javatools/javasecuritycustomization/javasecuritycustomizationtool.pl
author Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
Tue, 27 Apr 2010 16:30:29 +0300
branchRCL_3
changeset 19 04becd199f91
child 25 9ac0a0a7da70
permissions -rw-r--r--
Revision: v2.1.22 Kit: 201017

#
# Copyright (c) 2009 Nokia Corporation and/or its subsidiary(-ies).
# All rights reserved.
# This component and the accompanying materials are made available
# under the terms of "Eclipse Public License v1.0"
# which accompanies this distribution, and is available
# at the URL "http://www.eclipse.org/legal/epl-v10.html".
#
# Initial Contributors:
# Nokia Corporation - initial contribution.
#
# Contributors:
#
# Description: 
#
##################################################################
##  Tool used to managing the security policies and the set of  ##
##  X.509 certificates used as trust anchors in verifying the   ##
##  authenticity of signing certificates used for signing       ##
##  java applications                                           ##
##                                                              ##
##  This tool can be used at two different phases:              ##
##  1) at ROM image creation time (used by variant engineers)   ##
##     before generating the variant ROM image and before       ##
##     using S60 Configuration tool.                            ##
##     When used at this phase,                                 ##
##     the tool instructs the ROM image creation process on     ##
##     which policies and certificates to include into the ROM  ##
##     image                                                    ##
##  2) after ROM image creation time. When used at this phase   ##
##     the tool generates deployment packages (SIS) to be       ##
##     installed into "already flashed ROM images"              ##
##                                                              ##
##  This tool assumes the existence of a S60 environment,       ##
##  therefore it must be used from within a S60 environment     ##
##################################################################

#use strict;
use Getopt::Std;
use XML::Simple;
use File::Spec;
use File::Copy;

# s60 specific paths
my $CERTS_BUILD_DIR_1                             = "/epoc32/data/z/private/200211dc/security/trustroots/device/certificates/";
my $CERTS_BUILD_DIR_2                             = "/epoc32/release/armv5/urel/z/private/200211dc/security/trustroots/device/certificates/";
my $POLICIES_BUILD_DIR_1                          = "/epoc32/data/z/resource/java/security/policies/";
my $POLICIES_BUILD_DIR_2                          = "/epoc32/release/armv5/urel/z/resource/java/security/policies/";
my $IBY_DIR                                       = "/epoc32/rom/include/core/app/";
my $IBY_TEST_DIR                                  = "/epoc32/rom/include/core/tools/";
my $CONFML_DATA_DIR                               = "/epoc32/rom/config/confml_data/s60/";
# global variables
my $config_file;
my $cert_to_remove;
my $policy_to_remove;
my $deployment_destination;
my $signing_cert;
my $signing_key;
my $add_header                                     = 0;
my $deploy                                         = 1;
my $iby_file_name;
my $iby_name;
my $sis_file_name;
my $pkg_file_name;
my $pkg_name;
my $package_type;
my $signed_sis                                     = "false";
my $ROM                                            = "rom";
my $SIS                                            = "sis";
my $openssl                                        = "openssl.exe";
my $METADATA_EXT                                   = ".metadata";
my $STATE_EXT                                      = ".state";
my $JAVA_IBY_FILENAME                              = "java.iby";
my $JAVA_TEST_IBY_FILENAME                         = "javatest.iby";
my $JAVA_VARIANT_CERTS_IBY_FILENAME                = "java_variant_certs.iby";
my $JAVA_VARIANT_CERTS_PKG_FILENAME                = "java_variant_certs.pkg";
my $JAVA_VARIANT_CERTS_SIS_FILENAME                = "java_variant_certs.sis";
my $JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME   = "java_variant_certs_policies.iby";
my $JAVA_VARIANT_CERTS_AND_POLICIES_PKG_FILENAME   = "java_variant_certs_policies.pkg";
my $JAVA_VARIANT_CERTS_AND_POLICIES_SIS_FILENAME   = "java_variant_certs_policies.sis";
my $JAVA_VARIANT_POLICY_IBY_FILENAME               = "java_variant_policy.iby";
my $JAVA_VARIANT_POLICY_PKG_FILENAME               = "java_variant_policy.pkg";
my $JAVA_VARIANT_POLICY_SIS_FILENAME               = "java_variant_policy.sis";
my $JAVA_CUSTOM_SECURITY_PKG_FILENAME              = "java_custom_security.pkg";
my $JAVA_CUSTOM_SECURITY_SIS_FILENAME              = "java_custom_security.sis";
my $NON_REMOVABLE_PACKAGE_TYPE                     = ",(0x2001FD68), 1,0,0, TYPE=PU,RU\n%{\"Nokia\"}\n:\"Nokia\"\n[0x1028315F], 0, 0, 0, {\"Series60ProductID\"}\n";
my $REMOVABLE_PACKAGE_TYPE                         = ",(0x2001FD68), 1,0,0, TYPE=SP,RU\n%{\"Nokia\"}\n:\"Nokia\"\n[0x1028315F], 0, 0, 0, {\"Series60ProductID\"}\n";
# IBY and PKG data
my $CERTS_DATACAGE                                 = "\\private\\200211dc\\security\\trustroots\\device\\certificates\\";
my $CERTS_STATE_DATACAGE                           = "\\private\\200211dc\\security\\trustroots\\device\\state\\";
my $POLICIES_DATACAGE_SRC                          = "\\resource\\java\\security\\policies\\";
my $POLICIES_DATACAGE_SRC_5_0                      = "\\private\\102033E6\\resource\\security\\policies\\";
my $POLICIES_DATACAGE_DEST                         = "RESOURCE_FILES_DIR\\java\\security\\policies\\";

##############################################################
##  Displays the usage help                                 ##
##############################################################
sub usage
{
  system("cls");
  print "\nUsage:\n\javasecuritycustomizationtool.pl listcerts | addcerts | deploycerts | removecert <cert_name> | listpolicies | addpolicy | deploypolicy | removepolicy <policy_name> | addall | deployall | setpolicy | setwarningsmode \n";
  print "\nWhere:\n";
  print "listcerts       Lists all the X.509 certificates used as trust anchors in\n";
  print "                verifying the authenticity of signed java applications and\n";
  print "                also used in binding java applications to protection domains\n";
  print "addcerts        Adds new X.509 certificates into the existing collection\n";
  print "                of X.509 certificates used as trust anchors in verifying the\n";
  print "                authenticity of signed java applications and also used in\n";
  print "                binding java applications to protection domains\n";
  print "                The properties of the certificates to be added are specified\n";
  print "                by the file 'configdata.xml'\n";
  print "deploycerts     Creates a SIS package, containing new X.509 certificates,\n";
  print "                to be installed into a device having java security system in \n";
  print "                place. These new certificates are used as trust anchors in\n";
  print "                verifying the authenticity of signed java applications and\n";
  print "                also used in binding java applications to protection domains\n";
  print "                The properties of the certificates to be deployed are specified\n";
  print "                by the file 'configdata.xml'\n";
  print "removecert      Removes a single X.509 certificate from the existing collection\n";
  print "                of X.509 certificates used as trust anchors in verifying the\n";
  print "                authenticity of signed java applications and also used in\n";
  print "                binding java applications to protection domains\n";
  print "listpolicies    Lists all the policies used for granting permissions to java\n";
  print "                applications\n";
  print "addpolicy       Adds a new policy into the existing collection of policies\n";
  print "                used for granting permissions to java applications\n";
  print "                The properties of the policy to be added are specified\n";
  print "                by the file 'configdata.xml'\n";
  print "deploypolicy    Creates a SIS package, containing a new policy, to be\n";
  print "                installed into a device having java security system in place\n";
  print "                The properties of the policy to be deployed are specified by\n";
  print "                the file 'configdata.xml'\n";
  print "removepolicy    Removes a single policy from the collection of policies\n";
  print "                used for granting permissions to java applications\n";
  print "addall          Adds new X.509 certificates and a new policy into the existing\n";
  print "                collection of certificates/policies used for\n";
  print "                authentication/authorization of java applications. This is the\n";
  print "                equivalent of the combined command line arguments 'addcerts'\n";
  print "                and 'addpolicy'\n";
  print "deployall       Creates a SIS package, containing new X.509 certificates and a\n";
  print "                new policy, to be installed into a device having java security\n";
  print "                system in place. This is a the equivalent of the combined\n";
  print "                command line arguments 'deploycerts' and 'deploypolicy'\n";
  print "                The properties of the certificates and policy to be deployed\n";
  print "                are specified by the file 'configdata.xml'\n";
  print "setpolicy       Creates a SIS package, which selects the policy to be used for\n";
  print "                granting permissions to java applications. This SIS is to be\n";
  print "                installed into a device having java security system in place\n";
  print "                The name of the selected policy is specified by the file\n";
  print "                'configdata.xml'\n";
  print "setwarningsmode Creates a SIS package, which selects the mode used for handling\n";
  print "                security warnings. This SIS is to be installed into a device\n";
  print "                having java security system in place\n";
  print "                The warnings mode is specified by the file 'configdata.xml'\n";
  print "\n\nThis tool can be used at two different phases:\n";
  print "  1) at ROM image creation time (used by variant engineers) before generating\n";
  print "     the variant ROM image and before using S60 Configuration tool. Used at\n";
  print "     this phase the tool produces configuration data for the ROM image creation\n";
  print "     process. The command line arguments to be used at this phase are:\n";
  print "     'listcerts', 'addcerts', 'removecert', 'listpolicies', 'addpolicy',\n";
  print "     'removepolicy', and 'addall'\n";
  print "  2) after ROM image creation time. Used at this phase the tool generates\n";
  print "     deployment packages (SIS) to be installed into 'already flashed ROM\n";
  print "     images'. The command line arguments to be used at this phase are:\n"; 
  print "     'deploycerts', 'deploypolicy', 'setpolicy', 'setwarningsmode' and\n"; 
  print "     'deployall'\n";
  print "\nThis tool assumes the existence of a S60 environment, therefore it must be used\n";
  print "from within a S60 environment\n";
  exit;
}

##############################################################
##  Lists all the certificates                              ##
##############################################################
sub list_certs()
{
  @files = <$CERTS_BUILD_DIR_1*>;
  @certs;
  @domains;
  @paths;
  foreach $file (@files) {
    if (rindex($file, $METADATA_EXT) < 0)
    {
      $ext = rindex($file, ".");
      my $file_without_ext = substr($file, 0, $ext);
      $cert_name = substr($file, length("$CERTS_BUILD_DIR_1"));
      if (! grep {$_ eq $cert_name} @certs) {
        push(@certs, $cert_name);
        push(@paths, $CERTS_BUILD_DIR_1);
        open (METADATA_FILE, "$file_without_ext$METADATA_EXT") or die "Cannot open $file_without_ext$METADATA_EXT\n";
        my @metadata = <METADATA_FILE>;
        close(METADATA_FILE);
        my $domain;
        foreach $metadata_item (@metadata) {
            $metadata_item_key = substr($metadata_item, 0, rindex($metadata_item, "="));
	          if ($metadata_item_key eq "name")
	          {
	              $domain = substr($metadata_item, rindex($metadata_item, "=") + 1);
                push(@domains, $domain);
	              break;
	          }
        }
      }
    }
  }

  @files = <$CERTS_BUILD_DIR_2*>;
  foreach $file (@files) {
    if (rindex($file, $METADATA_EXT) < 0)
    {
      $ext = rindex($file, ".");
      my $file_without_ext = substr($file, 0, $ext);
      $cert_name = substr($file, length("$CERTS_BUILD_DIR_2"));
      if (! grep {$_ eq $cert_name} @certs) {
        push(@certs, $cert_name);
        push(@paths, $CERTS_BUILD_DIR_2);
        open (METADATA_FILE, "$file_without_ext$METADATA_EXT") or die "Cannot open $file_without_ext$METADATA_EXT\n";
        my @metadata = <METADATA_FILE>;
        close(METADATA_FILE);
        my $domain;
        foreach $metadata_item (@metadata) {
            $metadata_item_key = substr($metadata_item, 0, rindex($metadata_item, "="));
	          if ($metadata_item_key eq "name")
	          {
	              $domain = substr($metadata_item, rindex($metadata_item, "=") + 1);
                push(@domains, $domain);
	              break;
	          }
        }
      }
    }
  }

  # display only the files which are found inside java.iby or javatest.iby
  open (JAVA_IBY, "$IBY_DIR$JAVA_IBY_FILENAME");
  my @java_iby_lines = <JAVA_IBY>;
  close(JAVA_IBY);
  my @java_test_iby_lines;
  if (-f "$IBY_TEST_DIR$JAVA_TEST_IBY_FILENAME")
  {
      open (JAVA_TEST_IBY, "$IBY_TEST_DIR$JAVA_TEST_IBY_FILENAME");
      @java_test_iby_lines = <JAVA_TEST_IBY>;
      close(JAVA_TEST_IBY);
  }
  my @java_variant_certs_iby_lines;
  if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_IBY_FILENAME")
  {
      open (JAVA_VARIANT_CERTS_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_IBY_FILENAME");
      @java_variant_certs_iby_lines = <JAVA_VARIANT_CERTS_IBY>;
      close(JAVA_VARIANT_CERTS_IBY);
  }
  my @java_variant_certs_policies_iby_lines;
  if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME")
  {
      open (JAVA_VARIANT_CERTS_POLICIES_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME");
      @java_variant_certs_policies_iby_lines = <JAVA_VARIANT_CERTS_POLICIES_IBY>;
      close(JAVA_VARIANT_CERTS_POLICIES_IBY);
  }
  $index = 0;
  my $found = 0;
  foreach $cert (@certs) {
        $found = 0;
        foreach $java_iby_line (@java_iby_lines) {
            if (rindex($java_iby_line, $cert) >= 0) {
                $found = 1;
                last;
            }
        }
        if ($found == 0)
        {
            foreach $java_variant_certs_iby_line (@java_variant_certs_iby_lines) {
                if (rindex($java_variant_certs_iby_line, $cert) >= 0) {
                    $found = 1;
                    last;
                }
            }
        }
        if ($found == 0)
        {
            foreach $java_variant_certs_policies_iby_line (@java_variant_certs_policies_iby_lines) {
                if (rindex($java_variant_certs_policies_iby_line, $cert) >= 0) {
                    $found = 1;
                    last;
                }
            }
        }
        #if ($found == 0)
        #{
            #foreach $java_test_iby_line (@java_test_iby_lines) {
                #if (rindex($java_test_iby_line, $cert) >= 0) {
                    #$found = 1;
                    #last;
                #}
            #}
        #}
        if ($found == 1)
        {
            print "Certificate:\n";
            print "  Name: ", $cert , "\n";
            print "  Domain: ", $domains[$index];
            print "  Path: ", $paths[$index], "\n\n";
        }
        $index = $index + 1;
    }
}

##############################################################
##  Removes a certain certificate                           ##
##############################################################
sub remove_cert()
{
    if (! -f "$CERTS_BUILD_DIR_1$cert_to_remove")
    {
        print "\n\nERROR: ", $cert_to_remove, " not found.\n";
        exit;
    } else
    {
        
        $ext = rindex($cert_to_remove, ".");
        $file_without_ext = substr($cert_to_remove, 0, $ext);
        
        # modify java.iby
       	mkdir "tmp";
        open (JAVA_IBY, "$IBY_DIR$JAVA_IBY_FILENAME");
        open (JAVA_NEW_IBY, "+>tmp/$JAVA_IBY_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_IBY_FILENAME)\n";
        my @java_iby_lines = <JAVA_IBY>;
        my $found = 0;
        foreach $java_iby_line (@java_iby_lines) {
            if (rindex($java_iby_line, $cert_to_remove) < 0 && rindex($java_iby_line, "$file_without_ext$METADATA_EXT") < 0)
            {
                print JAVA_NEW_IBY $java_iby_line;
            }
            else
            {
                $found = 1;
            }
        }
        close(JAVA_IBY);
        close(JAVA_NEW_IBY);
        move("tmp/$JAVA_IBY_FILENAME", "$IBY_DIR");
        if ($found == 0)
        {
            if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_IBY_FILENAME")
            {
                open (JAVA_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_IBY_FILENAME");
                open (JAVA_NEW_IBY, "+>tmp/$JAVA_VARIANT_CERTS_IBY_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_VARIANT_CERTS_IBY_FILENAME)\n";
                my @java_iby_lines = <JAVA_IBY>;
                my $found = 0;
                foreach $java_iby_line (@java_iby_lines) {
                    if (rindex($java_iby_line, $cert_to_remove) < 0 && rindex($java_iby_line, "$file_without_ext$METADATA_EXT") < 0)
                    {
                        print JAVA_NEW_IBY $java_iby_line;
                    }
                }
                close(JAVA_IBY);
                close(JAVA_NEW_IBY);
                move("tmp/$JAVA_VARIANT_CERTS_IBY_FILENAME", "$IBY_DIR");
            }         
            # check the combined iby file as well
            if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME")
            {
                open (JAVA_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME");
                open (JAVA_NEW_IBY, "+>tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME)\n";
                my @java_iby_lines = <JAVA_IBY>;
                my $found = 0;
                foreach $java_iby_line (@java_iby_lines) {
                    if (rindex($java_iby_line, $cert_to_remove) < 0 && rindex($java_iby_line, "$file_without_ext$METADATA_EXT") < 0)
                    {
                        print JAVA_NEW_IBY $java_iby_line;
                    }
                }
                close(JAVA_IBY);
                close(JAVA_NEW_IBY);
                move("tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME", "$IBY_DIR");
            }

        }
        
      	unlink("$CERTS_BUILD_DIR_1$cert_to_remove");
      	unlink("$CERTS_BUILD_DIR_1$file_without_ext$METADATA_EXT");
      	
      	unlink("$CERTS_BUILD_DIR_2$cert_to_remove");
      	unlink("$CERTS_BUILD_DIR_2$file_without_ext$METADATA_EXT");
      	
        system("rmdir tmp /s /q");
    }
}

##############################################################
##  Adds new certificates                                   ##
##############################################################
sub add_certs()
{
  $config_file = "./configdata.xml";

  my $xml = new XML::Simple(suppressempty => '');
  my $xmldata = $xml->XMLin($config_file, forcearray => 1);

  my $root_file;
  my $root_domain;
  my $root_canDelete;
  my $root_canDisable;
  my $root_file_without_ext;
  my $root_file_with_ext;
  my $root_state;
      
 	mkdir "tmp";
 	mkdir "tmp/certs/";
 	if ($deployment_destination eq $ROM)
 	{
    open (IBY_FILE, "+>tmp/$iby_file_name") or die "Cannot create tmp file (tmp/$iby_file_name)\n";
    print IBY_FILE   "#ifndef __" . "$iby_name" ."__\n#define __" . "$iby_name" ."__\n\n#include <data_caging_paths_for_iby.hrh>\n\n";
  }
  else
  {
    open (PKG_FILE, "+>tmp/$pkg_file_name") or die "Cannot create tmp file (tmp/$pkg_file_name)\n";
    print PKG_FILE   "&EN\n#{\"$pkg_name\"}" ."$package_type";
    open (POLICY_FILE, "+>tmp/update_certs") or die "Cannot create tmp file (tmp/update_certs)\n";
    close POLICY_FILE;
  }

  foreach my $root (@{$xmldata->{root}}) {
    
      # read the xml node
      $root_file = $root->{file}->[0];
      $root_domain = $root->{domain}->[0];
      $root_canDelete = $root->{canDelete}->[0];
      $root_canDisable = $root->{canDisable}->[0];
     	
     	if ($deployment_destination eq $SIS)
 	    {
          $root_state = $root->{state}->[0];
          if (($root_state ne "") && ($root_state ne "enabled") && ($root_state ne "disabled") && ($root_state ne "removed")) {
          	print "ERROR: The values for \"state\" can be either \"enabled\" or \"disabled\" or \"removed\". Please check the configuration file $config_file\n";
            close IBY_FILE;
            close PKG_FILE;
            system("rmdir tmp /s /q");
      	    exit;
        }
 	    }
          
      # validate the root file
     	if (! -f $root_file) {
        print "\nERROR: root file $root_file doesn't exist. Please check the configuration file $config_file\n";
        close IBY_FILE;
        close PKG_FILE;
        system("rmdir tmp /s /q");
        exit;
      }
      # validate start date of the root
      ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
      $current_year = $year + 1900;
      system("openssl x509 -inform DER -in $root_file -noout -startdate > tmp/startdate.txt");
      open(start_date_file, "tmp/startdate.txt"); 
      my @start_date = <start_date_file>;
      close(start_date_file);
      unlink("tmp/startdate.txt");
      @start_date_details = split(/ /, $start_date[0]);
      my $start_date_year = $start_date_details[3];
      if ($start_date_year > $current_year) {
        print "\nERROR: root $root_file not yet valid.\n";
        close IBY_FILE;
        close PKG_FILE;
        system("rmdir tmp /s /q");
        exit;
      }
      # validate end date of the root
      system("openssl x509 -inform DER -in $root_file -noout -enddate > tmp/enddate.txt");
      open(end_date_file, "tmp/enddate.txt"); 
      my @end_date = <end_date_file>;
      close(end_date_file);
      unlink("tmp/enddate.txt");
      @end_date_details = split(/ /, $end_date[0]);
      $year_index = 0;
      $found_items = 0;
      foreach $end_date_detail (@end_date_details) {
        if ($found_items == 3)
        {
            last;   
        }
        if ($end_date_detail ne "")
        {
           $found_items = $found_items + 1; 
        }
        $year_index = $year_index + 1;
      }
      my $end_date_year = $end_date_details[$year_index];
      if ($end_date_year < $current_year) {
        print "\nERROR: root $root_file is expired.\n";
        close IBY_FILE;
        close PKG_FILE;
        system("rmdir tmp /s /q");
        exit;
      }
      #validate the domain
      if (($root_domain ne "Manufacturer") && ($root_domain ne "Operator") && ($root_domain ne "OperatorExtra") && ($root_domain ne "IdentifiedThirdParty")) {
      	print "\nERROR: the values for \"domain\" can be either \"Manufacturer\" or \"Operator\" or \"OperatorExtra\" or \"IdentifiedThirdParty\". Please check the configuration file $config_file\n";
        close IBY_FILE;
        close PKG_FILE;
        system("rmdir tmp /s /q");
      	exit;
      }
      #validate the canDelete element
      if (($root_canDelete ne "") && ($root_canDelete ne "true") && ($root_canDelete ne "false")) {
      	print "\nERROR: the values for \"canDelete\" can be either \"true\" or \"false\". Please check the configuration file $config_file\n";
        close IBY_FILE;
        close PKG_FILE;
        system("rmdir tmp /s /q");
      	exit;
      }
      #validate the canDisable element
      if (($root_canDisable ne "") && ($root_canDisable ne "true") && ($root_canDisable ne "false")) {
      	print "ERROR: The values for \"canDisable\" can be either \"true\" or \"false\". Please check the configuration file $config_file\n";
        close IBY_FILE;
        close PKG_FILE;
        system("rmdir tmp /s /q");
      	exit;
      }
      # generate the cert metadata and copy the cert & metadata to a tmp folder
      system("openssl x509 -inform DER -in $root_file -noout -issuer_hash > tmp/hash.txt");
      open(hash_file, "tmp/hash.txt"); 
      my @lines = <hash_file>;
      close(hash_file);
      unlink("tmp/hash.txt");
      $start_index = rindex($root_file, "/");
      $end_index = rindex($root_file, ".");
      if ($start_index >= 0)
      {
        $root_file_without_ext = substr($root_file, $start_index + 1, $end_index - $start_index - 1);
        $root_file_with_ext = substr($root_file, $start_index + 1);
      }
      else
      {
        $root_file_without_ext = substr($root_file, 0, $end_index);
        $root_file_with_ext = $root_file;
      }
      open (EXT_FILE, "+>tmp/certs/$root_file_without_ext$METADATA_EXT") or die "Cannot create temp file (tmp/certs/$root_file_without_ext$METADATA_EXT)\n";
      print EXT_FILE "name=$root_domain\n";
      if ($root_domain eq "Manufacturer")
      {
          print EXT_FILE "category=MFD\n";
      }
      if ($root_domain eq "Operator")
      {
          print EXT_FILE "category=OPD\n";
      }
      if ($root_domain eq "OperatorExtra")
      {
          print EXT_FILE "category=OPD\n";
      }
      if ($root_domain eq "IdentifiedThirdParty")
      {
          print EXT_FILE "category=ITPD\n";
      }
      if ($root_canDelete eq "" || $root_canDelete eq "false") {
          print EXT_FILE "removable=0\n";
      }
      else
      {
          print EXT_FILE "removable=1\n";
      }
      if ($root_canDisable eq "" || $root_canDisable eq "false") {
          print EXT_FILE "disablable=0\n";
      }
      else
      {
          print EXT_FILE "disablable=1\n";
      }
      print EXT_FILE "hash=$lines[0]\n";
      close EXT_FILE;
      copy($root_file, "tmp/certs/") or die "File $root_file cannot be copied to tmp/";
      # strip off the path
     	if ($deployment_destination eq $ROM)
 	    {
          print IBY_FILE "data=ABI_DIR\\BUILD_DIR\\z" ."$CERTS_DATACAGE";
          print IBY_FILE $root_file_with_ext;
          print IBY_FILE " " ."$CERTS_DATACAGE";
          print IBY_FILE $root_file_with_ext;
          print IBY_FILE "\ndata=ABI_DIR\\BUILD_DIR\\z" ."$CERTS_DATACAGE";
          print IBY_FILE $root_file_without_ext;
          print IBY_FILE "$METADATA_EXT " ."$CERTS_DATACAGE";
          print IBY_FILE $root_file_without_ext;
          print IBY_FILE "$METADATA_EXT\n";
      }
      else
      {
          print PKG_FILE   "\"./tmp/certs/";
          print PKG_FILE   $root_file_with_ext;
          print PKG_FILE   "\"-\"c:" . "$CERTS_DATACAGE";
          print PKG_FILE   $root_file_with_ext;
          print PKG_FILE   "\"\n\"./tmp/certs/";
          print PKG_FILE   $root_file_without_ext;
          print PKG_FILE   "$METADATA_EXT\"-\"c:" ."$CERTS_DATACAGE";
          print PKG_FILE   $root_file_without_ext;
          print PKG_FILE   "$METADATA_EXT\"\n";
          if ($root_state ne "")
          {
              open (STATE_FILE, "+>tmp/certs/$root_file_without_ext$STATE_EXT") or die "Cannot create temp file (tmp/certs/$root_file_without_ext$STATE_EXT)\n";
              binmode STATE_FILE;
              my $state;
              if ($root_state eq "enabled")
              {
                $state = pack("h8", "3000");
              }
              else
              {
                  if ($root_state eq "disabled")
                  {
                    $state = pack("h8", "2000");
                  }
                  else
                  {
                     if ($root_state eq "removed")
                     {
                        $state = pack("h8", "1000");
                     }
                  }
              }
              print STATE_FILE $state;
              close STATE_FILE;
              print PKG_FILE   "\"./tmp/certs/";
              print PKG_FILE   $root_file_without_ext;
              print PKG_FILE   "$STATE_EXT\"-\"c:" ."$CERTS_STATE_DATACAGE";
              print PKG_FILE   $root_file_without_ext;
              print PKG_FILE   "$STATE_EXT\"\n";
          }
      }
  }
 	if ($deployment_destination eq $SIS)
 	{
    print PKG_FILE   "\"./tmp/update_certs\"-\"c:\\private\\102033E6\\security\\tmp\\update_certs\"\n";
  }
  if ($deploy == 1)
  {
    print PKG_FILE   "\"\\epoc32\\release\\armv5\\urel\\javasecuritycustomization.exe\"-\"c:\\sys\\bin\\javasecuritycustomization.exe\", FR, RB, RW\n";
  }
  
  # copy all the certificates and coresponding metadatas to right locations
  @files = <tmp/certs/*>;
  foreach $file (@files) {
    if ($deployment_destination eq $ROM)
    {
        copy($file, $CERTS_BUILD_DIR_2);
        copy($file, $CERTS_BUILD_DIR_1);
    }
  }
 	if ($deployment_destination eq $ROM)
  {
      if ($deploy == 1)
      {
        print IBY_FILE "\n\n#endif\n";
      }
      close IBY_FILE;
  }
  else
  {
      close PKG_FILE;
  }
  
  if ($deploy == 1)
  {
      # generate the iby file and copy it to right location
     	if ($deployment_destination eq $ROM)
      {
          move("tmp/$iby_file_name", "$IBY_DIR");
      }
      else
      {
          system("makesis ./tmp/$pkg_file_name ./tmp/tmp.sis");
          if (-f $signing_cert && -f $signing_key)
          {
              $ret = system("signsis ./tmp/tmp.sis $sis_file_name $signing_cert $signing_key");
              if ($ret != 0)
              {
                $signed_sis = false;
              }
              else
              {
                $signed_sis = true;
              }
            	unlink("./tmp/tmp.sis");
          }
          else
          {
              move("./tmp/tmp.sis", "./$sis_file_name");  
          }
        	unlink("./tmp/$pkg_file_name");
      }
    	system("rmdir tmp /s /q");
  }
}

##############################################################
##  Adds a new policy                                       ##
##############################################################
sub add_policy()
{
  $config_file = "./configdata.xml";

  my $xml = new XML::Simple(suppressempty => '');
  my $xmldata = $xml->XMLin($config_file);

  my $policy_name;
  my $utp_policy_path;
  my $ttp_policy_path;
  my $operator_policy_path;
  my $manufacturer_policy_path;

  # create tmp directory  
 	mkdir "tmp";
 	mkdir "tmp/policies/";
 	mkdir "tmp/policies/external/";
 	mkdir "tmp/policies/internal/";
 	
  # read the xml node
  $policy_name = $xmldata->{policy}->{name};
  $s60_version = $xmldata->{s60_version};
  $utp_policy_path = $xmldata->{policy}->{unidentifiedthirdparty};
  $ttp_policy_path = $xmldata->{policy}->{identifiedthirdparty};
  $operator_policy_path = $xmldata->{policy}->{operator};
  $manufacturer_policy_path = $xmldata->{policy}->{manufacturer};
  
  # validate the policy name
  $tmp_str = lc $policy_name;
  if (($policy_name eq "") || ($tmp_str eq "s60") || ($tmp_str eq "msa") || ($tmp_str eq "att")) 
  {
    if ($policy_name eq "")
    {
      	print "\nERROR: the name of the policy is mandatory. Please check the configuration file $config_file\n";
    }
    else
    {
      	print "\nERROR: the names \"s60\", \"msa\" and \"att\" are reserved therefore the new policy can not use any of these names. Please check the configuration file $config_file\n";
    }
    close IBY_FILE;
    system("rmdir tmp /s /q");
    exit;
  }
  
  # validate the policy files
 	if (! -f $utp_policy_path || ! -f $ttp_policy_path || ! -f $operator_policy_path || ! -f $manufacturer_policy_path) 
 	{
    print "\nERROR: the new policy must contain specifications for all the four protection domains. Please check the configuration file $config_file\n";
    system("rmdir tmp /s /q");
    exit;
  }
  
  # prepare the data for the securitypolicyeditor tool
  copy($utp_policy_path, "tmp/policies/external/" . "$policy_name" . "_untrusted.txt") or die "File $utp_policy_path cannot be copied to tmp/policies/external/";
  copy($ttp_policy_path, "tmp/policies/external/" . "$policy_name" . "_trustedthirdparty.txt") or die "File $ttp_policy_path cannot be copied to tmp/policies/external/";
  copy($operator_policy_path, "tmp/policies/external/" . "$policy_name" . "_operator.txt") or die "File $operator_policy_path cannot be copied to tmp/policies/external/";
  copy($manufacturer_policy_path, "tmp/policies/external/" . "$policy_name" . "_manufacturer.txt") or die "File $manufacturer_policy_path cannot be copied tmp/policies/external/";
  
  # delegate the securitypolicytool to generate the internal policies
  $ret = system("java -cp ./policyeditor/bin/securitypolicyeditor.jar;./policyeditor/lib/engine.jar com.nokia.mj.tools.security.midp.PolicyEditor tmp/policies/external/ tmp/policies/internal/");
  if ($ret != 0)
  {
    system("rmdir tmp /s /q");
    exit;
  }

 	if ($deployment_destination eq $SIS)
  {
    open (POLICY_FILE, "+>tmp/policies/new_policy.txt") or die "Cannot create tmp file (tmp/policies/new_policy.txt)\n";
    print POLICY_FILE "$policy_name";
    close POLICY_FILE;
    $policies_dest = "c:" ."$POLICIES_DATACAGE_SRC";
    if ($s60_version eq "5.0")
    {
        $policies_dest = "c:" ."$POLICIES_DATACAGE_SRC_5_0";
    }
    
    if ($add_header == 1)
    {
        open (PKG_FILE, "+>tmp/$pkg_file_name") or die "Cannot create tmp file (tmp/$pkg_file_name)\n";
        print PKG_FILE   "&EN\n#{\"$pkg_name\"}" ."$package_type";
    }
    else
    {
        open (PKG_FILE, ">>tmp/$pkg_file_name") or die "Cannot open tmp file (tmp/$pkg_file_name)\n";
    }
    print PKG_FILE   "\"./tmp/policies/internal/" . "$policy_name" . "_untrusted.ser\"-\"$policies_dest" .  "$policy_name" . "_untrusted.ser\"\n";
    print PKG_FILE   "\"./tmp/policies/internal/" . "$policy_name" . "_trustedthirdparty.ser\"-\"$policies_dest" .  "$policy_name" . "_trustedthirdparty.ser\"\n";
    print PKG_FILE   "\"./tmp/policies/internal/" . "$policy_name" . "_operator.ser\"-\"$policies_dest" .  "$policy_name" . "_operator.ser\"\n";
    print PKG_FILE   "\"./tmp/policies/internal/" . "$policy_name" . "_manufacturer.ser\"-\"$policies_dest" .  "$policy_name" . "_manufacturer.ser\"\n";
    print PKG_FILE   "\"./tmp/policies/new_policy.txt\"-\"c:\\private\\102033E6\\security\\tmp\\new_policy.txt\"\n";
    print PKG_FILE   "\"\\epoc32\\release\\armv5\\urel\\javasecuritycustomization.exe\"-\"c:\\sys\\bin\\javasecuritycustomization.exe\", FR, RB, RW\n";
    close PKG_FILE;
  }
  else
  {
    if ($add_header == 1)
    {
        open (IBY_FILE, "+>tmp/$iby_file_name") or die "Cannot create tmp file (tmp/$iby_file_name)\n";
        print IBY_FILE   "#ifndef __" ."$iby_name" ."__\n#define __" . "$iby_name" ."__\n\n#include <data_caging_paths_for_iby.hrh>\n\n";
    }
    else
    {
        open (IBY_FILE, ">>tmp/$iby_file_name") or die "Cannot open tmp file (tmp/$iby_file_name)\n";
    }
    print IBY_FILE "data=ABI_DIR\\BUILD_DIR\\z" ."$POLICIES_DATACAGE_SRC" . "$policy_name" . "_untrusted.ser " ."$POLICIES_DATACAGE_DEST" . "$policy_name" . "_untrusted.ser\n";
    print IBY_FILE "data=ABI_DIR\\BUILD_DIR\\z" ."$POLICIES_DATACAGE_SRC" . "$policy_name" . "_trustedthirdparty.ser ". "$POLICIES_DATACAGE_DEST" . "$policy_name" . "_trustedthirdparty.ser\n";
    print IBY_FILE "data=ABI_DIR\\BUILD_DIR\\z" ."$POLICIES_DATACAGE_SRC" . "$policy_name" . "_operator.ser " ."$POLICIES_DATACAGE_DEST" . "$policy_name" . "_operator.ser\n";
    print IBY_FILE "data=ABI_DIR\\BUILD_DIR\\z" ."$POLICIES_DATACAGE_SRC" . "$policy_name" . "_manufacturer.ser " ."$POLICIES_DATACAGE_DEST" . "$policy_name" . "_manufacturer.ser\n";
    print IBY_FILE "\n\n#endif\n";
    close IBY_FILE;
  }

  # deploy the policy  
  if ($deploy == 1)
  {
     	if ($deployment_destination eq $SIS)
      {
        system("makesis ./tmp/$pkg_file_name ./tmp/tmp.sis");
        if (-f $signing_cert && -f $signing_key)
        {
            $ret = system("signsis ./tmp/tmp.sis $sis_file_name $signing_cert $signing_key");
            if ($ret != 0)
            {
              $signed_sis = false;
            }
            else
            {
              $signed_sis = true;
            }
        }
        else
        {
            move("./tmp/tmp.sis", "./$sis_file_name");  
        }
      }
      else
      {
        move("tmp/$iby_file_name", "$IBY_DIR");
        # copy all the policies to right locations
        @files = <tmp/policies/internal/*>;
        foreach $file (@files) {
            copy($file, $POLICIES_BUILD_DIR_2);
            copy($file, $POLICIES_BUILD_DIR_1);
        }
        # update the S60 configuration tool conf data
        my $xs = new XML::Simple(rootname   => 'configuration', searchpath => ".", suppressempty => '', forcearray => 1);
        my $input_confml = $xs->XMLin("$CONFML_DATA_DIR" ."javasecurity.confml");
        $input_confml->{feature}->{'Java Security Configuration'}->{setting}->{Policy}->{option}->{"" . "$policy_name"} = {value => "" . "$policy_name"};
        my $output_confml = $xs->XMLout($input_confml);
        open (OUTPUT_CONFML_FILE, "+>tmp/javasecurity.confml") or die "Cannot create tmp file (tmp/javasecurity.confml)\n";
        print OUTPUT_CONFML_FILE   "$output_confml";
        close OUTPUT_CONFML_FILE;
        move("tmp/javasecurity.confml", "$CONFML_DATA_DIR") or die "Can not move tmp/javasecurity.confml to $CONFML_DATA_DIR";
      }
    
      # remove tmp directory
    	system("rmdir tmp /s /q");
  }
}

##############################################################
##  Selects a certain policy                                ##
##############################################################
sub set_policy()
{
  $config_file = "./configdata.xml";

  my $xml = new XML::Simple(suppressempty => '');
  my $xmldata = $xml->XMLin($config_file);

  my $policy_name;

  # create tmp directory  
 	mkdir "tmp";
 	
  # read the xml node
  $policy_name = $xmldata->{policy}->{name};
  
  # validate the policy name
  $tmp_str = lc $policy_name;
  if (($tmp_str ne "s60") && ($tmp_str ne "msa") && ($tmp_str ne "att"))
  {
   	print "\nERROR: the name of the policy is mandatory and it can be either \"s60\", \"msa\" or \"att\". Please check the configuration file $config_file\n";
    system("rmdir tmp /s /q");
    exit;
  }
  
  open (POLICY_FILE, "+>tmp/new_policy.txt") or die "Cannot create tmp file (tmp/new_policy.txt)\n";
  print POLICY_FILE "$policy_name";
  close POLICY_FILE;
  open (PKG_FILE, "+>tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME)\n";
  print PKG_FILE   "&EN\n#{\"JavaSecurityPolicySelector\"}" ."$package_type";
  print PKG_FILE   "\".\\tmp\\new_policy.txt\"-\"c:\\private\\102033E6\\security\\tmp\\new_policy.txt\"\n";
  print PKG_FILE   "\"\\epoc32\\release\\armv5\\urel\\javasecuritycustomization.exe\"-\"c:\\sys\\bin\\javasecuritycustomization.exe\", FR, RB, RW\n";
  close PKG_FILE;
  system("makesis ./tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME ./tmp/tmp.sis");
  if (-f $signing_cert && -f $signing_key)
  {
      $ret = system("signsis ./tmp/tmp.sis $JAVA_CUSTOM_SECURITY_SIS_FILENAME $signing_cert $signing_key");
      if ($ret != 0)
      {
        $signed_sis = false;
      }
      else
      {
        $signed_sis = true;
      }
  }
  else
  {
      move("./tmp/tmp.sis", "./$JAVA_CUSTOM_SECURITY_SIS_FILENAME");  
  }

  # remove tmp directory
	system("rmdir tmp /s /q");
}

##############################################################
##  Selects the security warnings mode                      ##
##############################################################
sub set_warnings_mode()
{
  $config_file = "./configdata.xml";

  my $xml = new XML::Simple(suppressempty => '');
  my $xmldata = $xml->XMLin($config_file);

  my $policy_name;

  # create tmp directory  
 	mkdir "tmp";
 	
  # read the xml node
  $warnings_mode = $xmldata->{warningsmode};
  
  # validate the policy name
  if (($warnings_mode ne "user") && ($warnings_mode ne "default"))
  {
   	print "\nERROR: the warnings mode is mandatory and it can be either \"user\" or \"default\". Please check the configuration file $config_file\n";
    system("rmdir tmp /s /q");
    exit;
  }
  
  open (WARNINGS_MODE_FILE, "+>tmp/new_warnings_mode.txt") or die "Cannot create tmp file (tmp/new_warnings_mode.txt)\n";
  if ($warnings_mode eq "user")
  {
    print WARNINGS_MODE_FILE "1";
  }
  else
  {
    print WARNINGS_MODE_FILE "2";
  }
  close WARNINGS_MODE_FILE;
  open (PKG_FILE, "+>tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME)\n";
  print PKG_FILE   "&EN\n#{\"JavaSecurityWarningsModeSelector\"}" ."$package_type";
  print PKG_FILE   "\".\\tmp\\new_warnings_mode.txt\"-\"c:\\private\\102033E6\\security\\tmp\\new_warnings_mode.txt\"\n";
  print PKG_FILE   "\"\\epoc32\\release\\armv5\\urel\\javasecuritycustomization.exe\"-\"c:\\sys\\bin\\javasecuritycustomization.exe\", FR, RB, RW\n";
  close PKG_FILE;
  system("makesis ./tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME ./tmp/tmp.sis");
  if (-f $signing_cert && -f $signing_key)
  {
      $ret = system("signsis ./tmp/tmp.sis $JAVA_CUSTOM_SECURITY_SIS_FILENAME $signing_cert $signing_key");
      if ($ret != 0)
      {
        $signed_sis = false;
      }
      else
      {
        $signed_sis = true;
      }
  }
  else
  {
      move("./tmp/tmp.sis", "./$JAVA_CUSTOM_SECURITY_SIS_FILENAME");  
  }

  # remove tmp directory
	system("rmdir tmp /s /q");
}

##############################################################
##  Lists all the policies                                  ##
##############################################################
sub list_policies()
{
  @files = <$POLICIES_BUILD_DIR_1*_*.ser>;
  @policies;
  foreach $file (@files) {
    $start_index = rindex($file, "/");
    $end_index = rindex($file, "_");
    $file_without_ext = substr($file, $start_index + 1, $end_index - $start_index - 1);
    if (! grep {$_ eq $file_without_ext} @policies) {
        push(@policies, $file_without_ext);
    }
  }
  @files = <$POLICIES_BUILD_DIR_2*_*.ser>;
  foreach $file (@files) {
    $start_index = rindex($file, "/");
    $end_index = rindex($file, "_");
    $file_without_ext = substr($file, $start_index + 1, $end_index - $start_index - 1);
    if (! grep {$_ eq $file_without_ext} @policies) {
        push(@policies, $file_without_ext);
    }
  }
  # display only the policies which are found inside java.iby or javatest.iby
  open (JAVA_IBY, "$IBY_DIR$JAVA_IBY_FILENAME");
  my @java_iby_lines = <JAVA_IBY>;
  close(JAVA_IBY);
  my @java_test_iby_lines;
  if (-f "$IBY_TEST_DIR$JAVA_TEST_IBY_FILENAME")
  {
      open (JAVA_TEST_IBY, "$IBY_TEST_DIR$JAVA_TEST_IBY_FILENAME");
      @java_test_iby_lines = <JAVA_TEST_IBY>;
      close(JAVA_TEST_IBY);
  }
  my @java_variant_policy_iby_lines;
  if (-f "$IBY_DIR$JAVA_VARIANT_POLICY_IBY_FILENAME")
  {
      open (JAVA_VARIANT_POLICY_IBY, "$IBY_DIR$JAVA_VARIANT_POLICY_IBY_FILENAME");
      @java_variant_policy_iby_lines = <JAVA_VARIANT_POLICY_IBY>;
      close(JAVA_VARIANT_POLICY_IBY);
  }
  my @java_variant_certs_policies_iby_lines;
  if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME")
  {
      open (JAVA_VARIANT_CERTS_POLICIES_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME");
      @java_variant_certs_policies_iby_lines = <JAVA_VARIANT_CERTS_POLICIES_IBY>;
      close(JAVA_VARIANT_CERTS_POLICIES_IBY);
  }
  my $found = 0;
  foreach $policy (@policies) {
      $found = 0;
      foreach $java_iby_line (@java_iby_lines) {
          if (rindex($java_iby_line, "$policy" . "_") >= 0) {
            $found = 1;
            last;
          }
      }
      if ($found == 0)
      {
          foreach $java_variant_policy_iby_line (@java_variant_policy_iby_lines) {
              if (rindex($java_variant_policy_iby_line, "$policy" . "_") >= 0) {
                  $found = 1;
                  last;
              }
          }
      }
      if ($found == 0)
      {
          foreach $java_variant_certs_policies_iby_line (@java_variant_certs_policies_iby_lines) {
              if (rindex($java_variant_certs_policies_iby_line, "$policy" . "_") >= 0) {
                  $found = 1;
                  last;
              }
          }
      }
      #if ($found == 0)
      #{
          #foreach $java_test_iby_line (@java_test_iby_lines) {
              #if (rindex($java_test_iby_line, "$policy" . "_") >= 0) {
                  #$found = 1;
                  #last;
              #}
          #}
      #}
      if ($found == 1)
      {
        print "Policy:\n";
        print "  Name: ", $policy , "\n";
      }
  }
}

##############################################################
##  Removes a certain policy                               ##
##############################################################
sub remove_policy()
{
  $tmp_str = lc $policy_to_remove;
  if (($tmp_str eq "s60") || ($tmp_str eq "msa") || ($tmp_str eq "att"))
  {
      print "\n\nERROR: 's60', 'msa' and 'att' are build in policies and can not be removed.\n";
      exit;
  } 
  $policy_found = 0;
  @files = <$POLICIES_BUILD_DIR_1*_*.ser>;
  foreach $file (@files) {
    $index = rindex($file, $policy_to_remove);
    if ($index >= 0)
    {
      	unlink("$file");
        $policy_found = 1;
    }
  }
  @files = <$POLICIES_BUILD_DIR_2*_*.ser>;
  foreach $file (@files) {
      $index = rindex($file, $policy_to_remove);
      if ($index >= 0)
      {
          $policy_found = 1;
        	unlink("$file");
      }
  }
  if ($policy_found == 0)
  {
      print "\n\nERROR: The policy $policy_to_remove was not found.\n";
      exit;
  }
 # modify java_variant_policy.iby
 mkdir "tmp";
 if (-f "$IBY_DIR$JAVA_VARIANT_POLICY_IBY_FILENAME")
 {
     open (JAVA_IBY, "$IBY_DIR$JAVA_VARIANT_POLICY_IBY_FILENAME");
     open (JAVA_NEW_IBY, "+>tmp/$JAVA_VARIANT_POLICY_IBY_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_VARIANT_POLICY_IBY_FILENAME)\n";
     my @java_iby_lines = <JAVA_IBY>;
     my $found = 0;
     foreach $java_iby_line (@java_iby_lines) {
        if (rindex($java_iby_line, $policy_to_remove) < 0 || rindex($java_iby_line, ".ser") < 0)
        {
            print JAVA_NEW_IBY $java_iby_line;
        }
        else
        {
            $found = 1;
        }
     }
     close(JAVA_IBY);
     close(JAVA_NEW_IBY);
     move("tmp/$JAVA_VARIANT_POLICY_IBY_FILENAME", "$IBY_DIR");
 }
 # same for the combined iby file
 if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME")
 {
     open (JAVA_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME");
     open (JAVA_NEW_IBY, "+>tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME)\n";
     my @java_iby_lines = <JAVA_IBY>;
     my $found = 0;
     foreach $java_iby_line (@java_iby_lines) {
        if (rindex($java_iby_line, $policy_to_remove) < 0 || rindex($java_iby_line, ".ser") < 0)
        {
            print JAVA_NEW_IBY $java_iby_line;
        }
        else
        {
            $found = 1;
        }
     }
     close(JAVA_IBY);
     close(JAVA_NEW_IBY);
     move("tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME", "$IBY_DIR");
 }
 
 # update the S60 configuration tool conf data
 my $xs = new XML::Simple(rootname   => 'configuration', searchpath => ".", suppressempty => '', forcearray => 1);
 my $input_confml = $xs->XMLin("$CONFML_DATA_DIR" ."javasecurity.confml");
 $input_confml->{data}->[0]->{KJavaSecurity}->[0]->{KPolicy}->[0] = 's60';
 delete $input_confml->{feature}->{'Java Security Configuration'}->{setting}->{Policy}->{option}->{"" . "$policy_to_remove"};
 my $output_confml = $xs->XMLout($input_confml);
 open (OUTPUT_CONFML_FILE, "+>tmp/javasecurity.confml") or die "Cannot create tmp file (tmp/javasecurity.confml)\n";
 print OUTPUT_CONFML_FILE   "$output_confml";
 close OUTPUT_CONFML_FILE;
 move("tmp/javasecurity.confml", "$CONFML_DATA_DIR") or die "Can not move tmp/javasecurity.confml to $CONFML_DATA_DIR";
 
 system("rmdir tmp /s /q");
}

sub init
{
    $config_file = "./configdata.xml";

    my $xml = new XML::Simple(suppressempty => '');
    my $xmldata = $xml->XMLin($config_file);
    
    $signing_cert = $xmldata->{signing}->{cert};
    $signing_key = $xmldata->{signing}->{key};
 
    $package_type = $xmldata->{deploytype};
    if (($package_type ne "") && ($package_type ne "removable") && ($package_type ne "non-removable"))
    {
        print "\nERROR: when specified, the type of the deployment package can have one of the two values: 'removable' or 'non-removable'. Please check the configuration file $config_file\n";
        exit;
    }
    if (($package_type eq "") || ($package_type eq "non-removable"))
    {
        $package_type = $NON_REMOVABLE_PACKAGE_TYPE;
    }
    else
    {
        $package_type = $REMOVABLE_PACKAGE_TYPE;
    }
}
  

##############################################################
##  Main function                                           ##
##############################################################
sub main
{
    # do initializations
    init();
    
    # parse arguments
    $numArgs = $#ARGV + 1;
    foreach $argnum (0 .. $#ARGV) 
    {
        if ($ARGV[$argnum] eq "addcerts")
        {
            $deployment_destination = $ROM;
            $deploy = 1;
            $iby_file_name = $JAVA_VARIANT_CERTS_IBY_FILENAME;
            $iby_name = "JAVA_VARIANT_CERTS_IBY";
            add_certs();
            print "\n\nAdding of certificates was succesfull.\n";
            exit;
        }
        if ($ARGV[$argnum] eq "listcerts")
        {
            list_certs();
            exit;
        }
        if ($ARGV[$argnum] eq "removecert")
        {
            if ($ARGV[$argnum + 1] eq "")
            {
                next;
            }
            $cert_to_remove = $ARGV[$argnum + 1];
            remove_cert();
            print "\n\nThe certificate $cert_to_remove was succesfully removed.\n";
            exit;
        }
        if ($ARGV[$argnum] eq "deploycerts")
        {
            $deployment_destination = $SIS;
            $deploy = 1;
            $pkg_file_name = $JAVA_VARIANT_CERTS_PKG_FILENAME;
            $pkg_name = "JavaCustomCertificates";
            $sis_file_name = $JAVA_VARIANT_CERTS_SIS_FILENAME;
            add_certs();
            if ($signed_sis eq "true")
            {
                print "\n\nThe deployment package '$JAVA_VARIANT_CERTS_SIS_FILENAME' was succesfully created and it can be installed into a device which has the signing certificate '$signing_cert' in place.\n";
            }
            else
            {
                print "\n\nThe deployment package '$JAVA_VARIANT_CERTS_SIS_FILENAME' was succesfully created. In order to be succesfully deployed into a device the deployment package needs to be signed by Nokia.\n";
            }
            exit;
        }
        if ($ARGV[$argnum] eq "listpolicies")
        {
            list_policies();
            exit;
        }
        if ($ARGV[$argnum] eq "addpolicy")
        {
            $deployment_destination = $ROM;
            $add_header = 1;
            $deploy = 1;
            $iby_file_name = $JAVA_VARIANT_POLICY_IBY_FILENAME;
            $iby_name = "JAVA_VARIANT_POLICY_IBY";
            add_policy();
            print "\n\nAdding of the new policy was succesfull.\n";
            exit;
        }
        if ($ARGV[$argnum] eq "removepolicy")
        {
            if ($ARGV[$argnum + 1] eq "")
            {
                next;
            }
            $policy_to_remove = $ARGV[$argnum + 1];
            remove_policy();
            print "\n\nThe policy $policy_to_remove was succesfully removed.\n";
            exit;
        }
        if ($ARGV[$argnum] eq "deploypolicy")
        {
            $deployment_destination = $SIS;
            $deploy = 1;
            $add_header = 1;
            $pkg_file_name = $JAVA_VARIANT_POLICY_PKG_FILENAME;
            $pkg_name = "JavaCustomSecurityPolicy";
            $sis_file_name = $JAVA_VARIANT_POLICY_SIS_FILENAME;
            add_policy();
            if ($signed_sis eq "true")
            {
                print "\n\nThe deployment package '$JAVA_VARIANT_POLICY_SIS_FILENAME' was succesfully created and it can be installed into a device which has the signing certificate '$signing_cert' in place.\n";
            }
            else
            {
                print "\n\nThe deployment package '$JAVA_VARIANT_POLICY_SIS_FILENAME' was succesfully created. In order to be succesfully deployed into a device the deployment package needs to be signed by Nokia.\n";
            }
            exit;
        }
        if ($ARGV[$argnum] eq "deployall")
        {
            $deployment_destination = $SIS;
            $deploy = 0;
            $pkg_file_name = $JAVA_VARIANT_CERTS_AND_POLICIES_PKG_FILENAME;
            $pkg_name = "JavaCustomSecurityCertsAndPolicy";
            $sis_file_name = $JAVA_VARIANT_CERTS_AND_POLICIES_SIS_FILENAME;
            add_certs();
            $add_header = 0;
            $deploy = 1;
            add_policy();
            if ($signed_sis eq "true")
            {
                print "\n\nThe deployment package '$JAVA_VARIANT_CERTS_AND_POLICIES_SIS_FILENAME' was succesfully created and it can be installed into a device which has the signing certificate '$signing_cert' in place.\n";
            }
            else
            {
                print "\n\nThe deployment package '$JAVA_VARIANT_CERTS_AND_POLICIES_SIS_FILENAME' was succesfully created. In order to be succesfully deployed into a device the deployment package needs to be signed by Nokia.\n";
            }
            exit;
        }
        if ($ARGV[$argnum] eq "addall")
        {
            $deployment_destination = $ROM;
            $deploy = 0;
            $iby_file_name = $JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME;
            $iby_name = "JAVA_VARIANT_CERTS_POLICIES_IBY";
            add_certs();
            $add_header = 0;
            $deploy = 1;
            add_policy();
            print "\n\nAdding of the new certificates and policy was succesfull.\n";
            exit;
        }
        if ($ARGV[$argnum] eq "setpolicy")
        {
            set_policy();
            if ($signed_sis eq "true")
            {
                print "\n\nThe deployment package '$JAVA_CUSTOM_SECURITY_SIS_FILENAME' was succesfully created and it can be installed into a device which has the signing certificate '$signing_cert' in place.\n";
            }
            else
            {
                print "\n\nThe deployment package '$JAVA_CUSTOM_SECURITY_SIS_FILENAME' was succesfully created. In order to be succesfully deployed into a device the deployment package needs to be signed by Nokia.\n";
            }
            exit;
        }
        if ($ARGV[$argnum] eq "setwarningsmode")
        {
            set_warnings_mode();
            if ($signed_sis eq "true")
            {
                print "\n\nThe deployment package '$JAVA_CUSTOM_SECURITY_SIS_FILENAME' was succesfully created and it can be installed into a device which has the signing certificate '$signing_cert' in place.\n";
            }
            else
            {
                print "\n\nThe deployment package '$JAVA_CUSTOM_SECURITY_SIS_FILENAME' was succesfully created. In order to be succesfully deployed into a device the deployment package needs to be signed by Nokia.\n";
            }
            exit;
        }
    }
    usage();
}

&main();