Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to 'bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedBundleFile.java')
-rw-r--r--bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedBundleFile.java173
1 files changed, 0 insertions, 173 deletions
diff --git a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedBundleFile.java b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedBundleFile.java
deleted file mode 100644
index 5f3cf84c7..000000000
--- a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedBundleFile.java
+++ /dev/null
@@ -1,173 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2006, 2013 IBM Corporation and others.
- *
- * This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License 2.0
- * which accompanies this distribution, and is available at
- * https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- *
- * Contributors:
- * IBM Corporation - initial API and implementation
- *******************************************************************************/
-
-package org.eclipse.osgi.internal.signedcontent;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.SignatureException;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.util.Date;
-import org.eclipse.osgi.signedcontent.SignedContent;
-import org.eclipse.osgi.signedcontent.SignedContentEntry;
-import org.eclipse.osgi.signedcontent.SignerInfo;
-import org.eclipse.osgi.storage.bundlefile.BundleEntry;
-import org.eclipse.osgi.storage.bundlefile.BundleFile;
-import org.eclipse.osgi.storage.bundlefile.BundleFileWrapper;
-import org.eclipse.osgi.util.NLS;
-
-/**
- * This class wraps a Repository of classes and resources to check and enforce
- * signatures. It requires full signing of the manifest by all signers. If no
- * signatures are found, the classes and resources are retrieved without checks.
- */
-public class SignedBundleFile extends BundleFileWrapper implements SignedContentConstants, SignedContent {
- SignedContentImpl signedContent;
- private final int supportFlags;
- private final SignedBundleHook signedBundleHook;
-
- SignedBundleFile(BundleFile bundleFile, SignedContentImpl signedContent, int supportFlags, SignedBundleHook signedBundleHook) {
- super(bundleFile);
- this.signedContent = signedContent;
- this.supportFlags = supportFlags;
- this.signedBundleHook = signedBundleHook;
- }
-
- void initializeSignedContent() throws IOException, InvalidKeyException, SignatureException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
- if (signedContent == null) {
- SignatureBlockProcessor signatureProcessor = new SignatureBlockProcessor(this, supportFlags, signedBundleHook);
- signedContent = signatureProcessor.process();
- if (signedContent != null)
- signedBundleHook.determineTrust(signedContent, supportFlags);
- }
- }
-
- @Override
- public BundleEntry getEntry(String path) {
- // strip off leading slashes so we can ensure the path matches the one provided in the manifest.
- if (path.length() > 0 && path.charAt(0) == '/')
- path = path.substring(1);
- BundleEntry be = getBundleFile().getEntry(path);
- if ((supportFlags & SignedBundleHook.VERIFY_RUNTIME) == 0 || signedContent == null)
- return be;
- if (path.startsWith(META_INF)) {
- int lastSlash = path.lastIndexOf('/');
- if (lastSlash == META_INF.length() - 1) {
- if (path.equals(META_INF_MANIFEST_MF) || path.endsWith(DOT_DSA) || path.endsWith(DOT_RSA) || path.endsWith(DOT_SF) || path.indexOf(SIG_DASH) == META_INF.length())
- return be;
- SignedContentEntry signedEntry = signedContent.getSignedEntry(path);
- if (signedEntry == null)
- // TODO this is to allow 1.4 signed bundles to work, it would be better if we could detect 1.4 signed bundles and only do this for them.
- return be;
- }
- }
- if (be == null) {
- // double check that no signer thinks it should exist
- SignedContentEntry signedEntry = signedContent.getSignedEntry(path);
- if (signedEntry != null)
- throw new SecurityException(NLS.bind(SignedContentMessages.file_is_removed_from_jar, path, String.valueOf(getBaseFile())));
- return null;
- }
- return new SignedBundleEntry(be);
- }
-
- class SignedBundleEntry extends BundleEntry {
- BundleEntry nestedEntry;
-
- SignedBundleEntry(BundleEntry nestedEntry) {
- this.nestedEntry = nestedEntry;
- }
-
- @Override
- public InputStream getInputStream() throws IOException {
- InputStream in = signedContent.getDigestInputStream(nestedEntry);
- if (in == null)
- throw new SecurityException("Corrupted file: the digest does not exist for the file " + nestedEntry.getName()); //$NON-NLS-1$
- return in;
- }
-
- @Override
- public long getSize() {
- return nestedEntry.getSize();
- }
-
- @Override
- public String getName() {
- return nestedEntry.getName();
- }
-
- @Override
- public long getTime() {
- return nestedEntry.getTime();
- }
-
- @Override
- public URL getLocalURL() {
- return nestedEntry.getLocalURL();
- }
-
- @Override
- public URL getFileURL() {
- return nestedEntry.getFileURL();
- }
-
- }
-
- SignedContentImpl getSignedContent() {
- return signedContent;
- }
-
- @Override
- public SignedContentEntry[] getSignedEntries() {
- return signedContent == null ? null : signedContent.getSignedEntries();
- }
-
- @Override
- public SignedContentEntry getSignedEntry(String name) {
- return signedContent == null ? null : signedContent.getSignedEntry(name);
- }
-
- @Override
- public SignerInfo[] getSignerInfos() {
- return signedContent == null ? null : signedContent.getSignerInfos();
- }
-
- @Override
- public Date getSigningTime(SignerInfo signerInfo) {
- return signedContent == null ? null : signedContent.getSigningTime(signerInfo);
- }
-
- @Override
- public SignerInfo getTSASignerInfo(SignerInfo signerInfo) {
- return signedContent == null ? null : signedContent.getTSASignerInfo(signerInfo);
- }
-
- @Override
- public boolean isSigned() {
- return signedContent == null ? false : signedContent.isSigned();
- }
-
- @Override
- public void checkValidity(SignerInfo signerInfo) throws CertificateExpiredException, CertificateNotYetValidException {
- if (signedContent != null)
- signedContent.checkValidity(signerInfo);
- }
-
-}

Back to the top