| /******************************************************************************* |
| * Copyright (c) 2000, 2008 IBM Corporation and others. |
| * All rights reserved. This program and the accompanying materials |
| * are made available under the terms of the Eclipse Public License v1.0 |
| * which accompanies this distribution, and is available at |
| * http://www.eclipse.org/legal/epl-v10.html |
| * |
| * Contributors: |
| * IBM Corporation - initial API and implementation |
| *******************************************************************************/ |
| package org.eclipse.update.internal.verifier; |
| |
| import java.security.Principal; |
| import java.security.cert.*; |
| import java.text.DateFormat; |
| import java.util.Date; |
| import org.eclipse.osgi.signedcontent.SignedContent; |
| import org.eclipse.osgi.signedcontent.SignerInfo; |
| import org.eclipse.osgi.util.NLS; |
| import org.eclipse.update.core.*; |
| import org.eclipse.update.internal.core.Messages; |
| |
| /** |
| * Result of the service |
| */ |
| public class CertVerificationResult implements IVerificationResult { |
| |
| |
| private int resultCode; |
| private int verificationCode; |
| private Exception resultException; |
| |
| private SignedContent signedContent; |
| private String signerInfo; |
| private String verifierInfo; |
| private ContentReference contentReference; |
| private IFeature feature; |
| private boolean featureVerification; |
| private boolean alreadySeen; |
| |
| public CertVerificationResult() { |
| } |
| |
| /* |
| * |
| */ |
| public int getResultCode() { |
| return resultCode; |
| } |
| |
| /* |
| * |
| */ |
| public Exception getVerificationException() { |
| return resultException; |
| } |
| |
| /* |
| * |
| */ |
| public void setResultCode(int newResultCode) { |
| resultCode = newResultCode; |
| } |
| |
| /* |
| * |
| */ |
| public void setResultException(Exception newResultException) { |
| resultException = newResultException; |
| } |
| |
| /* |
| * |
| */ |
| public int getVerificationCode() { |
| return verificationCode; |
| } |
| |
| /* |
| * |
| */ |
| public void setVerificationCode(int verificationCode) { |
| this.verificationCode = verificationCode; |
| } |
| |
| void setSignedContent(SignedContent signedContent) { |
| this.signedContent = signedContent; |
| } |
| |
| public SignerInfo[] getSigners() { |
| return signedContent.getSignerInfos(); |
| } |
| |
| /* |
| * Initializes the signerInfo and the VerifierInfo from the Certificate Pair |
| */ |
| private void initializeCertificates(){ |
| X509Certificate certRoot = null; |
| X509Certificate certIssuer = null; |
| SignerInfo trustedSigner; |
| SignerInfo[] signers = getSigners(); |
| if (signers.length == 0) |
| return; |
| trustedSigner = signers[0]; |
| for (int i = 0; i < signers.length; i++) { |
| if (signers[i].isTrusted()) { |
| trustedSigner = signers[i]; |
| break; |
| } |
| } |
| Certificate[] certs = trustedSigner.getCertificateChain(); |
| if (certs == null || certs.length == 0) |
| return; |
| certRoot = (X509Certificate) certs[certs.length - 1]; |
| certIssuer = (X509Certificate) certs[0]; |
| |
| StringBuffer strb = new StringBuffer(); |
| strb.append(issuerString(certIssuer.getSubjectDN())); |
| strb.append("\r\n"); //$NON-NLS-1$ |
| strb.append(NLS.bind(Messages.JarVerificationResult_ValidBetween, (new String[] { dateString(certIssuer.getNotBefore()), dateString(certIssuer.getNotAfter()) }))); |
| strb.append(checkValidity(trustedSigner)); |
| signerInfo = strb.toString(); |
| if (certIssuer != null && !certIssuer.equals(certRoot)) { |
| strb = new StringBuffer(); |
| strb.append(issuerString(certIssuer.getIssuerDN())); |
| strb.append("\r\n"); //$NON-NLS-1$ |
| strb.append(NLS.bind(Messages.JarVerificationResult_ValidBetween, (new String[] { dateString(certRoot.getNotBefore()), dateString(certRoot.getNotAfter()) }))); |
| verifierInfo = strb.toString(); |
| } |
| |
| } |
| |
| /* |
| * Returns a String to show if the certificate is valid |
| */ |
| private String checkValidity(SignerInfo signer) { |
| |
| try { |
| signedContent.checkValidity(signer); |
| } catch (CertificateExpiredException e) { |
| return ("\r\n" + Messages.JarVerificationResult_ExpiredCertificate); //$NON-NLS-1$ |
| } catch (CertificateNotYetValidException e) { |
| return ("\r\n" + Messages.JarVerificationResult_CertificateNotYetValid); //$NON-NLS-1$ |
| } |
| return ("\r\n" + Messages.JarVerificationResult_CertificateValid); //$NON-NLS-1$ |
| } |
| |
| /* |
| * Returns the label String from a X50name |
| */ |
| private String issuerString(Principal principal) { |
| // 19902 |
| // try { |
| // if (principal instanceof X500Name) { |
| // StringBuffer buf = new StringBuffer(); |
| // X500Name name = (X500Name) principal; |
| // buf.append((name.getDNQualifier() != null) ? name.getDNQualifier() + ", " : ""); |
| // buf.append(name.getCommonName()); |
| // buf.append((name.getOrganizationalUnit() != null) ? ", " + name.getOrganizationalUnit() : ""); |
| // buf.append((name.getOrganization() != null) ? ", " + name.getOrganization() : ""); |
| // buf.append((name.getLocality() != null) ? ", " + name.getLocality() : ""); |
| // buf.append((name.getCountry() != null) ? ", " + name.getCountry() : ""); |
| // return new String(buf); |
| // } |
| // } catch (Exception e) { |
| // UpdateCore.warn("Error parsing X500 Certificate",e); |
| // } |
| return principal.toString(); |
| } |
| |
| /* |
| * |
| */ |
| private String dateString(Date date) { |
| return DateFormat.getDateInstance().format(date); |
| } |
| |
| /* |
| * |
| */ |
| public String getSignerInfo() { |
| if (signerInfo==null) initializeCertificates(); |
| return signerInfo; |
| } |
| |
| /* |
| * |
| */ |
| public String getVerifierInfo() { |
| if (signerInfo==null) initializeCertificates(); |
| return verifierInfo; |
| } |
| |
| /* |
| * |
| */ |
| public ContentReference getContentReference() { |
| return contentReference; |
| } |
| |
| /* |
| * |
| */ |
| public void setContentReference(ContentReference ref) { |
| this.contentReference = ref; |
| } |
| |
| |
| /* |
| * |
| */ |
| public IFeature getFeature() { |
| return feature; |
| } |
| |
| /* |
| * |
| */ |
| public void setFeature(IFeature feature) { |
| this.feature = feature; |
| } |
| |
| /* |
| * |
| */ |
| public String getText() { |
| return null; |
| } |
| |
| |
| /* |
| * |
| */ |
| public boolean isFeatureVerification() { |
| return featureVerification; |
| } |
| |
| /* |
| * |
| */ |
| public void isFeatureVerification(boolean featureVerification) { |
| this.featureVerification = featureVerification; |
| } |
| |
| /* |
| * |
| */ |
| public boolean alreadySeen() { |
| return alreadySeen; |
| } |
| |
| /* |
| * |
| */ |
| public boolean alreadySeen(boolean seen) { |
| return this.alreadySeen = seen; |
| } |
| |
| } |