JarVerification
diff --git a/update/org.eclipse.update.core/src/org/eclipse/update/core/Site.java b/update/org.eclipse.update.core/src/org/eclipse/update/core/Site.java
index 773fce8..5b05116 100644
--- a/update/org.eclipse.update.core/src/org/eclipse/update/core/Site.java
+++ b/update/org.eclipse.update.core/src/org/eclipse/update/core/Site.java
@@ -302,7 +302,7 @@
IPluginEntry[] pluginEntries = features[indexFeatures].getFeature().getPluginEntries();
if (pluginEntries != null) {
for (int indexEntries = 0; indexEntries < pluginEntries.length; indexEntries++) {
- allPluginID.add(entries[indexEntries].getVersionedIdentifier());
+ allPluginID.add(pluginEntries[indexEntries].getVersionedIdentifier());
}
}
}
diff --git a/update/org.eclipse.update.core/src/org/eclipse/update/internal/core/messages.properties b/update/org.eclipse.update.core/src/org/eclipse/update/internal/core/messages.properties
index 8388867..9f468c9 100644
--- a/update/org.eclipse.update.core/src/org/eclipse/update/internal/core/messages.properties
+++ b/update/org.eclipse.update.core/src/org/eclipse/update/internal/core/messages.properties
@@ -151,9 +151,11 @@
SiteLocal.UnableToSaveStateIn= Unable to persist configurations into {0}.
SiteLocal.UnableToResolve= Internal Error.Unable to resolve {0}.
-JarVerifier.InvalidJarFile= The file '{0}' is not a valid JAR file.
JarVerifier.Verify= Verifying :
-
+JarVerifier.UnableToFindEncryption= Unable to find algorithm to verify integrity of keystore {0}.
+JarVerifier.UnableToLoadCertificate= Unable to load one or multiples certificates in the keystore {0}.
+JarVerifier.UnableToFindProviderForKeystore= Unable to find provider for the keystore type {0}.
+JarVerifier.KeyStoreNotLoaded= Internal Error. KeyStore not Initialized / Loaded.
JarVerificationDialog.Verification= Verification
JarVerificationDialog.AboutToInstall= You are about to install an unsigned feature
@@ -173,8 +175,21 @@
JarVerificationDialog.InstallCertificate= Always trust this certificate
JarVerificationDialog.Install= Install Feature
JarVerificationDialog.Cancel= Cancel Feature Instalation
+JarVerificationDialog.KnownCertificate= One of the certificates used to authenticate this feature was recognized
+JarVerificationDialog.ProviderKnown= The provider of this feature has been validated by a third party trusted certificate.
+JarVerificationDialog.Caution= Only install if you trust both the signer and the third party certificates.
+JarVerificationDialog.RootCA= Third Party Trusted Certificate
+JarVerificationDialog.CAIssuer= Certificate Issuer : {0}.
+JarVerificationDialog.ValidBetween= Valid between {0} and {1}.
+JarVerificationDialog.SubjectCA= Certificate used to sign the feature.
+JarVerificationDialog.DoYouTrustCertificate= Do you want to always trust this certificate when installing this feature ?
+JarVerificationDialog.ExpiredCertificate= * EXPIRED CERTIFICATE *
+JarVerificationDialog.CertificateNotYetValid= * CERTIFICATE NOT YET VALID *
+JarVerificationDialog.CertificateValid= Valid certificate.
-JarVerificationService.ErrorVerification= Error occurred during verification
-JarVerificationService.VerificationCanceled= Verification cancelled
-JarVerificationService.UnsucessfulVerification= Verification of feature unsucessful. Install canceled
-JarVerificationService.ErrorDuringVerification= Error during verification. Install canceled
+JarVerificationService.ErrorVerification= Error occurred during verification.
+JarVerificationService.VerificationCanceled= Verification cancelled.
+JarVerificationService.UnsucessfulVerification= Verification of feature unsucessful. Installation cancelled.
+JarVerificationService.ErrorDuringVerification= Error during verification. Installation cancelled.
+JarVerificationService.CancelInstall= Installation cancelled.
+
diff --git a/update/org.eclipse.update.core/src/org/eclipse/update/internal/security/JarVerification.java b/update/org.eclipse.update.core/src/org/eclipse/update/internal/security/JarVerification.java
new file mode 100644
index 0000000..d94a923
--- /dev/null
+++ b/update/org.eclipse.update.core/src/org/eclipse/update/internal/security/JarVerification.java
@@ -0,0 +1,26 @@
+
+package org.eclipse.update.internal.security;
+/*
+ * (c) Copyright IBM Corp. 2000, 2002.
+ * All Rights Reserved.
+ */
+
+/**
+ *
+ */
+public interface JarVerification {
+
+
+ public static final int JAR_NOT_SIGNED = 0;
+ public static final int JAR_CORRUPTED = 1;
+ public static final int JAR_INTEGRITY_VERIFIED = 2;
+ public static final int JAR_SOURCE_VERIFIED = 3;
+ public static final int UNKNOWN_ERROR = 4;
+ public static final int VERIFICATION_CANCELLED = 5;
+
+ public static final int ASK_USER = -1;
+ public static final int CANCEL_INSTALL = 0;
+ public static final int ERROR_INSTALL = 1;
+ public static final int OK_TO_INSTALL = 2;
+
+}
diff --git a/update/org.eclipse.update.core/src/org/eclipse/update/internal/security/JarVerificationResult.java b/update/org.eclipse.update.core/src/org/eclipse/update/internal/security/JarVerificationResult.java
index 8ce58ba..e22268f 100644
--- a/update/org.eclipse.update.core/src/org/eclipse/update/internal/security/JarVerificationResult.java
+++ b/update/org.eclipse.update.core/src/org/eclipse/update/internal/security/JarVerificationResult.java
@@ -15,10 +15,6 @@
*/
public class JarVerificationResult {
- public static final int ASK_USER = -1;
- public static final int CANCEL_INSTALL = 0;
- public static final int ERROR_INSTALL = 1;
- public static final int OK_TO_INSTALL = 2;
private int resultCode;
private int verificationCode;
@@ -88,6 +84,7 @@
*/
public CertificatePair[] getRootCertificates() {
if (rootCertificates == null) {
+ rootCertificates = new CertificatePair[0];
List rootCertificatesList = new ArrayList();
if (certificates != null && certificates.size() > 0) {
Iterator iter = certificates.iterator();
@@ -123,9 +120,9 @@
}
}
-
+
if (rootCertificatesList.size() > 0) {
- rootCertificates = new CertificatePair[certificates.size()];
+ rootCertificates = new CertificatePair[certificates.size()];
rootCertificatesList.toArray(rootCertificates);
}
}
diff --git a/update/org.eclipse.update.core/src/org/eclipse/update/internal/security/JarVerifier.java b/update/org.eclipse.update.core/src/org/eclipse/update/internal/security/JarVerifier.java
index 0fc37fd..4ce7a24 100644
--- a/update/org.eclipse.update.core/src/org/eclipse/update/internal/security/JarVerifier.java
+++ b/update/org.eclipse.update.core/src/org/eclipse/update/internal/security/JarVerifier.java
@@ -50,12 +50,6 @@
private String jarFileName;
//RESULT VALUES
- public static final int NOT_SIGNED = 0;
- public static final int CORRUPTED = 1;
- public static final int INTEGRITY_VERIFIED = 2;
- public static final int SOURCE_VERIFIED = 3;
- public static final int UNKNOWN_ERROR = 4;
- public static final int VERIFICATION_CANCELLED = 5;
/**
* Default Constructor
@@ -69,10 +63,8 @@
this.monitor = monitor;
}
/**
- * Returns the list of certificates of the keystore.
+ * Returns the list of the keystores.
*
- * Can be optimize, within an operation, we only need to get the
- * list of certificate once.
*/
private List getKeyStores() throws CoreException {
if (listOfKeystores == null) {
@@ -80,20 +72,20 @@
KeyStores listOfKeystoreHandles = new KeyStores();
InputStream in = null;
KeyStore keystore = null;
+ KeystoreHandle handle = null;
while (listOfKeystoreHandles.hasNext()) {
try {
- KeystoreHandle handle = listOfKeystoreHandles.next();
+ handle = listOfKeystoreHandles.next();
in = handle.getLocation().openStream();
try {
keystore = KeyStore.getInstance(handle.getType());
keystore.load(in, null); // no password
} catch (NoSuchAlgorithmException e) {
- throw newCoreException("Unable to find encryption algorithm", e);
-
+ throw newCoreException(Policy.bind("JarVerifier.UnableToFindEncryption",handle.getLocation().toExternalForm()), e); //$NON-NLS-1$
} catch (CertificateException e) {
- throw newCoreException("Unable to load a certificate in the keystore", e);
+ throw newCoreException(Policy.bind("JarVerifier.UnableToLoadCertificate",handle.getLocation().toExternalForm()), e); //$NON-NLS-1$
} catch (KeyStoreException e) {
- throw newCoreException("Unable to find provider for the keystore type", e);
+ throw newCoreException(Policy.bind("JarVerifier.UnableToFindProviderForKeystore",handle.getType()), e); //$NON-NLS-1$
} finally {
if (in != null) {
try {
@@ -121,17 +113,14 @@
*/
private void initializeVariables(File jarFile) throws IOException {
result = new JarVerificationResult();
- result.setVerificationCode(UNKNOWN_ERROR);
- result.setResultCode(JarVerificationResult.ASK_USER);
- result.setResultException(
- new Exception(
- Policy.bind("JarVerifier.InvalidJarFile", jarFile.getAbsolutePath())));
- //$NON-NLS-1$
+ result.setVerificationCode(JarVerification.UNKNOWN_ERROR);
+ result.setResultCode(JarVerification.ASK_USER);
+ result.setResultException(null);
JarFile jar = new JarFile(jarFile);
entries = jar.size();
try {
jar.close();
- } catch (java.io.IOException ex) {
+ } catch (IOException ex) {
// unchecked
}
jarFileName = jarFile.getName();
@@ -153,7 +142,7 @@
}
}
} catch (KeyStoreException e) {
- throw newCoreException("KeyStore not loaded", e);
+ throw newCoreException(Policy.bind("JarVerifier.KeyStoreNotLoaded"), e); //$NON-NLS-1$
}
return false;
}
@@ -168,8 +157,7 @@
byte[] buffer = new byte[4096];
JarEntry ent;
if (monitor != null)
- monitor.beginTask(Policy.bind("JarVerifier.Verify", jarFileName), entries);
- //$NON-NLS-1$ //$NON-NLS-2$
+ monitor.beginTask(Policy.bind("JarVerifier.Verify", jarFileName), entries);//$NON-NLS-1$ //$NON-NLS-2$
try {
while ((ent = jis.getNextJarEntry()) != null) {
list.add(ent);
@@ -180,7 +168,7 @@
}
}
} catch (IOException e) {
- result.setVerificationCode(UNKNOWN_ERROR);
+ result.setVerificationCode(JarVerification.UNKNOWN_ERROR);
result.setResultException(e);
} finally {
if (monitor != null)
@@ -228,11 +216,11 @@
// as verifyIntegrity already did it
// verify source certificate
- if (result.getVerificationCode() == INTEGRITY_VERIFIED)
+ if (result.getVerificationCode() == JarVerification.JAR_INTEGRITY_VERIFIED)
verifyAuthentication();
} catch (Exception e) {
- result.setVerificationCode(UNKNOWN_ERROR);
+ result.setVerificationCode(JarVerification.UNKNOWN_ERROR);
result.setResultException(e);
}
@@ -256,7 +244,7 @@
for (int i = 0; i < entries.length; i++) {
certificateFound = existsInKeystore(entries[i].getRoot());
if (certificateFound) {
- result.setVerificationCode(SOURCE_VERIFIED);
+ result.setVerificationCode(JarVerification.JAR_SOURCE_VERIFIED);
result.setFoundCertificate(entries[i]);
return;
}
@@ -293,18 +281,18 @@
}
if (certificateFound)
- result.setVerificationCode(INTEGRITY_VERIFIED);
+ result.setVerificationCode(JarVerification.JAR_INTEGRITY_VERIFIED);
else
- result.setVerificationCode(NOT_SIGNED);
+ result.setVerificationCode(JarVerification.JAR_NOT_SIGNED);
}
} catch (SecurityException e) {
// Jar file is signed
// but content has changed since signed
- result.setVerificationCode(CORRUPTED);
+ result.setVerificationCode(JarVerification.JAR_CORRUPTED);
} catch (InterruptedException e) {
- result.setVerificationCode(VERIFICATION_CANCELLED);
+ result.setVerificationCode(JarVerification.VERIFICATION_CANCELLED);
} catch (Exception e) {
- result.setVerificationCode(UNKNOWN_ERROR);
+ result.setVerificationCode(JarVerification.UNKNOWN_ERROR);
result.setResultException(e);
} finally {
if (jis != null) {
diff --git a/update/org.eclipse.update.core/src/org/eclipse/update/internal/security/KeyStores.java b/update/org.eclipse.update.core/src/org/eclipse/update/internal/security/KeyStores.java
index d7893b3..cd7c0f4 100644
--- a/update/org.eclipse.update.core/src/org/eclipse/update/internal/security/KeyStores.java
+++ b/update/org.eclipse.update.core/src/org/eclipse/update/internal/security/KeyStores.java
Binary files differ
diff --git a/update/org.eclipse.update.ui/src/org/eclipse/update/internal/ui/security/JarVerificationDialog.java b/update/org.eclipse.update.ui/src/org/eclipse/update/internal/ui/security/JarVerificationDialog.java
index 5d0d6f7..a913590 100644
--- a/update/org.eclipse.update.ui/src/org/eclipse/update/internal/ui/security/JarVerificationDialog.java
+++ b/update/org.eclipse.update.ui/src/org/eclipse/update/internal/ui/security/JarVerificationDialog.java
@@ -6,6 +6,8 @@
import java.io.File;
import java.security.cert.Certificate;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import org.eclipse.jface.dialogs.Dialog;
@@ -17,20 +19,23 @@
import org.eclipse.swt.layout.GridLayout;
import org.eclipse.swt.widgets.*;
import org.eclipse.update.internal.security.CertificatePair;
+import org.eclipse.update.internal.security.JarVerification;
import org.eclipse.update.internal.security.JarVerificationResult;
import org.eclipse.update.internal.security.JarVerifier;
+import sun.security.x509.X500Name;
import org.eclipse.update.internal.core.Policy;
public class JarVerificationDialog extends Dialog {
- protected JarVerificationResult _VerificationResult = null;
- protected File _file = null;
- protected String _strComponentName = null;
- protected String _strId = null;
- protected String _strProviderName = null;
- protected Button _buttonInstall;
- protected Button _buttonCancel;
- protected Button _buttonInstallCertificate;
- public static boolean COMPONENT_TO_INSTALL = false;
+ private JarVerificationResult _VerificationResult = null;
+ private File _file = null;
+ private String _strComponentName = null;
+ private String _strId = null;
+ private String _strProviderName = null;
+ private Button _buttonInstall;
+ private Button _buttonCancel;
+ private Button _buttonTrustCertificate;
+ private CertificatePair trustedCertificate = null;
+ private boolean okToInstall = false;
/**
*
*/
@@ -47,9 +52,14 @@
_strId = strId;
_strComponentName = strComponentName;
_strProviderName = strProviderName;
+ trustedCertificate = null;
+ okToInstall = false;
}
public boolean close() {
- COMPONENT_TO_INSTALL = okToInstall();
+ okToInstall =( _buttonInstall != null ? _buttonInstall.getSelection() : false);
+ if (_buttonTrustCertificate== null || !_buttonTrustCertificate.getSelection()){
+ trustedCertificate = null;
+ }
return super.close();
}
/**
@@ -63,8 +73,7 @@
* of the dialog (above the button bar).
*/
protected Control createDialogArea(Composite compositeParent) {
- getShell().setText(Policy.bind("JarVerificationDialog.Verification"));
- //$NON-NLS-1$
+ getShell().setText(Policy.bind("JarVerificationDialog.Verification"));//$NON-NLS-1$
// Composite: Client
//------------------
Composite compositeClient = new Composite(compositeParent, SWT.NULL);
@@ -79,53 +88,45 @@
new GridData(GridData.GRAB_VERTICAL | GridData.FILL_HORIZONTAL));
StringBuffer strb = new StringBuffer();
switch (_VerificationResult.getVerificationCode()) {
- case JarVerifier.NOT_SIGNED :
- strb.append(Policy.bind("JarVerificationDialog.AboutToInstall"));
- //$NON-NLS-1$
+ case JarVerification.JAR_NOT_SIGNED :
+ strb.append(Policy.bind("JarVerificationDialog.AboutToInstall"));//$NON-NLS-1$
strb.append("\n\n"); //$NON-NLS-1$
- strb.append(Policy.bind("JarVerificationDialog.NotDigitallySigned"));
- //$NON-NLS-1$
+ strb.append(Policy.bind("JarVerificationDialog.NotDigitallySigned"));//$NON-NLS-1$
strb.append("\n"); //$NON-NLS-1$
- strb.append(Policy.bind("JarVerificationDialog.CannotVerifyProvider"));
- //$NON-NLS-1$
+ strb.append(Policy.bind("JarVerificationDialog.CannotVerifyProvider"));//$NON-NLS-1$
strb.append("\n"); //$NON-NLS-1$
strb.append(Policy.bind("JarVerificationDialog.MayCorrupt")); //$NON-NLS-1$
textInformation.setText(strb.toString());
break;
- case JarVerifier.CORRUPTED :
- strb.append(Policy.bind("JarVerificationDialog.CorruptedContent"));
- //$NON-NLS-1$
+ case JarVerification.JAR_CORRUPTED :
+ strb.append(Policy.bind("JarVerificationDialog.CorruptedContent"));//$NON-NLS-1$
strb.append("\n\n"); //$NON-NLS-1$
- strb.append(Policy.bind("JarVerificationDialog.ComponentNotInstalled"));
- //$NON-NLS-1$
+ strb.append(Policy.bind("JarVerificationDialog.ComponentNotInstalled"));//$NON-NLS-1$
textInformation.setText(strb.toString());
break;
- case JarVerifier.INTEGRITY_VERIFIED :
- strb.append(Policy.bind("JarVerificationDialog.SignedComponent"));
- //$NON-NLS-1$
+ case JarVerification.JAR_INTEGRITY_VERIFIED :
+ strb.append(Policy.bind("JarVerificationDialog.SignedComponent"));//$NON-NLS-1$
strb.append("\n\n"); //$NON-NLS-1$
- strb.append(Policy.bind("JarVerificationDialog.UnknownCertificate"));
- //$NON-NLS-1$
+ strb.append(Policy.bind("JarVerificationDialog.UnknownCertificate"));//$NON-NLS-1$
strb.append("\n"); //$NON-NLS-1$
- strb.append(Policy.bind("JarVerificationDialog.UnableToVerifyProvider"));
- //$NON-NLS-1$ //
+ strb.append(Policy.bind("JarVerificationDialog.UnableToVerifyProvider"));//$NON-NLS-1$
strb.append("\n"); //$NON-NLS-1$
strb.append(Policy.bind("JarVerificationDialog.MayCorrupt")); //$NON-NLS-1$
textInformation.setText(strb.toString());
break;
- case JarVerifier.SOURCE_VERIFIED :
- strb.append(Policy.bind("JarVerificationDialog.SignedComponent")); //$NON-NLS-1$
+ case JarVerification.JAR_SOURCE_VERIFIED :
+ strb.append(Policy.bind("JarVerificationDialog.SignedComponent"));//$NON-NLS-1$
strb.append("\n\n"); //$NON-NLS-1$
- strb.append("JarVerificationDialog.knownCertificate");
+ strb.append(Policy.bind("JarVerificationDialog.KnownCertificate")); //$NON-NLS-1$
strb.append("\n"); //$NON-NLS-1$
- strb.append("JarVerificationDialog.ProviderKnown");
+ strb.append(Policy.bind("JarVerificationDialog.ProviderKnown")); //$NON-NLS-1$
strb.append("\n"); //$NON-NLS-1$
- strb.append(Policy.bind("JarVerificationDialog.MayCorrupt")); //$NON-NLS-1$
+ strb.append(Policy.bind("JarVerificationDialog.Caution")); //$NON-NLS-1$
textInformation.setText(strb.toString());
break;
}
- if (_VerificationResult.getVerificationCode() == JarVerifier.INTEGRITY_VERIFIED
- || _VerificationResult.getVerificationCode() == JarVerifier.SOURCE_VERIFIED) {
+ if (_VerificationResult.getVerificationCode() == JarVerification.JAR_INTEGRITY_VERIFIED
+ || _VerificationResult.getVerificationCode() == JarVerification.JAR_SOURCE_VERIFIED) {
addCertificateView(compositeClient);
}
// Composite: Information labels
@@ -154,8 +155,7 @@
//---------------------
if (_strId != null && _strId.length() > 0) {
label = new Label(compositeInformation, SWT.NULL);
- label.setText(Policy.bind("JarVerificationDialog.FeatureIdentifier"));
- //$NON-NLS-1$
+ label.setText(Policy.bind("JarVerificationDialog.FeatureIdentifier"));//$NON-NLS-1$
label = new Label(compositeInformation, SWT.NULL);
label.setText(_strId);
}
@@ -167,7 +167,7 @@
label = new Label(compositeInformation, SWT.NULL);
label.setText(_strProviderName);
}
- if (_VerificationResult.getVerificationCode() != JarVerifier.CORRUPTED) {
+ if (_VerificationResult.getVerificationCode() != JarVerification.JAR_CORRUPTED) {
// Group box
//----------
Group group = new Group(compositeClient, SWT.NONE);
@@ -178,19 +178,16 @@
//------------------
Text textInstruction = new Text(group, SWT.MULTI | SWT.READ_ONLY);
textInstruction.setText(
- Policy.bind("JarVerificationDialog.MayChooseToInstall"));
- //$NON-NLS-1$
+ Policy.bind("JarVerificationDialog.MayChooseToInstall"));//$NON-NLS-1$
// Radio button: Install
//----------------------
_buttonInstall = new Button(group, SWT.RADIO);
- _buttonInstall.setText(Policy.bind("JarVerificationDialog.Install"));
- //$NON-NLS-1$
+ _buttonInstall.setText(Policy.bind("JarVerificationDialog.Install"));//$NON-NLS-1$
_buttonInstall.setLayoutData(new GridData(GridData.FILL_HORIZONTAL));
// Radio button: Cancel installation
//----------------------------------
_buttonCancel = new Button(group, SWT.RADIO);
- _buttonCancel.setText(Policy.bind("JarVerificationDialog.Cancel"));
- //$NON-NLS-1$
+ _buttonCancel.setText(Policy.bind("JarVerificationDialog.Cancel"));//$NON-NLS-1$
_buttonCancel.setLayoutData(new GridData(GridData.FILL_HORIZONTAL));
_buttonCancel.setSelection(true);
}
@@ -201,48 +198,83 @@
* called by the Wizard when Finish is executed.
*/
public boolean okToInstall() {
- return _buttonInstall != null ? _buttonInstall.getSelection() : false;
+ return okToInstall;
}
+
private void addCertificateView(Composite compositeClient) {
- CertificatePair pair = null;
X509Certificate certRoot = null;
X509Certificate certIssuer = null;
if (_VerificationResult.getFoundCertificate() == null) {
CertificatePair[] certs = _VerificationResult.getRootCertificates();
- if (certs.length == 0) return;
- pair = (CertificatePair)certs[0];
+ if (certs.length == 0)
+ return;
+ trustedCertificate = (CertificatePair) certs[0];
} else {
- pair = (CertificatePair) _VerificationResult.getFoundCertificate();
+ trustedCertificate = (CertificatePair) _VerificationResult.getFoundCertificate();
}
- certRoot = (X509Certificate) pair.getRoot();
- certIssuer = (X509Certificate) pair.getIssuer();
+ certRoot = (X509Certificate) trustedCertificate.getRoot();
+ certIssuer = (X509Certificate) trustedCertificate.getIssuer();
+ // Group box
+ //----------
+ Group group = new Group(compositeClient, SWT.NONE);
+ group.setLayout(new GridLayout());
+ group.setLayoutData(
+ new GridData(GridData.FILL_HORIZONTAL | GridData.GRAB_VERTICAL));
+
// Text: Information
//------------------
Text textInformation =
- new Text(compositeClient, SWT.WRAP | SWT.READ_ONLY | SWT.MULTI);
+ new Text(group, SWT.WRAP | SWT.READ_ONLY | SWT.MULTI);
textInformation.setLayoutData(
new GridData(GridData.GRAB_VERTICAL | GridData.FILL_HORIZONTAL));
StringBuffer strb = new StringBuffer();
- strb.append("JarVerificationDialog.RootCA");
+ strb.append(Policy.bind("JarVerificationDialog.RootCA")); //$NON-NLS-1$
strb.append("\n"); //$NON-NLS-1$
- strb.append("JarVerificationDialog.CAVersion " + certRoot.getVersion());
+ strb.append(Policy.bind("JarVerificationDialog.CAIssuer", certRoot.getIssuerDN().toString())); //$NON-NLS-1$
strb.append("\n"); //$NON-NLS-1$
- strb.append("JarVerificationDialog.CAIssuer " + certRoot.getIssuerDN().getName());
+ strb.append(Policy.bind("JarVerificationDialog.ValidBetween" ,certRoot.getNotBefore().toString(),certRoot.getNotAfter().toString())); //$NON-NLS-1$
+ strb.append(checkValidity(certRoot));
+ strb.append("\n\n"); //$NON-NLS-1$
+ strb.append(Policy.bind("JarVerificationDialog.SubjectCA")); //$NON-NLS-1$
strb.append("\n"); //$NON-NLS-1$
- strb.append("valid between: " + certRoot.getNotBefore().toLocaleString()+" and " +certRoot.getNotAfter().toLocaleString());
- strb.append("\n\n"); //$NON-NLS-1$
- strb.append("JarVerificationDialog.IssuerCA");
+ strb.append(Policy.bind("JarVerificationDialog.CAIssuer",certIssuer.getSubjectDN().toString())); //$NON-NLS-1$
strb.append("\n"); //$NON-NLS-1$
- strb.append("JarVerificationDialog.CAVersion " + certIssuer.getVersion());
- strb.append("\n"); //$NON-NLS-1$
- strb.append("JarVerificationDialog.CAIssuer " + certIssuer.getIssuerDN().getName());
- strb.append("\n"); //$NON-NLS-1$
- strb.append("valid between: " + certIssuer.getNotBefore().toLocaleString()+" and " +certIssuer.getNotAfter().toLocaleString());
+ strb.append(Policy.bind("JarVerificationDialog.ValidBetween",certIssuer.getNotBefore().toString(),certIssuer.getNotAfter().toString())); //$NON-NLS-1$
+ strb.append(checkValidity(certRoot));
strb.append("\n\n"); //$NON-NLS-1$
textInformation.setText(strb.toString());
+ // CheckBox button: trust
+ //----------------------
+ _buttonTrustCertificate = new Button(group, SWT.CHECK);
+ _buttonTrustCertificate.setText( Policy.bind("JarVerificationDialog.DoYouTrustCertificate")); //$NON-NLS-1$
+ _buttonTrustCertificate.setLayoutData(new GridData(GridData.FILL_HORIZONTAL));
+
}
+
+
+ private String checkValidity(X509Certificate cert){
+
+ try {
+ cert.checkValidity();
+ } catch (CertificateExpiredException e){
+ return ("\n"+Policy.bind("JarVerificationDialog.ExpiredCertificate")); //$NON-NLS-1$
+ } catch (CertificateNotYetValidException e){
+ return ("\n"+Policy.bind("JarVerificationDialog.CertificateNotYetValid")); //$NON-NLS-1$
+ }
+ return ("\n"+Policy.bind("JarVerificationDialog.CertificateValid")); //$NON-NLS-1$
+ }
+
+ /**
+ * Gets the trustedCertificate.
+ * @return Returns a CertificatePair
+ */
+ public CertificatePair getCertificate() {
+ return trustedCertificate;
+ }
+
+
}
\ No newline at end of file
diff --git a/update/org.eclipse.update.ui/src/org/eclipse/update/internal/ui/security/JarVerificationService.java b/update/org.eclipse.update.ui/src/org/eclipse/update/internal/ui/security/JarVerificationService.java
index 0d6afb7..7fba23c 100644
--- a/update/org.eclipse.update.ui/src/org/eclipse/update/internal/ui/security/JarVerificationService.java
+++ b/update/org.eclipse.update.ui/src/org/eclipse/update/internal/ui/security/JarVerificationService.java
@@ -14,6 +14,8 @@
import org.eclipse.swt.widgets.Shell;
import org.eclipse.update.core.*;
import org.eclipse.update.internal.core.UpdateManagerPlugin;
+import org.eclipse.update.internal.security.CertificatePair;
+import org.eclipse.update.internal.security.JarVerification;
import org.eclipse.update.internal.security.JarVerificationResult;
import org.eclipse.update.internal.security.JarVerifier;
import org.eclipse.update.internal.core.Policy;
@@ -41,6 +43,12 @@
* the Shell
*/
private Shell shell;
+
+ /**
+ *
+ */
+ private CertificatePair trustedCertificate = null;
+
/**
* If no shell, create a new shell
*/
@@ -83,24 +91,42 @@
* returns an JarVerificationResult
* The monitor can be null.
*/
- private JarVerificationResult okToInstall(final File jarFile, final String id, final String featureName, final String providerName, InstallMonitor monitor) {
+ private JarVerificationResult okToInstall(
+ final File jarFile,
+ final String id,
+ final String featureName,
+ final String providerName,
+ InstallMonitor monitor) {
jarVerifier.setMonitor(monitor);
- result= jarVerifier.verify(jarFile);
+ result = jarVerifier.verify(jarFile);
switch (getResult().getResultCode()) {
- case JarVerifier.UNKNOWN_ERROR :
+ case JarVerification.UNKNOWN_ERROR :
{
- getResult().setResultCode(JarVerificationResult.ERROR_INSTALL);
+ getResult().setResultCode(JarVerification.ERROR_INSTALL);
break;
}
- case JarVerifier.VERIFICATION_CANCELLED :
+ case JarVerification.VERIFICATION_CANCELLED :
{
- getResult().setResultCode(JarVerificationResult.CANCEL_INSTALL);
+ getResult().setResultCode(JarVerification.CANCEL_INSTALL);
break;
}
+
default :
{
+
+ if (trustedCertificate != null) {
+ // check if this is not a user accepted certificate for this feature
+ CertificatePair[] pairs = getResult().getRootCertificates();
+ for (int i = 0; i < pairs.length; i++) {
+ if (trustedCertificate.equals(pairs[i])) {
+ getResult().setResultCode(JarVerification.OK_TO_INSTALL);
+ return getResult();
+ }
+ }
+ }
+
shell.getDisplay().syncExec(new Runnable() {
public void run() {
getResult().setResultCode(openWizard(jarFile, id, featureName, providerName));
@@ -114,55 +140,82 @@
/**
*
*/
- private int openWizard(File jarFile, String id, String componentName, String providerName) {
+ private int openWizard(
+ File jarFile,
+ String id,
+ String componentName,
+ String providerName) {
int code;
- // JarVerifierWizard wizard = new JarVerifierWizard(jarFile, componentName, verificationResult);
- // WizardDialog dialog = new WizardDialog(shell, wizard);
-
- JarVerificationDialog dialog = new JarVerificationDialog(shell, id, componentName, providerName, jarFile, result);
+ JarVerificationDialog dialog =
+ new JarVerificationDialog(
+ shell,
+ id,
+ componentName,
+ providerName,
+ jarFile,
+ result);
dialog.open();
- if (JarVerificationDialog.COMPONENT_TO_INSTALL)
- code = JarVerificationResult.OK_TO_INSTALL;
+ trustedCertificate = dialog.getCertificate();
+
+ if (dialog.okToInstall())
+ code = JarVerification.OK_TO_INSTALL;
else
- code = JarVerificationResult.CANCEL_INSTALL;
+ code = JarVerification.CANCEL_INSTALL;
return code;
-
+
}
-
+
/*
* @see IFeatureVerification#verify(IFeature feature,ContentReference[], InstallMonitor)
*/
- public void verify(IFeature feature,ContentReference[] references, InstallMonitor monitor) throws CoreException {
- if (references==null || references.length==0) return ;
-
+ public void verify(
+ IFeature feature,
+ ContentReference[] references,
+ InstallMonitor monitor)
+ throws CoreException {
+ if (references == null || references.length == 0)
+ return;
+
try {
- for (int i = 0; i < references.length; i++) {
- if (references[i] instanceof JarContentReference){
- JarContentReference jarReference = (JarContentReference)references[i];
- result = okToInstall(jarReference.asFile(),feature.getVersionedIdentifier().toString(),feature.getLabel(),feature.getProvider(),monitor);
- if (result.getResultCode()==JarVerificationResult.CANCEL_INSTALL){
- throw newCoreException(Policy.bind("JarVerificationService.CancelInstall"),result.getResultException()); //$NON-NLS-1$
+ for (int i = 0; i < references.length; i++) {
+ if (references[i] instanceof JarContentReference) {
+ JarContentReference jarReference = (JarContentReference) references[i];
+ result =
+ okToInstall(
+ jarReference.asFile(),
+ feature.getVersionedIdentifier().toString(),
+ feature.getLabel(),
+ feature.getProvider(),
+ monitor);
+ if (result.getResultCode() == JarVerification.CANCEL_INSTALL) {
+ throw newCoreException(
+ Policy.bind("JarVerificationService.CancelInstall"), //$NON-NLS-1$
+ result.getResultException());
+ }
+ if (result.getResultCode() == JarVerification.ERROR_INSTALL) {
+ throw newCoreException(
+ Policy.bind("JarVerificationService.UnsucessfulVerification"), //$NON-NLS-1$
+ result.getResultException());
+ }
}
- if (result.getResultCode()==JarVerificationResult.ERROR_INSTALL){
- throw newCoreException(Policy.bind("JarVerificationService.UnsucessfulVerification"),result.getResultException()); //$NON-NLS-1$
- }
}
- }
- } catch (IOException e){
- throw newCoreException(Policy.bind("JarVerificationService.ErrorDuringVerification"),e); //$NON-NLS-1$
+ } catch (IOException e) {
+ throw newCoreException(Policy.bind("JarVerificationService.ErrorDuringVerification"),e); //$NON-NLS-1$
}
}
/**
*
*/
- private CoreException newCoreException(String s, Throwable e) throws CoreException {
- String id = UpdateManagerPlugin.getPlugin().getDescriptor().getUniqueIdentifier();
- return new CoreException(new Status(IStatus.ERROR,id,0,s,e));
- }
+ private CoreException newCoreException(String s, Throwable e)
+ throws CoreException {
+ String id =
+ UpdateManagerPlugin.getPlugin().getDescriptor().getUniqueIdentifier();
+ return new CoreException(new Status(IStatus.ERROR, id, 0, s, e));
+ }
}
\ No newline at end of file