diff options
author | Pascal Rapicault | 2011-08-12 23:07:10 +0000 |
---|---|---|
committer | Pascal Rapicault | 2011-08-31 02:32:57 +0000 |
commit | 9af2354d61825b68feb72bfc16a47741ba7b87fd (patch) | |
tree | f21a331e78cabc116ef48dc60389cd3314d2cc63 | |
parent | c3e8b01f0e2964b19210477d658de9566b240a89 (diff) | |
download | rt.equinox.p2-9af2354d61825b68feb72bfc16a47741ba7b87fd.tar.gz rt.equinox.p2-9af2354d61825b68feb72bfc16a47741ba7b87fd.tar.xz rt.equinox.p2-9af2354d61825b68feb72bfc16a47741ba7b87fd.zip |
Bug 343706 - improve logging / error messages from CertificateChecker
3 files changed, 42 insertions, 3 deletions
diff --git a/bundles/org.eclipse.equinox.p2.engine/.options b/bundles/org.eclipse.equinox.p2.engine/.options index 0792967be..04cd230d9 100644 --- a/bundles/org.eclipse.equinox.p2.engine/.options +++ b/bundles/org.eclipse.equinox.p2.engine/.options @@ -1,3 +1,5 @@ org.eclipse.equinox.p2.engine/profileregistry/debug = false org.eclipse.equinox.p2.engine/engine/debug = false org.eclipse.equinox.p2.engine/enginesession/debug = false +org.eclipse.equinox.p2.engine/certificatechecker/unsigned = false +org.eclipse.equinox.p2.engine/certificatechecker/untrusted = false
\ No newline at end of file diff --git a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/DebugHelper.java b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/DebugHelper.java index c6283ac76..0726908d9 100644 --- a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/DebugHelper.java +++ b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/DebugHelper.java @@ -27,6 +27,8 @@ public class DebugHelper { public static final boolean DEBUG_PROFILE_REGISTRY; public static final boolean DEBUG_ENGINE; public static final boolean DEBUG_ENGINE_SESSION; + public static final boolean DEBUG_CERTIFICATE_CHECKER_UNSIGNED; + public static final boolean DEBUG_CERTIFICATE_CHECKER_UNTRUSTED; static { DebugOptions options = (DebugOptions) ServiceHelper.getService(EngineActivator.getContext(), DebugOptions.class.getName()); @@ -34,10 +36,14 @@ public class DebugHelper { DEBUG_PROFILE_REGISTRY = options.getBooleanOption(EngineActivator.ID + "/profileregistry/debug", false); //$NON-NLS-1$ DEBUG_ENGINE = options.getBooleanOption(EngineActivator.ID + "/engine/debug", false); //$NON-NLS-1$ DEBUG_ENGINE_SESSION = options.getBooleanOption(EngineActivator.ID + "/enginesession/debug", false); //$NON-NLS-1$ + DEBUG_CERTIFICATE_CHECKER_UNSIGNED = options.getBooleanOption(EngineActivator.ID + "/certificatechecker/unsigned", false); //$NON-NLS-1$ + DEBUG_CERTIFICATE_CHECKER_UNTRUSTED = options.getBooleanOption(EngineActivator.ID + "/certificatechecker/untrusted", false); //$NON-NLS-1$ } else { DEBUG_PROFILE_REGISTRY = false; DEBUG_ENGINE = false; DEBUG_ENGINE_SESSION = false; + DEBUG_CERTIFICATE_CHECKER_UNSIGNED = false; + DEBUG_CERTIFICATE_CHECKER_UNTRUSTED = false; } } diff --git a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java index 397cd6da9..53881b522 100644 --- a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java +++ b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java @@ -14,11 +14,10 @@ import java.io.File; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.cert.Certificate; -import java.util.ArrayList; +import java.util.*; import org.eclipse.core.runtime.IStatus; import org.eclipse.core.runtime.Status; -import org.eclipse.equinox.internal.p2.engine.EngineActivator; -import org.eclipse.equinox.internal.p2.engine.Messages; +import org.eclipse.equinox.internal.p2.engine.*; import org.eclipse.equinox.p2.core.*; import org.eclipse.equinox.p2.core.UIServices.TrustInfo; import org.eclipse.osgi.service.security.TrustEngine; @@ -29,6 +28,8 @@ import org.osgi.framework.ServiceReference; import org.osgi.util.tracker.ServiceTracker; public class CertificateChecker { + private static final String CC = "certificate checker"; + private ArrayList<File> artifacts; private final IProvisioningAgent agent; @@ -59,6 +60,7 @@ public class CertificateChecker { ArrayList<Certificate> untrusted = new ArrayList<Certificate>(); ArrayList<File> unsigned = new ArrayList<File>(); ArrayList<Certificate[]> untrustedChain = new ArrayList<Certificate[]>(); + Map<Certificate, Collection<File>> untrustedArtifacts = new HashMap<Certificate, Collection<File>>(); IStatus status = Status.OK_STATUS; if (artifacts.size() == 0 || serviceUI == null) return status; @@ -82,6 +84,35 @@ public class CertificateChecker { untrusted.add(certificateChain[0]); untrustedChain.add(certificateChain); } + if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNTRUSTED) { + if (untrustedArtifacts.containsKey(certificateChain[0])) { + untrustedArtifacts.get(certificateChain[0]).add(artifact); + } else { + untrustedArtifacts.put(certificateChain[0], new ArrayList<File>(Arrays.asList(artifact))); + } + } + } + + // log the unsigned artifacts if requested + if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNSIGNED && !unsigned.isEmpty()) { + StringBuilder message = new StringBuilder("The following artifacts are unsigned:\n"); //$NON-NLS-1$ + for (File file : unsigned) { + message.append(NLS.bind(" {0}\n", file.getPath())); //$NON-NLS-1$ + } + DebugHelper.debug(CC, message.toString()); + } + + // log the untrusted certificates if requested + if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNTRUSTED && !untrusted.isEmpty()) { + StringBuilder message = new StringBuilder("The following certificates are untrusted:\n"); //$NON-NLS-1$ + for (Certificate cert : untrustedArtifacts.keySet()) { + message.append(cert.toString() + "\n"); //$NON-NLS-1$ + message.append(" used by the following artifacts:\n"); //$NON-NLS-1$ + for (File file : untrustedArtifacts.get(cert)) { + message.append(NLS.bind(" {0}\n", file.getPath())); //$NON-NLS-1$ + } + } + DebugHelper.debug(CC, message.toString()); } } } |