg_file_name ./tmp/tmp.sis");
+ if (-f $signing_cert && -f $signing_key)
+ {
+ $ret = system("signsis ./tmp/tmp.sis $sis_file_name $signing_cert $signing_key");
+ if ($ret != 0)
+ {
+ $signed_sis = false;
+ }
+ else
+ {
+ $signed_sis = true;
+ }
+ }
+ else
+ {
+ move("./tmp/tmp.sis", "./$sis_file_name");
+ }
+ }
+ else
+ {
+ move("tmp/$iby_file_name", "$IBY_DIR");
+ # copy all the policies to right locations
+ @files = <tmp/policies/internal/*>;
+ foreach $file (@files) {
+ copy($file, $POLICIES_BUILD_DIR_2);
+ copy($file, $POLICIES_BUILD_DIR_1);
+ }
+ # update the S60 configuration tool conf data
+ my $xs = new XML::Simple(rootname => 'configuration', searchpath => ".", suppressempty => '', forcearray => 1);
+ my $input_confml = $xs->XMLin("$CONFML_DATA_DIR" ."javasecurity.confml");
+ $input_confml->{feature}->{'Java Security Configuration'}->{setting}->{Policy}->{option}->{"" . "$policy_name"} = {value => "" . "$policy_name"};
+ my $output_confml = $xs->XMLout($input_confml);
+ open (OUTPUT_CONFML_FILE, "+>tmp/javasecurity.confml") or die "Cannot create tmp file (tmp/javasecurity.confml)\n";
+ print OUTPUT_CONFML_FILE "$output_confml";
+ close OUTPUT_CONFML_FILE;
+ move("tmp/javasecurity.confml", "$CONFML_DATA_DIR") or die "Can not move tmp/javasecurity.confml to $CONFML_DATA_DIR";
+ }
+
+ # remove tmp directory
+ system("rmdir tmp /s /q");
+ }
+}
+
+##############################################################
+## Selects a certain policy ##
+##############################################################
+sub set_policy()
+{
+ $config_file = "./configdata.xml";
+
+ my $xml = new XML::Simple(suppressempty => '');
+ my $xmldata = $xml->XMLin($config_file);
+
+ my $policy_name;
+
+ # create tmp directory
+ mkdir "tmp";
+
+ # read the xml node
+ $policy_name = $xmldata->{policy}->{name};
+
+ # validate the policy name
+ $tmp_str = lc $policy_name;
+ if (($tmp_str ne "s60") && ($tmp_str ne "msa") && ($tmp_str ne "att"))
+ {
+ print "\nERROR: the name of the policy is mandatory and it can be either \"s60\", \"msa\" or \"att\". Please check the configuration file $config_file\n";
+ system("rmdir tmp /s /q");
+ exit;
+ }
+
+ open (POLICY_FILE, "+>tmp/new_policy.txt") or die "Cannot create tmp file (tmp/new_policy.txt)\n";
+ print POLICY_FILE "$policy_name";
+ close POLICY_FILE;
+ open (PKG_FILE, "+>tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME)\n";
+ print PKG_FILE "&EN\n#{\"JavaSecurityPolicySelector\"}" ."$package_type";
+ print PKG_FILE "\".\\tmp\\new_policy.txt\"-\"c:\\private\\102033E6\\security\\tmp\\new_policy.txt\"\n";
+ print PKG_FILE "\"\\epoc32\\release\\armv5\\urel\\javasecuritycustomization.exe\"-\"c:\\sys\\bin\\javasecuritycustomization.exe\", FR, RB, RW\n";
+ close PKG_FILE;
+ system("makesis ./tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME ./tmp/tmp.sis");
+ if (-f $signing_cert && -f $signing_key)
+ {
+ $ret = system("signsis ./tmp/tmp.sis $JAVA_CUSTOM_SECURITY_SIS_FILENAME $signing_cert $signing_key");
+ if ($ret != 0)
+ {
+ $signed_sis = false;
+ }
+ else
+ {
+ $signed_sis = true;
+ }
+ }
+ else
+ {
+ move("./tmp/tmp.sis", "./$JAVA_CUSTOM_SECURITY_SIS_FILENAME");
+ }
+
+ # remove tmp directory
+ system("rmdir tmp /s /q");
+}
+
+##############################################################
+## Selects the security warnings mode ##
+##############################################################
+sub set_warnings_mode()
+{
+ $config_file = "./configdata.xml";
+
+ my $xml = new XML::Simple(suppressempty => '');
+ my $xmldata = $xml->XMLin($config_file);
+
+ my $policy_name;
+
+ # create tmp directory
+ mkdir "tmp";
+
+ # read the xml node
+ $warnings_mode = $xmldata->{warningsmode};
+
+ # validate the policy name
+ if (($warnings_mode ne "user") && ($warnings_mode ne "default"))
+ {
+ print "\nERROR: the warnings mode is mandatory and it can be either \"user\" or \"default\". Please check the configuration file $config_file\n";
+ system("rmdir tmp /s /q");
+ exit;
+ }
+
+ open (WARNINGS_MODE_FILE, "+>tmp/new_warnings_mode.txt") or die "Cannot create tmp file (tmp/new_warnings_mode.txt)\n";
+ if ($warnings_mode eq "user")
+ {
+ print WARNINGS_MODE_FILE "1";
+ }
+ else
+ {
+ print WARNINGS_MODE_FILE "2";
+ }
+ close WARNINGS_MODE_FILE;
+ open (PKG_FILE, "+>tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME)\n";
+ print PKG_FILE "&EN\n#{\"JavaSecurityWarningsModeSelector\"}" ."$package_type";
+ print PKG_FILE "\".\\tmp\\new_warnings_mode.txt\"-\"c:\\private\\102033E6\\security\\tmp\\new_warnings_mode.txt\"\n";
+ print PKG_FILE "\"\\epoc32\\release\\armv5\\urel\\javasecuritycustomization.exe\"-\"c:\\sys\\bin\\javasecuritycustomization.exe\", FR, RB, RW\n";
+ close PKG_FILE;
+ system("makesis ./tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME ./tmp/tmp.sis");
+ if (-f $signing_cert && -f $signing_key)
+ {
+ $ret = system("signsis ./tmp/tmp.sis $JAVA_CUSTOM_SECURITY_SIS_FILENAME $signing_cert $signing_key");
+ if ($ret != 0)
+ {
+ $signed_sis = false;
+ }
+ else
+ {
+ $signed_sis = true;
+ }
+ }
+ else
+ {
+ move("./tmp/tmp.sis", "./$JAVA_CUSTOM_SECURITY_SIS_FILENAME");
+ }
+
+ # remove tmp directory
+ system("rmdir tmp /s /q");
+}
+
+##############################################################
+## Lists all the policies ##
+##############################################################
+sub list_policies()
+{
+ @files = <$POLICIES_BUILD_DIR_1*_*.ser>;
+ @policies;
+ foreach $file (@files) {
+ $start_index = rindex($file, "/");
+ $end_index = rindex($file, "_");
+ $file_without_ext = substr($file, $start_index + 1, $end_index - $start_index - 1);
+ if (! grep {$_ eq $file_without_ext} @policies) {
+ push(@policies, $file_without_ext);
+ }
+ }
+ @files = <$POLICIES_BUILD_DIR_2*_*.ser>;
+ foreach $file (@files) {
+ $start_index = rindex($file, "/");
+ $end_index = rindex($file, "_");
+ $file_without_ext = substr($file, $start_index + 1, $end_index - $start_index - 1);
+ if (! grep {$_ eq $file_without_ext} @policies) {
+ push(@policies, $file_without_ext);
+ }
+ }
+ # display only the policies which are found inside java.iby or javatest.iby
+ open (JAVA_IBY, "$IBY_DIR$JAVA_IBY_FILENAME");
+ my @java_iby_lines = <JAVA_IBY>;
+ close(JAVA_IBY);
+ my @java_test_iby_lines;
+ if (-f "$IBY_TEST_DIR$JAVA_TEST_IBY_FILENAME")
+ {
+ open (JAVA_TEST_IBY, "$IBY_TEST_DIR$JAVA_TEST_IBY_FILENAME");
+ @java_test_iby_lines = <JAVA_TEST_IBY>;
+ close(JAVA_TEST_IBY);
+ }
+ my @java_variant_policy_iby_lines;
+ if (-f "$IBY_DIR$JAVA_VARIANT_POLICY_IBY_FILENAME")
+ {
+ open (JAVA_VARIANT_POLICY_IBY, "$IBY_DIR$JAVA_VARIANT_POLICY_IBY_FILENAME");
+ @java_variant_policy_iby_lines = <JAVA_VARIANT_POLICY_IBY>;
+ close(JAVA_VARIANT_POLICY_IBY);
+ }
+ my @java_variant_certs_policies_iby_lines;
+ if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME")
+ {
+ open (JAVA_VARIANT_CERTS_POLICIES_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME");
+ @java_variant_certs_policies_iby_lines = <JAVA_VARIANT_CERTS_POLICIES_IBY>;
+ close(JAVA_VARIANT_CERTS_POLICIES_IBY);
+ }
+ my $found = 0;
+ foreach $policy (@policies) {
+ $found = 0;
+ foreach $java_iby_line (@java_iby_lines) {
+ if (rindex($java_iby_line, "$policy" . "_") >= 0) {
+ $found = 1;
+ last;
+ }
+ }
+ if ($found == 0)
+ {
+ foreach $java_variant_policy_iby_line (@java_variant_policy_iby_lines) {
+ if (rindex($java_variant_policy_iby_line, "$policy" . "_") >= 0) {
+ $found = 1;
+ last;
+ }
+ }
+ }
+ if ($found == 0)
+ {
+ foreach $java_variant_certs_policies_iby_line (@java_variant_certs_policies_iby_lines) {
+ if (rindex($java_variant_certs_policies_iby_line, "$policy" . "_") >= 0) {
+ $found = 1;
+ last;
+ }
+ }
+ }
+ #if ($found == 0)
+ #{
+ #foreach $java_test_iby_line (@java_test_iby_lines) {
+ #if (rindex($java_test_iby_line, "$policy" . "_") >= 0) {
+ #$found = 1;
+ #last;
+ #}
+ #}
+ #}
+ if ($found == 1)
+ {
+ print "Policy:\n";
+ print " Name: ", $policy , "\n";
+ }
+ }
+}
+
+##############################################################
+## Removes a certain policy ##
+##############################################################
+sub remove_policy()
+{
+ $tmp_str = lc $policy_to_remove;
+ if (($tmp_str eq "s60") || ($tmp_str eq "msa") || ($tmp_str eq "att"))
+ {
+ print "\n\nERROR: 's60', 'msa' and 'att' are build in policies and can not be removed.\n";
+ exit;
+ }
+ $policy_found = 0;
+ @files = <$POLICIES_BUILD_DIR_1*_*.ser>;
+ foreach $file (@files) {
+ $index = rindex($file, $policy_to_remove);
+ if ($index >= 0)
+ {
+ unlink("$file");
+ $policy_found = 1;
+ }
+ }
+ @files = <$POLICIES_BUILD_DIR_2*_*.ser>;
+ foreach $file (@files) {
+ $index = rindex($file, $policy_to_remove);
+ if ($index >= 0)
+ {
+ $policy_found = 1;
+ unlink("$file");
+ }
+ }
+ if ($policy_found == 0)
+ {
+ print "\n\nERROR: The policy $policy_to_remove was not found.\n";
+ exit;
+ }
+ # modify java_variant_policy.iby
+ mkdir "tmp";
+ if (-f "$IBY_DIR$JAVA_VARIANT_POLICY_IBY_FILENAME")
+ {
+ open (JAVA_IBY, "$IBY_DIR$JAVA_VARIANT_POLICY_IBY_FILENAME");
+ open (JAVA_NEW_IBY, "+>tmp/$JAVA_VARIANT_POLICY_IBY_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_VARIANT_POLICY_IBY_FILENAME)\n";
+ my @java_iby_lines = <JAVA_IBY>;
+ my $found = 0;
+ foreach $java_iby_line (@java_iby_lines) {
+ if (rindex($java_iby_line, $policy_to_remove) < 0 || rindex($java_iby_line, ".ser") < 0)
+ {
+ print JAVA_NEW_IBY $java_iby_line;
+ }
+ else
+ {
+ $found = 1;
+ }
+ }
+ close(JAVA_IBY);
+ close(JAVA_NEW_IBY);
+ move("tmp/$JAVA_VARIANT_POLICY_IBY_FILENAME", "$IBY_DIR");
+ }
+ # same for the combined iby file
+ if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME")
+ {
+ open (JAVA_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME");
+ open (JAVA_NEW_IBY, "+>tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME)\n";
+ my @java_iby_lines = <JAVA_IBY>;
+ my $found = 0;
+ foreach $java_iby_line (@java_iby_lines) {
+ if (rindex($java_iby_line, $policy_to_remove) < 0 || rindex($java_iby_line, ".ser") < 0)
+ {
+ print JAVA_NEW_IBY $java_iby_line;
+ }
+ else
+ {
+ $found = 1;
+ }
+ }
+ close(JAVA_IBY);
+ close(JAVA_NEW_IBY);
+ move("tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME", "$IBY_DIR");
+ }
+
+ # update the S60 configuration tool conf data
+ my $xs = new XML::Simple(rootname => 'configuration', searchpath => ".", suppressempty => '', forcearray => 1);
+ my $input_confml = $xs->XMLin("$CONFML_DATA_DIR" ."javasecurity.confml");
+ $input_confml->{data}->[0]->{KJavaSecurity}->[0]->{KPolicy}->[0] = 's60';
+ delete $input_confml->{feature}->{'Java Security Configuration'}->{setting}->{Policy}->{option}->{"" . "$policy_to_remove"};
+ my $output_confml = $xs->XMLout($input_confml);
+ open (OUTPUT_CONFML_FILE, "+>tmp/javasecurity.confml") or die "Cannot create tmp file (tmp/javasecurity.confml)\n";
+ print OUTPUT_CONFML_FILE "$output_confml";
+ close OUTPUT_CONFML_FILE;
+ move("tmp/javasecurity.confml", "$CONFML_DATA_DIR") or die "Can not move tmp/javasecurity.confml to $CONFML_DATA_DIR";
+
+ system("rmdir tmp /s /q");
+}
+
+sub init
+{
+ $config_file = "./configdata.xml";
+
+ my $xml = new XML::Simple(suppressempty => '');
+ my $xmldata = $xml->XMLin($config_file);
+
+ $signing_cert = $xmldata->{signing}->{cert};
+ $signing_key = $xmldata->{signing}->{key};
+
+ $package_type = $xmldata->{deploytype};
+ if (($package_type ne "") && ($package_type ne "removable") && ($package_type ne "non-removable"))
+ {
+ print "\nERROR: when specified, the type of the deployment package can have one of the two values: 'removable' or 'non-removable'. Please check the configuration file $config_file\n";
+ exit;
+ }
+ if (($package_type eq "") || ($package_type eq "non-removable"))
+ {
+ $package_type = $NON_REMOVABLE_PACKAGE_TYPE;
+ }
+ else
+ {
+ $package_type = $REMOVABLE_PACKAGE_TYPE;
+ }
+}
+
+
+##############################################################
+## Main function ##
+##############################################################
+sub main
+{
+ # do initializations
+ init();
+
+ # parse arguments
+ $numArgs = $#ARGV + 1;
+ foreach $argnum (0 .. $#ARGV)
+ {
+ if ($ARGV[$argnum] eq "addcerts")
+ {
+ $deployment_destination = $ROM;
+ $deploy = 1;
+ $iby_file_name = $JAVA_VARIANT_CERTS_IBY_FILENAME;
+ $iby_name = "JAVA_VARIANT_CERTS_IBY";
+ add_certs();
+ print "\n\nAdding of certificates was succesfull.\n";
+ exit;
+ }
+ if ($ARGV[$argnum] eq "listcerts")
+ {
+ list_certs();
+ exit;
+ }
+ if ($ARGV[$argnum] eq "removecert")
+ {
+ if ($ARGV[$argnum + 1] eq "")
+ {
+ next;
+ }
+ $cert_to_remove = $ARGV[$argnum + 1];
+ remove_cert();
+ print "\n\nThe certificate $cert_to_remove was succesfully removed.\n";
+ exit;
+ }
+ if ($ARGV[$argnum] eq "deploycerts")
+ {
+ $deployment_destination = $SIS;
+ $deploy = 1;
+ $pkg_file_name = $JAVA_VARIANT_CERTS_PKG_FILENAME;
+ $pkg_name = "JavaCustomCertificates";
+ $sis_file_name = $JAVA_VARIANT_CERTS_SIS_FILENAME;
+ add_certs();
+ if ($signed_sis eq "true")
+ {
+ print "\n\nThe deployment package '$JAVA_VARIANT_CERTS_SIS_FILENAME' was succesfully created and it can be installed into a device which has the signing certificate '$signing_cert' in place.\n";
+ }
+ else
+ {
+ print "\n\nThe deployment package '$JAVA_VARIANT_CERTS_SIS_FILENAME' was succesfully created. In order to be succesfully deployed into a device the deployment package needs to be signed by Nokia.\n";
+ }
+ exit;
+ }
+ if ($ARGV[$argnum] eq "listpolicies")
+ {
+ list_policies();
+ exit;
+ }
+ if ($ARGV[$argnum] eq "addpolicy")
+ {
+ $deployment_destination = $ROM;
+ $add_header = 1;
+ $deploy = 1;
+ $iby_file_name = $JAVA_VARIANT_POLICY_IBY_FILENAME;
+ $iby_name = "JAVA_VARIANT_POLICY_IBY";
+ add_policy();
+ print "\n\nAdding of the new policy was succesfull.\n";
+ exit;
+ }
+ if ($ARGV[$argnum] eq "removepolicy")
+ {
+ if ($ARGV[$argnum + 1] eq "")
+ {
+ next;
+ }
+ $policy_to_remove = $ARGV[$argnum + 1];
+ remove_policy();
+ print "\n\nThe policy $policy_to_remove was succesfully removed.\n";
+ exit;
+ }
+ if ($ARGV[$argnum] eq "deploypolicy")
+ {
+ $deployment_destination = $SIS;
+ $deploy = 1;
+ $add_header = 1;
+ $pkg_file_name = $JAVA_VARIANT_POLICY_PKG_FILENAME;
+ $pkg_name = "JavaCustomSecurityPolicy";
+ $sis_file_name = $JAVA_VARIANT_POLICY_SIS_FILENAME;
+ add_policy();
+ if ($signed_sis eq "true")
+ {
+ print "\n\nThe deployment package '$JAVA_VARIANT_POLICY_SIS_FILENAME' was succesfully created and it can be installed into a device which has the signing certificate '$signing_cert' in place.\n";
+ }
+ else
+ {
+ print "\n\nThe deployment package '$JAVA_VARIANT_POLICY_SIS_FILENAME' was succesfully created. In order to be succesfully deployed into a device the deployment package needs to be signed by Nokia.\n";
+ }
+ exit;
+ }
+ if ($ARGV[$argnum] eq "deployall")
+ {
+ $deployment_destination = $SIS;
+ $deploy = 0;
+ $pkg_file_name = $JAVA_VARIANT_CERTS_AND_POLICIES_PKG_FILENAME;
+ $pkg_name = "JavaCustomSecurityCertsAndPolicy";
+ $sis_file_name = $JAVA_VARIANT_CERTS_AND_POLICIES_SIS_FILENAME;
+ add_certs();
+ $add_header = 0;
+ $deploy = 1;
+ add_policy();
+ if ($signed_sis eq "true")
+ {
+ print "\n\nThe deployment package '$JAVA_VARIANT_CERTS_AND_POLICIES_SIS_FILENAME' was succesfully created and it can be installed into a device which has the signing certificate '$signing_cert' in place.\n";
+ }
+ else
+ {
+ print "\n\nThe deployment package '$JAVA_VARIANT_CERTS_AND_POLICIES_SIS_FILENAME' was succesfully created. In order to be succesfully deployed into a device the deployment package needs to be signed by Nokia.\n";
+ }
+ exit;
+ }
+ if ($ARGV[$argnum] eq "addall")
+ {
+ $deployment_destination = $ROM;
+ $deploy = 0;
+ $iby_file_name = $JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME;
+ $iby_name = "JAVA_VARIANT_CERTS_POLICIES_IBY";
+ add_certs();
+ $add_header = 0;
+ $deploy = 1;
+ add_policy();
+ print "\n\nAdding of the new certificates and policy was succesfull.\n";
+ exit;
+ }
+ if ($ARGV[$argnum] eq "setpolicy")
+ {
+ set_policy();
+ if ($signed_sis eq "true")
+ {
+ print "\n\nThe deployment package '$JAVA_CUSTOM_SECURITY_SIS_FILENAME' was succesfully created and it can be installed into a device which has the signing certificate '$signing_cert' in place.\n";
+ }
+ else
+ {
+ print "\n\nThe deployment package '$JAVA_CUSTOM_SECURITY_SIS_FILENAME' was succesfully created. In order to be succesfully deployed into a device the deployment package needs to be signed by Nokia.\n";
+ }
+ exit;
+ }
+ if ($ARGV[$argnum] eq "setwarningsmode")
+ {
+ set_warnings_mode();
+ if ($signed_sis eq "true")
+ {
+ print "\n\nThe deployment package '$JAVA_CUSTOM_SECURITY_SIS_FILENAME' was succesfully created and it can be installed into a device which has the signing certificate '$signing_cert' in place.\n";
+ }
+ else
+ {
+ print "\n\nThe deployment package '$JAVA_CUSTOM_SECURITY_SIS_FILENAME' was succesfully created. In order to be succesfully deployed into a device the deployment package needs to be signed by Nokia.\n";
+ }
+ exit;
+ }
+ }
+ usage();
+}
+
+&main();
\ No newline at end of file