|
1 # |
|
2 # Copyright (c) 2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 # All rights reserved. |
|
4 # This component and the accompanying materials are made available |
|
5 # under the terms of "Eclipse Public License v1.0" |
|
6 # which accompanies this distribution, and is available |
|
7 # at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 # |
|
9 # Initial Contributors: |
|
10 # Nokia Corporation - initial contribution. |
|
11 # |
|
12 # Contributors: |
|
13 # |
|
14 # Description: |
|
15 # |
|
16 ################################################################## |
|
17 ## Tool used to managing the security policies and the set of ## |
|
18 ## X.509 certificates used as trust anchors in verifying the ## |
|
19 ## authenticity of signing certificates used for signing ## |
|
20 ## java applications ## |
|
21 ## ## |
|
22 ## This tool can be used at two different phases: ## |
|
23 ## 1) at ROM image creation time (used by variant engineers) ## |
|
24 ## before generating the variant ROM image and before ## |
|
25 ## using S60 Configuration tool. ## |
|
26 ## When used at this phase, ## |
|
27 ## the tool instructs the ROM image creation process on ## |
|
28 ## which policies and certificates to include into the ROM ## |
|
29 ## image ## |
|
30 ## 2) after ROM image creation time. When used at this phase ## |
|
31 ## the tool generates deployment packages (SIS) to be ## |
|
32 ## installed into "already flashed ROM images" ## |
|
33 ## ## |
|
34 ## This tool assumes the existence of a S60 environment, ## |
|
35 ## therefore it must be used from within a S60 environment ## |
|
36 ################################################################## |
|
37 |
|
38 #use strict; |
|
39 use Getopt::Std; |
|
40 use XML::Simple; |
|
41 use File::Spec; |
|
42 use File::Copy; |
|
43 |
|
44 # s60 specific paths |
|
45 my $CERTS_BUILD_DIR_1 = "/epoc32/data/z/private/200211dc/security/trustroots/device/certificates/"; |
|
46 my $CERTS_BUILD_DIR_2 = "/epoc32/release/armv5/urel/z/private/200211dc/security/trustroots/device/certificates/"; |
|
47 my $POLICIES_BUILD_DIR_1 = "/epoc32/data/z/resource/java/security/policies/"; |
|
48 my $POLICIES_BUILD_DIR_2 = "/epoc32/release/armv5/urel/z/resource/java/security/policies/"; |
|
49 my $IBY_DIR = "/epoc32/rom/include/core/app/"; |
|
50 my $IBY_TEST_DIR = "/epoc32/rom/include/core/tools/"; |
|
51 my $CONFML_DATA_DIR = "/epoc32/rom/config/confml_data/s60/"; |
|
52 # global variables |
|
53 my $config_file; |
|
54 my $cert_to_remove; |
|
55 my $policy_to_remove; |
|
56 my $deployment_destination; |
|
57 my $signing_cert; |
|
58 my $signing_key; |
|
59 my $add_header = 0; |
|
60 my $deploy = 1; |
|
61 my $iby_file_name; |
|
62 my $iby_name; |
|
63 my $sis_file_name; |
|
64 my $pkg_file_name; |
|
65 my $pkg_name; |
|
66 my $package_type; |
|
67 my $signed_sis = "false"; |
|
68 my $ROM = "rom"; |
|
69 my $SIS = "sis"; |
|
70 my $openssl = "openssl.exe"; |
|
71 my $METADATA_EXT = ".metadata"; |
|
72 my $STATE_EXT = ".state"; |
|
73 my $JAVA_IBY_FILENAME = "java.iby"; |
|
74 my $JAVA_TEST_IBY_FILENAME = "javatest.iby"; |
|
75 my $JAVA_VARIANT_CERTS_IBY_FILENAME = "java_variant_certs.iby"; |
|
76 my $JAVA_VARIANT_CERTS_PKG_FILENAME = "java_variant_certs.pkg"; |
|
77 my $JAVA_VARIANT_CERTS_SIS_FILENAME = "java_variant_certs.sis"; |
|
78 my $JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME = "java_variant_certs_policies.iby"; |
|
79 my $JAVA_VARIANT_CERTS_AND_POLICIES_PKG_FILENAME = "java_variant_certs_policies.pkg"; |
|
80 my $JAVA_VARIANT_CERTS_AND_POLICIES_SIS_FILENAME = "java_variant_certs_policies.sis"; |
|
81 my $JAVA_VARIANT_POLICY_IBY_FILENAME = "java_variant_policy.iby"; |
|
82 my $JAVA_VARIANT_POLICY_PKG_FILENAME = "java_variant_policy.pkg"; |
|
83 my $JAVA_VARIANT_POLICY_SIS_FILENAME = "java_variant_policy.sis"; |
|
84 my $JAVA_CUSTOM_SECURITY_PKG_FILENAME = "java_custom_security.pkg"; |
|
85 my $JAVA_CUSTOM_SECURITY_SIS_FILENAME = "java_custom_security.sis"; |
|
86 my $NON_REMOVABLE_PACKAGE_TYPE = ",(0x2001FD68), 1,0,0, TYPE=PU,RU\n%{\"Nokia\"}\n:\"Nokia\"\n[0x1028315F], 0, 0, 0, {\"Series60ProductID\"}\n"; |
|
87 my $REMOVABLE_PACKAGE_TYPE = ",(0x2001FD68), 1,0,0, TYPE=SP,RU\n%{\"Nokia\"}\n:\"Nokia\"\n[0x1028315F], 0, 0, 0, {\"Series60ProductID\"}\n"; |
|
88 # IBY and PKG data |
|
89 my $CERTS_DATACAGE = "\\private\\200211dc\\security\\trustroots\\device\\certificates\\"; |
|
90 my $CERTS_STATE_DATACAGE = "\\private\\200211dc\\security\\trustroots\\device\\state\\"; |
|
91 my $POLICIES_DATACAGE_SRC = "\\resource\\java\\security\\policies\\"; |
|
92 my $POLICIES_DATACAGE_SRC_5_0 = "\\private\\102033E6\\resource\\security\\policies\\"; |
|
93 my $POLICIES_DATACAGE_DEST = "RESOURCE_FILES_DIR\\java\\security\\policies\\"; |
|
94 |
|
95 ############################################################## |
|
96 ## Displays the usage help ## |
|
97 ############################################################## |
|
98 sub usage |
|
99 { |
|
100 system("cls"); |
|
101 print "\nUsage:\n\javasecuritycustomizationtool.pl listcerts | addcerts | deploycerts | removecert <cert_name> | listpolicies | addpolicy | deploypolicy | removepolicy <policy_name> | addall | deployall | setpolicy | setwarningsmode \n"; |
|
102 print "\nWhere:\n"; |
|
103 print "listcerts Lists all the X.509 certificates used as trust anchors in\n"; |
|
104 print " verifying the authenticity of signed java applications and\n"; |
|
105 print " also used in binding java applications to protection domains\n"; |
|
106 print "addcerts Adds new X.509 certificates into the existing collection\n"; |
|
107 print " of X.509 certificates used as trust anchors in verifying the\n"; |
|
108 print " authenticity of signed java applications and also used in\n"; |
|
109 print " binding java applications to protection domains\n"; |
|
110 print " The properties of the certificates to be added are specified\n"; |
|
111 print " by the file 'configdata.xml'\n"; |
|
112 print "deploycerts Creates a SIS package, containing new X.509 certificates,\n"; |
|
113 print " to be installed into a device having java security system in \n"; |
|
114 print " place. These new certificates are used as trust anchors in\n"; |
|
115 print " verifying the authenticity of signed java applications and\n"; |
|
116 print " also used in binding java applications to protection domains\n"; |
|
117 print " The properties of the certificates to be deployed are specified\n"; |
|
118 print " by the file 'configdata.xml'\n"; |
|
119 print "removecert Removes a single X.509 certificate from the existing collection\n"; |
|
120 print " of X.509 certificates used as trust anchors in verifying the\n"; |
|
121 print " authenticity of signed java applications and also used in\n"; |
|
122 print " binding java applications to protection domains\n"; |
|
123 print "listpolicies Lists all the policies used for granting permissions to java\n"; |
|
124 print " applications\n"; |
|
125 print "addpolicy Adds a new policy into the existing collection of policies\n"; |
|
126 print " used for granting permissions to java applications\n"; |
|
127 print " The properties of the policy to be added are specified\n"; |
|
128 print " by the file 'configdata.xml'\n"; |
|
129 print "deploypolicy Creates a SIS package, containing a new policy, to be\n"; |
|
130 print " installed into a device having java security system in place\n"; |
|
131 print " The properties of the policy to be deployed are specified by\n"; |
|
132 print " the file 'configdata.xml'\n"; |
|
133 print "removepolicy Removes a single policy from the collection of policies\n"; |
|
134 print " used for granting permissions to java applications\n"; |
|
135 print "addall Adds new X.509 certificates and a new policy into the existing\n"; |
|
136 print " collection of certificates/policies used for\n"; |
|
137 print " authentication/authorization of java applications. This is the\n"; |
|
138 print " equivalent of the combined command line arguments 'addcerts'\n"; |
|
139 print " and 'addpolicy'\n"; |
|
140 print "deployall Creates a SIS package, containing new X.509 certificates and a\n"; |
|
141 print " new policy, to be installed into a device having java security\n"; |
|
142 print " system in place. This is a the equivalent of the combined\n"; |
|
143 print " command line arguments 'deploycerts' and 'deploypolicy'\n"; |
|
144 print " The properties of the certificates and policy to be deployed\n"; |
|
145 print " are specified by the file 'configdata.xml'\n"; |
|
146 print "setpolicy Creates a SIS package, which selects the policy to be used for\n"; |
|
147 print " granting permissions to java applications. This SIS is to be\n"; |
|
148 print " installed into a device having java security system in place\n"; |
|
149 print " The name of the selected policy is specified by the file\n"; |
|
150 print " 'configdata.xml'\n"; |
|
151 print "setwarningsmode Creates a SIS package, which selects the mode used for handling\n"; |
|
152 print " security warnings. This SIS is to be installed into a device\n"; |
|
153 print " having java security system in place\n"; |
|
154 print " The warnings mode is specified by the file 'configdata.xml'\n"; |
|
155 print "\n\nThis tool can be used at two different phases:\n"; |
|
156 print " 1) at ROM image creation time (used by variant engineers) before generating\n"; |
|
157 print " the variant ROM image and before using S60 Configuration tool. Used at\n"; |
|
158 print " this phase the tool produces configuration data for the ROM image creation\n"; |
|
159 print " process. The command line arguments to be used at this phase are:\n"; |
|
160 print " 'listcerts', 'addcerts', 'removecert', 'listpolicies', 'addpolicy',\n"; |
|
161 print " 'removepolicy', and 'addall'\n"; |
|
162 print " 2) after ROM image creation time. Used at this phase the tool generates\n"; |
|
163 print " deployment packages (SIS) to be installed into 'already flashed ROM\n"; |
|
164 print " images'. The command line arguments to be used at this phase are:\n"; |
|
165 print " 'deploycerts', 'deploypolicy', 'setpolicy', 'setwarningsmode' and\n"; |
|
166 print " 'deployall'\n"; |
|
167 print "\nThis tool assumes the existence of a S60 environment, therefore it must be used\n"; |
|
168 print "from within a S60 environment\n"; |
|
169 exit; |
|
170 } |
|
171 |
|
172 ############################################################## |
|
173 ## Lists all the certificates ## |
|
174 ############################################################## |
|
175 sub list_certs() |
|
176 { |
|
177 @files = <$CERTS_BUILD_DIR_1*>; |
|
178 @certs; |
|
179 @domains; |
|
180 @paths; |
|
181 foreach $file (@files) { |
|
182 if (rindex($file, $METADATA_EXT) < 0) |
|
183 { |
|
184 $ext = rindex($file, "."); |
|
185 my $file_without_ext = substr($file, 0, $ext); |
|
186 $cert_name = substr($file, length("$CERTS_BUILD_DIR_1")); |
|
187 if (! grep {$_ eq $cert_name} @certs) { |
|
188 push(@certs, $cert_name); |
|
189 push(@paths, $CERTS_BUILD_DIR_1); |
|
190 open (METADATA_FILE, "$file_without_ext$METADATA_EXT") or die "Cannot open $file_without_ext$METADATA_EXT\n"; |
|
191 my @metadata = <METADATA_FILE>; |
|
192 close(METADATA_FILE); |
|
193 my $domain; |
|
194 foreach $metadata_item (@metadata) { |
|
195 $metadata_item_key = substr($metadata_item, 0, rindex($metadata_item, "=")); |
|
196 if ($metadata_item_key eq "name") |
|
197 { |
|
198 $domain = substr($metadata_item, rindex($metadata_item, "=") + 1); |
|
199 push(@domains, $domain); |
|
200 break; |
|
201 } |
|
202 } |
|
203 } |
|
204 } |
|
205 } |
|
206 |
|
207 @files = <$CERTS_BUILD_DIR_2*>; |
|
208 foreach $file (@files) { |
|
209 if (rindex($file, $METADATA_EXT) < 0) |
|
210 { |
|
211 $ext = rindex($file, "."); |
|
212 my $file_without_ext = substr($file, 0, $ext); |
|
213 $cert_name = substr($file, length("$CERTS_BUILD_DIR_2")); |
|
214 if (! grep {$_ eq $cert_name} @certs) { |
|
215 push(@certs, $cert_name); |
|
216 push(@paths, $CERTS_BUILD_DIR_2); |
|
217 open (METADATA_FILE, "$file_without_ext$METADATA_EXT") or die "Cannot open $file_without_ext$METADATA_EXT\n"; |
|
218 my @metadata = <METADATA_FILE>; |
|
219 close(METADATA_FILE); |
|
220 my $domain; |
|
221 foreach $metadata_item (@metadata) { |
|
222 $metadata_item_key = substr($metadata_item, 0, rindex($metadata_item, "=")); |
|
223 if ($metadata_item_key eq "name") |
|
224 { |
|
225 $domain = substr($metadata_item, rindex($metadata_item, "=") + 1); |
|
226 push(@domains, $domain); |
|
227 break; |
|
228 } |
|
229 } |
|
230 } |
|
231 } |
|
232 } |
|
233 |
|
234 # display only the files which are found inside java.iby or javatest.iby |
|
235 open (JAVA_IBY, "$IBY_DIR$JAVA_IBY_FILENAME"); |
|
236 my @java_iby_lines = <JAVA_IBY>; |
|
237 close(JAVA_IBY); |
|
238 my @java_test_iby_lines; |
|
239 if (-f "$IBY_TEST_DIR$JAVA_TEST_IBY_FILENAME") |
|
240 { |
|
241 open (JAVA_TEST_IBY, "$IBY_TEST_DIR$JAVA_TEST_IBY_FILENAME"); |
|
242 @java_test_iby_lines = <JAVA_TEST_IBY>; |
|
243 close(JAVA_TEST_IBY); |
|
244 } |
|
245 my @java_variant_certs_iby_lines; |
|
246 if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_IBY_FILENAME") |
|
247 { |
|
248 open (JAVA_VARIANT_CERTS_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_IBY_FILENAME"); |
|
249 @java_variant_certs_iby_lines = <JAVA_VARIANT_CERTS_IBY>; |
|
250 close(JAVA_VARIANT_CERTS_IBY); |
|
251 } |
|
252 my @java_variant_certs_policies_iby_lines; |
|
253 if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME") |
|
254 { |
|
255 open (JAVA_VARIANT_CERTS_POLICIES_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME"); |
|
256 @java_variant_certs_policies_iby_lines = <JAVA_VARIANT_CERTS_POLICIES_IBY>; |
|
257 close(JAVA_VARIANT_CERTS_POLICIES_IBY); |
|
258 } |
|
259 $index = 0; |
|
260 my $found = 0; |
|
261 foreach $cert (@certs) { |
|
262 $found = 0; |
|
263 foreach $java_iby_line (@java_iby_lines) { |
|
264 if (rindex($java_iby_line, $cert) >= 0) { |
|
265 $found = 1; |
|
266 last; |
|
267 } |
|
268 } |
|
269 if ($found == 0) |
|
270 { |
|
271 foreach $java_variant_certs_iby_line (@java_variant_certs_iby_lines) { |
|
272 if (rindex($java_variant_certs_iby_line, $cert) >= 0) { |
|
273 $found = 1; |
|
274 last; |
|
275 } |
|
276 } |
|
277 } |
|
278 if ($found == 0) |
|
279 { |
|
280 foreach $java_variant_certs_policies_iby_line (@java_variant_certs_policies_iby_lines) { |
|
281 if (rindex($java_variant_certs_policies_iby_line, $cert) >= 0) { |
|
282 $found = 1; |
|
283 last; |
|
284 } |
|
285 } |
|
286 } |
|
287 #if ($found == 0) |
|
288 #{ |
|
289 #foreach $java_test_iby_line (@java_test_iby_lines) { |
|
290 #if (rindex($java_test_iby_line, $cert) >= 0) { |
|
291 #$found = 1; |
|
292 #last; |
|
293 #} |
|
294 #} |
|
295 #} |
|
296 if ($found == 1) |
|
297 { |
|
298 print "Certificate:\n"; |
|
299 print " Name: ", $cert , "\n"; |
|
300 print " Domain: ", $domains[$index]; |
|
301 print " Path: ", $paths[$index], "\n\n"; |
|
302 } |
|
303 $index = $index + 1; |
|
304 } |
|
305 } |
|
306 |
|
307 ############################################################## |
|
308 ## Removes a certain certificate ## |
|
309 ############################################################## |
|
310 sub remove_cert() |
|
311 { |
|
312 if (! -f "$CERTS_BUILD_DIR_1$cert_to_remove") |
|
313 { |
|
314 print "\n\nERROR: ", $cert_to_remove, " not found.\n"; |
|
315 exit; |
|
316 } else |
|
317 { |
|
318 |
|
319 $ext = rindex($cert_to_remove, "."); |
|
320 $file_without_ext = substr($cert_to_remove, 0, $ext); |
|
321 |
|
322 # modify java.iby |
|
323 mkdir "tmp"; |
|
324 open (JAVA_IBY, "$IBY_DIR$JAVA_IBY_FILENAME"); |
|
325 open (JAVA_NEW_IBY, "+>tmp/$JAVA_IBY_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_IBY_FILENAME)\n"; |
|
326 my @java_iby_lines = <JAVA_IBY>; |
|
327 my $found = 0; |
|
328 foreach $java_iby_line (@java_iby_lines) { |
|
329 if (rindex($java_iby_line, $cert_to_remove) < 0 && rindex($java_iby_line, "$file_without_ext$METADATA_EXT") < 0) |
|
330 { |
|
331 print JAVA_NEW_IBY $java_iby_line; |
|
332 } |
|
333 else |
|
334 { |
|
335 $found = 1; |
|
336 } |
|
337 } |
|
338 close(JAVA_IBY); |
|
339 close(JAVA_NEW_IBY); |
|
340 move("tmp/$JAVA_IBY_FILENAME", "$IBY_DIR"); |
|
341 if ($found == 0) |
|
342 { |
|
343 if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_IBY_FILENAME") |
|
344 { |
|
345 open (JAVA_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_IBY_FILENAME"); |
|
346 open (JAVA_NEW_IBY, "+>tmp/$JAVA_VARIANT_CERTS_IBY_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_VARIANT_CERTS_IBY_FILENAME)\n"; |
|
347 my @java_iby_lines = <JAVA_IBY>; |
|
348 my $found = 0; |
|
349 foreach $java_iby_line (@java_iby_lines) { |
|
350 if (rindex($java_iby_line, $cert_to_remove) < 0 && rindex($java_iby_line, "$file_without_ext$METADATA_EXT") < 0) |
|
351 { |
|
352 print JAVA_NEW_IBY $java_iby_line; |
|
353 } |
|
354 } |
|
355 close(JAVA_IBY); |
|
356 close(JAVA_NEW_IBY); |
|
357 move("tmp/$JAVA_VARIANT_CERTS_IBY_FILENAME", "$IBY_DIR"); |
|
358 } |
|
359 # check the combined iby file as well |
|
360 if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME") |
|
361 { |
|
362 open (JAVA_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME"); |
|
363 open (JAVA_NEW_IBY, "+>tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME)\n"; |
|
364 my @java_iby_lines = <JAVA_IBY>; |
|
365 my $found = 0; |
|
366 foreach $java_iby_line (@java_iby_lines) { |
|
367 if (rindex($java_iby_line, $cert_to_remove) < 0 && rindex($java_iby_line, "$file_without_ext$METADATA_EXT") < 0) |
|
368 { |
|
369 print JAVA_NEW_IBY $java_iby_line; |
|
370 } |
|
371 } |
|
372 close(JAVA_IBY); |
|
373 close(JAVA_NEW_IBY); |
|
374 move("tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME", "$IBY_DIR"); |
|
375 } |
|
376 |
|
377 } |
|
378 |
|
379 unlink("$CERTS_BUILD_DIR_1$cert_to_remove"); |
|
380 unlink("$CERTS_BUILD_DIR_1$file_without_ext$METADATA_EXT"); |
|
381 |
|
382 unlink("$CERTS_BUILD_DIR_2$cert_to_remove"); |
|
383 unlink("$CERTS_BUILD_DIR_2$file_without_ext$METADATA_EXT"); |
|
384 |
|
385 system("rmdir tmp /s /q"); |
|
386 } |
|
387 } |
|
388 |
|
389 ############################################################## |
|
390 ## Adds new certificates ## |
|
391 ############################################################## |
|
392 sub add_certs() |
|
393 { |
|
394 $config_file = "./configdata.xml"; |
|
395 |
|
396 my $xml = new XML::Simple(suppressempty => ''); |
|
397 my $xmldata = $xml->XMLin($config_file, forcearray => 1); |
|
398 |
|
399 my $root_file; |
|
400 my $root_domain; |
|
401 my $root_canDelete; |
|
402 my $root_canDisable; |
|
403 my $root_file_without_ext; |
|
404 my $root_file_with_ext; |
|
405 my $root_state; |
|
406 |
|
407 mkdir "tmp"; |
|
408 mkdir "tmp/certs/"; |
|
409 if ($deployment_destination eq $ROM) |
|
410 { |
|
411 open (IBY_FILE, "+>tmp/$iby_file_name") or die "Cannot create tmp file (tmp/$iby_file_name)\n"; |
|
412 print IBY_FILE "#ifndef __" . "$iby_name" ."__\n#define __" . "$iby_name" ."__\n\n#include <data_caging_paths_for_iby.hrh>\n\n"; |
|
413 } |
|
414 else |
|
415 { |
|
416 open (PKG_FILE, "+>tmp/$pkg_file_name") or die "Cannot create tmp file (tmp/$pkg_file_name)\n"; |
|
417 print PKG_FILE "&EN\n#{\"$pkg_name\"}" ."$package_type"; |
|
418 open (POLICY_FILE, "+>tmp/update_certs") or die "Cannot create tmp file (tmp/update_certs)\n"; |
|
419 close POLICY_FILE; |
|
420 } |
|
421 |
|
422 foreach my $root (@{$xmldata->{root}}) { |
|
423 |
|
424 # read the xml node |
|
425 $root_file = $root->{file}->[0]; |
|
426 $root_domain = $root->{domain}->[0]; |
|
427 $root_canDelete = $root->{canDelete}->[0]; |
|
428 $root_canDisable = $root->{canDisable}->[0]; |
|
429 |
|
430 if ($deployment_destination eq $SIS) |
|
431 { |
|
432 $root_state = $root->{state}->[0]; |
|
433 if (($root_state ne "") && ($root_state ne "enabled") && ($root_state ne "disabled") && ($root_state ne "removed")) { |
|
434 print "ERROR: The values for \"state\" can be either \"enabled\" or \"disabled\" or \"removed\". Please check the configuration file $config_file\n"; |
|
435 close IBY_FILE; |
|
436 close PKG_FILE; |
|
437 system("rmdir tmp /s /q"); |
|
438 exit; |
|
439 } |
|
440 } |
|
441 |
|
442 # validate the root file |
|
443 if (! -f $root_file) { |
|
444 print "\nERROR: root file $root_file doesn't exist. Please check the configuration file $config_file\n"; |
|
445 close IBY_FILE; |
|
446 close PKG_FILE; |
|
447 system("rmdir tmp /s /q"); |
|
448 exit; |
|
449 } |
|
450 # validate start date of the root |
|
451 ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time); |
|
452 $current_year = $year + 1900; |
|
453 system("openssl x509 -inform DER -in $root_file -noout -startdate > tmp/startdate.txt"); |
|
454 open(start_date_file, "tmp/startdate.txt"); |
|
455 my @start_date = <start_date_file>; |
|
456 close(start_date_file); |
|
457 unlink("tmp/startdate.txt"); |
|
458 @start_date_details = split(/ /, $start_date[0]); |
|
459 my $start_date_year = $start_date_details[3]; |
|
460 if ($start_date_year > $current_year) { |
|
461 print "\nERROR: root $root_file not yet valid.\n"; |
|
462 close IBY_FILE; |
|
463 close PKG_FILE; |
|
464 system("rmdir tmp /s /q"); |
|
465 exit; |
|
466 } |
|
467 # validate end date of the root |
|
468 system("openssl x509 -inform DER -in $root_file -noout -enddate > tmp/enddate.txt"); |
|
469 open(end_date_file, "tmp/enddate.txt"); |
|
470 my @end_date = <end_date_file>; |
|
471 close(end_date_file); |
|
472 unlink("tmp/enddate.txt"); |
|
473 @end_date_details = split(/ /, $end_date[0]); |
|
474 $year_index = 0; |
|
475 $found_items = 0; |
|
476 foreach $end_date_detail (@end_date_details) { |
|
477 if ($found_items == 3) |
|
478 { |
|
479 last; |
|
480 } |
|
481 if ($end_date_detail ne "") |
|
482 { |
|
483 $found_items = $found_items + 1; |
|
484 } |
|
485 $year_index = $year_index + 1; |
|
486 } |
|
487 my $end_date_year = $end_date_details[$year_index]; |
|
488 if ($end_date_year < $current_year) { |
|
489 print "\nERROR: root $root_file is expired.\n"; |
|
490 close IBY_FILE; |
|
491 close PKG_FILE; |
|
492 system("rmdir tmp /s /q"); |
|
493 exit; |
|
494 } |
|
495 #validate the domain |
|
496 if (($root_domain ne "Manufacturer") && ($root_domain ne "Operator") && ($root_domain ne "OperatorExtra") && ($root_domain ne "IdentifiedThirdParty")) { |
|
497 print "\nERROR: the values for \"domain\" can be either \"Manufacturer\" or \"Operator\" or \"OperatorExtra\" or \"IdentifiedThirdParty\". Please check the configuration file $config_file\n"; |
|
498 close IBY_FILE; |
|
499 close PKG_FILE; |
|
500 system("rmdir tmp /s /q"); |
|
501 exit; |
|
502 } |
|
503 #validate the canDelete element |
|
504 if (($root_canDelete ne "") && ($root_canDelete ne "true") && ($root_canDelete ne "false")) { |
|
505 print "\nERROR: the values for \"canDelete\" can be either \"true\" or \"false\". Please check the configuration file $config_file\n"; |
|
506 close IBY_FILE; |
|
507 close PKG_FILE; |
|
508 system("rmdir tmp /s /q"); |
|
509 exit; |
|
510 } |
|
511 #validate the canDisable element |
|
512 if (($root_canDisable ne "") && ($root_canDisable ne "true") && ($root_canDisable ne "false")) { |
|
513 print "ERROR: The values for \"canDisable\" can be either \"true\" or \"false\". Please check the configuration file $config_file\n"; |
|
514 close IBY_FILE; |
|
515 close PKG_FILE; |
|
516 system("rmdir tmp /s /q"); |
|
517 exit; |
|
518 } |
|
519 # generate the cert metadata and copy the cert & metadata to a tmp folder |
|
520 system("openssl x509 -inform DER -in $root_file -noout -issuer_hash > tmp/hash.txt"); |
|
521 open(hash_file, "tmp/hash.txt"); |
|
522 my @lines = <hash_file>; |
|
523 close(hash_file); |
|
524 unlink("tmp/hash.txt"); |
|
525 $start_index = rindex($root_file, "/"); |
|
526 $end_index = rindex($root_file, "."); |
|
527 if ($start_index >= 0) |
|
528 { |
|
529 $root_file_without_ext = substr($root_file, $start_index + 1, $end_index - $start_index - 1); |
|
530 $root_file_with_ext = substr($root_file, $start_index + 1); |
|
531 } |
|
532 else |
|
533 { |
|
534 $root_file_without_ext = substr($root_file, 0, $end_index); |
|
535 $root_file_with_ext = $root_file; |
|
536 } |
|
537 open (EXT_FILE, "+>tmp/certs/$root_file_without_ext$METADATA_EXT") or die "Cannot create temp file (tmp/certs/$root_file_without_ext$METADATA_EXT)\n"; |
|
538 print EXT_FILE "name=$root_domain\n"; |
|
539 if ($root_domain eq "Manufacturer") |
|
540 { |
|
541 print EXT_FILE "category=MFD\n"; |
|
542 } |
|
543 if ($root_domain eq "Operator") |
|
544 { |
|
545 print EXT_FILE "category=OPD\n"; |
|
546 } |
|
547 if ($root_domain eq "OperatorExtra") |
|
548 { |
|
549 print EXT_FILE "category=OPD\n"; |
|
550 } |
|
551 if ($root_domain eq "IdentifiedThirdParty") |
|
552 { |
|
553 print EXT_FILE "category=ITPD\n"; |
|
554 } |
|
555 if ($root_canDelete eq "" || $root_canDelete eq "false") { |
|
556 print EXT_FILE "removable=0\n"; |
|
557 } |
|
558 else |
|
559 { |
|
560 print EXT_FILE "removable=1\n"; |
|
561 } |
|
562 if ($root_canDisable eq "" || $root_canDisable eq "false") { |
|
563 print EXT_FILE "disablable=0\n"; |
|
564 } |
|
565 else |
|
566 { |
|
567 print EXT_FILE "disablable=1\n"; |
|
568 } |
|
569 print EXT_FILE "hash=$lines[0]\n"; |
|
570 close EXT_FILE; |
|
571 copy($root_file, "tmp/certs/") or die "File $root_file cannot be copied to tmp/"; |
|
572 # strip off the path |
|
573 if ($deployment_destination eq $ROM) |
|
574 { |
|
575 print IBY_FILE "data=ABI_DIR\\BUILD_DIR\\z" ."$CERTS_DATACAGE"; |
|
576 print IBY_FILE $root_file_with_ext; |
|
577 print IBY_FILE " " ."$CERTS_DATACAGE"; |
|
578 print IBY_FILE $root_file_with_ext; |
|
579 print IBY_FILE "\ndata=ABI_DIR\\BUILD_DIR\\z" ."$CERTS_DATACAGE"; |
|
580 print IBY_FILE $root_file_without_ext; |
|
581 print IBY_FILE "$METADATA_EXT " ."$CERTS_DATACAGE"; |
|
582 print IBY_FILE $root_file_without_ext; |
|
583 print IBY_FILE "$METADATA_EXT\n"; |
|
584 } |
|
585 else |
|
586 { |
|
587 print PKG_FILE "\"./tmp/certs/"; |
|
588 print PKG_FILE $root_file_with_ext; |
|
589 print PKG_FILE "\"-\"c:" . "$CERTS_DATACAGE"; |
|
590 print PKG_FILE $root_file_with_ext; |
|
591 print PKG_FILE "\"\n\"./tmp/certs/"; |
|
592 print PKG_FILE $root_file_without_ext; |
|
593 print PKG_FILE "$METADATA_EXT\"-\"c:" ."$CERTS_DATACAGE"; |
|
594 print PKG_FILE $root_file_without_ext; |
|
595 print PKG_FILE "$METADATA_EXT\"\n"; |
|
596 if ($root_state ne "") |
|
597 { |
|
598 open (STATE_FILE, "+>tmp/certs/$root_file_without_ext$STATE_EXT") or die "Cannot create temp file (tmp/certs/$root_file_without_ext$STATE_EXT)\n"; |
|
599 binmode STATE_FILE; |
|
600 my $state; |
|
601 if ($root_state eq "enabled") |
|
602 { |
|
603 $state = pack("h8", "3000"); |
|
604 } |
|
605 else |
|
606 { |
|
607 if ($root_state eq "disabled") |
|
608 { |
|
609 $state = pack("h8", "2000"); |
|
610 } |
|
611 else |
|
612 { |
|
613 if ($root_state eq "removed") |
|
614 { |
|
615 $state = pack("h8", "1000"); |
|
616 } |
|
617 } |
|
618 } |
|
619 print STATE_FILE $state; |
|
620 close STATE_FILE; |
|
621 print PKG_FILE "\"./tmp/certs/"; |
|
622 print PKG_FILE $root_file_without_ext; |
|
623 print PKG_FILE "$STATE_EXT\"-\"c:" ."$CERTS_STATE_DATACAGE"; |
|
624 print PKG_FILE $root_file_without_ext; |
|
625 print PKG_FILE "$STATE_EXT\"\n"; |
|
626 } |
|
627 } |
|
628 } |
|
629 if ($deployment_destination eq $SIS) |
|
630 { |
|
631 print PKG_FILE "\"./tmp/update_certs\"-\"c:\\private\\102033E6\\security\\tmp\\update_certs\"\n"; |
|
632 } |
|
633 if ($deploy == 1) |
|
634 { |
|
635 print PKG_FILE "\"\\epoc32\\release\\armv5\\urel\\javasecuritycustomization.exe\"-\"c:\\sys\\bin\\javasecuritycustomization.exe\", FR, RB, RW\n"; |
|
636 } |
|
637 |
|
638 # copy all the certificates and coresponding metadatas to right locations |
|
639 @files = <tmp/certs/*>; |
|
640 foreach $file (@files) { |
|
641 if ($deployment_destination eq $ROM) |
|
642 { |
|
643 copy($file, $CERTS_BUILD_DIR_2); |
|
644 copy($file, $CERTS_BUILD_DIR_1); |
|
645 } |
|
646 } |
|
647 if ($deployment_destination eq $ROM) |
|
648 { |
|
649 if ($deploy == 1) |
|
650 { |
|
651 print IBY_FILE "\n\n#endif\n"; |
|
652 } |
|
653 close IBY_FILE; |
|
654 } |
|
655 else |
|
656 { |
|
657 close PKG_FILE; |
|
658 } |
|
659 |
|
660 if ($deploy == 1) |
|
661 { |
|
662 # generate the iby file and copy it to right location |
|
663 if ($deployment_destination eq $ROM) |
|
664 { |
|
665 move("tmp/$iby_file_name", "$IBY_DIR"); |
|
666 } |
|
667 else |
|
668 { |
|
669 system("makesis ./tmp/$pkg_file_name ./tmp/tmp.sis"); |
|
670 if (-f $signing_cert && -f $signing_key) |
|
671 { |
|
672 $ret = system("signsis ./tmp/tmp.sis $sis_file_name $signing_cert $signing_key"); |
|
673 if ($ret != 0) |
|
674 { |
|
675 $signed_sis = false; |
|
676 } |
|
677 else |
|
678 { |
|
679 $signed_sis = true; |
|
680 } |
|
681 unlink("./tmp/tmp.sis"); |
|
682 } |
|
683 else |
|
684 { |
|
685 move("./tmp/tmp.sis", "./$sis_file_name"); |
|
686 } |
|
687 unlink("./tmp/$pkg_file_name"); |
|
688 } |
|
689 system("rmdir tmp /s /q"); |
|
690 } |
|
691 } |
|
692 |
|
693 ############################################################## |
|
694 ## Adds a new policy ## |
|
695 ############################################################## |
|
696 sub add_policy() |
|
697 { |
|
698 $config_file = "./configdata.xml"; |
|
699 |
|
700 my $xml = new XML::Simple(suppressempty => ''); |
|
701 my $xmldata = $xml->XMLin($config_file); |
|
702 |
|
703 my $policy_name; |
|
704 my $utp_policy_path; |
|
705 my $ttp_policy_path; |
|
706 my $operator_policy_path; |
|
707 my $manufacturer_policy_path; |
|
708 |
|
709 # create tmp directory |
|
710 mkdir "tmp"; |
|
711 mkdir "tmp/policies/"; |
|
712 mkdir "tmp/policies/external/"; |
|
713 mkdir "tmp/policies/internal/"; |
|
714 |
|
715 # read the xml node |
|
716 $policy_name = $xmldata->{policy}->{name}; |
|
717 $s60_version = $xmldata->{s60_version}; |
|
718 $utp_policy_path = $xmldata->{policy}->{unidentifiedthirdparty}; |
|
719 $ttp_policy_path = $xmldata->{policy}->{identifiedthirdparty}; |
|
720 $operator_policy_path = $xmldata->{policy}->{operator}; |
|
721 $manufacturer_policy_path = $xmldata->{policy}->{manufacturer}; |
|
722 |
|
723 # validate the policy name |
|
724 $tmp_str = lc $policy_name; |
|
725 if (($policy_name eq "") || ($tmp_str eq "s60") || ($tmp_str eq "msa") || ($tmp_str eq "att")) |
|
726 { |
|
727 if ($policy_name eq "") |
|
728 { |
|
729 print "\nERROR: the name of the policy is mandatory. Please check the configuration file $config_file\n"; |
|
730 } |
|
731 else |
|
732 { |
|
733 print "\nERROR: the names \"s60\", \"msa\" and \"att\" are reserved therefore the new policy can not use any of these names. Please check the configuration file $config_file\n"; |
|
734 } |
|
735 close IBY_FILE; |
|
736 system("rmdir tmp /s /q"); |
|
737 exit; |
|
738 } |
|
739 |
|
740 # validate the policy files |
|
741 if (! -f $utp_policy_path || ! -f $ttp_policy_path || ! -f $operator_policy_path || ! -f $manufacturer_policy_path) |
|
742 { |
|
743 print "\nERROR: the new policy must contain specifications for all the four protection domains. Please check the configuration file $config_file\n"; |
|
744 system("rmdir tmp /s /q"); |
|
745 exit; |
|
746 } |
|
747 |
|
748 # prepare the data for the securitypolicyeditor tool |
|
749 copy($utp_policy_path, "tmp/policies/external/" . "$policy_name" . "_untrusted.txt") or die "File $utp_policy_path cannot be copied to tmp/policies/external/"; |
|
750 copy($ttp_policy_path, "tmp/policies/external/" . "$policy_name" . "_trustedthirdparty.txt") or die "File $ttp_policy_path cannot be copied to tmp/policies/external/"; |
|
751 copy($operator_policy_path, "tmp/policies/external/" . "$policy_name" . "_operator.txt") or die "File $operator_policy_path cannot be copied to tmp/policies/external/"; |
|
752 copy($manufacturer_policy_path, "tmp/policies/external/" . "$policy_name" . "_manufacturer.txt") or die "File $manufacturer_policy_path cannot be copied tmp/policies/external/"; |
|
753 |
|
754 # delegate the securitypolicytool to generate the internal policies |
|
755 $ret = system("java -cp ./policyeditor/bin/securitypolicyeditor.jar;./policyeditor/lib/engine.jar com.nokia.mj.tools.security.midp.PolicyEditor tmp/policies/external/ tmp/policies/internal/"); |
|
756 if ($ret != 0) |
|
757 { |
|
758 system("rmdir tmp /s /q"); |
|
759 exit; |
|
760 } |
|
761 |
|
762 if ($deployment_destination eq $SIS) |
|
763 { |
|
764 open (POLICY_FILE, "+>tmp/policies/new_policy.txt") or die "Cannot create tmp file (tmp/policies/new_policy.txt)\n"; |
|
765 print POLICY_FILE "$policy_name"; |
|
766 close POLICY_FILE; |
|
767 $policies_dest = "c:" ."$POLICIES_DATACAGE_SRC"; |
|
768 if ($s60_version eq "5.0") |
|
769 { |
|
770 $policies_dest = "c:" ."$POLICIES_DATACAGE_SRC_5_0"; |
|
771 } |
|
772 |
|
773 if ($add_header == 1) |
|
774 { |
|
775 open (PKG_FILE, "+>tmp/$pkg_file_name") or die "Cannot create tmp file (tmp/$pkg_file_name)\n"; |
|
776 print PKG_FILE "&EN\n#{\"$pkg_name\"}" ."$package_type"; |
|
777 } |
|
778 else |
|
779 { |
|
780 open (PKG_FILE, ">>tmp/$pkg_file_name") or die "Cannot open tmp file (tmp/$pkg_file_name)\n"; |
|
781 } |
|
782 print PKG_FILE "\"./tmp/policies/internal/" . "$policy_name" . "_untrusted.ser\"-\"$policies_dest" . "$policy_name" . "_untrusted.ser\"\n"; |
|
783 print PKG_FILE "\"./tmp/policies/internal/" . "$policy_name" . "_trustedthirdparty.ser\"-\"$policies_dest" . "$policy_name" . "_trustedthirdparty.ser\"\n"; |
|
784 print PKG_FILE "\"./tmp/policies/internal/" . "$policy_name" . "_operator.ser\"-\"$policies_dest" . "$policy_name" . "_operator.ser\"\n"; |
|
785 print PKG_FILE "\"./tmp/policies/internal/" . "$policy_name" . "_manufacturer.ser\"-\"$policies_dest" . "$policy_name" . "_manufacturer.ser\"\n"; |
|
786 print PKG_FILE "\"./tmp/policies/new_policy.txt\"-\"c:\\private\\102033E6\\security\\tmp\\new_policy.txt\"\n"; |
|
787 print PKG_FILE "\"\\epoc32\\release\\armv5\\urel\\javasecuritycustomization.exe\"-\"c:\\sys\\bin\\javasecuritycustomization.exe\", FR, RB, RW\n"; |
|
788 close PKG_FILE; |
|
789 } |
|
790 else |
|
791 { |
|
792 if ($add_header == 1) |
|
793 { |
|
794 open (IBY_FILE, "+>tmp/$iby_file_name") or die "Cannot create tmp file (tmp/$iby_file_name)\n"; |
|
795 print IBY_FILE "#ifndef __" ."$iby_name" ."__\n#define __" . "$iby_name" ."__\n\n#include <data_caging_paths_for_iby.hrh>\n\n"; |
|
796 } |
|
797 else |
|
798 { |
|
799 open (IBY_FILE, ">>tmp/$iby_file_name") or die "Cannot open tmp file (tmp/$iby_file_name)\n"; |
|
800 } |
|
801 print IBY_FILE "data=ABI_DIR\\BUILD_DIR\\z" ."$POLICIES_DATACAGE_SRC" . "$policy_name" . "_untrusted.ser " ."$POLICIES_DATACAGE_DEST" . "$policy_name" . "_untrusted.ser\n"; |
|
802 print IBY_FILE "data=ABI_DIR\\BUILD_DIR\\z" ."$POLICIES_DATACAGE_SRC" . "$policy_name" . "_trustedthirdparty.ser ". "$POLICIES_DATACAGE_DEST" . "$policy_name" . "_trustedthirdparty.ser\n"; |
|
803 print IBY_FILE "data=ABI_DIR\\BUILD_DIR\\z" ."$POLICIES_DATACAGE_SRC" . "$policy_name" . "_operator.ser " ."$POLICIES_DATACAGE_DEST" . "$policy_name" . "_operator.ser\n"; |
|
804 print IBY_FILE "data=ABI_DIR\\BUILD_DIR\\z" ."$POLICIES_DATACAGE_SRC" . "$policy_name" . "_manufacturer.ser " ."$POLICIES_DATACAGE_DEST" . "$policy_name" . "_manufacturer.ser\n"; |
|
805 print IBY_FILE "\n\n#endif\n"; |
|
806 close IBY_FILE; |
|
807 } |
|
808 |
|
809 # deploy the policy |
|
810 if ($deploy == 1) |
|
811 { |
|
812 if ($deployment_destination eq $SIS) |
|
813 { |
|
814 system("makesis ./tmp/$pkg_file_name ./tmp/tmp.sis"); |
|
815 if (-f $signing_cert && -f $signing_key) |
|
816 { |
|
817 $ret = system("signsis ./tmp/tmp.sis $sis_file_name $signing_cert $signing_key"); |
|
818 if ($ret != 0) |
|
819 { |
|
820 $signed_sis = false; |
|
821 } |
|
822 else |
|
823 { |
|
824 $signed_sis = true; |
|
825 } |
|
826 } |
|
827 else |
|
828 { |
|
829 move("./tmp/tmp.sis", "./$sis_file_name"); |
|
830 } |
|
831 } |
|
832 else |
|
833 { |
|
834 move("tmp/$iby_file_name", "$IBY_DIR"); |
|
835 # copy all the policies to right locations |
|
836 @files = <tmp/policies/internal/*>; |
|
837 foreach $file (@files) { |
|
838 copy($file, $POLICIES_BUILD_DIR_2); |
|
839 copy($file, $POLICIES_BUILD_DIR_1); |
|
840 } |
|
841 # update the S60 configuration tool conf data |
|
842 my $xs = new XML::Simple(rootname => 'configuration', searchpath => ".", suppressempty => '', forcearray => 1); |
|
843 my $input_confml = $xs->XMLin("$CONFML_DATA_DIR" ."javasecurity.confml"); |
|
844 $input_confml->{feature}->{'Java Security Configuration'}->{setting}->{Policy}->{option}->{"" . "$policy_name"} = {value => "" . "$policy_name"}; |
|
845 my $output_confml = $xs->XMLout($input_confml); |
|
846 open (OUTPUT_CONFML_FILE, "+>tmp/javasecurity.confml") or die "Cannot create tmp file (tmp/javasecurity.confml)\n"; |
|
847 print OUTPUT_CONFML_FILE "$output_confml"; |
|
848 close OUTPUT_CONFML_FILE; |
|
849 move("tmp/javasecurity.confml", "$CONFML_DATA_DIR") or die "Can not move tmp/javasecurity.confml to $CONFML_DATA_DIR"; |
|
850 } |
|
851 |
|
852 # remove tmp directory |
|
853 system("rmdir tmp /s /q"); |
|
854 } |
|
855 } |
|
856 |
|
857 ############################################################## |
|
858 ## Selects a certain policy ## |
|
859 ############################################################## |
|
860 sub set_policy() |
|
861 { |
|
862 $config_file = "./configdata.xml"; |
|
863 |
|
864 my $xml = new XML::Simple(suppressempty => ''); |
|
865 my $xmldata = $xml->XMLin($config_file); |
|
866 |
|
867 my $policy_name; |
|
868 |
|
869 # create tmp directory |
|
870 mkdir "tmp"; |
|
871 |
|
872 # read the xml node |
|
873 $policy_name = $xmldata->{policy}->{name}; |
|
874 |
|
875 # validate the policy name |
|
876 $tmp_str = lc $policy_name; |
|
877 if (($tmp_str ne "s60") && ($tmp_str ne "msa") && ($tmp_str ne "att")) |
|
878 { |
|
879 print "\nERROR: the name of the policy is mandatory and it can be either \"s60\", \"msa\" or \"att\". Please check the configuration file $config_file\n"; |
|
880 system("rmdir tmp /s /q"); |
|
881 exit; |
|
882 } |
|
883 |
|
884 open (POLICY_FILE, "+>tmp/new_policy.txt") or die "Cannot create tmp file (tmp/new_policy.txt)\n"; |
|
885 print POLICY_FILE "$policy_name"; |
|
886 close POLICY_FILE; |
|
887 open (PKG_FILE, "+>tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME)\n"; |
|
888 print PKG_FILE "&EN\n#{\"JavaSecurityPolicySelector\"}" ."$package_type"; |
|
889 print PKG_FILE "\".\\tmp\\new_policy.txt\"-\"c:\\private\\102033E6\\security\\tmp\\new_policy.txt\"\n"; |
|
890 print PKG_FILE "\"\\epoc32\\release\\armv5\\urel\\javasecuritycustomization.exe\"-\"c:\\sys\\bin\\javasecuritycustomization.exe\", FR, RB, RW\n"; |
|
891 close PKG_FILE; |
|
892 system("makesis ./tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME ./tmp/tmp.sis"); |
|
893 if (-f $signing_cert && -f $signing_key) |
|
894 { |
|
895 $ret = system("signsis ./tmp/tmp.sis $JAVA_CUSTOM_SECURITY_SIS_FILENAME $signing_cert $signing_key"); |
|
896 if ($ret != 0) |
|
897 { |
|
898 $signed_sis = false; |
|
899 } |
|
900 else |
|
901 { |
|
902 $signed_sis = true; |
|
903 } |
|
904 } |
|
905 else |
|
906 { |
|
907 move("./tmp/tmp.sis", "./$JAVA_CUSTOM_SECURITY_SIS_FILENAME"); |
|
908 } |
|
909 |
|
910 # remove tmp directory |
|
911 system("rmdir tmp /s /q"); |
|
912 } |
|
913 |
|
914 ############################################################## |
|
915 ## Selects the security warnings mode ## |
|
916 ############################################################## |
|
917 sub set_warnings_mode() |
|
918 { |
|
919 $config_file = "./configdata.xml"; |
|
920 |
|
921 my $xml = new XML::Simple(suppressempty => ''); |
|
922 my $xmldata = $xml->XMLin($config_file); |
|
923 |
|
924 my $policy_name; |
|
925 |
|
926 # create tmp directory |
|
927 mkdir "tmp"; |
|
928 |
|
929 # read the xml node |
|
930 $warnings_mode = $xmldata->{warningsmode}; |
|
931 |
|
932 # validate the policy name |
|
933 if (($warnings_mode ne "user") && ($warnings_mode ne "default")) |
|
934 { |
|
935 print "\nERROR: the warnings mode is mandatory and it can be either \"user\" or \"default\". Please check the configuration file $config_file\n"; |
|
936 system("rmdir tmp /s /q"); |
|
937 exit; |
|
938 } |
|
939 |
|
940 open (WARNINGS_MODE_FILE, "+>tmp/new_warnings_mode.txt") or die "Cannot create tmp file (tmp/new_warnings_mode.txt)\n"; |
|
941 if ($warnings_mode eq "user") |
|
942 { |
|
943 print WARNINGS_MODE_FILE "1"; |
|
944 } |
|
945 else |
|
946 { |
|
947 print WARNINGS_MODE_FILE "2"; |
|
948 } |
|
949 close WARNINGS_MODE_FILE; |
|
950 open (PKG_FILE, "+>tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME)\n"; |
|
951 print PKG_FILE "&EN\n#{\"JavaSecurityWarningsModeSelector\"}" ."$package_type"; |
|
952 print PKG_FILE "\".\\tmp\\new_warnings_mode.txt\"-\"c:\\private\\102033E6\\security\\tmp\\new_warnings_mode.txt\"\n"; |
|
953 print PKG_FILE "\"\\epoc32\\release\\armv5\\urel\\javasecuritycustomization.exe\"-\"c:\\sys\\bin\\javasecuritycustomization.exe\", FR, RB, RW\n"; |
|
954 close PKG_FILE; |
|
955 system("makesis ./tmp/$JAVA_CUSTOM_SECURITY_PKG_FILENAME ./tmp/tmp.sis"); |
|
956 if (-f $signing_cert && -f $signing_key) |
|
957 { |
|
958 $ret = system("signsis ./tmp/tmp.sis $JAVA_CUSTOM_SECURITY_SIS_FILENAME $signing_cert $signing_key"); |
|
959 if ($ret != 0) |
|
960 { |
|
961 $signed_sis = false; |
|
962 } |
|
963 else |
|
964 { |
|
965 $signed_sis = true; |
|
966 } |
|
967 } |
|
968 else |
|
969 { |
|
970 move("./tmp/tmp.sis", "./$JAVA_CUSTOM_SECURITY_SIS_FILENAME"); |
|
971 } |
|
972 |
|
973 # remove tmp directory |
|
974 system("rmdir tmp /s /q"); |
|
975 } |
|
976 |
|
977 ############################################################## |
|
978 ## Lists all the policies ## |
|
979 ############################################################## |
|
980 sub list_policies() |
|
981 { |
|
982 @files = <$POLICIES_BUILD_DIR_1*_*.ser>; |
|
983 @policies; |
|
984 foreach $file (@files) { |
|
985 $start_index = rindex($file, "/"); |
|
986 $end_index = rindex($file, "_"); |
|
987 $file_without_ext = substr($file, $start_index + 1, $end_index - $start_index - 1); |
|
988 if (! grep {$_ eq $file_without_ext} @policies) { |
|
989 push(@policies, $file_without_ext); |
|
990 } |
|
991 } |
|
992 @files = <$POLICIES_BUILD_DIR_2*_*.ser>; |
|
993 foreach $file (@files) { |
|
994 $start_index = rindex($file, "/"); |
|
995 $end_index = rindex($file, "_"); |
|
996 $file_without_ext = substr($file, $start_index + 1, $end_index - $start_index - 1); |
|
997 if (! grep {$_ eq $file_without_ext} @policies) { |
|
998 push(@policies, $file_without_ext); |
|
999 } |
|
1000 } |
|
1001 # display only the policies which are found inside java.iby or javatest.iby |
|
1002 open (JAVA_IBY, "$IBY_DIR$JAVA_IBY_FILENAME"); |
|
1003 my @java_iby_lines = <JAVA_IBY>; |
|
1004 close(JAVA_IBY); |
|
1005 my @java_test_iby_lines; |
|
1006 if (-f "$IBY_TEST_DIR$JAVA_TEST_IBY_FILENAME") |
|
1007 { |
|
1008 open (JAVA_TEST_IBY, "$IBY_TEST_DIR$JAVA_TEST_IBY_FILENAME"); |
|
1009 @java_test_iby_lines = <JAVA_TEST_IBY>; |
|
1010 close(JAVA_TEST_IBY); |
|
1011 } |
|
1012 my @java_variant_policy_iby_lines; |
|
1013 if (-f "$IBY_DIR$JAVA_VARIANT_POLICY_IBY_FILENAME") |
|
1014 { |
|
1015 open (JAVA_VARIANT_POLICY_IBY, "$IBY_DIR$JAVA_VARIANT_POLICY_IBY_FILENAME"); |
|
1016 @java_variant_policy_iby_lines = <JAVA_VARIANT_POLICY_IBY>; |
|
1017 close(JAVA_VARIANT_POLICY_IBY); |
|
1018 } |
|
1019 my @java_variant_certs_policies_iby_lines; |
|
1020 if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME") |
|
1021 { |
|
1022 open (JAVA_VARIANT_CERTS_POLICIES_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME"); |
|
1023 @java_variant_certs_policies_iby_lines = <JAVA_VARIANT_CERTS_POLICIES_IBY>; |
|
1024 close(JAVA_VARIANT_CERTS_POLICIES_IBY); |
|
1025 } |
|
1026 my $found = 0; |
|
1027 foreach $policy (@policies) { |
|
1028 $found = 0; |
|
1029 foreach $java_iby_line (@java_iby_lines) { |
|
1030 if (rindex($java_iby_line, "$policy" . "_") >= 0) { |
|
1031 $found = 1; |
|
1032 last; |
|
1033 } |
|
1034 } |
|
1035 if ($found == 0) |
|
1036 { |
|
1037 foreach $java_variant_policy_iby_line (@java_variant_policy_iby_lines) { |
|
1038 if (rindex($java_variant_policy_iby_line, "$policy" . "_") >= 0) { |
|
1039 $found = 1; |
|
1040 last; |
|
1041 } |
|
1042 } |
|
1043 } |
|
1044 if ($found == 0) |
|
1045 { |
|
1046 foreach $java_variant_certs_policies_iby_line (@java_variant_certs_policies_iby_lines) { |
|
1047 if (rindex($java_variant_certs_policies_iby_line, "$policy" . "_") >= 0) { |
|
1048 $found = 1; |
|
1049 last; |
|
1050 } |
|
1051 } |
|
1052 } |
|
1053 #if ($found == 0) |
|
1054 #{ |
|
1055 #foreach $java_test_iby_line (@java_test_iby_lines) { |
|
1056 #if (rindex($java_test_iby_line, "$policy" . "_") >= 0) { |
|
1057 #$found = 1; |
|
1058 #last; |
|
1059 #} |
|
1060 #} |
|
1061 #} |
|
1062 if ($found == 1) |
|
1063 { |
|
1064 print "Policy:\n"; |
|
1065 print " Name: ", $policy , "\n"; |
|
1066 } |
|
1067 } |
|
1068 } |
|
1069 |
|
1070 ############################################################## |
|
1071 ## Removes a certain policy ## |
|
1072 ############################################################## |
|
1073 sub remove_policy() |
|
1074 { |
|
1075 $tmp_str = lc $policy_to_remove; |
|
1076 if (($tmp_str eq "s60") || ($tmp_str eq "msa") || ($tmp_str eq "att")) |
|
1077 { |
|
1078 print "\n\nERROR: 's60', 'msa' and 'att' are build in policies and can not be removed.\n"; |
|
1079 exit; |
|
1080 } |
|
1081 $policy_found = 0; |
|
1082 @files = <$POLICIES_BUILD_DIR_1*_*.ser>; |
|
1083 foreach $file (@files) { |
|
1084 $index = rindex($file, $policy_to_remove); |
|
1085 if ($index >= 0) |
|
1086 { |
|
1087 unlink("$file"); |
|
1088 $policy_found = 1; |
|
1089 } |
|
1090 } |
|
1091 @files = <$POLICIES_BUILD_DIR_2*_*.ser>; |
|
1092 foreach $file (@files) { |
|
1093 $index = rindex($file, $policy_to_remove); |
|
1094 if ($index >= 0) |
|
1095 { |
|
1096 $policy_found = 1; |
|
1097 unlink("$file"); |
|
1098 } |
|
1099 } |
|
1100 if ($policy_found == 0) |
|
1101 { |
|
1102 print "\n\nERROR: The policy $policy_to_remove was not found.\n"; |
|
1103 exit; |
|
1104 } |
|
1105 # modify java_variant_policy.iby |
|
1106 mkdir "tmp"; |
|
1107 if (-f "$IBY_DIR$JAVA_VARIANT_POLICY_IBY_FILENAME") |
|
1108 { |
|
1109 open (JAVA_IBY, "$IBY_DIR$JAVA_VARIANT_POLICY_IBY_FILENAME"); |
|
1110 open (JAVA_NEW_IBY, "+>tmp/$JAVA_VARIANT_POLICY_IBY_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_VARIANT_POLICY_IBY_FILENAME)\n"; |
|
1111 my @java_iby_lines = <JAVA_IBY>; |
|
1112 my $found = 0; |
|
1113 foreach $java_iby_line (@java_iby_lines) { |
|
1114 if (rindex($java_iby_line, $policy_to_remove) < 0 || rindex($java_iby_line, ".ser") < 0) |
|
1115 { |
|
1116 print JAVA_NEW_IBY $java_iby_line; |
|
1117 } |
|
1118 else |
|
1119 { |
|
1120 $found = 1; |
|
1121 } |
|
1122 } |
|
1123 close(JAVA_IBY); |
|
1124 close(JAVA_NEW_IBY); |
|
1125 move("tmp/$JAVA_VARIANT_POLICY_IBY_FILENAME", "$IBY_DIR"); |
|
1126 } |
|
1127 # same for the combined iby file |
|
1128 if (-f "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME") |
|
1129 { |
|
1130 open (JAVA_IBY, "$IBY_DIR$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME"); |
|
1131 open (JAVA_NEW_IBY, "+>tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME") or die "Cannot create tmp file (tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME)\n"; |
|
1132 my @java_iby_lines = <JAVA_IBY>; |
|
1133 my $found = 0; |
|
1134 foreach $java_iby_line (@java_iby_lines) { |
|
1135 if (rindex($java_iby_line, $policy_to_remove) < 0 || rindex($java_iby_line, ".ser") < 0) |
|
1136 { |
|
1137 print JAVA_NEW_IBY $java_iby_line; |
|
1138 } |
|
1139 else |
|
1140 { |
|
1141 $found = 1; |
|
1142 } |
|
1143 } |
|
1144 close(JAVA_IBY); |
|
1145 close(JAVA_NEW_IBY); |
|
1146 move("tmp/$JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME", "$IBY_DIR"); |
|
1147 } |
|
1148 |
|
1149 # update the S60 configuration tool conf data |
|
1150 my $xs = new XML::Simple(rootname => 'configuration', searchpath => ".", suppressempty => '', forcearray => 1); |
|
1151 my $input_confml = $xs->XMLin("$CONFML_DATA_DIR" ."javasecurity.confml"); |
|
1152 $input_confml->{data}->[0]->{KJavaSecurity}->[0]->{KPolicy}->[0] = 's60'; |
|
1153 delete $input_confml->{feature}->{'Java Security Configuration'}->{setting}->{Policy}->{option}->{"" . "$policy_to_remove"}; |
|
1154 my $output_confml = $xs->XMLout($input_confml); |
|
1155 open (OUTPUT_CONFML_FILE, "+>tmp/javasecurity.confml") or die "Cannot create tmp file (tmp/javasecurity.confml)\n"; |
|
1156 print OUTPUT_CONFML_FILE "$output_confml"; |
|
1157 close OUTPUT_CONFML_FILE; |
|
1158 move("tmp/javasecurity.confml", "$CONFML_DATA_DIR") or die "Can not move tmp/javasecurity.confml to $CONFML_DATA_DIR"; |
|
1159 |
|
1160 system("rmdir tmp /s /q"); |
|
1161 } |
|
1162 |
|
1163 sub init |
|
1164 { |
|
1165 $config_file = "./configdata.xml"; |
|
1166 |
|
1167 my $xml = new XML::Simple(suppressempty => ''); |
|
1168 my $xmldata = $xml->XMLin($config_file); |
|
1169 |
|
1170 $signing_cert = $xmldata->{signing}->{cert}; |
|
1171 $signing_key = $xmldata->{signing}->{key}; |
|
1172 |
|
1173 $package_type = $xmldata->{deploytype}; |
|
1174 if (($package_type ne "") && ($package_type ne "removable") && ($package_type ne "non-removable")) |
|
1175 { |
|
1176 print "\nERROR: when specified, the type of the deployment package can have one of the two values: 'removable' or 'non-removable'. Please check the configuration file $config_file\n"; |
|
1177 exit; |
|
1178 } |
|
1179 if (($package_type eq "") || ($package_type eq "non-removable")) |
|
1180 { |
|
1181 $package_type = $NON_REMOVABLE_PACKAGE_TYPE; |
|
1182 } |
|
1183 else |
|
1184 { |
|
1185 $package_type = $REMOVABLE_PACKAGE_TYPE; |
|
1186 } |
|
1187 } |
|
1188 |
|
1189 |
|
1190 ############################################################## |
|
1191 ## Main function ## |
|
1192 ############################################################## |
|
1193 sub main |
|
1194 { |
|
1195 # do initializations |
|
1196 init(); |
|
1197 |
|
1198 # parse arguments |
|
1199 $numArgs = $#ARGV + 1; |
|
1200 foreach $argnum (0 .. $#ARGV) |
|
1201 { |
|
1202 if ($ARGV[$argnum] eq "addcerts") |
|
1203 { |
|
1204 $deployment_destination = $ROM; |
|
1205 $deploy = 1; |
|
1206 $iby_file_name = $JAVA_VARIANT_CERTS_IBY_FILENAME; |
|
1207 $iby_name = "JAVA_VARIANT_CERTS_IBY"; |
|
1208 add_certs(); |
|
1209 print "\n\nAdding of certificates was succesfull.\n"; |
|
1210 exit; |
|
1211 } |
|
1212 if ($ARGV[$argnum] eq "listcerts") |
|
1213 { |
|
1214 list_certs(); |
|
1215 exit; |
|
1216 } |
|
1217 if ($ARGV[$argnum] eq "removecert") |
|
1218 { |
|
1219 if ($ARGV[$argnum + 1] eq "") |
|
1220 { |
|
1221 next; |
|
1222 } |
|
1223 $cert_to_remove = $ARGV[$argnum + 1]; |
|
1224 remove_cert(); |
|
1225 print "\n\nThe certificate $cert_to_remove was succesfully removed.\n"; |
|
1226 exit; |
|
1227 } |
|
1228 if ($ARGV[$argnum] eq "deploycerts") |
|
1229 { |
|
1230 $deployment_destination = $SIS; |
|
1231 $deploy = 1; |
|
1232 $pkg_file_name = $JAVA_VARIANT_CERTS_PKG_FILENAME; |
|
1233 $pkg_name = "JavaCustomCertificates"; |
|
1234 $sis_file_name = $JAVA_VARIANT_CERTS_SIS_FILENAME; |
|
1235 add_certs(); |
|
1236 if ($signed_sis eq "true") |
|
1237 { |
|
1238 print "\n\nThe deployment package '$JAVA_VARIANT_CERTS_SIS_FILENAME' was succesfully created and it can be installed into a device which has the signing certificate '$signing_cert' in place.\n"; |
|
1239 } |
|
1240 else |
|
1241 { |
|
1242 print "\n\nThe deployment package '$JAVA_VARIANT_CERTS_SIS_FILENAME' was succesfully created. In order to be succesfully deployed into a device the deployment package needs to be signed by Nokia.\n"; |
|
1243 } |
|
1244 exit; |
|
1245 } |
|
1246 if ($ARGV[$argnum] eq "listpolicies") |
|
1247 { |
|
1248 list_policies(); |
|
1249 exit; |
|
1250 } |
|
1251 if ($ARGV[$argnum] eq "addpolicy") |
|
1252 { |
|
1253 $deployment_destination = $ROM; |
|
1254 $add_header = 1; |
|
1255 $deploy = 1; |
|
1256 $iby_file_name = $JAVA_VARIANT_POLICY_IBY_FILENAME; |
|
1257 $iby_name = "JAVA_VARIANT_POLICY_IBY"; |
|
1258 add_policy(); |
|
1259 print "\n\nAdding of the new policy was succesfull.\n"; |
|
1260 exit; |
|
1261 } |
|
1262 if ($ARGV[$argnum] eq "removepolicy") |
|
1263 { |
|
1264 if ($ARGV[$argnum + 1] eq "") |
|
1265 { |
|
1266 next; |
|
1267 } |
|
1268 $policy_to_remove = $ARGV[$argnum + 1]; |
|
1269 remove_policy(); |
|
1270 print "\n\nThe policy $policy_to_remove was succesfully removed.\n"; |
|
1271 exit; |
|
1272 } |
|
1273 if ($ARGV[$argnum] eq "deploypolicy") |
|
1274 { |
|
1275 $deployment_destination = $SIS; |
|
1276 $deploy = 1; |
|
1277 $add_header = 1; |
|
1278 $pkg_file_name = $JAVA_VARIANT_POLICY_PKG_FILENAME; |
|
1279 $pkg_name = "JavaCustomSecurityPolicy"; |
|
1280 $sis_file_name = $JAVA_VARIANT_POLICY_SIS_FILENAME; |
|
1281 add_policy(); |
|
1282 if ($signed_sis eq "true") |
|
1283 { |
|
1284 print "\n\nThe deployment package '$JAVA_VARIANT_POLICY_SIS_FILENAME' was succesfully created and it can be installed into a device which has the signing certificate '$signing_cert' in place.\n"; |
|
1285 } |
|
1286 else |
|
1287 { |
|
1288 print "\n\nThe deployment package '$JAVA_VARIANT_POLICY_SIS_FILENAME' was succesfully created. In order to be succesfully deployed into a device the deployment package needs to be signed by Nokia.\n"; |
|
1289 } |
|
1290 exit; |
|
1291 } |
|
1292 if ($ARGV[$argnum] eq "deployall") |
|
1293 { |
|
1294 $deployment_destination = $SIS; |
|
1295 $deploy = 0; |
|
1296 $pkg_file_name = $JAVA_VARIANT_CERTS_AND_POLICIES_PKG_FILENAME; |
|
1297 $pkg_name = "JavaCustomSecurityCertsAndPolicy"; |
|
1298 $sis_file_name = $JAVA_VARIANT_CERTS_AND_POLICIES_SIS_FILENAME; |
|
1299 add_certs(); |
|
1300 $add_header = 0; |
|
1301 $deploy = 1; |
|
1302 add_policy(); |
|
1303 if ($signed_sis eq "true") |
|
1304 { |
|
1305 print "\n\nThe deployment package '$JAVA_VARIANT_CERTS_AND_POLICIES_SIS_FILENAME' was succesfully created and it can be installed into a device which has the signing certificate '$signing_cert' in place.\n"; |
|
1306 } |
|
1307 else |
|
1308 { |
|
1309 print "\n\nThe deployment package '$JAVA_VARIANT_CERTS_AND_POLICIES_SIS_FILENAME' was succesfully created. In order to be succesfully deployed into a device the deployment package needs to be signed by Nokia.\n"; |
|
1310 } |
|
1311 exit; |
|
1312 } |
|
1313 if ($ARGV[$argnum] eq "addall") |
|
1314 { |
|
1315 $deployment_destination = $ROM; |
|
1316 $deploy = 0; |
|
1317 $iby_file_name = $JAVA_VARIANT_CERTS_AND_POLICIES_IBY_FILENAME; |
|
1318 $iby_name = "JAVA_VARIANT_CERTS_POLICIES_IBY"; |
|
1319 add_certs(); |
|
1320 $add_header = 0; |
|
1321 $deploy = 1; |
|
1322 add_policy(); |
|
1323 print "\n\nAdding of the new certificates and policy was succesfull.\n"; |
|
1324 exit; |
|
1325 } |
|
1326 if ($ARGV[$argnum] eq "setpolicy") |
|
1327 { |
|
1328 set_policy(); |
|
1329 if ($signed_sis eq "true") |
|
1330 { |
|
1331 print "\n\nThe deployment package '$JAVA_CUSTOM_SECURITY_SIS_FILENAME' was succesfully created and it can be installed into a device which has the signing certificate '$signing_cert' in place.\n"; |
|
1332 } |
|
1333 else |
|
1334 { |
|
1335 print "\n\nThe deployment package '$JAVA_CUSTOM_SECURITY_SIS_FILENAME' was succesfully created. In order to be succesfully deployed into a device the deployment package needs to be signed by Nokia.\n"; |
|
1336 } |
|
1337 exit; |
|
1338 } |
|
1339 if ($ARGV[$argnum] eq "setwarningsmode") |
|
1340 { |
|
1341 set_warnings_mode(); |
|
1342 if ($signed_sis eq "true") |
|
1343 { |
|
1344 print "\n\nThe deployment package '$JAVA_CUSTOM_SECURITY_SIS_FILENAME' was succesfully created and it can be installed into a device which has the signing certificate '$signing_cert' in place.\n"; |
|
1345 } |
|
1346 else |
|
1347 { |
|
1348 print "\n\nThe deployment package '$JAVA_CUSTOM_SECURITY_SIS_FILENAME' was succesfully created. In order to be succesfully deployed into a device the deployment package needs to be signed by Nokia.\n"; |
|
1349 } |
|
1350 exit; |
|
1351 } |
|
1352 } |
|
1353 usage(); |
|
1354 } |
|
1355 |
|
1356 &main(); |