Skip to main content
aboutsummaryrefslogtreecommitdiffstats
path: root/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedContentImpl.java
diff options
context:
space:
mode:
Diffstat (limited to 'bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedContentImpl.java')
-rw-r--r--bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedContentImpl.java213
1 files changed, 0 insertions, 213 deletions
diff --git a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedContentImpl.java b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedContentImpl.java
deleted file mode 100644
index f8acc8de8..000000000
--- a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignedContentImpl.java
+++ /dev/null
@@ -1,213 +0,0 @@
-/*******************************************************************************
- * Copyright (c) 2007, 2019 IBM Corporation and others.
- *
- * This program and the accompanying materials are made available under the
- * terms of the Eclipse Public License 2.0 which accompanies this distribution,
- * and is available at
- * https://www.eclipse.org/legal/epl-2.0/
- *
- * SPDX-License-Identifier: EPL-2.0
- *
- * Contributors: IBM Corporation - initial API and implementation
- ******************************************************************************/
-package org.eclipse.osgi.internal.signedcontent;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import org.eclipse.osgi.signedcontent.InvalidContentException;
-import org.eclipse.osgi.signedcontent.SignedContent;
-import org.eclipse.osgi.signedcontent.SignedContentEntry;
-import org.eclipse.osgi.signedcontent.SignerInfo;
-import org.eclipse.osgi.storage.bundlefile.BundleEntry;
-import org.eclipse.osgi.storage.bundlefile.BundleFile;
-import org.eclipse.osgi.util.NLS;
-
-public class SignedContentImpl implements SignedContent {
- final static int VERIFY_LIMIT = 1000 * 1024; // 1 mb; not sure what the best limit is
- final static SignerInfo[] EMPTY_SIGNERINFO = new SignerInfo[0];
- // the content which is signed
- volatile SignedBundleFile content; // TODO can this be more general?
- // the content entry md results used for entry content verification
- // keyed by entry path -> {SignerInfo[] infos, byte[][] results)}
- private final Map<String, Object> contentMDResults;
- private final SignerInfo[] signerInfos;
- // map of tsa singers keyed by SignerInfo -> {tsa_SignerInfo, signingTime}
- private Map<SignerInfo, Object[]> tsaSignerInfos;
- volatile private boolean checkedValid = false;
-
- public SignedContentImpl(SignerInfo[] signerInfos, Map<String, Object> contentMDResults) {
- this.signerInfos = signerInfos == null ? EMPTY_SIGNERINFO : signerInfos;
- this.contentMDResults = contentMDResults;
- }
-
- @Override
- public SignedContentEntry[] getSignedEntries() {
- if (contentMDResults == null)
- return new SignedContentEntry[0];
- List<SignedContentEntry> results = new ArrayList<>(contentMDResults.size());
- for (Map.Entry<String, Object> entry : contentMDResults.entrySet()) {
- String entryName = entry.getKey();
- Object[] mdResult = (Object[]) entry.getValue();
- results.add(new SignedContentEntryImpl(entryName, (SignerInfo[]) mdResult[0]));
- }
- return results.toArray(new SignedContentEntry[results.size()]);
- }
-
- @Override
- public SignedContentEntry getSignedEntry(String name) {
- if (contentMDResults == null)
- return null;
- Object[] mdResult = (Object[]) contentMDResults.get(name);
- return mdResult == null ? null : new SignedContentEntryImpl(name, (SignerInfo[]) mdResult[0]);
- }
-
- @Override
- public SignerInfo[] getSignerInfos() {
- return signerInfos;
- }
-
- @Override
- public Date getSigningTime(SignerInfo signerInfo) {
- if (tsaSignerInfos == null)
- return null;
- Object[] tsaInfo = tsaSignerInfos.get(signerInfo);
- return tsaInfo == null ? null : (Date) tsaInfo[1];
- }
-
- @Override
- public SignerInfo getTSASignerInfo(SignerInfo signerInfo) {
- if (tsaSignerInfos == null)
- return null;
- Object[] tsaInfo = tsaSignerInfos.get(signerInfo);
- return tsaInfo == null ? null : (SignerInfo) tsaInfo[0];
- }
-
- @Override
- public boolean isSigned() {
- return signerInfos.length > 0;
- }
-
- @Override
- public void checkValidity(SignerInfo signer) throws CertificateExpiredException, CertificateNotYetValidException {
- Date signingTime = getSigningTime(signer);
- if (checkedValid)
- return;
- Certificate[] certs = signer.getCertificateChain();
- for (Certificate cert : certs) {
- if (!(cert instanceof X509Certificate)) {
- continue;
- }
- if (signingTime == null) {
- ((X509Certificate) cert).checkValidity();
- } else {
- ((X509Certificate) cert).checkValidity(signingTime);
- }
- }
- checkedValid = true;
- }
-
- void setContent(SignedBundleFile content) {
- this.content = content;
- }
-
- void setTSASignerInfos(Map<SignerInfo, Object[]> tsaSignerInfos) {
- this.tsaSignerInfos = tsaSignerInfos;
- }
-
- void addTSASignerInfo(SignerInfo baseInfo, SignerInfo tsaSignerInfo, Date signingTime) {
- // sanity check to make sure the baseInfo is here
- if (!containsInfo(baseInfo))
- throw new IllegalArgumentException("The baseInfo is not found"); //$NON-NLS-1$
- if (tsaSignerInfos == null)
- tsaSignerInfos = new HashMap<>(signerInfos.length);
- tsaSignerInfos.put(baseInfo, new Object[] {tsaSignerInfo, signingTime});
- }
-
- Map<String, Object> getContentMDResults() {
- return contentMDResults;
- }
-
- private boolean containsInfo(SignerInfo signerInfo) {
- for (SignerInfo si : signerInfos) {
- if (signerInfo == si) {
- return true;
- }
- }
- return false;
- }
-
- InputStream getDigestInputStream(BundleEntry nestedEntry) throws IOException {
- if (contentMDResults == null)
- return nestedEntry.getInputStream();
- Object[] mdResult = (Object[]) contentMDResults.get(nestedEntry.getName());
- if (mdResult == null)
- return null;
- try {
- return new DigestedInputStream(nestedEntry, content, (SignerInfo[]) mdResult[0], (byte[][]) mdResult[1], nestedEntry.getSize());
- } catch (NoSuchAlgorithmException e) {
- throw new IOException(e);
- }
- }
-
- public class SignedContentEntryImpl implements SignedContentEntry {
- private final String entryName;
- private final SignerInfo[] entrySigners;
-
- public SignedContentEntryImpl(String entryName, SignerInfo[] entrySigners) {
- this.entryName = entryName;
- this.entrySigners = entrySigners == null ? EMPTY_SIGNERINFO : entrySigners;
- }
-
- @Override
- public String getName() {
- return entryName;
- }
-
- @Override
- public SignerInfo[] getSignerInfos() {
- return entrySigners;
- }
-
- @Override
- public boolean isSigned() {
- return entrySigners.length > 0;
- }
-
- @Override
- public void verify() throws IOException, InvalidContentException {
- BundleFile currentContent = content;
- if (currentContent == null)
- throw new InvalidContentException("The content was not set", null); //$NON-NLS-1$
- BundleEntry entry = null;
- SecurityException exception = null;
- try {
- entry = currentContent.getEntry(entryName);
- } catch (SecurityException e) {
- exception = e;
- }
- if (entry == null)
- throw new InvalidContentException(NLS.bind(SignedContentMessages.file_is_removed_from_jar, entryName, String.valueOf(currentContent.getBaseFile())), exception);
-
- if (entry.getSize() > VERIFY_LIMIT) {
- try (InputStream in = entry.getInputStream()) {
- final byte[] buf = new byte[1024];
- while (in.read(buf) > 0) {
- // just exhausting the stream to verify
- }
- }
- } else {
- entry.getBytes();
- }
- }
- }
-}

Back to the top