Skip to main content
aboutsummaryrefslogtreecommitdiffstats
blob: e965a401f1816d8030b2947ccdced8b4beee7b64 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
/*******************************************************************************
 * Copyright (c) 2007, 2010 IBM Corporation and others. All rights reserved.
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
 * and is available at http://www.eclipse.org/legal/epl-v10.html
 * 
 * Contributors: IBM Corporation - initial API and implementation
 ******************************************************************************/
package org.eclipse.osgi.internal.signedcontent;

import java.security.cert.Certificate;
import java.util.*;
import org.eclipse.osgi.baseadaptor.BaseData;
import org.eclipse.osgi.framework.internal.core.*;
import org.eclipse.osgi.framework.log.FrameworkLogEntry;
import org.eclipse.osgi.internal.provisional.service.security.AuthorizationEngine;
import org.eclipse.osgi.signedcontent.SignerInfo;
import org.osgi.framework.*;
import org.osgi.framework.Constants;
import org.osgi.service.packageadmin.PackageAdmin;
import org.osgi.util.tracker.ServiceTracker;

public class TrustEngineListener {
	// this is a singleton listener; see SignedBundleHook for initialization
	private volatile static TrustEngineListener instance;
	private final BundleContext context;
	private final ServiceTracker<AuthorizationEngine, AuthorizationEngine> authorizationTracker;

	TrustEngineListener(BundleContext context) {
		this.context = context;
		// read the trust provider security property
		String authEngineProp = FrameworkProperties.getProperty(SignedContentConstants.AUTHORIZATION_ENGINE);
		Filter filter = null;
		if (authEngineProp != null)
			try {
				filter = FilterImpl.newInstance("(&(" + Constants.OBJECTCLASS + "=" + AuthorizationEngine.class.getName() + ")(" + SignedContentConstants.AUTHORIZATION_ENGINE + "=" + authEngineProp + "))"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$//$NON-NLS-5$
			} catch (InvalidSyntaxException e) {
				SignedBundleHook.log("Invalid authorization filter", FrameworkLogEntry.WARNING, e); //$NON-NLS-1$
			}
		if (filter != null)
			authorizationTracker = new ServiceTracker<AuthorizationEngine, AuthorizationEngine>(context, filter, null);
		else
			authorizationTracker = new ServiceTracker<AuthorizationEngine, AuthorizationEngine>(context, AuthorizationEngine.class.getName(), null);
		authorizationTracker.open();
		instance = this;
	}

	public static TrustEngineListener getInstance() {
		return instance;
	}

	void stopTrustEngineListener() {
		authorizationTracker.close();
		instance = null;
	}

	public void addedTrustAnchor(Certificate anchor) {
		// find any SignedContent with SignerInfos that do not have an anchor;
		// re-evaluate trust and check authorization for these SignedContents
		Bundle[] bundles = context.getBundles();
		Set<Bundle> unresolved = new HashSet<Bundle>();
		for (int i = 0; i < bundles.length; i++) {
			SignedContentImpl signedContent = getSignedContent(bundles[i]);
			if (signedContent != null && signedContent.isSigned()) {
				// check the SignerInfos for this content
				SignerInfo[] infos = signedContent.getSignerInfos();
				for (int j = 0; j < infos.length; j++) {
					if (infos[j].getTrustAnchor() == null)
						// one of the signers is not trusted
						unresolved.add(bundles[i]);
					SignerInfo tsa = signedContent.getTSASignerInfo(infos[j]);
					if (tsa != null && tsa.getTrustAnchor() == null)
						// one of the tsa signers is not trusted
						unresolved.add(bundles[i]);
				}
			}
			if (unresolved.contains(bundles[i])) {
				// found an untrusted signer for this bundle re-evaluate trust
				SignedBundleFile.determineTrust(signedContent, SignedBundleHook.VERIFY_TRUST);
				// now check the authorization handler
				checkAuthorization(signedContent, bundles[i]);
			}
		}
		// try to resolve
		if (unresolved.size() > 0)
			resolveBundles(unresolved.toArray(new Bundle[unresolved.size()]), false);
	}

	private void checkAuthorization(SignedContentImpl signedContent, Bundle bundle) {
		AuthorizationEngine authEngine = getAuthorizationEngine();
		if (authEngine != null)
			authEngine.authorize(signedContent, bundle);
	}

	AuthorizationEngine getAuthorizationEngine() {
		return authorizationTracker.getService();
	}

	private void resolveBundles(Bundle[] bundles, boolean refresh) {
		ServiceReference<?> ref = context.getServiceReference(PackageAdmin.class.getName());
		if (ref == null)
			return;
		PackageAdmin pa = (PackageAdmin) context.getService(ref);
		if (pa == null)
			return;
		try {
			if (refresh)
				pa.refreshPackages(bundles);
			else
				pa.resolveBundles(bundles);
		} finally {
			context.ungetService(ref);
		}
	}

	public void removedTrustAnchor(Certificate anchor) {
		// find any signed content that has signerinfos with the supplied anchor
		// re-evaluate trust and check authorization again.
		Bundle[] bundles = context.getBundles();
		Set<Bundle> usingAnchor = new HashSet<Bundle>();
		Set<SignerInfo> untrustedSigners = new HashSet<SignerInfo>();
		for (int i = 0; i < bundles.length; i++) {
			SignedContentImpl signedContent = getSignedContent(bundles[i]);
			if (signedContent != null && signedContent.isSigned()) {
				// check signer infos for this content
				SignerInfo[] infos = signedContent.getSignerInfos();
				for (int j = 0; j < infos.length; j++) {
					if (anchor.equals(infos[j].getTrustAnchor())) {
						// one of the signers uses this anchor
						untrustedSigners.add(infos[j]);
						usingAnchor.add(bundles[i]);
					}
					SignerInfo tsa = signedContent.getTSASignerInfo(infos[j]);
					if (tsa != null && anchor.equals(tsa.getTrustAnchor())) {
						// one of the tsa signers uses this anchor
						usingAnchor.add(bundles[i]);
						untrustedSigners.add(tsa);
					}
				}
			}
		}
		// remove trust anchors from untrusted signers
		for (Iterator<SignerInfo> untrusted = untrustedSigners.iterator(); untrusted.hasNext();)
			((SignerInfoImpl) untrusted.next()).setTrustAnchor(null);
		// re-establish trust and check authorization
		for (Iterator<Bundle> untrustedBundles = usingAnchor.iterator(); untrustedBundles.hasNext();) {
			Bundle bundle = untrustedBundles.next();
			SignedContentImpl signedContent = getSignedContent(bundle);
			// found an signer using the anchor for this bundle re-evaluate trust
			SignedBundleFile.determineTrust(signedContent, SignedBundleHook.VERIFY_TRUST);
			// now check the authorization handler
			checkAuthorization(signedContent, bundle);
		}
		// TODO an optimization here would be to check for real DisabledInfo objects for each bundle
		// try to refresh
		if (usingAnchor.size() > 0)
			resolveBundles(usingAnchor.toArray(new Bundle[usingAnchor.size()]), true);
	}

	private SignedContentImpl getSignedContent(Bundle bundle) {
		BaseData data = (BaseData) ((AbstractBundle) bundle).getBundleData();
		SignedStorageHook hook = (SignedStorageHook) data.getStorageHook(SignedStorageHook.KEY);
		if (hook == null)
			return null;
		return (SignedContentImpl) hook.getSignedContent();
	}
}

Back to the top