Skip to main content
summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPascal Rapicault2011-08-12 23:07:10 +0000
committerPascal Rapicault2011-08-31 02:32:57 +0000
commit9af2354d61825b68feb72bfc16a47741ba7b87fd (patch)
treef21a331e78cabc116ef48dc60389cd3314d2cc63
parentc3e8b01f0e2964b19210477d658de9566b240a89 (diff)
downloadrt.equinox.p2-9af2354d61825b68feb72bfc16a47741ba7b87fd.tar.gz
rt.equinox.p2-9af2354d61825b68feb72bfc16a47741ba7b87fd.tar.xz
rt.equinox.p2-9af2354d61825b68feb72bfc16a47741ba7b87fd.zip
Bug 343706 - improve logging / error messages from CertificateChecker
-rw-r--r--bundles/org.eclipse.equinox.p2.engine/.options2
-rw-r--r--bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/DebugHelper.java6
-rw-r--r--bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java37
3 files changed, 42 insertions, 3 deletions
diff --git a/bundles/org.eclipse.equinox.p2.engine/.options b/bundles/org.eclipse.equinox.p2.engine/.options
index 0792967be..04cd230d9 100644
--- a/bundles/org.eclipse.equinox.p2.engine/.options
+++ b/bundles/org.eclipse.equinox.p2.engine/.options
@@ -1,3 +1,5 @@
org.eclipse.equinox.p2.engine/profileregistry/debug = false
org.eclipse.equinox.p2.engine/engine/debug = false
org.eclipse.equinox.p2.engine/enginesession/debug = false
+org.eclipse.equinox.p2.engine/certificatechecker/unsigned = false
+org.eclipse.equinox.p2.engine/certificatechecker/untrusted = false \ No newline at end of file
diff --git a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/DebugHelper.java b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/DebugHelper.java
index c6283ac76..0726908d9 100644
--- a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/DebugHelper.java
+++ b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/DebugHelper.java
@@ -27,6 +27,8 @@ public class DebugHelper {
public static final boolean DEBUG_PROFILE_REGISTRY;
public static final boolean DEBUG_ENGINE;
public static final boolean DEBUG_ENGINE_SESSION;
+ public static final boolean DEBUG_CERTIFICATE_CHECKER_UNSIGNED;
+ public static final boolean DEBUG_CERTIFICATE_CHECKER_UNTRUSTED;
static {
DebugOptions options = (DebugOptions) ServiceHelper.getService(EngineActivator.getContext(), DebugOptions.class.getName());
@@ -34,10 +36,14 @@ public class DebugHelper {
DEBUG_PROFILE_REGISTRY = options.getBooleanOption(EngineActivator.ID + "/profileregistry/debug", false); //$NON-NLS-1$
DEBUG_ENGINE = options.getBooleanOption(EngineActivator.ID + "/engine/debug", false); //$NON-NLS-1$
DEBUG_ENGINE_SESSION = options.getBooleanOption(EngineActivator.ID + "/enginesession/debug", false); //$NON-NLS-1$
+ DEBUG_CERTIFICATE_CHECKER_UNSIGNED = options.getBooleanOption(EngineActivator.ID + "/certificatechecker/unsigned", false); //$NON-NLS-1$
+ DEBUG_CERTIFICATE_CHECKER_UNTRUSTED = options.getBooleanOption(EngineActivator.ID + "/certificatechecker/untrusted", false); //$NON-NLS-1$
} else {
DEBUG_PROFILE_REGISTRY = false;
DEBUG_ENGINE = false;
DEBUG_ENGINE_SESSION = false;
+ DEBUG_CERTIFICATE_CHECKER_UNSIGNED = false;
+ DEBUG_CERTIFICATE_CHECKER_UNTRUSTED = false;
}
}
diff --git a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java
index 397cd6da9..53881b522 100644
--- a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java
+++ b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java
@@ -14,11 +14,10 @@ import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
-import java.util.ArrayList;
+import java.util.*;
import org.eclipse.core.runtime.IStatus;
import org.eclipse.core.runtime.Status;
-import org.eclipse.equinox.internal.p2.engine.EngineActivator;
-import org.eclipse.equinox.internal.p2.engine.Messages;
+import org.eclipse.equinox.internal.p2.engine.*;
import org.eclipse.equinox.p2.core.*;
import org.eclipse.equinox.p2.core.UIServices.TrustInfo;
import org.eclipse.osgi.service.security.TrustEngine;
@@ -29,6 +28,8 @@ import org.osgi.framework.ServiceReference;
import org.osgi.util.tracker.ServiceTracker;
public class CertificateChecker {
+ private static final String CC = "certificate checker";
+
private ArrayList<File> artifacts;
private final IProvisioningAgent agent;
@@ -59,6 +60,7 @@ public class CertificateChecker {
ArrayList<Certificate> untrusted = new ArrayList<Certificate>();
ArrayList<File> unsigned = new ArrayList<File>();
ArrayList<Certificate[]> untrustedChain = new ArrayList<Certificate[]>();
+ Map<Certificate, Collection<File>> untrustedArtifacts = new HashMap<Certificate, Collection<File>>();
IStatus status = Status.OK_STATUS;
if (artifacts.size() == 0 || serviceUI == null)
return status;
@@ -82,6 +84,35 @@ public class CertificateChecker {
untrusted.add(certificateChain[0]);
untrustedChain.add(certificateChain);
}
+ if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNTRUSTED) {
+ if (untrustedArtifacts.containsKey(certificateChain[0])) {
+ untrustedArtifacts.get(certificateChain[0]).add(artifact);
+ } else {
+ untrustedArtifacts.put(certificateChain[0], new ArrayList<File>(Arrays.asList(artifact)));
+ }
+ }
+ }
+
+ // log the unsigned artifacts if requested
+ if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNSIGNED && !unsigned.isEmpty()) {
+ StringBuilder message = new StringBuilder("The following artifacts are unsigned:\n"); //$NON-NLS-1$
+ for (File file : unsigned) {
+ message.append(NLS.bind(" {0}\n", file.getPath())); //$NON-NLS-1$
+ }
+ DebugHelper.debug(CC, message.toString());
+ }
+
+ // log the untrusted certificates if requested
+ if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNTRUSTED && !untrusted.isEmpty()) {
+ StringBuilder message = new StringBuilder("The following certificates are untrusted:\n"); //$NON-NLS-1$
+ for (Certificate cert : untrustedArtifacts.keySet()) {
+ message.append(cert.toString() + "\n"); //$NON-NLS-1$
+ message.append(" used by the following artifacts:\n"); //$NON-NLS-1$
+ for (File file : untrustedArtifacts.get(cert)) {
+ message.append(NLS.bind(" {0}\n", file.getPath())); //$NON-NLS-1$
+ }
+ }
+ DebugHelper.debug(CC, message.toString());
}
}
}

Back to the top