|
1
11 package org.eclipse.osgi.internal.verifier;
12
13 import java.io.File  ;
14 import java.io.IOException ;
15 import java.net.URLConnection ;
16 import java.security.Security ;
17 import java.util.Hashtable ;
18 import java.util.Properties ;
19 import org.eclipse.osgi.baseadaptor.*;
20 import org.eclipse.osgi.baseadaptor.bundlefile.*;
21 import org.eclipse.osgi.baseadaptor.hooks.AdaptorHook;
22 import org.eclipse.osgi.baseadaptor.hooks.BundleFileWrapperFactoryHook;
23 import org.eclipse.osgi.framework.adaptor.BundleData;
24 import org.eclipse.osgi.framework.adaptor.FrameworkAdaptor;
25 import org.eclipse.osgi.framework.internal.core.AbstractBundle;
26 import org.eclipse.osgi.framework.internal.core.FrameworkProperties;
27 import org.eclipse.osgi.framework.log.FrameworkLog;
28 import org.eclipse.osgi.framework.log.FrameworkLogEntry;
29 import org.eclipse.osgi.internal.provisional.verifier.*;
30 import org.eclipse.osgi.util.ManifestElement;
31 import org.osgi.framework.*;
32 import org.osgi.util.tracker.ServiceTracker;
33
34
37 public class SignedBundleHook implements AdaptorHook, BundleFileWrapperFactoryHook, HookConfigurator, CertificateVerifierFactory {
38 static final int VERIFY_CERTIFICATE = 0x01;
39 static final int VERIFY_TRUST = 0x02;
40 static final int VERIFY_RUNTIME = 0x04;
41 static final int VERIFY_ALL = VERIFY_CERTIFICATE | VERIFY_TRUST | VERIFY_RUNTIME;
42 private static String SUPPORT_CERTIFICATE = "certificate"; private static String SUPPORT_TRUST = "trust"; private static String SUPPORT_RUNTIME = "runtime"; private static String SUPPORT_ALL = "all"; private static String SUPPORT_TRUE = "true"; private static ServiceTracker trustAuthorityTracker;
48 private static BaseAdaptor ADAPTOR;
49 private static String SIGNED_BUNDLE_SUPPORT = "osgi.support.signature.verify"; private static int supportSignedBundles;
51 private static CertificateTrustAuthority trustAuthority = new DefaultTrustAuthority(VERIFY_ALL);
52 private ServiceRegistration certVerifierReg;
53 private ServiceRegistration trustAuthorityReg;
54
55 public boolean matchDNChain(String pattern, String dnChain[]) {
56 boolean satisfied = false;
57 if (dnChain != null) {
58 for (int i = 0; i < dnChain.length; i++)
59 if (DNChainMatching.match(dnChain[i], pattern)) {
60 satisfied = true;
61 break;
62 }
63 }
64 return satisfied;
65 }
66
67 public void initialize(BaseAdaptor adaptor) {
68 SignedBundleHook.ADAPTOR = adaptor;
69 }
70
71 public void frameworkStart(BundleContext context) throws BundleException {
72 certVerifierReg = context.registerService(CertificateVerifierFactory.class.getName(), this, null);
73 Hashtable properties = new Hashtable (7);
74 properties.put(Constants.SERVICE_RANKING, new Integer (Integer.MIN_VALUE));
75 properties.put(JarVerifierConstant.TRUST_AUTHORITY, JarVerifierConstant.DEFAULT_TRUST_AUTHORITY);
76 trustAuthorityReg = context.registerService(CertificateTrustAuthority.class.getName(), trustAuthority, properties);
77 }
78
79 public void frameworkStop(BundleContext context) throws BundleException {
80 if (certVerifierReg != null) {
81 certVerifierReg.unregister();
82 certVerifierReg = null;
83 }
84 if (trustAuthorityReg != null) {
85 trustAuthorityReg.unregister();
86 trustAuthorityReg = null;
87 }
88 if (trustAuthorityTracker != null) {
89 trustAuthorityTracker.close();
90 trustAuthorityTracker = null;
91 }
92 }
93
94 public void frameworkStopping(BundleContext context) {
95 }
97
98 public void addProperties(Properties properties) {
99 }
101
102 public URLConnection mapLocationToURLConnection(String location) throws IOException {
103 return null;
104 }
105
106 public void handleRuntimeError(Throwable error) {
107 }
109
110 public FrameworkLog createFrameworkLog() {
111 return null;
112 }
113
114 public BundleFile wrapBundleFile(BundleFile bundleFile, Object content, BaseData data, boolean base) {
115 try {
116 if (bundleFile != null) {
117 SignedStorageHook hook = (SignedStorageHook) data.getStorageHook(SignedStorageHook.KEY);
118 SignedBundleFile signedBaseFile;
119 if (base && hook != null) {
120 if (hook.signedBundleFile == null)
121 hook.signedBundleFile = new SignedBundleFile();
122 signedBaseFile = hook.signedBundleFile;
123 } else
124 signedBaseFile = new SignedBundleFile();
125 signedBaseFile.setBundleFile(bundleFile, supportSignedBundles);
126 if (signedBaseFile.isSigned()) bundleFile = signedBaseFile;
128 else if (base) hook.signedBundleFile = null;
130 }
131 } catch (IOException e) {
132 }
134 return bundleFile;
135 }
136
137 public void addHooks(HookRegistry hookRegistry) {
138 hookRegistry.addAdaptorHook(this);
139 String [] support = ManifestElement.getArrayFromList(FrameworkProperties.getProperty(SIGNED_BUNDLE_SUPPORT), ","); for (int i = 0; i < support.length; i++) {
141 if (SUPPORT_CERTIFICATE.equals(support[i]))
142 supportSignedBundles |= VERIFY_CERTIFICATE;
143 else if (SUPPORT_TRUST.equals(support[i]))
144 supportSignedBundles |= VERIFY_CERTIFICATE | VERIFY_TRUST;
145 else if (SUPPORT_RUNTIME.equals(support[i]))
146 supportSignedBundles |= VERIFY_CERTIFICATE | VERIFY_RUNTIME;
147 else if (SUPPORT_TRUE.equals(support[i]) || SUPPORT_ALL.equals(support[i]))
148 supportSignedBundles |= VERIFY_ALL;
149 }
150 if ((supportSignedBundles & VERIFY_CERTIFICATE) != 0) {
151 hookRegistry.addStorageHook(new SignedStorageHook());
152 hookRegistry.addBundleFileWrapperFactoryHook(this);
153 }
154 }
155
156 public CertificateVerifier getVerifier(File content) throws IOException {
157 if (content == null)
158 throw new IllegalArgumentException ("null content"); BundleFile contentBundleFile;
160 if (content.isDirectory())
161 contentBundleFile = new DirBundleFile(content);
162 else
163 contentBundleFile = new ZipBundleFile(content, null);
164 SignedBundleFile result = new SignedBundleFile();
165 result.setBundleFile(contentBundleFile, VERIFY_ALL);
166 return result;
167 }
168
169 public CertificateVerifier getVerifier(Bundle bundle) throws IOException {
170 BundleData data = ((AbstractBundle) bundle).getBundleData();
171 if (!(data instanceof BaseData))
172 throw new IllegalArgumentException ("Invalid bundle object. No BaseData found."); SignedStorageHook hook = (SignedStorageHook) ((BaseData)data).getStorageHook(SignedStorageHook.KEY);
174 SignedBundleFile signedBundle = hook != null ? hook.signedBundleFile : null;
175 if (signedBundle != null)
176 return signedBundle; return getVerifier(((BaseData)data).getBundleFile().getBaseFile()); }
179
180 static void log(String msg, int severity, Throwable t) {
181 if (SignedBundleHook.ADAPTOR == null) {
182 System.err.println(msg);
183 t.printStackTrace();
184 return;
185 }
186 FrameworkLogEntry entry = new FrameworkLogEntry(FrameworkAdaptor.FRAMEWORK_SYMBOLICNAME, severity, 0, msg, 0, t, null);
187 SignedBundleHook.ADAPTOR.getFrameworkLog().log(entry);
188 }
189
190 static BundleContext getContext() {
191 if (ADAPTOR == null)
192 return null;
193 return ADAPTOR.getContext();
194 }
195
196 static CertificateTrustAuthority getTrustAuthority() {
197 BundleContext context = SignedBundleHook.getContext();
199 if (context == null)
200 return trustAuthority;
201 if (trustAuthorityTracker == null) {
202 String trustAuthorityProp = Security.getProperty(JarVerifierConstant.TRUST_AUTHORITY);
204 Filter filter = null;
205 if (trustAuthorityProp != null)
206 try {
207 filter = FrameworkUtil.createFilter("(&(" + Constants.OBJECTCLASS + "=" + CertificateTrustAuthority.class.getName() + ")(" + JarVerifierConstant.TRUST_AUTHORITY + "=" + trustAuthorityProp + "))"); } catch (InvalidSyntaxException e) {
209 e.printStackTrace();
210 }
212 if (filter != null) {
213 trustAuthorityTracker = new ServiceTracker(context, filter, null);
214 }
215 else
216 trustAuthorityTracker = new ServiceTracker(context, CertificateTrustAuthority.class.getName(), null);
217 trustAuthorityTracker.open();
218 }
219 return (CertificateTrustAuthority) trustAuthorityTracker.getService();
220 }
221 }
222 |
Popular Tags |
Java API By Example, From Geeks To Geeks.