author Dremov Kirill (Nokia-D-MSW/Tampere) <>
Tue, 26 Jan 2010 12:06:03 +0200
changeset 4 32704c33136d
child 75 2d2d25361590
permissions -rw-r--r--
Revision: 201001 Kit: 201004

# Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
# All rights reserved.
# This component and the accompanying materials are made available
# under the terms of the License "Eclipse Public License v1.0"
# which accompanies this distribution, and is available
# at the URL "".
# Initial Contributors:
# Nokia Corporation - initial contribution.
# Contributors:
# Description: 

use Getopt::Long;
use strict;

my %Options = ();
my $num_options;
my $key = '';
my $cert = '';
my $passphrase = '';
my $pkgfile = '';
my $sisfile_ip = '';
my $sisfile_op = '';
my @languages = ();
my @package_components = ();
my @vendor = ();
my $commonName = '';
my $vendorName = '';
my $error_para;

  # process the command-line
  $num_options = @ARGV;

  unless (GetOptions(\%Options, 'key=s' => \$key, 'cert=s'=> \$cert, 
		     'pass=s' => \$passphrase, 'help|h|?')) {
    exit 1;
  if ($Options{help}) {
  $num_options = @ARGV;

  my $action=uc shift @ARGV;

  unless ($action=~/^(CREATE|SIGN|DUMP|STRIP)$/o) {
    print STDERR "Unknown createsis's action: $action\n\n";
    exit 1;
  if ($action eq 'CREATE') {

  if ($action eq 'SIGN') {

  if ($action eq 'DUMP') {

  if ($action eq 'STRIP') {
  exit 0;

# The implemetation of 'createsis create ...'
sub createFunc() {
  # Perform parameters check
 my $has_key = ($key ne '');
 my $has_cert = ($cert ne '');

  if ($has_key && !$has_cert) {
    print STDERR "Missing \'-cert\' option.\n";
    exit 1;

  if (!$has_key && $has_cert) {
    print STDERR "Missing \'-key\' option.\n";
    exit 1;

  if (@ARGV == 0) {
    print STDERR "Package file not found.\n";
    exit 1;

  $pkgfile = shift @ARGV;

  unless (@ARGV == 0) {
    $error_para = shift @ARGV;
    print STDERR "Unknown parameter \"$error_para\" in the command line\n";
    exit 1;

  # subst .SIS for .pkg in the package file name
  $sisfile_ip = $pkgfile;
  $sisfile_ip =~ s/\.pkg$//i;
  (system "makesis \"$pkgfile\" \"$sisfile_ip-tmp.SIS\"") == 0 or
    die "ERROR! Failed at makesis \"$pkgfile\"\n";

  # if key/cert are not found in the command line, try to extract them from the pkgfile
  # else generate DN and makekeys.
  if (!$has_key && !$has_cert) {
    unless (&extractPackageInfo() == 0) {
      print STDERR "Failed on extracting info from package file\n";
      exit 1;
    # Let's generate cert/key
    if (($key eq '') && ($cert eq '')) {

      my $key_index = 0;

      print "No key/cert found in $pkgfile.\n";

      unless (&generateDN() == 0) {
   	print STDERR "Failed to generate distinguished-name-string(DN)\n";
   	exit 1;

      # Specified the generated key/cert filenames
      $key = "key-gen.key";
      $cert = "cert-gen.cer";

      # if $key file exist, we need to index the new files
      while (-e $key) {
	$key = "key-gen".$key_index.".key";
	$cert = "cert-gen".$key_index.".cer";

      print "making $key, $cert ...\n";

      if ($passphrase eq '') {
	my $pwd_temp = '';
	print "\n Could not find passphrase in command-line or $pkgfile!\n";
	for (;;) {
	  print " Please enter ENTER passphrase (at least 4 letters): ";
	  $pwd_temp = <STDIN>;
	  if (length ($pwd_temp) > 4) {

	chomp $pwd_temp;

	$passphrase = $pwd_temp;

      (system "makekeys \-cert \-password \"$passphrase\" \-dname \"CN=$commonName OR=$vendorName\" $key $cert") == 0 or
	die "ERROR! Failed at makekeys... \n";
    } else {
      print "Found $key $cert from $pkgfile.\n"

  # Construct the input sis filename and output sis filename
  $sisfile_op = "$sisfile_ip.SIS";
  $sisfile_ip = "$sisfile_ip-tmp.SIS";

  print "Signing $sisfile_ip with $cert and $key -> $sisfile_op\n";

  if (defined $passphrase) {
    system ("signsis \-s \"$sisfile_ip\" \"$sisfile_op\" \"$cert\" \"$key\" \"$passphrase\"") == 0 or
      die "ERROR! Failed at signsis \-s \"$sisfile_ip\" \"$sisfile_op\" \"$cert\" \"$key\" $passphrase\n";
  } else {
    system ("signsis \-s $sisfile_ip $sisfile_op \"$cert\" \"$key\"") == 0 or
      die "ERROR! Failed at signsis \-s \"$sisfile_ip\" \"$sisfile_op\" \"$cert\" \"$key\"\n";
  # delete the temporary file
  unlink $sisfile_ip;

# The implemetation of 'createsis sign ...'
sub signFunc() {

  my $commandline;

  $sisfile_ip=shift @ARGV;

  unless (defined $sisfile_ip) {
    print STDERR "Input SIS file not found.\n";
    exit 1;

  $sisfile_op=shift @ARGV;

  unless (defined $sisfile_op) {
    print STDERR "Output SIS file not found.\n";
    exit 1;

  unless (@ARGV == 0) {
    $error_para = shift @ARGV;
    print STDERR "Unknown parameter \"$error_para\" in the command line\n";
    exit 1;

  if ($cert eq '') {
    print STDERR "certificate not found.\n";
    exit 1;

  if ($key eq '') {
    print STDERR "key not found.\n";
    exit 1;

  $commandline = "signsis \-s \"$sisfile_ip\" \"$sisfile_op\" \"$cert\" \"$key\"";

  print "signing input file $sisfile_ip -> $sisfile_op ...\n";

  if ($passphrase ne '') {
    $commandline .= " \"$passphrase\"";

  (system $commandline) == 0 or
    die "ERROR! Failed at signsis ... \n";

  unless (@ARGV == 0) {
    $error_para = shift @ARGV;
    print STDERR "Unknown parameter \"$error_para\" in the command line\n";
    exit 1;

# The implemetation of 'createsis dump ...'
sub dumpFunc() {

  if ($key ne '') {
    print STDERR "\"-key $key\" not supported\n";
    exit 1;

  if ($cert ne '') {
    print STDERR "\"-cert $cert\" not supported\n";
    exit 1;

  if ($passphrase ne '') {
    print STDERR "\"-pass $passphrase\" not supported\n";
    exit 1;

  $sisfile_ip=shift @ARGV;

  unless (defined $sisfile_ip) {
    print STDERR "Input SIS file not found.\n";
    exit 1;

  unless (@ARGV == 0) {
    $error_para = shift @ARGV;
    print STDERR "Unknown parameter \"$error_para\" in the command line\n";
    exit 1;	

  (system "signsis -o \"$sisfile_ip\"")  == 0 or
    die "ERROR! Failed at signsis ... \n";

# The implemetation of 'createsis strip ...'
sub stripFunc() {

  if ($key ne '') {
    print STDERR "\"-key $key\" not supported\n";
    exit 1;

  if ($cert ne '') {
    print STDERR "\"-cert $cert\" not supported\n";
    exit 1;

  if ($passphrase ne '') {
    print STDERR "\"-pass $passphrase\" not supported\n";
    exit 1;

  $sisfile_ip=shift @ARGV;

  unless (defined $sisfile_ip) {
    print STDERR "Input SIS file not found.\n";
    exit 1;

  $sisfile_op=shift @ARGV;

  unless (defined $sisfile_op) {
    print STDERR "Output SIS file not found.\n";
    exit 1;

  unless (@ARGV == 0) {
    $error_para = shift @ARGV;
    print STDERR "Unknown parameter \"$error_para\" in the command line\n";
    exit 1;	

  (system "signsis -u \"$sisfile_ip\" \"$sisfile_op\"") == 0 or
    die "ERROR! Failed at signsis ... \n";

# Extract info. from package file.
sub extractPackageInfo() {
  my @pkg_data;
  my $process_line = '';
  my $quote_open = 0;
  my $pkg_component_temp = '';
  my $vendor_temp = '';
  my $signature_temp = '';
  my @signature = ();

  print "Extracting info. from $pkgfile ...\n";

  open (PKGFILE, "$pkgfile") or 
    die "ERROR! Can't open $pkgfile\n";

  @pkg_data = <PKGFILE>;

  PKG_LINE: foreach my $pkg_line (@pkg_data) {

      # split the line into an array
      my @line_char = split (//,$pkg_line);

    CHAR: for (my $char_pos = 0; $char_pos < $#line_char; $char_pos++) {
	if ($line_char[$char_pos] eq '&' || $process_line eq 'lang') {

	  ############## languages ##############
	  $process_line = 'lang';
	  if ($line_char[$char_pos] eq ';') {
	    # comment line
	    # ignore it
	    $process_line = '';
	    next PKG_LINE;

	  } elsif ($line_char[$char_pos] =~ /[a-z|A-Z]/) {
	    my $lang_temp = uc ($line_char[$char_pos++].$line_char[$char_pos]);
			if($line_char[$char_pos] eq '(')
				my $lang_temp = uc ($lang_temp.$line_char[$char_pos]);
	    push (@languages, $lang_temp);
	    if ($char_pos < $#line_char){
	      next CHAR;
	  } elsif ($line_char[$char_pos] eq ' ' ||
		   $line_char[$char_pos] eq '&' ||
		   $line_char[$char_pos] eq ',') {
	    next CHAR;
	  } else {
	    $process_line = '';
	    # redo this last line, as there are unknown character in this languages line
	    redo PKG_LINE;
	} #if ($line_char[$char_pos] eq '&' || $process_line eq 'lang')

	if ($line_char[$char_pos] eq '*' || $process_line eq 'key_cert') {
	  ############### package-signature ##############
	  $process_line = 'key_cert';

	  if ($line_char[$char_pos] eq '"') {
	    if ($quote_open == 1) {
	      # set to false (0)
	      $quote_open = 0;

	      push (@signature, $signature_temp);
	      # clear the content
	      $signature_temp = '';
	    } else {
	      # set to true (1)
	      $quote_open = 1;

	    next CHAR;

	  } elsif ($quote_open == 1) {
	    # append the signature
	    $signature_temp .= $line_char[$char_pos];
	    next CHAR;

	  } elsif ($line_char[$char_pos] eq ' ' ||
		   $line_char[$char_pos] eq '*' ||
		   $line_char[$char_pos] eq ',' ||
		   $line_char[$char_pos] eq '=' ||
		   uc ($line_char[$char_pos]) eq 'K' ||
		   uc ($line_char[$char_pos]) eq 'E' ||
		   uc ($line_char[$char_pos]) eq 'Y') {
	    next CHAR;
	  } else {
	    # Exit extracting key/cert
	    $key = $signature[0];
	    $cert = $signature[1];
	    if ($#signature == 2 ) {
	      if ($passphrase eq '') {
		$passphrase = $signature[2];

	    $process_line = '';

	    # redo this last line, as there are unknown character in the signature line
	    redo PKG_LINE;

	} # if ($line_char[$char_pos] eq '*' || $process_line eq 'key_cert')
	if ($line_char[$char_pos] eq '#' || $process_line eq 'pkg_hdr') {

	  ############## package-header ##############
	  $process_line = 'pkg_hdr';
	  if ($line_char[$char_pos] eq '"') {
	    if ($quote_open == 1) {
	      # set to false (0)
	      $quote_open = 0;

	      push (@package_components, $pkg_component_temp);
	      # clear the content
	      $pkg_component_temp = '';
	    } else {
	      # set to true (1)
	      $quote_open = 1;

	    next CHAR;

	  } elsif ($quote_open == 1) {
	    # append the package component
	    $pkg_component_temp .= $line_char[$char_pos];
	    next CHAR;

	  } elsif ($line_char[$char_pos] eq '}') {
	    # Exit package-hearder processes
	    $process_line = '';
	    next PKG_LINE;

	  } elsif ($line_char[$char_pos] eq ' ' ||
		   $line_char[$char_pos] eq '#' ||
		   $line_char[$char_pos] eq ',' ||
		   $line_char[$char_pos] eq '{') {
	    next CHAR;

	} # if ($line_char[$char_pos] eq '#' || $process_line eq 'pkg_hdr')
	if ($line_char[$char_pos] eq '%' || $process_line eq 'vendor') {
	  ############### vendor ##############
	  $process_line = 'vendor';
	  if ($line_char[$char_pos] eq '"') {
	    if ($quote_open == 1) {
	      # set to false (0)
	      $quote_open = 0;
	      push (@vendor, $vendor_temp);
	      # clear the content
	      $vendor_temp = '';
	    } else {
	      # set to true (1)
	      $quote_open = 1;

	    next CHAR;

	  } elsif ($quote_open == 1) {
	    # append the vendor
	    $vendor_temp .= $line_char[$char_pos];
	    next CHAR;

	  } elsif ($line_char[$char_pos] eq '}') {
	    # Exit the vendor processes
	    $process_line = '';
	    next PKG_LINE;

	  } elsif ($line_char[$char_pos] eq ' ' ||
		   $line_char[$char_pos] eq '%' ||
		   $line_char[$char_pos] eq ',' ||
		   $line_char[$char_pos] eq '{') {
	    next CHAR;

	} # if ($line_char[$char_pos] eq '%') {

      if ($line_char[$char_pos] eq ';') {
	# comment line
	# ignore it

  return 0;

# Generate the distinguished-name-string for the self-signed public key certificate file.
sub generateDN() {
  my @pkg_data;
  my $en_pos = 0;
  my $lang_pos = 0;
  # Find out the position of English in the list (if present)
  for(; $lang_pos <= $#languages; $lang_pos++) {
    if ($languages[$lang_pos] eq 'EN') {
      $en_pos = $lang_pos;

  $commonName = $package_components[$en_pos];
  $vendorName = $vendor[$en_pos];
  # Patch the $commonName upto 64 byte of random hex
  for (my $count = length ($commonName); $count<65; $count++) {
    $commonName .= sprintf "%.2x", int rand(255);
  return 0;

# Print the Usage descriptions
sub Usage () {

createsis, version 1.0
Copyright (c) 2005 Symbian Software Ltd. All rights reserved.

Mandatory SIS file signing for SYMBIAN OS v9.1 onwards. It supports
creating new SIS files from package files, signs existing package files and
generates new key/certificate pairs for purposes of signing. If neither
certificate or key are specified as outlined in the usage scenarios below,
a self-signed certificate will be generated and used to sign the resulting
SIS file. In addition, createsis may be used to dump details of signatures
and certificate chains in a pre-existing SIS file.

Usage : createsis [-h | -?] <action>

    -h Show this help page
    -? Show this help page

    Description : Create and sign the generated sisfile.
    Usage : createsis create [-key <key>] [-cert <cert>] [-pass <pass>] pkgfile
            -key        [optional]The certificate's private key file
            -cert       [optional]The certificate file used for signing
            -pass       [depend on how key/cert was generated OR 
                         can use this option to specify the passphase for the new key/cert]
                         The certificate's private key file's passphrase
            pkgfile     The input package file.

    Description : Sign the sisfile.
    Usage : createsis sign -key <key> -cert <cert> [-pass <pass>] sis_input sis_output
            -key        The certificate's private key file
            -cert       The certificate file used for signing
            -pass       [depend on how key/cert was generated]The certificate's private 
                         key file's passphrase
	    -sis_input  The SIS file to be signed
	    -sis_output The SIS file generated by signing

    Description : Display details of all valid signatures and the associated certificates
    in the sisfile.
    Usage : createsis dump sis_input
	    -sis_input  The investigated SIS file
    Description : Remove most recent signature from SIS file
    Usage : createsis strip sis_input sis_output
	    -sis_input  The SIS file whose recent signature will be removed
	    -sis_output The SIS file after signature removed


  exit 0;