KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > eclipse > update > internal > verifier > CertVerifier


1 /*******************************************************************************
2  * Copyright (c) 2000, 2007 IBM Corporation and others.
3  * All rights reserved. This program and the accompanying materials
4  * are made available under the terms of the Eclipse Public License v1.0
5  * which accompanies this distribution, and is available at
6  * http://www.eclipse.org/legal/epl-v10.html
7  *
8  * Contributors:
9  * IBM Corporation - initial API and implementation
10  *******************************************************************************/
11 package org.eclipse.update.internal.verifier;
12
13 import java.io.File JavaDoc;
14 import java.io.IOException JavaDoc;
15 import java.util.ArrayList JavaDoc;
16 import java.util.Iterator JavaDoc;
17 import java.util.List JavaDoc;
18 import java.util.jar.JarFile JavaDoc;
19 import java.util.zip.ZipException JavaDoc;
20
21 import org.eclipse.core.runtime.CoreException;
22 import org.eclipse.core.runtime.IProgressMonitor;
23 import org.eclipse.osgi.internal.provisional.verifier.*;
24 import org.eclipse.osgi.util.NLS;
25 import org.eclipse.update.core.*;
26 import org.eclipse.update.internal.core.Messages;
27 import org.eclipse.update.internal.core.UpdateCore;
28
29 /**
30  * The JarVerifier will check the integrity of the JAR.
31  * If the Jar is signed and the integrity is validated,
32  * it will check if one of the certificate of each file
33  * is in one of the keystore.
34  *
35  */
36
37 public class CertVerifier extends Verifier {
38
39     private CertVerificationResult result;
40     private boolean acceptUnsignedFiles;
41     private IProgressMonitor monitor;
42     private File JavaDoc jarFile;
43     private CertificateVerifierFactory factory;
44     private List JavaDoc trustedCertificates;
45
46     /*
47      * Default Constructor
48      */
49     public CertVerifier(CertificateVerifierFactory factory) {
50         this.factory = factory;
51         initialize();
52     }
53
54
55     /*
56      *
57      */
58     private void initialize() {
59         result = null;
60         acceptUnsignedFiles = false;
61     }
62
63     /*
64      * init
65      */
66     private void init(IFeature feature, ContentReference contentRef) throws CoreException {
67         jarFile = null;
68         if (contentRef instanceof JarContentReference) {
69             JarContentReference jarReference = (JarContentReference) contentRef;
70             try {
71                 jarFile = jarReference.asFile();
72                 if (UpdateCore.DEBUG && UpdateCore.DEBUG_SHOW_INSTALL)
73                     UpdateCore.debug("Attempting to read JAR file:"+jarFile); //$NON-NLS-1$
74
75                 // # of entries
76 if (!jarFile.exists()) throw new IOException JavaDoc();
77                 JarFile JavaDoc jar = new JarFile JavaDoc(jarFile);
78                 if (jar !=null){
79                     try {
80                         jar.close();
81                     } catch (IOException JavaDoc ex) {
82                         // unchecked
83 }
84                 }
85             } catch (ZipException JavaDoc e){
86                 throw Utilities.newCoreException(NLS.bind(Messages.JarVerifier_InvalidJar, (new String JavaDoc[] { jarReference.toString() })), e);
87             } catch (IOException JavaDoc e) {
88                 throw Utilities.newCoreException(NLS.bind(Messages.JarVerifier_UnableToAccessJar, (new String JavaDoc[] { jarReference.toString() })), e);
89             }
90         }
91
92         result = new CertVerificationResult();
93         result.setVerificationCode(IVerificationResult.UNKNOWN_ERROR);
94         result.setResultException(null);
95         result.setFeature(feature);
96         result.setContentReference(contentRef);
97     }
98
99     /*
100      * @param newMonitor org.eclipse.core.runtime.IProgressMonitor
101      */
102     private void setMonitor(IProgressMonitor newMonitor) {
103         monitor = newMonitor;
104     }
105
106     /*
107      * @see IVerifier#verify(IFeature,ContentReference,boolean, InstallMonitor)
108      */
109     public IVerificationResult verify(
110         IFeature feature,
111         ContentReference reference,
112         boolean isFeatureVerification,
113         InstallMonitor monitor)
114         throws CoreException {
115
116         if (reference == null)
117             return result;
118
119         // if parent knows how to verify, ask the parent first
120 if (getParent() != null) {
121             IVerificationResult vr =
122                 getParent().verify(feature, reference, isFeatureVerification, monitor);
123             if (vr.getVerificationCode() != IVerificationResult.TYPE_ENTRY_UNRECOGNIZED)
124                 return vr;
125         }
126
127         // the parent couldn't verify
128 setMonitor(monitor);
129         init(feature, reference);
130         result.isFeatureVerification(isFeatureVerification);
131
132         if (jarFile!=null) {
133             result = verify(jarFile.getAbsolutePath(), reference.getIdentifier());
134         } else {
135             result.setVerificationCode(IVerificationResult.TYPE_ENTRY_UNRECOGNIZED);
136         }
137
138         return result;
139     }
140
141     /*
142      *
143      */
144     private CertVerificationResult verify(String JavaDoc file, String JavaDoc identifier) {
145
146         try {
147             CertificateVerifier verifier = factory.getVerifier(new File JavaDoc(file));
148             // verify integrity
149 verifyIntegrity(verifier, identifier);
150
151             //if user already said yes
152 result.alreadySeen(alreadyValidated());
153
154             // save the fact the file is not signed, so the user will not be prompted again
155 if (result.getVerificationCode()
156                 == IVerificationResult.TYPE_ENTRY_NOT_SIGNED) {
157                 acceptUnsignedFiles = true;
158             }
159
160         } catch (Exception JavaDoc e) {
161             result.setVerificationCode(IVerificationResult.UNKNOWN_ERROR);
162             result.setResultException(e);
163         }
164
165         if (monitor != null) {
166             monitor.worked(1);
167             if (monitor.isCanceled()) {
168                 result.setVerificationCode(IVerificationResult.VERIFICATION_CANCELLED);
169             }
170         }
171
172         return result;
173     }
174
175     /*
176      * Verifies the integrity of the JAR
177      */
178     private void verifyIntegrity(CertificateVerifier verifier, String JavaDoc identifier) {
179         try {
180             if (verifier.isSigned()) {
181                 // If the JAR is signed and invalid then mark as corrupted
182 if (verifier.verifyContent().length == 0) {
183                     CertificateChain[] roots = verifier.getChains();
184                     result.setChains(roots);
185                     for (int i = 0; i < roots.length; i++)
186                         if (roots[i].isTrusted()) {
187                             result.setFoundChain(roots[i]);
188                             result.setVerificationCode(IVerificationResult.TYPE_ENTRY_SIGNED_RECOGNIZED);
189                             break;
190                         }
191                     if (result.getVerificationCode() != IVerificationResult.TYPE_ENTRY_SIGNED_RECOGNIZED)
192                         result.setVerificationCode(IVerificationResult.TYPE_ENTRY_SIGNED_UNRECOGNIZED);
193                 } else
194                     result.setVerificationCode(IVerificationResult.TYPE_ENTRY_CORRUPTED);
195             } else {
196                 result.setVerificationCode(IVerificationResult.TYPE_ENTRY_NOT_SIGNED);
197                 return;
198             }
199         } catch (Exception JavaDoc e) {
200             result.setVerificationCode(IVerificationResult.UNKNOWN_ERROR);
201             result.setResultException(e);
202         }
203     }
204
205     /*
206      *
207      */
208     private boolean alreadyValidated() {
209         int verifyCode = result.getVerificationCode();
210         if (verifyCode == IVerificationResult.TYPE_ENTRY_NOT_SIGNED)
211             return (acceptUnsignedFiles);
212         if (verifyCode == IVerificationResult.UNKNOWN_ERROR)
213             return false;
214         if (result.getchains() != null) { //getTrustedCertificates() can't be null as it is lazy initialized
215 Iterator JavaDoc iter = getTrustedCertificates().iterator();
216             CertificateChain[] roots = result.getchains();
217
218             // check if this is not a user accepted certificate for this feature
219 while (iter.hasNext()) {
220                 CertificateChain chain = (CertificateChain) iter.next();
221                 for (int i = 0; i < roots.length; i++)
222                     if (chain.equals(roots[i]))
223                         return true;
224             }
225
226             // if certificate pair not found in trusted add it for next time
227 for (int i = 0; i < roots.length; i++) {
228                 addTrustedCertificate(roots[i]);
229             }
230         }
231
232         return false;
233     }
234
235     /*
236      *
237      */
238     private void addTrustedCertificate(CertificateChain chain) {
239         if (trustedCertificates == null)
240             trustedCertificates = new ArrayList JavaDoc();
241         if (chain != null)
242             trustedCertificates.add(chain);
243     }
244
245     /*
246      *
247      */
248     private List JavaDoc getTrustedCertificates() {
249         if (trustedCertificates == null)
250             trustedCertificates = new ArrayList JavaDoc();
251         return trustedCertificates;
252     }
253
254     /**
255      * @see IVerifier#setParent(IVerifier)
256      */
257     public void setParent(IVerifier parentVerifier) {
258         super.setParent(parentVerifier);
259         initialize();
260     }
261
262 }
263
Popular Tags