| /******************************************************************************* |
| * Copyright (c) 2000, 2006 IBM Corporation and others. |
| * All rights reserved. This program and the accompanying materials |
| * are made available under the terms of the Eclipse Public License v1.0 |
| * which accompanies this distribution, and is available at |
| * http://www.eclipse.org/legal/epl-v10.html |
| * |
| * Contributors: |
| * IBM Corporation - initial API and implementation |
| *******************************************************************************/ |
| package org.eclipse.update.internal.security; |
| |
| import java.security.*; |
| import java.security.cert.*; |
| import java.security.cert.Certificate; |
| import java.text.DateFormat; |
| import java.util.ArrayList; |
| import java.util.Date; |
| import java.util.Iterator; |
| import java.util.List; |
| |
| import org.eclipse.osgi.util.NLS; |
| import org.eclipse.update.core.*; |
| import org.eclipse.update.internal.core.Messages; |
| |
| /** |
| * Result of the service |
| */ |
| public class JarVerificationResult implements IVerificationResult { |
| |
| |
| private int resultCode; |
| private int verificationCode; |
| private Exception resultException; |
| private List /*of Certificates[] */ |
| certificates; |
| private CertificatePair[] rootCertificates; |
| private CertificatePair foundCertificate; // certificate found in one keystore |
| |
| private String signerInfo; |
| private String verifierInfo; |
| private ContentReference contentReference; |
| private IFeature feature; |
| private boolean featureVerification; |
| private boolean alreadySeen; |
| |
| public JarVerificationResult() { |
| } |
| |
| /* |
| * |
| */ |
| public int getResultCode() { |
| return resultCode; |
| } |
| |
| /* |
| * |
| */ |
| public Exception getVerificationException() { |
| return resultException; |
| } |
| |
| /* |
| * |
| */ |
| public void setResultCode(int newResultCode) { |
| resultCode = newResultCode; |
| } |
| |
| /* |
| * |
| */ |
| public void setResultException(Exception newResultException) { |
| resultException = newResultException; |
| } |
| |
| /* |
| * |
| */ |
| public int getVerificationCode() { |
| return verificationCode; |
| } |
| |
| /* |
| * |
| */ |
| public void setVerificationCode(int verificationCode) { |
| this.verificationCode = verificationCode; |
| } |
| |
| /* |
| * adds an array of Certificates to the list |
| * force recomputation of root cert |
| */ |
| public void addCertificates(Certificate[] certs) { |
| if (certificates == null) |
| certificates = new ArrayList(); |
| certificates.add(certs); |
| rootCertificates = null; |
| } |
| |
| /* |
| * Returns the list of root certificates |
| * The list of certificates we received is an array of certificates |
| * we have to determine |
| * 1) how many chain do we have (a chain stops when verifier of a cert is |
| * not the signer of the next cert in the list |
| * 2) build a cert with the leaf signer and the root verifier for each chain |
| */ |
| public CertificatePair[] getRootCertificates() { |
| if (rootCertificates == null) { |
| rootCertificates = new CertificatePair[0]; |
| List rootCertificatesList = new ArrayList(); |
| if (certificates != null && certificates.size() > 0) { |
| Iterator iter = certificates.iterator(); |
| while (iter.hasNext()) { |
| |
| Certificate[] certs = (Certificate[]) iter.next(); |
| if (certs != null && certs.length > 0) { |
| |
| CertificatePair pair = new CertificatePair(); |
| pair.setIssuer(certs[0]); |
| |
| for (int i = 0; i < certs.length - 1; i++) { |
| X509Certificate x509certRoot = (X509Certificate) certs[i]; |
| X509Certificate x509certIssuer = (X509Certificate) certs[i+1]; |
| if (!x509certRoot.getIssuerDN().equals(x509certIssuer.getSubjectDN())) { |
| pair.setRoot(x509certRoot); |
| if (!rootCertificatesList.contains(pair)) { |
| rootCertificatesList.add(pair); |
| } |
| pair = new CertificatePair(); |
| pair.setIssuer(x509certIssuer); |
| } |
| } |
| |
| // add the latest one |
| if (pair != null) { |
| pair.setRoot(certs[certs.length - 1]); |
| if (!rootCertificatesList.contains(pair)) { |
| rootCertificatesList.add(pair); |
| } |
| } |
| } |
| } |
| |
| } |
| |
| if (rootCertificatesList.size() > 0) { |
| rootCertificates = new CertificatePair[rootCertificatesList.size()]; |
| rootCertificatesList.toArray(rootCertificates); |
| } |
| } |
| return rootCertificates; |
| } |
| |
| /* |
| * |
| */ |
| private CertificatePair getFoundCertificate() { |
| return foundCertificate; |
| } |
| |
| /* |
| * |
| */ |
| public void setFoundCertificate(CertificatePair foundCertificate) { |
| this.foundCertificate = foundCertificate; |
| } |
| |
| |
| /* |
| * Initializes the signerInfo and the VerifierInfo from the Certificate Pair |
| */ |
| private void initializeCertificates(){ |
| X509Certificate certRoot = null; |
| X509Certificate certIssuer = null; |
| CertificatePair trustedCertificate; |
| if (getFoundCertificate() == null) { |
| CertificatePair[] certs = getRootCertificates(); |
| if (certs.length == 0) |
| return; |
| trustedCertificate = certs[0]; |
| } else { |
| trustedCertificate = getFoundCertificate(); |
| } |
| certRoot = (X509Certificate) trustedCertificate.getRoot(); |
| certIssuer = (X509Certificate) trustedCertificate.getIssuer(); |
| |
| StringBuffer strb = new StringBuffer(); |
| strb.append(issuerString(certIssuer.getSubjectDN())); |
| strb.append("\r\n"); //$NON-NLS-1$ |
| strb.append(NLS.bind(Messages.JarVerificationResult_ValidBetween, (new String[] { dateString(certIssuer.getNotBefore()), dateString(certIssuer.getNotAfter()) }))); |
| strb.append(checkValidity(certIssuer)); |
| signerInfo = strb.toString(); |
| if (certIssuer != null && !certIssuer.equals(certRoot)) { |
| strb = new StringBuffer(); |
| strb.append(issuerString(certIssuer.getIssuerDN())); |
| strb.append("\r\n"); //$NON-NLS-1$ |
| strb.append(NLS.bind(Messages.JarVerificationResult_ValidBetween, (new String[] { dateString(certRoot.getNotBefore()), dateString(certRoot.getNotAfter()) }))); |
| strb.append(checkValidity(certRoot)); |
| verifierInfo = strb.toString(); |
| } |
| |
| } |
| |
| /* |
| * Returns a String to show if the certificate is valid |
| */ |
| private String checkValidity(X509Certificate cert) { |
| |
| try { |
| cert.checkValidity(); |
| } catch (CertificateExpiredException e) { |
| return ("\r\n" + Messages.JarVerificationResult_ExpiredCertificate); //$NON-NLS-1$ |
| } catch (CertificateNotYetValidException e) { |
| return ("\r\n" + Messages.JarVerificationResult_CertificateNotYetValid); //$NON-NLS-1$ |
| } |
| return ("\r\n" + Messages.JarVerificationResult_CertificateValid); //$NON-NLS-1$ |
| } |
| |
| /* |
| * Returns the label String from a X50name |
| */ |
| private String issuerString(Principal principal) { |
| // 19902 |
| // try { |
| // if (principal instanceof X500Name) { |
| // StringBuffer buf = new StringBuffer(); |
| // X500Name name = (X500Name) principal; |
| // buf.append((name.getDNQualifier() != null) ? name.getDNQualifier() + ", " : ""); |
| // buf.append(name.getCommonName()); |
| // buf.append((name.getOrganizationalUnit() != null) ? ", " + name.getOrganizationalUnit() : ""); |
| // buf.append((name.getOrganization() != null) ? ", " + name.getOrganization() : ""); |
| // buf.append((name.getLocality() != null) ? ", " + name.getLocality() : ""); |
| // buf.append((name.getCountry() != null) ? ", " + name.getCountry() : ""); |
| // return new String(buf); |
| // } |
| // } catch (Exception e) { |
| // UpdateCore.warn("Error parsing X500 Certificate",e); |
| // } |
| return principal.toString(); |
| } |
| |
| /* |
| * |
| */ |
| private String dateString(Date date) { |
| return DateFormat.getDateInstance().format(date); |
| } |
| |
| /* |
| * |
| */ |
| public String getSignerInfo() { |
| if (signerInfo==null) initializeCertificates(); |
| return signerInfo; |
| } |
| |
| /* |
| * |
| */ |
| public String getVerifierInfo() { |
| if (signerInfo==null) initializeCertificates(); |
| return verifierInfo; |
| } |
| |
| /* |
| * |
| */ |
| public ContentReference getContentReference() { |
| return contentReference; |
| } |
| |
| /* |
| * |
| */ |
| public void setContentReference(ContentReference ref) { |
| this.contentReference = ref; |
| } |
| |
| |
| /* |
| * |
| */ |
| public IFeature getFeature() { |
| return feature; |
| } |
| |
| /* |
| * |
| */ |
| public void setFeature(IFeature feature) { |
| this.feature = feature; |
| } |
| |
| /* |
| * |
| */ |
| public String getText() { |
| return null; |
| } |
| |
| |
| /* |
| * |
| */ |
| public boolean isFeatureVerification() { |
| return featureVerification; |
| } |
| |
| /* |
| * |
| */ |
| public void isFeatureVerification(boolean featureVerification) { |
| this.featureVerification = featureVerification; |
| } |
| |
| /* |
| * |
| */ |
| public boolean alreadySeen() { |
| return alreadySeen; |
| } |
| |
| /* |
| * |
| */ |
| public boolean alreadySeen(boolean seen) { |
| return this.alreadySeen = seen; |
| } |
| |
| } |