diff options
| author | Mykola Nikishov | 2016-04-21 19:59:26 +0000 |
|---|---|---|
| committer | Mykola Nikishov | 2019-07-08 17:47:43 +0000 |
| commit | 568ec2758ef480b7a69dc8572bf80fa8f1b281b2 (patch) | |
| tree | 60b685ade900b9b5463fc7710d9362e1e4dab6c2 /bundles/org.eclipse.equinox.p2.artifact.repository | |
| parent | 2bcad99a06945190c7baff4268f9fc459bc34dfd (diff) | |
| download | rt.equinox.p2-568ec2758ef480b7a69dc8572bf80fa8f1b281b2.tar.gz rt.equinox.p2-568ec2758ef480b7a69dc8572bf80fa8f1b281b2.tar.xz rt.equinox.p2-568ec2758ef480b7a69dc8572bf80fa8f1b281b2.zip | |
Bug 541781 - Support dynamically registered MessageDigest implementationsY20190715-2335Y20190715-0900I20190715-1800I20190714-1800I20190713-1800I20190713-1105I20190713-0230I20190712-1800
Extend o.e.e.p2.artifact.repository.artifactChecksums extension point
with attribute providerName to support custom MessageDigest
implementations as per Java Security API.
To get an instance of custom MessageDigest in ChecksumProducer's
getMessageDigest(String, String), look for service object under
java.security.Provider interface filtered by providerName property and
pass it to java.security.MessageDigest's getInstance(String,
Provider). Throws NoSuchProviderException if no such service was
found.
Bundle that contributes such implementation should register it with
the Framework service registry under interface
java.security.Provider. The registration properties of the service
should contain property 'providerName' with value of type String as
returned by implementation's java.security.Provider.getName(). The
same value should be used for providerName attribute in
artifactChecksums extension point.
o.e.equinox.p2.artifact.checksums.bouncycastle bundle demonstrates how
this works by adding support for Whirlpool and DSTU7564 message
digests using the Bouncy Castle Crypto APIs [1]. It is not part of the
distribution and used by unit tests only.
[1] https://bouncycastle.org/
Change-Id: I0cfd06ceca6e1911d69bab09331399500a00dcee
Signed-off-by: Mykola Nikishov <mn@mn.com.ua>
Diffstat (limited to 'bundles/org.eclipse.equinox.p2.artifact.repository')
5 files changed, 54 insertions, 22 deletions
diff --git a/bundles/org.eclipse.equinox.p2.artifact.repository/schema/artifactChecksums.exsd b/bundles/org.eclipse.equinox.p2.artifact.repository/schema/artifactChecksums.exsd index 8c2a30612..0f7b4b097 100644 --- a/bundles/org.eclipse.equinox.p2.artifact.repository/schema/artifactChecksums.exsd +++ b/bundles/org.eclipse.equinox.p2.artifact.repository/schema/artifactChecksums.exsd @@ -69,6 +69,13 @@ As other tools will rely on this id, consider using some well-defined value (i.e </documentation> </annotation> </attribute> + <attribute name="providerName" type="string"> + <annotation> + <documentation> + For custom security provider, name of the security provider that provides this message digest implementation, the value returned by <code>java.security.Provider.getName()</code>. + </documentation> + </annotation> + </attribute> </complexType> </element> @@ -97,18 +104,35 @@ As other tools will rely on this id, consider using some well-defined value (i.e </extension> </pre> -If the MessageDigest implementation is provided by a custom Provider (from the contributing bundle itself or some other bundle), it should be first dynamically registered: +If the MessageDigest implementation is provided by a custom security provider (from the contributing bundle itself or some other bundle), it should be registered first with the Framework service registry under interface <code>java.security.Provider</code>: <pre> -import java.security.Security; +import java.security.Provider; +import java.util.Dictionary; +import java.util.Hashtable; + import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.osgi.framework.BundleActivator; +import org.osgi.framework.BundleContext; +import org.osgi.framework.ServiceRegistration; + +... -public class Activator implements BundleActivator { +Dictionary<String, Object> props = new Hashtable<>(); +props.put("providerName", "BC"); +ServiceRegistration<Provider> registration = context.registerService(Provider.class, new BouncyCastleProvider(), props); +</pre> + +and then register an extension using <code>providerName</code> attribute: - public void start(BundleContext context) throws Exception { - Security.addProvider(new BouncyCastleProvider()); - } -} +<pre> +<extension point="org.eclipse.equinox.p2.artifact.repository.artifactChecksums"> + <artifactChecksum + algorithm="Whirlpool" + id="whirlpool" + providerName="BC"> + </artifactChecksum> +</extension> </pre> </documentation> </annotation> diff --git a/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/checksum/ChecksumUtilities.java b/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/checksum/ChecksumUtilities.java index 012b39688..f45b7f203 100644 --- a/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/checksum/ChecksumUtilities.java +++ b/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/checksum/ChecksumUtilities.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2015, 2018 Mykola Nikishov. + * Copyright (c) 2015, 2019 Mykola Nikishov. * * This program and the accompanying materials * are made available under the terms of the Eclipse Public License 2.0 @@ -16,6 +16,7 @@ package org.eclipse.equinox.internal.p2.artifact.processors.checksum; import java.io.File; import java.io.IOException; import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; import java.util.*; import java.util.Map.Entry; import org.eclipse.core.runtime.*; @@ -56,7 +57,8 @@ public class ChecksumUtilities { String checksumId = checksumVerifierConfiguration.getAttribute("id"); //$NON-NLS-1$ if (checksumEntry.getKey().equals(checksumId)) { String checksumAlgorithm = checksumVerifierConfiguration.getAttribute("algorithm"); //$NON-NLS-1$ - ChecksumVerifier checksumVerifier = new ChecksumVerifier(checksumAlgorithm, checksumId); + String providerName = checksumVerifierConfiguration.getAttribute("providerName"); //$NON-NLS-1$ + ChecksumVerifier checksumVerifier = new ChecksumVerifier(checksumAlgorithm, providerName, checksumId); checksumVerifier.initialize(null, new ProcessingStepDescriptor(null, checksumEntry.getValue(), true), descriptor); if (checksumVerifier.getStatus().isOK()) steps.add(checksumVerifier); @@ -91,21 +93,22 @@ public class ChecksumUtilities { // don't calculate checksum if algo is disabled continue; String algorithm = checksumVerifierConfiguration.getAttribute("algorithm"); //$NON-NLS-1$ - Optional<String> checksum = calculateChecksum(pathOnDisk, status, id, algorithm); + String providerName = checksumVerifierConfiguration.getAttribute("providerName"); //$NON-NLS-1$ + Optional<String> checksum = calculateChecksum(pathOnDisk, status, id, algorithm, providerName); checksum.ifPresent(c -> checksums.put(id, c)); } return status; } - private static Optional<String> calculateChecksum(File pathOnDisk, MultiStatus status, String id, String algorithm) { + private static Optional<String> calculateChecksum(File pathOnDisk, MultiStatus status, String id, String algorithm, String providerName) { try { - String checksum = ChecksumProducer.produce(pathOnDisk, algorithm); - String message = NLS.bind(Messages.calculateChecksum_ok, new Object[] {id, algorithm, checksum}); + String checksum = ChecksumProducer.produce(pathOnDisk, algorithm, providerName); + String message = NLS.bind(Messages.calculateChecksum_ok, new Object[] {id, algorithm, providerName, checksum}); status.add(new Status(IStatus.OK, Activator.ID, message)); return Optional.of(checksum); - } catch (NoSuchAlgorithmException e) { - String message = NLS.bind(Messages.calculateChecksum_error, id, algorithm); + } catch (NoSuchAlgorithmException | NoSuchProviderException e) { + String message = NLS.bind(Messages.calculateChecksum_providerError, new Object[] {id, algorithm, providerName}); status.add(new Status(IStatus.ERROR, Activator.ID, message, e)); } catch (IOException e) { String message = NLS.bind(Messages.calculateChecksum_error, id, algorithm); diff --git a/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/checksum/ChecksumVerifier.java b/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/checksum/ChecksumVerifier.java index 34df102e6..4d913c46d 100644 --- a/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/checksum/ChecksumVerifier.java +++ b/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/processors/checksum/ChecksumVerifier.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2015, 2018 Mykola Nikishov. + * Copyright (c) 2015, 2019 Mykola Nikishov. * * This program and the accompanying materials * are made available under the terms of the Eclipse Public License 2.0 @@ -15,11 +15,12 @@ package org.eclipse.equinox.internal.p2.artifact.processors.checksum; import static java.util.Optional.ofNullable; -import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; import org.eclipse.core.runtime.IStatus; import org.eclipse.core.runtime.Status; import org.eclipse.equinox.internal.p2.artifact.repository.Activator; +import org.eclipse.equinox.internal.p2.repository.helpers.ChecksumProducer; import org.eclipse.equinox.p2.core.IProvisioningAgent; import org.eclipse.equinox.p2.core.ProvisionException; import org.eclipse.equinox.p2.repository.artifact.IArtifactDescriptor; @@ -30,11 +31,13 @@ final public class ChecksumVerifier extends MessageDigestProcessingStep { private String expectedChecksum; final private String algorithmName; + final private String providerName; final private String algorithmId; // public to access from tests - public ChecksumVerifier(String digestAlgorithm, String algorithmId) { + public ChecksumVerifier(String digestAlgorithm, String providerName, String algorithmId) { this.algorithmName = digestAlgorithm; + this.providerName = providerName; this.algorithmId = algorithmId; basicInitialize(null); } @@ -56,9 +59,9 @@ final public class ChecksumVerifier extends MessageDigestProcessingStep { private void basicInitialize(IProcessingStepDescriptor descriptor) { try { - messageDigest = MessageDigest.getInstance(algorithmName); + messageDigest = ChecksumProducer.getMessageDigest(algorithmName, providerName); setStatus(Status.OK_STATUS); - } catch (NoSuchAlgorithmException e) { + } catch (NoSuchProviderException | NoSuchAlgorithmException e) { int code = buildErrorCode(descriptor); setStatus(new Status(code, Activator.ID, NLS.bind(Messages.Error_checksum_unavailable, algorithmName), e)); } diff --git a/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/repository/Messages.java b/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/repository/Messages.java index 9208be003..f4eba31a3 100644 --- a/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/repository/Messages.java +++ b/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/repository/Messages.java @@ -70,6 +70,7 @@ public class Messages extends NLS { public static String calculateChecksum_file; public static String calculateChecksum_ok; public static String calculateChecksum_error; + public static String calculateChecksum_providerError; static { // initialize resource bundles diff --git a/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/repository/messages.properties b/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/repository/messages.properties index 2efde4def..fa54c3f8c 100644 --- a/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/repository/messages.properties +++ b/bundles/org.eclipse.equinox.p2.artifact.repository/src/org/eclipse/equinox/internal/p2/artifact/repository/messages.properties @@ -55,8 +55,9 @@ exception_unsupportedGetOutputStream=Cannot write artifacts to a composite repos exception_unsupportedRemoveFromComposite = Cannot remove descriptors from a composite repository. calculateChecksum_file=Calculating checksums for file {0}. -calculateChecksum_ok=Calculated checksum using id={0} algorithm={1}: {2}. -calculateChecksum_error=Error calculating checksum using id={0} algorithm={1}. +calculateChecksum_ok=Calculated checksum using id={0} algorithm={1} provider={2}: {3}. +calculateChecksum_error=Error calculating checksum using id={0} algorithm={1} provider={2}. +calculateChecksum_providerError=Checksum provider id={0} algorithm={1} provider={2} error. exception_unableToCreateParentDir = Unable to create parent directory. folder_artifact_not_file_repo=Artifact {0} is a folder but the repository is an archive or remote location. |