Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / libcore / 319a3b994703aac84df7bcde272adfcb3cdbbbf0 / . / jdk / src / share / classes / java / util / jar / JarVerifier.java
blob: 54954413e59993576c20f38f76099ebdaf905327 [file] [log] [blame]
J. Duke319a3b92007-12-01 00:00:00 +0000[diff] [blame^]1/*
2 * Copyright 1997-2005 Sun Microsystems, Inc. All Rights Reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Sun designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Sun in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
22 * CA 95054 USA or visit www.sun.com if you need additional information or
23 * have any questions.
24 */
25
26package java.util.jar;
27
28import java.io.*;
29import java.util.*;
30import java.util.zip.*;
31import java.security.*;
32import java.security.cert.CertificateException;
33
34import sun.security.util.ManifestDigester;
35import sun.security.util.ManifestEntryVerifier;
36import sun.security.util.SignatureFileVerifier;
37import sun.security.util.Debug;
38
39/**
40 *
41 * @author Roland Schemers
42 */
43class JarVerifier {
44
45 /* Are we debugging ? */
46 static final Debug debug = Debug.getInstance("jar");
47
48 /* a table mapping names to code signers, for jar entries that have
49 had their actual hashes verified */
50 private Hashtable verifiedSigners;
51
52 /* a table mapping names to code signers, for jar entries that have
53 passed the .SF/.DSA -> MANIFEST check */
54 private Hashtable sigFileSigners;
55
56 /* a hash table to hold .SF bytes */
57 private Hashtable sigFileData;
58
59 /** "queue" of pending PKCS7 blocks that we couldn't parse
60 * until we parsed the .SF file */
61 private ArrayList pendingBlocks;
62
63 /* cache of CodeSigner objects */
64 private ArrayList signerCache;
65
66 /* Are we parsing a block? */
67 private boolean parsingBlockOrSF = false;
68
69 /* Are we done parsing META-INF entries? */
70 private boolean parsingMeta = true;
71
72 /* Are there are files to verify? */
73 private boolean anyToVerify = true;
74
75 /* The output stream to use when keeping track of files we are interested
76 in */
77 private ByteArrayOutputStream baos;
78
79 /** The ManifestDigester object */
80 private ManifestDigester manDig;
81
82 /** the bytes for the manDig object */
83 byte manifestRawBytes[] = null;
84
85 public JarVerifier(byte rawBytes[]) {
86 manifestRawBytes = rawBytes;
87 sigFileSigners = new Hashtable();
88 verifiedSigners = new Hashtable();
89 sigFileData = new Hashtable(11);
90 pendingBlocks = new ArrayList();
91 baos = new ByteArrayOutputStream();
92 }
93
94 /**
95 * This method scans to see which entry we're parsing and
96 * keeps various state information depending on what type of
97 * file is being parsed.
98 */
99 public void beginEntry(JarEntry je, ManifestEntryVerifier mev)
100 throws IOException
101 {
102 if (je == null)
103 return;
104
105 if (debug != null) {
106 debug.println("beginEntry "+je.getName());
107 }
108
109 String name = je.getName();
110
111 /*
112 * Assumptions:
113 * 1. The manifest should be the first entry in the META-INF directory.
114 * 2. The .SF/.DSA files follow the manifest, before any normal entries
115 * 3. Any of the following will throw a SecurityException:
116 * a. digest mismatch between a manifest section and
117 * the SF section.
118 * b. digest mismatch between the actual jar entry and the manifest
119 */
120
121 if (parsingMeta) {
122 String uname = name.toUpperCase(Locale.ENGLISH);
123 if ((uname.startsWith("META-INF/") ||
124 uname.startsWith("/META-INF/"))) {
125
126 if (je.isDirectory()) {
127 mev.setEntry(null, je);
128 return;
129 }
130
131 if (SignatureFileVerifier.isBlockOrSF(uname)) {
132 /* We parse only DSA or RSA PKCS7 blocks. */
133 parsingBlockOrSF = true;
134 baos.reset();
135 mev.setEntry(null, je);
136 }
137 return;
138 }
139 }
140
141 if (parsingMeta) {
142 doneWithMeta();
143 }
144
145 if (je.isDirectory()) {
146 mev.setEntry(null, je);
147 return;
148 }
149
150 // be liberal in what you accept. If the name starts with ./, remove
151 // it as we internally canonicalize it with out the ./.
152 if (name.startsWith("./"))
153 name = name.substring(2);
154
155 // be liberal in what you accept. If the name starts with /, remove
156 // it as we internally canonicalize it with out the /.
157 if (name.startsWith("/"))
158 name = name.substring(1);
159
160 // only set the jev object for entries that have a signature
161 if (sigFileSigners.get(name) != null) {
162 mev.setEntry(name, je);
163 return;
164 }
165
166 // don't compute the digest for this entry
167 mev.setEntry(null, je);
168
169 return;
170 }
171
172 /**
173 * update a single byte.
174 */
175
176 public void update(int b, ManifestEntryVerifier mev)
177 throws IOException
178 {
179 if (b != -1) {
180 if (parsingBlockOrSF) {
181 baos.write(b);
182 } else {
183 mev.update((byte)b);
184 }
185 } else {
186 processEntry(mev);
187 }
188 }
189
190 /**
191 * update an array of bytes.
192 */
193
194 public void update(int n, byte[] b, int off, int len,
195 ManifestEntryVerifier mev)
196 throws IOException
197 {
198 if (n != -1) {
199 if (parsingBlockOrSF) {
200 baos.write(b, off, n);
201 } else {
202 mev.update(b, off, n);
203 }
204 } else {
205 processEntry(mev);
206 }
207 }
208
209 /**
210 * called when we reach the end of entry in one of the read() methods.
211 */
212 private void processEntry(ManifestEntryVerifier mev)
213 throws IOException
214 {
215 if (!parsingBlockOrSF) {
216 JarEntry je = mev.getEntry();
217 if ((je != null) && (je.signers == null)) {
218 je.signers = mev.verify(verifiedSigners, sigFileSigners);
219 je.certs = mapSignersToCertArray(je.signers);
220 }
221 } else {
222
223 try {
224 parsingBlockOrSF = false;
225
226 if (debug != null) {
227 debug.println("processEntry: processing block");
228 }
229
230 String uname = mev.getEntry().getName()
231 .toUpperCase(Locale.ENGLISH);
232
233 if (uname.endsWith(".SF")) {
234 String key = uname.substring(0, uname.length()-3);
235 byte bytes[] = baos.toByteArray();
236 // add to sigFileData in case future blocks need it
237 sigFileData.put(key, bytes);
238 // check pending blocks, we can now process
239 // anyone waiting for this .SF file
240 Iterator it = pendingBlocks.iterator();
241 while (it.hasNext()) {
242 SignatureFileVerifier sfv =
243 (SignatureFileVerifier) it.next();
244 if (sfv.needSignatureFile(key)) {
245 if (debug != null) {
246 debug.println(
247 "processEntry: processing pending block");
248 }
249
250 sfv.setSignatureFile(bytes);
251 sfv.process(sigFileSigners);
252 }
253 }
254 return;
255 }
256
257 // now we are parsing a signature block file
258
259 String key = uname.substring(0, uname.lastIndexOf("."));
260
261 if (signerCache == null)
262 signerCache = new ArrayList();
263
264 if (manDig == null) {
265 synchronized(manifestRawBytes) {
266 if (manDig == null) {
267 manDig = new ManifestDigester(manifestRawBytes);
268 manifestRawBytes = null;
269 }
270 }
271 }
272
273 SignatureFileVerifier sfv =
274 new SignatureFileVerifier(signerCache,
275 manDig, uname, baos.toByteArray());
276
277 if (sfv.needSignatureFileBytes()) {
278 // see if we have already parsed an external .SF file
279 byte[] bytes = (byte[]) sigFileData.get(key);
280
281 if (bytes == null) {
282 // put this block on queue for later processing
283 // since we don't have the .SF bytes yet
284 // (uname, block);
285 if (debug != null) {
286 debug.println("adding pending block");
287 }
288 pendingBlocks.add(sfv);
289 return;
290 } else {
291 sfv.setSignatureFile(bytes);
292 }
293 }
294 sfv.process(sigFileSigners);
295
296 } catch (sun.security.pkcs.ParsingException pe) {
297 if (debug != null) debug.println("processEntry caught: "+pe);
298 // ignore and treat as unsigned
299 } catch (IOException ioe) {
300 if (debug != null) debug.println("processEntry caught: "+ioe);
301 // ignore and treat as unsigned
302 } catch (SignatureException se) {
303 if (debug != null) debug.println("processEntry caught: "+se);
304 // ignore and treat as unsigned
305 } catch (NoSuchAlgorithmException nsae) {
306 if (debug != null) debug.println("processEntry caught: "+nsae);
307 // ignore and treat as unsigned
308 } catch (CertificateException ce) {
309 if (debug != null) debug.println("processEntry caught: "+ce);
310 // ignore and treat as unsigned
311 }
312 }
313 }
314
315 /**
316 * Return an array of java.security.cert.Certificate objects for
317 * the given file in the jar.
318 */
319 public java.security.cert.Certificate[] getCerts(String name)
320 {
321 return mapSignersToCertArray(getCodeSigners(name));
322 }
323
324 /**
325 * return an array of CodeSigner objects for
326 * the given file in the jar. this array is not cloned.
327 *
328 */
329 public CodeSigner[] getCodeSigners(String name)
330 {
331 return (CodeSigner[])verifiedSigners.get(name);
332 }
333
334 /*
335 * Convert an array of signers into an array of concatenated certificate
336 * arrays.
337 */
338 private static java.security.cert.Certificate[] mapSignersToCertArray(
339 CodeSigner[] signers) {
340
341 if (signers != null) {
342 ArrayList certChains = new ArrayList();
343 for (int i = 0; i < signers.length; i++) {
344 certChains.addAll(
345 signers[i].getSignerCertPath().getCertificates());
346 }
347
348 // Convert into a Certificate[]
349 return (java.security.cert.Certificate[])
350 certChains.toArray(
351 new java.security.cert.Certificate[certChains.size()]);
352 }
353 return null;
354 }
355
356 /**
357 * returns true if there no files to verify.
358 * should only be called after all the META-INF entries
359 * have been processed.
360 */
361 boolean nothingToVerify()
362 {
363 return (anyToVerify == false);
364 }
365
366 /**
367 * called to let us know we have processed all the
368 * META-INF entries, and if we re-read one of them, don't
369 * re-process it. Also gets rid of any data structures
370 * we needed when parsing META-INF entries.
371 */
372 void doneWithMeta()
373 {
374 parsingMeta = false;
375 anyToVerify = !sigFileSigners.isEmpty();
376 baos = null;
377 sigFileData = null;
378 pendingBlocks = null;
379 signerCache = null;
380 manDig = null;
381 }
382
383 static class VerifierStream extends java.io.InputStream {
384
385 private InputStream is;
386 private JarVerifier jv;
387 private ManifestEntryVerifier mev;
388 private long numLeft;
389
390 VerifierStream(Manifest man,
391 JarEntry je,
392 InputStream is,
393 JarVerifier jv) throws IOException
394 {
395 this.is = is;
396 this.jv = jv;
397 this.mev = new ManifestEntryVerifier(man);
398 this.jv.beginEntry(je, mev);
399 this.numLeft = je.getSize();
400 if (this.numLeft == 0)
401 this.jv.update(-1, this.mev);
402 }
403
404 public int read() throws IOException
405 {
406 if (numLeft > 0) {
407 int b = is.read();
408 jv.update(b, mev);
409 numLeft--;
410 if (numLeft == 0)
411 jv.update(-1, mev);
412 return b;
413 } else {
414 return -1;
415 }
416 }
417
418 public int read(byte b[], int off, int len) throws IOException {
419 if ((numLeft > 0) && (numLeft < len)) {
420 len = (int)numLeft;
421 }
422
423 if (numLeft > 0) {
424 int n = is.read(b, off, len);
425 jv.update(n, b, off, len, mev);
426 numLeft -= n;
427 if (numLeft == 0)
428 jv.update(-1, b, off, len, mev);
429 return n;
430 } else {
431 return -1;
432 }
433 }
434
435 public void close()
436 throws IOException
437 {
438 if (is != null)
439 is.close();
440 is = null;
441 mev = null;
442 jv = null;
443 }
444
445 public int available() throws IOException {
446 return is.available();
447 }
448
449 }
450}