bundles/org.eclipse.osgi/jarverifier/org/eclipse/osgi/internal/verifier/KeyStores.java - equinox/rt.equinox.framework - Git at Google

 /*******************************************************************************
  * Copyright (c) 2006 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
  * http://www.eclipse.org/legal/epl-v10.html
  *
  * Contributors:
  *     IBM Corporation - initial API and implementation
  *******************************************************************************/

 package org.eclipse.osgi.internal.verifier;

 import java.io.*;
 import java.net.*;
 import java.security.*;
 import java.security.cert.Certificate;
 import java.util.*;
 import org.eclipse.osgi.framework.internal.core.FrameworkProperties;
 import org.eclipse.osgi.framework.log.FrameworkLogEntry;

 /**
  * Class to manage the different KeyStores we should check for certificates of
  * Signed JAR
  */
 public class KeyStores {
 	/**
 	 * java.policy files properties of the java.security file
 	 */
 	private static final String JAVA_POLICY_URL = "policy.url."; //$NON-NLS-1$
 	/**
 	 * Default keystore type in java.security file
 	 */
 	private static final String DEFAULT_KEYSTORE_TYPE = "keystore.type"; //$NON-NLS-1$
 	/**
 	 * List of KeyStores
 	 */
 	private List /* of Keystore */keyStores;

 	/**
 	 * KeyStores constructor comment.
 	 */
 	public KeyStores() {
 		super();
 		initializeDefaultKeyStores();
 	}

 	private void processKeyStore(String urlSpec, String type, URL rootURL) {
 		if (type == null)
 			type = KeyStore.getDefaultType();
 		InputStream in = null;
 		try {
 			URL url;
 			try {
 				url = new URL(urlSpec);
 			} catch (MalformedURLException mue) {
 				url = new URL(rootURL, urlSpec);
 			}
 			KeyStore ks = KeyStore.getInstance(type);
 			try {
 				in = url.openStream();
 			} catch (IOException ioe) {
 				// ignore this; the file probably does not exist
 			}
 			if (in != null) {
 				ks.load(in, null);
 				keyStores.add(ks);
 			}
 		} catch (Exception e) {
 			SignedBundleHook.log(e.getMessage(), FrameworkLogEntry.WARNING, e);
 		} finally {
 			if (in != null)
 				try {
 					in.close();
 				} catch (IOException e){
 					// do nothing
 				}
 		}
 	}

 	/**
 	 * populate the list of Keystores should be done with Dialog with
 	 * Cancel/Skip button if the connection to the URL is down...
 	 */
 	private void initializeDefaultKeyStores() {
 		keyStores = new ArrayList(5);
 		// get JRE cacerts
 		String defaultType = Security.getProperty(DEFAULT_KEYSTORE_TYPE);
 		String urlSpec = "file:" + FrameworkProperties.getProperty("java.home") + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts"; //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$ //$NON-NLS-5$
 		processKeyStore(urlSpec, defaultType, null);

 		// get java.home .keystore
 		urlSpec = "file:" + FrameworkProperties.getProperty("user.home") + File.separator + ".keystore"; //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
 		processKeyStore(urlSpec, defaultType, null);

 		// get osgi.framework.keystore keystore
 		urlSpec = FrameworkProperties.getProperty("osgi.framework.keystore"); //$NON-NLS-1$
 		if (urlSpec != null)
 			processKeyStore(urlSpec, defaultType, null);

 		// get KeyStores from policy files...
 		int index = 1;
 		String java_policy = Security.getProperty(JAVA_POLICY_URL + index);
 		while (java_policy != null) {
 			// retrieve keystore url from java.policy
 			// also retrieve keystore type
 			processKeystoreFromLocation(java_policy);
 			index++;
 			java_policy = Security.getProperty(JAVA_POLICY_URL + index);
 		}
 	}

 	/**
 	 * retrieve the keystore from java.policy file
 	 */
 	private void processKeystoreFromLocation(String location) {
 		InputStream in = null;
 		char[] buff = new char[4096];
 		int indexOf$ = location.indexOf("${"); //$NON-NLS-1$
 		int indexOfCurly = location.indexOf('}', indexOf$);
 		if (indexOf$ != -1 && indexOfCurly != -1) {
 			String prop = FrameworkProperties.getProperty(location.substring(indexOf$ + 2, indexOfCurly));
 			String location2 = location.substring(0, indexOf$);
 			location2 += prop;
 			location2 += location.substring(indexOfCurly + 1);
 			location = location2;
 		}
 		try {
 			URL url = new URL(location);
 			//System.out.println("getKeystoreFromLocation: location is: " +location);
 			in = url.openStream();
 			Reader reader = new InputStreamReader(in);
 			int result = reader.read(buff);
 			StringBuffer contentBuff = new StringBuffer();
 			while (result != -1) {
 				contentBuff.append(buff, 0, result);
 				result = reader.read(buff);
 			}
 			if (contentBuff.length() > 0) {
 				String content = new String(contentBuff.toString());
 				int indexOfKeystore = content.indexOf("keystore"); //$NON-NLS-1$
 				if (indexOfKeystore != -1) {
 					int indexOfSemiColumn = content.indexOf(';', indexOfKeystore);
 					processKeystoreFromString(content.substring(indexOfKeystore, indexOfSemiColumn), url);
 					return;
 				}
 			}
 		} catch (MalformedURLException e) {
 			SignedBundleHook.log(e.getMessage(), FrameworkLogEntry.WARNING, e);
 		} catch (IOException e) {
 			// do nothing it is likely that the file does not exist
 		} finally {
 			if (in != null) {
 				try {
 					in.close();
 				} catch (IOException e) {
 					// do nothing
 				}
 			}
 		}
 	}

 	/**
 	 * retrieve the keystore from java.policy file
 	 */
 	private void processKeystoreFromString(String content, URL rootURL) {
 		String keyStoreType = null;
 		int indexOfSpace = content.indexOf(' ');
 		if (indexOfSpace == -1)
 			return;
 		int secondSpace = content.lastIndexOf(',');
 		if (secondSpace == -1) {
 			secondSpace = content.length();
 		} else {
 			keyStoreType = content.substring(secondSpace + 1, content.length()).trim();
 		}
 		processKeyStore(content.substring(indexOfSpace, secondSpace), keyStoreType, rootURL);
 	}

 	public boolean isTrusted(Certificate cert) {
 		Iterator it = keyStores.iterator();
 		while (it.hasNext()) {
 			KeyStore ks = (KeyStore) it.next();
 			try {
 				if (ks.getCertificateAlias(cert) != null) {
 					return true;
 				}
 			} catch (KeyStoreException e) {
 				SignedBundleHook.log(e.getMessage(), FrameworkLogEntry.WARNING, e);
 			}
 		}
 		return false;
 	}
 }
	/*******************************************************************************
	* Copyright (c) 2006 IBM Corporation and others.
	* All rights reserved. This program and the accompanying materials
	* are made available under the terms of the Eclipse Public License v1.0
	* which accompanies this distribution, and is available at
	* http://www.eclipse.org/legal/epl-v10.html
	*
	* Contributors:
	* IBM Corporation - initial API and implementation
	*******************************************************************************/

	package org.eclipse.osgi.internal.verifier;

	import java.io.*;
	import java.net.*;
	import java.security.*;
	import java.security.cert.Certificate;
	import java.util.*;
	import org.eclipse.osgi.framework.internal.core.FrameworkProperties;
	import org.eclipse.osgi.framework.log.FrameworkLogEntry;

	/**
	* Class to manage the different KeyStores we should check for certificates of
	* Signed JAR
	*/
	public class KeyStores {
	/**
	* java.policy files properties of the java.security file
	*/
	private static final String JAVA_POLICY_URL = "policy.url."; //$NON-NLS-1$
	/**
	* Default keystore type in java.security file
	*/
	private static final String DEFAULT_KEYSTORE_TYPE = "keystore.type"; //$NON-NLS-1$
	/**
	* List of KeyStores
	*/
	private List /* of Keystore */keyStores;

	/**
	* KeyStores constructor comment.
	*/
	public KeyStores() {
	super();
	initializeDefaultKeyStores();
	}

	private void processKeyStore(String urlSpec, String type, URL rootURL) {
	if (type == null)
	type = KeyStore.getDefaultType();
	InputStream in = null;
	try {
	URL url;
	try {
	url = new URL(urlSpec);
	} catch (MalformedURLException mue) {
	url = new URL(rootURL, urlSpec);
	}
	KeyStore ks = KeyStore.getInstance(type);
	try {
	in = url.openStream();
	} catch (IOException ioe) {
	// ignore this; the file probably does not exist
	}
	if (in != null) {
	ks.load(in, null);
	keyStores.add(ks);
	}
	} catch (Exception e) {
	SignedBundleHook.log(e.getMessage(), FrameworkLogEntry.WARNING, e);
	} finally {
	if (in != null)
	try {
	in.close();
	} catch (IOException e){
	// do nothing
	}
	}
	}

	/**
	* populate the list of Keystores should be done with Dialog with
	* Cancel/Skip button if the connection to the URL is down...
	*/
	private void initializeDefaultKeyStores() {
	keyStores = new ArrayList(5);
	// get JRE cacerts
	String defaultType = Security.getProperty(DEFAULT_KEYSTORE_TYPE);
	String urlSpec = "file:" + FrameworkProperties.getProperty("java.home") + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts"; //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$ //$NON-NLS-5$
	processKeyStore(urlSpec, defaultType, null);

	// get java.home .keystore
	urlSpec = "file:" + FrameworkProperties.getProperty("user.home") + File.separator + ".keystore"; //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
	processKeyStore(urlSpec, defaultType, null);

	// get osgi.framework.keystore keystore
	urlSpec = FrameworkProperties.getProperty("osgi.framework.keystore"); //$NON-NLS-1$
	if (urlSpec != null)
	processKeyStore(urlSpec, defaultType, null);

	// get KeyStores from policy files...
	int index = 1;
	String java_policy = Security.getProperty(JAVA_POLICY_URL + index);
	while (java_policy != null) {
	// retrieve keystore url from java.policy
	// also retrieve keystore type
	processKeystoreFromLocation(java_policy);
	index++;
	java_policy = Security.getProperty(JAVA_POLICY_URL + index);
	}
	}

	/**
	* retrieve the keystore from java.policy file
	*/
	private void processKeystoreFromLocation(String location) {
	InputStream in = null;
	char[] buff = new char[4096];
	int indexOf$ = location.indexOf("${"); //$NON-NLS-1$
	int indexOfCurly = location.indexOf('}', indexOf$);
	if (indexOf$ != -1 && indexOfCurly != -1) {
	String prop = FrameworkProperties.getProperty(location.substring(indexOf$ + 2, indexOfCurly));
	String location2 = location.substring(0, indexOf$);
	location2 += prop;
	location2 += location.substring(indexOfCurly + 1);
	location = location2;
	}
	try {
	URL url = new URL(location);
	//System.out.println("getKeystoreFromLocation: location is: " +location);
	in = url.openStream();
	Reader reader = new InputStreamReader(in);
	int result = reader.read(buff);
	StringBuffer contentBuff = new StringBuffer();
	while (result != -1) {
	contentBuff.append(buff, 0, result);
	result = reader.read(buff);
	}
	if (contentBuff.length() > 0) {
	String content = new String(contentBuff.toString());
	int indexOfKeystore = content.indexOf("keystore"); //$NON-NLS-1$
	if (indexOfKeystore != -1) {
	int indexOfSemiColumn = content.indexOf(';', indexOfKeystore);
	processKeystoreFromString(content.substring(indexOfKeystore, indexOfSemiColumn), url);
	return;
	}
	}
	} catch (MalformedURLException e) {
	SignedBundleHook.log(e.getMessage(), FrameworkLogEntry.WARNING, e);
	} catch (IOException e) {
	// do nothing it is likely that the file does not exist
	} finally {
	if (in != null) {
	try {
	in.close();
	} catch (IOException e) {
	// do nothing
	}
	}
	}
	}

	/**
	* retrieve the keystore from java.policy file
	*/
	private void processKeystoreFromString(String content, URL rootURL) {
	String keyStoreType = null;
	int indexOfSpace = content.indexOf(' ');
	if (indexOfSpace == -1)
	return;
	int secondSpace = content.lastIndexOf(',');
	if (secondSpace == -1) {
	secondSpace = content.length();
	} else {
	keyStoreType = content.substring(secondSpace + 1, content.length()).trim();
	}
	processKeyStore(content.substring(indexOfSpace, secondSpace), keyStoreType, rootURL);
	}

	public boolean isTrusted(Certificate cert) {
	Iterator it = keyStores.iterator();
	while (it.hasNext()) {
	KeyStore ks = (KeyStore) it.next();
	try {
	if (ks.getCertificateAlias(cert) != null) {
	return true;
	}
	} catch (KeyStoreException e) {
	SignedBundleHook.log(e.getMessage(), FrameworkLogEntry.WARNING, e);
	}
	}
	return false;
	}
	}