Bugzilla bug 70758: additional changes for this bug. r=nicolson.
authorwtc%netscape.com
Fri, 06 Jul 2001 13:28:21 +0000
changeset 1718 f24adff07c5fb39618afe52a1510a8624f923469
parent 1717 4c496a06dce6836f5bad76f4ad6592a258d0a7d2
child 1719 a8b6b0b991c58e784f6266e1ed265a0c71b7dc64
push idunknown
push userunknown
push dateunknown
reviewersnicolson
bugs70758
Bugzilla bug 70758: additional changes for this bug. r=nicolson. Modified files: list.c sign.c verify.c
security/nss/cmd/signtool/list.c
security/nss/cmd/signtool/sign.c
security/nss/cmd/signtool/verify.c
--- a/security/nss/cmd/signtool/list.c
+++ b/security/nss/cmd/signtool/list.c
@@ -41,16 +41,17 @@ static SECStatus cert_trav_callback(CERT
 
 /*********************************************************************
  *
  * L i s t C e r t s
  */
 int
 ListCerts(char *key, int list_certs)
 {
+	int failed = 0;
 	SECStatus rv;
 	char *ugly_list;
 	CERTCertDBHandle *db;
 
 	CERTCertificate *cert;
 	CERTVerifyLog errlog;
 
 	errlog.arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
@@ -80,34 +81,40 @@ ListCerts(char *key, int list_certs)
 	}
 
 	num_trav_certs = 0;
 
 	/* Traverse non-internal DBs */
 	rv = PK11_TraverseSlotCerts(cert_trav_callback, (void*)&list_certs,
 		NULL /*wincx*/);
 
+	if (rv) {
+		PR_fprintf(outputFD, "**Traverse of non-internal DBs failed**\n");
+		return -1;
+	}
+
 	/* Traverse Internal DB */
 	rv = SEC_TraversePermCerts(db, cert_trav_callback, (void*)&list_certs);
 
+	if (rv) {
+		PR_fprintf(outputFD, "**Traverse of internal DB failed**\n");
+		return -1;
+	}
+
 	if (num_trav_certs == 0) {
 		PR_fprintf(outputFD,
 			"You don't appear to have any object signing certificates.\n");
 	}
 
 	if (list_certs == 2) {
 		PR_fprintf(outputFD, "- ------------\n");
 	} else {
 		PR_fprintf(outputFD, "---------------------------------------\n");
 	}
 
-	if (rv) {
-		return -1;
-	}
-
 	if (list_certs == 1) {
 		PR_fprintf(outputFD,
 			"For a list including CA's, use \"%s -L\"\n", PROGRAM_NAME);
 	}
 
 	if(list_certs == 2) {
 		PR_fprintf(outputFD,
 			"Certificates that can be used to sign objects have *'s to "
@@ -136,41 +143,43 @@ ListCerts(char *key, int list_certs)
 			} else {
 				PR_fprintf(outputFD, "This certificate is not expired.\n");
 			}
 
 			rv = CERT_VerifyCert (db, cert, PR_TRUE,
 			certUsageObjectSigner, PR_Now(), NULL, &errlog);
 
 			if (rv != SECSuccess) {
+				failed = 1;
 				if(errlog.count > 0) {
 					PR_fprintf(outputFD,
 						"**Certificate validation failed for the "
 					 "following reason(s):**\n");
 				} else {
 					PR_fprintf(outputFD, "**Certificate validation failed**");
 				}
 			} else {
 				PR_fprintf(outputFD, "This certificate is valid.\n");
 			}
 			displayVerifyLog(&errlog);
 
 
 		} else {
+			failed = 1;
 			PR_fprintf(outputFD,
 				"The certificate with nickname \"%s\" was NOT FOUND\n",
 			 key);
 		}
     }
 
 	if(errlog.arena != NULL) {
 		PORT_FreeArena(errlog.arena, PR_FALSE);
 	}
 
-	if (rv != SECSuccess) {
+	if (failed) {
 		return -1;
 	}
 	return 0;
 }
 
 /********************************************************************
  *
  * c e r t _ t r a v _ c a l l b a c k
--- a/security/nss/cmd/signtool/sign.c
+++ b/security/nss/cmd/signtool/sign.c
@@ -163,16 +163,18 @@ sign_all_arc_fn(char *relpath, char *bas
 	SignArcInfo *infop = (SignArcInfo*)arg;
 
 	/* Make sure there is one and only one ".arc" in the relative path, 
 	 * and that it is at the end of the path (don't sign .arcs within .arcs) */
 	if ( (PL_strcaserstr(relpath, ".arc") == relpath + strlen(relpath) - 4) &&
 		 (PL_strcasestr(relpath, ".arc") == relpath + strlen(relpath) - 4) ) {
 
 		if(!infop) {
+			PR_fprintf(errorFD, "%s: Internal failure\n", PROGRAM_NAME);
+			errorCount++;
 			retval = -1;
 			goto finish;
 		}
 		archive = PR_smprintf("%s/%s", basedir, relpath);
 
 		zipfile = PL_strdup(archive);
 		arc = PORT_Strrchr (zipfile, '.');
 
--- a/security/nss/cmd/signtool/verify.c
+++ b/security/nss/cmd/signtool/verify.c
@@ -69,16 +69,17 @@ VerifyJar(char *filename)
 
   JAR_set_callback (JAR_CB_SIGNAL, jar, jar_cb);
 
 
   status = JAR_pass_archive (jar, jarArchGuess, filename, "some-url");
 
   if (status < 0 || jar->valid < 0)
     {
+    failed = 1;
     PR_fprintf(outputFD, "\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename);
     if (status < 0)
       {
       char *errtext;
 
       if (status >= JAR_BASE && status <= JAR_BASE_END)
         {
         errtext = JAR_get_error (status);
@@ -88,17 +89,17 @@ VerifyJar(char *filename)
         errtext = SECU_ErrorString ((int16) PORT_GetError());
         }
 
       PR_fprintf(outputFD, "  (reported reason: %s)\n\n", errtext);
  
       /* corrupt files should not have their contents listed */ 
 
       if (status == JAR_ERR_CORRUPT)
-        return status;
+        return -1;
       }
     PR_fprintf(outputFD,
 		"entries shown below will have their digests checked only.\n"); 
     jar->valid = 0;
     }
   else
     PR_fprintf(outputFD,
 		"archive \"%s\" has passed crypto verification.\n", filename);
@@ -135,27 +136,26 @@ VerifyJar(char *filename)
         PR_fprintf(outputFD, "      (reason: %s)\n", JAR_get_error (ret));
       }
     }
 
   JAR_find_end (ctx);
 
   if (status < 0 || jar->valid < 0)
     {
+    failed = 1;
     PR_fprintf(outputFD,
 		"\nNOTE -- \"%s\" archive DID NOT PASS crypto verification.\n", filename);
     give_help (status);
     }
 
   JAR_destroy (jar);
 
-  if (status < 0)
-    return status;
-  if (jar->valid < 0 || failed)
-    return ERRX;
+  if (failed)
+    return -1;
   return 0;
 }
 
 /***************************************************************************
  *
  * v e r i f y _ g l o b a l
  */
 static int
@@ -350,17 +350,20 @@ JarWho(char *filename)
       if (cert->nickname) 
         PR_fprintf(outputFD, "nickname: %s\n", cert->nickname);
       if (cert->subjectName)
         PR_fprintf(outputFD, "subject name: %s\n", cert->subjectName);
       if (cert->issuerName)
         PR_fprintf(outputFD, "issuer name: %s\n", cert->issuerName);
       }
     else
+      {
       PR_fprintf(outputFD, "no certificate could be found\n");
+      retval = -1;
+      }
 
     prev = cert;
     }
 
   JAR_find_end (ctx);
 
   JAR_destroy (jar);
   return retval;