Changeset 84145 in vbox for trunk/src/VBox/Frontends
- Timestamp:
- May 5, 2020 11:28:24 AM (5 years ago)
- svn:sync-xref-src-repo-rev:
- 137741
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Frontends/VBoxManage/VBoxManageAppliance.cpp
r84047 r84145 1790 1790 RTEXITCODE handleSignAppliance(HandlerArg *arg) 1791 1791 { 1792 HRESULT hrc = S_OK; 1793 1792 /* 1793 * Parse arguments. 1794 */ 1794 1795 static const RTGETOPTDEF s_aOptions[] = 1795 1796 { 1796 { "--private-key-form", 'k', RTGETOPT_REQ_STRING }, 1797 { "--certificate", 'c', RTGETOPT_REQ_STRING }, 1798 { "--private-key", 'k', RTGETOPT_REQ_STRING }, 1797 1799 { "--private-key-password", 'p', RTGETOPT_REQ_STRING }, 1798 { "--private-key-password-file",'f', RTGETOPT_REQ_STRING }, 1799 { "--cert-file", 'c', RTGETOPT_REQ_STRING }, 1800 { "--private-key-password-file",'P', RTGETOPT_REQ_STRING }, 1801 { "--pkcs7", '7', RTGETOPT_REQ_NOTHING }, 1802 { "--no-pkcs7", 'n', RTGETOPT_REQ_NOTHING }, 1800 1803 { "--intermediate-cert-file", 'i', RTGETOPT_REQ_STRING }, 1801 { "--out-cert", 'o', RTGETOPT_REQ_NOTHING }, 1802 { "--pkcs7", 's', RTGETOPT_REQ_NOTHING }, 1803 { "--no-pkcs7", 'S', RTGETOPT_REQ_NOTHING }, 1804 { "--force", 'F', RTGETOPT_REQ_NOTHING }, 1805 { "--dry-run", 'd', RTGETOPT_REQ_NOTHING }, 1806 { "help", 1001, RTGETOPT_REQ_NOTHING }, 1807 { "--help", 1002, RTGETOPT_REQ_NOTHING } 1804 { "--force", 'f', RTGETOPT_REQ_NOTHING }, 1805 { "--out-cert", 'O', RTGETOPT_REQ_NOTHING }, 1806 { "--dry-run", 'D', RTGETOPT_REQ_NOTHING }, 1808 1807 }; 1809 1808 1810 1809 RTGETOPTSTATE GetState; 1811 RTGETOPTUNION ValueUnion;1812 1813 1810 int rc = RTGetOptInit(&GetState, arg->argc, arg->argv, s_aOptions, RT_ELEMENTS(s_aOptions), 0, 0); 1814 1811 AssertRCReturn(rc, RTEXITCODE_FAILURE); 1815 if (arg->argc == 1) 1816 { 1817 RTPrintf("Empty command parameter list, show help.\n"); 1818 printHelp(g_pStdOut); 1819 return RTEXITCODE_SUCCESS; 1820 } 1821 1822 Utf8Str strOvfFilename; 1823 Utf8Str strPrivateKeyForm; 1824 Utf8Str strPrivateKeyPassword; 1825 Utf8Str strPrivateKeyPasswordFile; 1826 Utf8Str strX509CertificateFile; 1827 Utf8Str strInterimCertificateFile; 1828 bool fOutCert = false; // the default 1829 bool fPKCS7 = false; // the default 1830 bool fResign = false; // the default 1831 bool fDry = false; // the default 1832 com::SafeArray<BSTR> parameters; 1812 1813 const char *pszOva = NULL; 1814 const char *pszCertificate = NULL; 1815 const char *pszPrivateKey = NULL; 1816 Utf8Str strPrivateKeyPassword; 1817 bool fPkcs7 = false; 1818 unsigned cIntermediateCerts = 0; 1819 const char *apszIntermediateCerts[32]; 1820 bool fReSign = false; 1821 1822 bool fOutCert = false; 1823 bool fDryRun = false; 1833 1824 1834 1825 int c; 1826 RTGETOPTUNION ValueUnion; 1835 1827 while ((c = RTGetOpt(&GetState, &ValueUnion)) != 0) 1836 1828 { 1837 1829 switch (c) 1838 1830 { 1831 case 'c': 1832 pszCertificate = ValueUnion.psz; 1833 break; 1834 1839 1835 case 'k': 1840 strPrivateKeyForm=ValueUnion.psz;1836 pszPrivateKey = ValueUnion.psz; 1841 1837 break; 1842 1838 1843 1839 case 'p': 1844 strPrivateKeyPassword=ValueUnion.psz; 1840 if (strPrivateKeyPassword.isNotEmpty()) 1841 RTMsgWarning("Password is given more than once."); 1842 strPrivateKeyPassword = ValueUnion.psz; 1843 break; 1844 1845 case 'P': 1846 { 1847 if (strPrivateKeyPassword.isNotEmpty()) 1848 RTMsgWarning("Password is given more than once."); 1849 RTEXITCODE rcExit = readPasswordFile(ValueUnion.psz, &strPrivateKeyPassword); 1850 if (rcExit == RTEXITCODE_SUCCESS) 1851 break; 1852 return rcExit; 1853 } 1854 1855 case '7': 1856 fPkcs7 = true; 1857 break; 1858 1859 case 'n': 1860 fPkcs7 = false; 1861 break; 1862 1863 case 'i': 1864 if (cIntermediateCerts >= RT_ELEMENTS(apszIntermediateCerts)) 1865 return RTMsgErrorExitFailure("Too many intermediate certificates: max %zu", 1866 RT_ELEMENTS(apszIntermediateCerts)); 1867 apszIntermediateCerts[cIntermediateCerts++] = ValueUnion.psz; 1845 1868 break; 1846 1869 1847 1870 case 'f': 1848 strPrivateKeyPasswordFile=ValueUnion.psz; 1849 break; 1850 1851 case 'c': 1852 strX509CertificateFile=ValueUnion.psz; 1853 break; 1854 1855 case 'i': 1856 strInterimCertificateFile=ValueUnion.psz; 1857 break; 1858 1859 case 'o': 1871 fReSign = true; 1872 break; 1873 1874 1875 case 'O': 1860 1876 fOutCert = true; 1861 1877 break; 1862 1878 1863 case 's': 1864 fPKCS7 = true; 1865 break; 1866 1867 case 'F': 1868 fResign = true; 1869 break; 1870 1871 case 'd': 1872 fDry = true; 1873 break; 1874 1875 case 1001: 1876 case 1002: 1877 printHelp(g_pStdOut); 1878 return RTEXITCODE_SUCCESS; 1879 case 'D': 1880 fDryRun = true; 1881 break; 1879 1882 1880 1883 case VINF_GETOPT_NOT_OPTION: 1881 if ( strOvfFilename.isEmpty())1882 strOvfFilename = ValueUnion.psz;1883 else1884 return errorGetOpt(c, &ValueUnion);1885 break;1886 1884 if (!pszOva) 1885 { 1886 pszOva = ValueUnion.psz; 1887 break; 1888 } 1889 RT_FALL_THRU(); 1887 1890 default: 1888 1891 return errorGetOpt(c, &ValueUnion); … … 1890 1893 } 1891 1894 1895 /* Required paramaters: */ 1896 if (!pszOva || !*pszOva) 1897 return RTMsgErrorExit(RTEXITCODE_FAILURE, "No OVA file was specified!"); 1898 if (!pszCertificate || !*pszCertificate) 1899 return RTMsgErrorExit(RTEXITCODE_FAILURE, "No signing certificate (--certificate=<file>) was specified!"); 1900 if (!pszPrivateKey || !*pszPrivateKey) 1901 return RTMsgErrorExit(RTEXITCODE_FAILURE, "No signing private key (--private-key=<file>) was specified!"); 1902 1903 /* Check that input files exists before we commence: */ 1904 if (!RTFileExists(pszOva)) 1905 return RTMsgErrorExit(RTEXITCODE_FAILURE, "The specified OVA file was not found: %s", pszOva); 1906 if (!RTFileExists(pszCertificate)) 1907 return RTMsgErrorExit(RTEXITCODE_FAILURE, "The specified certificate file was not found: %s", pszCertificate); 1908 if (!RTFileExists(pszPrivateKey)) 1909 return RTMsgErrorExit(RTEXITCODE_FAILURE, "The specified private key file was not found: %s", pszPrivateKey); 1910 1911 /* 1912 * 1913 */ 1914 HRESULT hrc = S_OK; 1915 1892 1916 Utf8Str strManifestData; 1893 1917 Utf8Str strManifestName; … … 1895 1919 Utf8Str strApplianceFullPath; 1896 1920 1897 if (strOvfFilename.isEmpty()) 1898 return RTMsgErrorExit(RTEXITCODE_FAILURE, "The OVA package name is empty"); 1921 char *pszAbsFilePath = RTPathAbsDup(pszOva); 1899 1922 1900 1923 do 1901 1924 { 1902 char *pszAbsFilePath = RTPathAbsDup(strOvfFilename.c_str());1903 1925 1904 1926 if (!RTFileExists(pszAbsFilePath)) … … 1946 1968 1947 1969 /* Read the private key */ 1948 RTCRKEY hPrivateKey; 1949 RTERRINFO ErrInfo; 1950 uint32_t fFlags = 0; 1951 1952 if (strPrivateKeyForm.equalsIgnoreCase("pem")) 1953 fFlags = RTCRPEMREADFILE_F_VALID_MASK;//|RTCRKEYFROM_F_VALID_MASK; 1954 1955 /* check the key file existence */ 1956 if (!RTFileExists(strPrivateKeyPasswordFile.c_str())) 1957 return RTMsgErrorExit(RTEXITCODE_FAILURE, "The file %s with a private key wasn't found", 1958 strPrivateKeyPasswordFile.c_str()); 1959 1960 rc = RTCrKeyCreateFromFile(&hPrivateKey, 0, strPrivateKeyPasswordFile.c_str(), strPrivateKeyPassword.c_str(), &ErrInfo); 1970 RTERRINFOSTATIC ErrInfo; 1971 RTCRKEY hPrivateKey = NIL_RTCRKEY; 1972 rc = RTCrKeyCreateFromFile(&hPrivateKey, RTCRPEMREADFILE_F_SENSITIVE, pszPrivateKey, 1973 strPrivateKeyPassword.c_str(), RTErrInfoInitStatic(&ErrInfo)); 1961 1974 if (RT_SUCCESS(rc)) 1962 1975 { 1963 RTPrintf("Reading the private key from %s was done.\n\n", strPrivateKeyPasswordFile.c_str()); 1964 1965 /* check the certificate file existence */ 1966 if (!RTFileExists(strX509CertificateFile.c_str())) 1967 { 1968 RTCrKeyRelease(hPrivateKey); 1969 return RTMsgErrorExit(RTEXITCODE_FAILURE, "The file %s with a X509 certificate wasn't found", 1970 strX509CertificateFile.c_str()); 1971 } 1976 RTPrintf("Reading the private key from %s was done.\n\n", pszPrivateKey); 1972 1977 1973 1978 /* Read the certificate */ 1974 1979 RTCRX509CERTIFICATE Certificate; 1975 rc = RTCrX509Certificate_ReadFromFile(&Certificate, strX509CertificateFile.c_str(), 0, &g_RTAsn1DefaultAllocator,1976 &ErrInfo);1980 rc = RTCrX509Certificate_ReadFromFile(&Certificate, pszCertificate, 0, &g_RTAsn1DefaultAllocator, 1981 RTErrInfoInitStatic(&ErrInfo)); 1977 1982 if (RT_FAILURE(rc)) 1978 1983 { 1979 1984 RTCrKeyRelease(hPrivateKey); 1980 return RTMsgErrorExit(RTEXITCODE_FAILURE, "Error reading certificate from %s: %Rrc - %s",1981 strX509CertificateFile.c_str(), rc, ErrInfo.pszMsg);1985 return RTMsgErrorExit(RTEXITCODE_FAILURE, "Error reading certificate from %s: %Rrc%#RTeim", 1986 pszCertificate, rc, &ErrInfo.Core); 1982 1987 } 1983 1988 1984 RTPrintf("Reading the certificate from %s was done.\n\n", strX509CertificateFile.c_str());1989 RTPrintf("Reading the certificate from %s was done.\n\n", pszCertificate); 1985 1990 1986 1991 /* … … 2026 2031 signatureBuf, 2027 2032 &cbSignature, 2028 &ErrInfo);2033 RTErrInfoInitStatic(&ErrInfo)); 2029 2034 if (RT_SUCCESS(rc)) 2030 2035 { … … 2034 2039 /* Verify the signature back using the public key information from the certificate */ 2035 2040 rc = RTCrPkixPubKeyVerifySignedDigestByCertPubKeyInfo(&Certificate.TbsCertificate.SubjectPublicKeyInfo, 2036 signatureBuf, cbSignature, hDigest, &ErrInfo); 2041 signatureBuf, cbSignature, hDigest, 2042 RTErrInfoInitStatic(&ErrInfo)); 2037 2043 if (RT_FAILURE(rc)) 2038 2044 { … … 2043 2049 return RTMsgErrorExit(RTEXITCODE_FAILURE, "The manifest signature does not match"); 2044 2050 2045 return RTMsgErrorExit(RTEXITCODE_FAILURE, "Error validating the manifest signature (%Rrc , %s)",2046 rc, ErrInfo.pszMsg);2051 return RTMsgErrorExit(RTEXITCODE_FAILURE, "Error validating the manifest signature (%Rrc%#RTeim)", 2052 rc, &ErrInfo.Core); 2047 2053 } 2048 else 2049 RTPrintf("The manifest signature was validated successfully\n\n"); 2054 RTPrintf("The manifest signature was validated successfully\n\n"); 2050 2055 2051 2056 /* … … 2078 2083 2079 2084 /* Just stop here in the case of dry-run scenario */ 2080 if (fDry )2085 if (fDryRun) 2081 2086 { 2082 2087 /* Dont' forget */ … … 2105 2110 /* Open and read the passed certificate file as a standard file */ 2106 2111 RTVFSFILE hVfsOriginalX509Certificate; 2107 rc = RTVfsFileOpenNormal(strX509CertificateFile.c_str(), 2108 RTFILE_O_OPEN | RTFILE_O_READ | RTFILE_O_DENY_NONE, 2112 rc = RTVfsFileOpenNormal(pszCertificate, RTFILE_O_OPEN | RTFILE_O_READ | RTFILE_O_DENY_NONE, 2109 2113 &hVfsOriginalX509Certificate); 2110 2114 if (RT_SUCCESS(rc)) … … 2127 2131 } 2128 2132 else 2129 RTPrintf("Reading the certificate from the file %s failed (%Rrc)", 2130 strX509CertificateFile.c_str(), rc); 2133 RTPrintf("Reading the certificate from the file %s failed (%Rrc)", pszCertificate, rc); 2131 2134 2132 2135 /* Dont' forget */ … … 2144 2147 } 2145 2148 else 2146 RTPrintf("Reading the certificate from the file %s failed (%Rrc)", 2147 strX509CertificateFile.c_str(), rc); 2149 RTPrintf("Reading the certificate from the file %s failed (%Rrc)", pszCertificate, rc); 2148 2150 } 2149 2151 else … … 2231 2233 fCertPresence = true;//remember for later usage 2232 2234 /* if the flag --force has been set just skip it and go further */ 2233 if (fRe sign)2235 if (fReSign) 2234 2236 continue; 2235 2237 } … … 2266 2268 if (RT_SUCCESS(rc)) 2267 2269 { 2268 /* Add only if no cetificate or the flag fRe sign was set and certificate is presented */2269 if ( !fCertPresence || (fCertPresence && fRe sign) )2270 /* Add only if no cetificate or the flag fReSign was set and certificate is presented */ 2271 if ( !fCertPresence || (fCertPresence && fReSign) ) 2270 2272 { 2271 2273 size_t cbWritten; … … 2367 2369 } 2368 2370 else 2369 RTPrintf("Error reading the private key from %s: %Rrc - %s", strPrivateKeyPasswordFile.c_str(), rc, ErrInfo.pszMsg);2371 RTPrintf("Error reading the private key from %s: %Rrc%#RTeim", pszPrivateKey, rc, &ErrInfo.Core); 2370 2372 2371 2373 /* Dont' forget */
Note:
See TracChangeset
for help on using the changeset viewer.
