Changeset 84264 in vbox for trunk/src/VBox/Frontends/VBoxManage
- Timestamp:
- May 11, 2020 5:55:26 PM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Frontends/VBoxManage/VBoxManageAppliance.cpp
r84250 r84264 1841 1841 if (iVerbosity >= 2) 1842 1842 RTMsgInfo("Scanning OVA '%s' for a manifest and signature...", pszOva); 1843 enum { kScanning, kSeenManifest, kSeenSignature } enmState = kScanning;1843 char *pszSignatureName = NULL; 1844 1844 for (;;) 1845 1845 { … … 1871 1871 && (enmType == RTVFSOBJTYPE_IO_STREAM || enmType == RTVFSOBJTYPE_FILE)) 1872 1872 { 1873 if ( enmState >= kSeenManifest 1874 || *phVfsManifest != NIL_RTVFSFILE /* paranoia */) 1873 if (*phVfsManifest != NIL_RTVFSFILE) 1875 1874 rc = RTMsgErrorRc(VERR_DUPLICATE, "OVA contains multiple manifests! first: %s second: %s", 1876 1875 pStrManifestName->c_str(), pszName); 1876 else if (pszSignatureName) 1877 rc = RTMsgErrorRc(VERR_WRONG_ORDER, "Unsupported OVA file ordering! Signature file ('%s') as succeeded by '%s'.", 1878 pszSignatureName, pszName); 1877 1879 else 1878 1880 { 1879 enmState = kSeenManifest;1880 1881 if (iVerbosity >= 2) 1881 1882 RTMsgInfo("Found manifest file: %s", pszName); … … 1898 1899 && (enmType == RTVFSOBJTYPE_IO_STREAM || enmType == RTVFSOBJTYPE_FILE)) 1899 1900 { 1900 if ( enmState >= kSeenSignature 1901 || *phVfsOldSignature != NIL_RTVFSOBJ /* paranoia */) 1901 if (*phVfsOldSignature != NIL_RTVFSOBJ) 1902 1902 rc = RTMsgErrorRc(VERR_WRONG_ORDER, "Multiple signature files! (%s)", pszName); 1903 1903 else 1904 1904 { 1905 enmState = kSeenSignature;1906 1905 if (iVerbosity >= 2) 1907 1906 RTMsgInfo("Found existing signature file: %s", pszName); 1907 pszSignatureName = pszName; 1908 1908 *phVfsOldSignature = hVfsObj; 1909 pszName = NULL; 1909 1910 hVfsObj = NIL_RTVFSOBJ; 1910 1911 } 1911 1912 } 1912 else if (enmState >= kSeenManifest) 1913 rc = RTMsgErrorRc(VERR_WRONG_ORDER, "Invalid OVA file ordering! (%s)", pszName); 1913 else if (pszSignatureName) 1914 rc = RTMsgErrorRc(VERR_WRONG_ORDER, "Unsupported OVA file ordering! Signature file ('%s') as succeeded by '%s'.", 1915 pszSignatureName, pszName); 1914 1916 1915 1917 /* … … 1929 1931 else if (RT_SUCCESS(rc) && *phVfsOldSignature != NIL_RTVFSOBJ && !fReSign) 1930 1932 rc = RTMsgErrorRc(VERR_ALREADY_EXISTS, 1931 "The OVA is already signed! (Use the --force option to force re-signing it.)"); 1932 1933 "The OVA is already signed ('%s')! (Use the --force option to force re-signing it.)", 1934 pszSignatureName); 1935 1936 RTStrFree(pszSignatureName); 1933 1937 return rc; 1934 1938 } … … 1943 1947 * following the .cert file in that case. 1944 1948 */ 1945 static int updateTheOvaSignature(RTVFSFSSTREAM hVfsFssOva, const char *pszOva, 1946 const char *pszSignatureName, RTVFSFILE hVfsFileSignature, RTVFSOBJ hVfsOldSignature)1949 static int updateTheOvaSignature(RTVFSFSSTREAM hVfsFssOva, const char *pszOva, const char *pszSignatureName, 1950 RTVFSFILE hVfsFileSignature, RTVFSOBJ hVfsOldSignature, unsigned iVerbosity) 1947 1951 { 1952 if (iVerbosity > 1) 1953 RTMsgInfo("Writing '%s' to the OVA...", pszSignatureName); 1954 1948 1955 /* 1949 1956 * Truncate the file at the old signature, if present. … … 2129 2136 { 2130 2137 if (iVerbosity > 1) 2131 RTMsgInfo("Created PKCS#7/CMS signature: %zu bytes.", cbResult); 2138 RTMsgInfo("Created PKCS#7/CMS signature: %zu bytes, %s.", 2139 cbResult, RTCrDigestTypeToName(enmDigestType)); 2132 2140 2133 2141 /* … … 2176 2184 } 2177 2185 2186 /** @todo Use SHA-3 instead, better diversity. @bugref{9734} */ 2178 2187 RTDIGESTTYPE enmPkcs7DigestType; 2179 2188 if ( enmDigestType == RTDIGESTTYPE_SHA1 … … 2244 2253 if (RT_SUCCESS(rc)) 2245 2254 { 2255 if (iVerbosity > 1) 2256 RTMsgInfo("Created OVA signature: %zu bytes, %s", cbSignature, RTCrDigestTypeToName(enmDigestType)); 2257 2246 2258 /* 2247 2259 * Verify the signature using the certificate to make sure we've … … 2253 2265 if (RT_SUCCESS(rc)) 2254 2266 { 2255 if (iVerbosity > 0)2256 RTMsgInfo(" Created OVA signature: %zu bytes, %s", cbSignature, RTCrDigestTypeToName(enmDigestType));2267 if (iVerbosity > 2) 2268 RTMsgInfo(" Successfully decoded and verified the OVA signature.\n"); 2257 2269 2258 2270 /* … … 2331 2343 { "--digest-type", 'd', RTGETOPT_REQ_STRING }, 2332 2344 { "--pkcs7", '7', RTGETOPT_REQ_NOTHING }, 2345 { "--cms", '7', RTGETOPT_REQ_NOTHING }, 2333 2346 { "--no-pkcs7", 'n', RTGETOPT_REQ_NOTHING }, 2347 { "--no-cms", 'n', RTGETOPT_REQ_NOTHING }, 2334 2348 { "--intermediate-cert-file", 'i', RTGETOPT_REQ_STRING }, 2335 2349 { "--force", 'f', RTGETOPT_REQ_NOTHING }, … … 2348 2362 Utf8Str strPrivateKeyPassword; 2349 2363 RTDIGESTTYPE enmDigestType = RTDIGESTTYPE_UNKNOWN; 2350 bool fPkcs7 = false;2364 bool fPkcs7 = true; 2351 2365 unsigned cIntermediateCerts = 0; 2352 2366 const char *apszIntermediateCerts[32]; … … 2412 2426 RT_ELEMENTS(apszIntermediateCerts)); 2413 2427 apszIntermediateCerts[cIntermediateCerts++] = ValueUnion.psz; 2428 fPkcs7 = true; 2414 2429 break; 2415 2430 … … 2508 2523 * Update the OVA. 2509 2524 */ 2510 rc = updateTheOvaSignature(hVfsFssOva, pszOva, strSignatureName.c_str(), hVfsFileSignature, hVfsOldSignature); 2525 rc = updateTheOvaSignature(hVfsFssOva, pszOva, strSignatureName.c_str(), 2526 hVfsFileSignature, hVfsOldSignature, iVerbosity); 2527 if (RT_SUCCESS(rc) && iVerbosity > 0) 2528 RTMsgInfo("Successfully signed '%s'.", pszOva); 2511 2529 } 2512 2530 }
Note:
See TracChangeset
for help on using the changeset viewer.
