bundles/org.eclipse.osgi/jarverifier/org/eclipse/osgi/internal/verifier/PKCS7DateParser.java - equinox/rt.equinox.framework - Git at Google

 /*******************************************************************************
  * Copyright (c) 2006, 2007 IBM Corporation and others. All rights reserved.
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
  * and is available at http://www.eclipse.org/legal/epl-v10.html
  *
  * Contributors: IBM Corporation - initial API and implementation
  ******************************************************************************/
 package org.eclipse.osgi.internal.verifier;

 import java.io.IOException;
 import java.security.*;
 import java.security.cert.CertificateException;
 import java.util.*;
 import org.eclipse.osgi.framework.log.FrameworkLogEntry;

 public class PKCS7DateParser {

 	static Date parseDate(PKCS7Processor pkcs7Processor) throws IOException {
 		return hasTimeStamp(pkcs7Processor);
 	}

 	private static Date hasTimeStamp(PKCS7Processor pkcs7) throws IOException {
 		Map unsignedAttrs = pkcs7.getUnsignedAttrs();
 		if (unsignedAttrs != null) {
 			// get the timestamp constrcut
 			byte[] timeStampConstruct = retrieveTimeStampConstruct(unsignedAttrs);

 			// there is a timestamp in the signer info
 			if (timeStampConstruct != null) {

 				try {
 					PKCS7Processor timestampProcess = new PKCS7Processor(timeStampConstruct, 0, timeStampConstruct.length);
 					timestampProcess.validateCerts();
 					pkcs7.setTSACertificates(timestampProcess.getCertificates());
 					return timestampProcess.getSigningTime();
 				} catch (CertificateException e) {
 					SignedBundleHook.log(e.getMessage(), FrameworkLogEntry.ERROR, e);
 					throw new IOException(JarVerifierMessages.PKCS7_Parse_Signing_Time);
 				} catch (NoSuchAlgorithmException e) {
 					SignedBundleHook.log(e.getMessage(), FrameworkLogEntry.ERROR, e);
 					throw new SecurityException(JarVerifierMessages.No_Such_Algorithm_Excep);
 				} catch (InvalidKeyException e) {
 					throw new IOException("InvalidKeyException occurs when verifying the certs from tsa certificates: " + e.getMessage()); //$NON-NLS-1$
 				} catch (SignatureException e) {
 					throw new IOException(JarVerifierMessages.Signature_Not_Verify);
 				}

 			}
 		}
 		return null;
 	}

 	private static byte[] retrieveTimeStampConstruct(Map unsignedAttrs) {
 		Set objIDs = unsignedAttrs.keySet();
 		Iterator iter = objIDs.iterator();
 		while (iter.hasNext()) {
 			int[] objID = (int[]) iter.next();
 			if (Arrays.equals(JarVerifierConstant.TIMESTAMP_OID, objID)) {
 				return (byte[]) unsignedAttrs.get(objID);
 			}
 		}
 		return null;
 	}
 }
	/*******************************************************************************
	* Copyright (c) 2006, 2007 IBM Corporation and others. All rights reserved.
	* This program and the accompanying materials are made available under the
	* terms of the Eclipse Public License v1.0 which accompanies this distribution,
	* and is available at http://www.eclipse.org/legal/epl-v10.html
	*
	* Contributors: IBM Corporation - initial API and implementation
	******************************************************************************/
	package org.eclipse.osgi.internal.verifier;

	import java.io.IOException;
	import java.security.*;
	import java.security.cert.CertificateException;
	import java.util.*;
	import org.eclipse.osgi.framework.log.FrameworkLogEntry;

	public class PKCS7DateParser {

	static Date parseDate(PKCS7Processor pkcs7Processor) throws IOException {
	return hasTimeStamp(pkcs7Processor);
	}

	private static Date hasTimeStamp(PKCS7Processor pkcs7) throws IOException {
	Map unsignedAttrs = pkcs7.getUnsignedAttrs();
	if (unsignedAttrs != null) {
	// get the timestamp constrcut
	byte[] timeStampConstruct = retrieveTimeStampConstruct(unsignedAttrs);

	// there is a timestamp in the signer info
	if (timeStampConstruct != null) {

	try {
	PKCS7Processor timestampProcess = new PKCS7Processor(timeStampConstruct, 0, timeStampConstruct.length);
	timestampProcess.validateCerts();
	pkcs7.setTSACertificates(timestampProcess.getCertificates());
	return timestampProcess.getSigningTime();
	} catch (CertificateException e) {
	SignedBundleHook.log(e.getMessage(), FrameworkLogEntry.ERROR, e);
	throw new IOException(JarVerifierMessages.PKCS7_Parse_Signing_Time);
	} catch (NoSuchAlgorithmException e) {
	SignedBundleHook.log(e.getMessage(), FrameworkLogEntry.ERROR, e);
	throw new SecurityException(JarVerifierMessages.No_Such_Algorithm_Excep);
	} catch (InvalidKeyException e) {
	throw new IOException("InvalidKeyException occurs when verifying the certs from tsa certificates: " + e.getMessage()); //$NON-NLS-1$
	} catch (SignatureException e) {
	throw new IOException(JarVerifierMessages.Signature_Not_Verify);
	}

	}
	}
	return null;
	}

	private static byte[] retrieveTimeStampConstruct(Map unsignedAttrs) {
	Set objIDs = unsignedAttrs.keySet();
	Iterator iter = objIDs.iterator();
	while (iter.hasNext()) {
	int[] objID = (int[]) iter.next();
	if (Arrays.equals(JarVerifierConstant.TIMESTAMP_OID, objID)) {
	return (byte[]) unsignedAttrs.get(objID);
	}
	}
	return null;
	}
	}