use of java.util.Vector in project otertool by wuntee.
the class JarSigner method signJar.
void signJar(String jarName, String alias, String[] args) throws Exception {
boolean aliasUsed = false;
X509Certificate tsaCert = null;
if (sigfile == null) {
sigfile = alias;
aliasUsed = true;
}
if (sigfile.length() > 8) {
sigfile = sigfile.substring(0, 8).toUpperCase();
} else {
sigfile = sigfile.toUpperCase();
}
StringBuilder tmpSigFile = new StringBuilder(sigfile.length());
for (int j = 0; j < sigfile.length(); j++) {
char c = sigfile.charAt(j);
if (!((c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || (c == '-') || (c == '_'))) {
if (aliasUsed) {
// convert illegal characters from the alias to be _'s
c = '_';
} else {
throw new RuntimeException(rb.getString("signature filename must consist of the following characters: A-Z, 0-9, _ or -"));
}
}
tmpSigFile.append(c);
}
sigfile = tmpSigFile.toString();
String tmpJarName;
if (signedjar == null)
tmpJarName = jarName + ".sig";
else
tmpJarName = signedjar;
File jarFile = new File(jarName);
File signedJarFile = new File(tmpJarName);
// Open the jar (zip) file
try {
zipFile = new ZipFile(jarName);
} catch (IOException ioe) {
error(rb.getString("unable to open jar file: ") + jarName, ioe);
}
FileOutputStream fos = null;
try {
fos = new FileOutputStream(signedJarFile);
} catch (IOException ioe) {
error(rb.getString("unable to create: ") + tmpJarName, ioe);
}
PrintStream ps = new PrintStream(fos);
ZipOutputStream zos = new ZipOutputStream(ps);
/* First guess at what they might be - we don't xclude RSA ones. */
String sfFilename = (META_INF + sigfile + ".SF").toUpperCase();
String bkFilename = (META_INF + sigfile + ".DSA").toUpperCase();
Manifest manifest = new Manifest();
Map<String, Attributes> mfEntries = manifest.getEntries();
// The Attributes of manifest before updating
Attributes oldAttr = null;
boolean mfModified = false;
boolean mfCreated = false;
byte[] mfRawBytes = null;
try {
MessageDigest[] digests = { MessageDigest.getInstance(digestalg) };
// Check if manifest exists
ZipEntry mfFile;
if ((mfFile = getManifestFile(zipFile)) != null) {
// Manifest exists. Read its raw bytes.
mfRawBytes = getBytes(zipFile, mfFile);
manifest.read(new ByteArrayInputStream(mfRawBytes));
oldAttr = (Attributes) (manifest.getMainAttributes().clone());
} else {
// Create new manifest
Attributes mattr = manifest.getMainAttributes();
mattr.putValue(Attributes.Name.MANIFEST_VERSION.toString(), "1.0");
String javaVendor = System.getProperty("java.vendor");
String jdkVersion = System.getProperty("java.version");
mattr.putValue("Created-By", jdkVersion + " (" + javaVendor + ")");
mfFile = new ZipEntry(JarFile.MANIFEST_NAME);
mfCreated = true;
}
/*
* For each entry in jar
* (except for signature-related META-INF entries),
* do the following:
*
* - if entry is not contained in manifest, add it to manifest;
* - if entry is contained in manifest, calculate its hash and
* compare it with the one in the manifest; if they are
* different, replace the hash in the manifest with the newly
* generated one. (This may invalidate existing signatures!)
*/
BASE64Encoder encoder = new JarBASE64Encoder();
Vector<ZipEntry> mfFiles = new Vector<ZipEntry>();
for (Enumeration<? extends ZipEntry> enum_ = zipFile.entries(); enum_.hasMoreElements(); ) {
ZipEntry ze = enum_.nextElement();
if (ze.getName().startsWith(META_INF)) {
// Store META-INF files in vector, so they can be written
// out first
mfFiles.addElement(ze);
if (signatureRelated(ze.getName())) {
// ignore signature-related and manifest files
continue;
}
}
if (manifest.getAttributes(ze.getName()) != null) {
// possibly update its digest attributes
if (updateDigests(ze, zipFile, digests, encoder, manifest) == true) {
mfModified = true;
}
} else if (!ze.isDirectory()) {
// Add entry to manifest
Attributes attrs = getDigestAttributes(ze, zipFile, digests, encoder);
mfEntries.put(ze.getName(), attrs);
mfModified = true;
}
}
// Recalculate the manifest raw bytes if necessary
if (mfModified) {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
manifest.write(baos);
byte[] newBytes = baos.toByteArray();
if (mfRawBytes != null && oldAttr.equals(manifest.getMainAttributes())) {
/*
* Note:
*
* The Attributes object is based on HashMap and can handle
* continuation columns. Therefore, even if the contents are
* not changed (in a Map view), the bytes that it write()
* may be different from the original bytes that it read()
* from. Since the signature on the main attributes is based
* on raw bytes, we must retain the exact bytes.
*/
int newPos = findHeaderEnd(newBytes);
int oldPos = findHeaderEnd(mfRawBytes);
if (newPos == oldPos) {
System.arraycopy(mfRawBytes, 0, newBytes, 0, oldPos);
} else {
// cat oldHead newTail > newBytes
byte[] lastBytes = new byte[oldPos + newBytes.length - newPos];
System.arraycopy(mfRawBytes, 0, lastBytes, 0, oldPos);
System.arraycopy(newBytes, newPos, lastBytes, oldPos, newBytes.length - newPos);
newBytes = lastBytes;
}
}
mfRawBytes = newBytes;
}
// Write out the manifest
if (mfModified) {
// manifest file has new length
mfFile = new ZipEntry(JarFile.MANIFEST_NAME);
}
zos.putNextEntry(mfFile);
zos.write(mfRawBytes);
// Calculate SignatureFile (".SF") and SignatureBlockFile
ManifestDigester manDig = new ManifestDigester(mfRawBytes);
SignatureFile sf = new SignatureFile(digests, manifest, manDig, sigfile, signManifest);
if (tsaAlias != null) {
tsaCert = getTsaCert(tsaAlias);
}
SignatureFile.Block block = null;
try {
block = sf.generateBlock(privateKey, sigalg, certChain, externalSF, tsaUrl, tsaCert, signingMechanism, args, zipFile);
} catch (SocketTimeoutException e) {
// Provide a helpful message when TSA is beyond a firewall
error(rb.getString("unable to sign jar: ") + rb.getString("no response from the Timestamping Authority. ") + rb.getString("When connecting from behind a firewall then an HTTP proxy may need to be specified. ") + rb.getString("Supply the following options to jarsigner: ") + "\n -J-Dhttp.proxyHost=<hostname> " + "\n -J-Dhttp.proxyPort=<portnumber> ", e);
}
sfFilename = sf.getMetaName();
bkFilename = block.getMetaName();
ZipEntry sfFile = new ZipEntry(sfFilename);
ZipEntry bkFile = new ZipEntry(bkFilename);
long time = System.currentTimeMillis();
sfFile.setTime(time);
bkFile.setTime(time);
// signature file
zos.putNextEntry(sfFile);
sf.write(zos);
// signature block file
zos.putNextEntry(bkFile);
block.write(zos);
// vector
for (int i = 0; i < mfFiles.size(); i++) {
ZipEntry ze = mfFiles.elementAt(i);
if (!ze.getName().equalsIgnoreCase(JarFile.MANIFEST_NAME) && !ze.getName().equalsIgnoreCase(sfFilename) && !ze.getName().equalsIgnoreCase(bkFilename)) {
writeEntry(zipFile, zos, ze);
}
}
// Write out all other files
for (Enumeration<? extends ZipEntry> enum_ = zipFile.entries(); enum_.hasMoreElements(); ) {
ZipEntry ze = enum_.nextElement();
if (!ze.getName().startsWith(META_INF)) {
writeEntry(zipFile, zos, ze);
}
}
} catch (IOException ioe) {
error(rb.getString("unable to sign jar: ") + ioe, ioe);
} finally {
// close the resouces
if (zipFile != null) {
zipFile.close();
zipFile = null;
}
if (zos != null) {
zos.close();
}
}
// try {
if (signedjar == null) {
// one, then delete the original.
if (!signedJarFile.renameTo(jarFile)) {
File origJar = new File(jarName + ".orig");
if (jarFile.renameTo(origJar)) {
if (signedJarFile.renameTo(jarFile)) {
origJar.delete();
} else {
MessageFormat form = new MessageFormat(rb.getString("attempt to rename signedJarFile to jarFile failed"));
Object[] source = { signedJarFile, jarFile };
error(form.format(source));
}
} else {
MessageFormat form = new MessageFormat(rb.getString("attempt to rename jarFile to origJar failed"));
Object[] source = { jarFile, origJar };
error(form.format(source));
}
}
}
if (hasExpiredCert || hasExpiringCert || notYetValidCert || badKeyUsage || badExtendedKeyUsage || badNetscapeCertType) {
logger.warn(rb.getString("Warning: "));
if (badKeyUsage) {
logger.warn(rb.getString("The signer certificate's KeyUsage extension doesn't allow code signing."));
}
if (badExtendedKeyUsage) {
logger.warn(rb.getString("The signer certificate's ExtendedKeyUsage extension doesn't allow code signing."));
}
if (badNetscapeCertType) {
logger.warn(rb.getString("The signer certificate's NetscapeCertType extension doesn't allow code signing."));
}
if (hasExpiredCert) {
logger.warn(rb.getString("The signer certificate has expired."));
} else if (hasExpiringCert) {
logger.warn(rb.getString("The signer certificate will expire within six months."));
} else if (notYetValidCert) {
logger.warn(rb.getString("The signer certificate is not yet valid."));
}
}
// no IOException thrown in the above try clause, so disable
// the catch clause.
// } catch(IOException ioe) {
// error(rb.getString("unable to sign jar: ")+ioe, ioe);
// }
}
use of java.util.Vector in project XobotOS by xamarin.
the class JDKPKCS12KeyStore method engineGetCertificateChain.
public Certificate[] engineGetCertificateChain(String alias) {
if (alias == null) {
throw new IllegalArgumentException("null alias passed to getCertificateChain.");
}
if (!engineIsKeyEntry(alias)) {
return null;
}
Certificate c = engineGetCertificate(alias);
if (c != null) {
Vector cs = new Vector();
while (c != null) {
X509Certificate x509c = (X509Certificate) c;
Certificate nextC = null;
byte[] bytes = x509c.getExtensionValue(X509Extensions.AuthorityKeyIdentifier.getId());
if (bytes != null) {
try {
ASN1InputStream aIn = new ASN1InputStream(bytes);
byte[] authBytes = ((ASN1OctetString) aIn.readObject()).getOctets();
aIn = new ASN1InputStream(authBytes);
AuthorityKeyIdentifier id = new AuthorityKeyIdentifier((ASN1Sequence) aIn.readObject());
if (id.getKeyIdentifier() != null) {
nextC = (Certificate) chainCerts.get(new CertId(id.getKeyIdentifier()));
}
} catch (IOException e) {
throw new RuntimeException(e.toString());
}
}
if (nextC == null) {
//
// no authority key id, try the Issuer DN
//
Principal i = x509c.getIssuerDN();
Principal s = x509c.getSubjectDN();
if (!i.equals(s)) {
Enumeration e = chainCerts.keys();
while (e.hasMoreElements()) {
X509Certificate crt = (X509Certificate) chainCerts.get(e.nextElement());
Principal sub = crt.getSubjectDN();
if (sub.equals(i)) {
try {
x509c.verify(crt.getPublicKey());
nextC = crt;
break;
} catch (Exception ex) {
// continue
}
}
}
}
}
cs.addElement(c);
if (// self signed - end of the chain
nextC != c) {
c = nextC;
} else {
c = null;
}
}
Certificate[] certChain = new Certificate[cs.size()];
for (int i = 0; i != certChain.length; i++) {
certChain[i] = (Certificate) cs.elementAt(i);
}
return certChain;
}
return null;
}
use of java.util.Vector in project XobotOS by xamarin.
the class RFC3280CertPathUtilities method processCertBC.
protected static void processCertBC(CertPath certPath, int index, PKIXNameConstraintValidator nameConstraintValidator) throws CertPathValidatorException {
List certs = certPath.getCertificates();
X509Certificate cert = (X509Certificate) certs.get(index);
int n = certs.size();
// i as defined in the algorithm description
int i = n - index;
//
if (!(CertPathValidatorUtilities.isSelfIssued(cert) && (i < n))) {
X500Principal principal = CertPathValidatorUtilities.getSubjectPrincipal(cert);
ASN1InputStream aIn = new ASN1InputStream(principal.getEncoded());
ASN1Sequence dns;
try {
dns = DERSequence.getInstance(aIn.readObject());
} catch (Exception e) {
throw new CertPathValidatorException("Exception extracting subject name when checking subtrees.", e, certPath, index);
}
try {
nameConstraintValidator.checkPermittedDN(dns);
nameConstraintValidator.checkExcludedDN(dns);
} catch (PKIXNameConstraintValidatorException e) {
throw new CertPathValidatorException("Subtree check for certificate subject failed.", e, certPath, index);
}
GeneralNames altName = null;
try {
altName = GeneralNames.getInstance(CertPathValidatorUtilities.getExtensionValue(cert, RFC3280CertPathUtilities.SUBJECT_ALTERNATIVE_NAME));
} catch (Exception e) {
throw new CertPathValidatorException("Subject alternative name extension could not be decoded.", e, certPath, index);
}
Vector emails = new X509Name(dns).getValues(X509Name.EmailAddress);
for (Enumeration e = emails.elements(); e.hasMoreElements(); ) {
String email = (String) e.nextElement();
GeneralName emailAsGeneralName = new GeneralName(GeneralName.rfc822Name, email);
try {
nameConstraintValidator.checkPermitted(emailAsGeneralName);
nameConstraintValidator.checkExcluded(emailAsGeneralName);
} catch (PKIXNameConstraintValidatorException ex) {
throw new CertPathValidatorException("Subtree check for certificate subject alternative email failed.", ex, certPath, index);
}
}
if (altName != null) {
GeneralName[] genNames = null;
try {
genNames = altName.getNames();
} catch (Exception e) {
throw new CertPathValidatorException("Subject alternative name contents could not be decoded.", e, certPath, index);
}
for (int j = 0; j < genNames.length; j++) {
try {
nameConstraintValidator.checkPermitted(genNames[j]);
nameConstraintValidator.checkExcluded(genNames[j]);
} catch (PKIXNameConstraintValidatorException e) {
throw new CertPathValidatorException("Subtree check for certificate subject alternative name failed.", e, certPath, index);
}
}
}
}
}
use of java.util.Vector in project pcgen by PCGen.
the class NameGenPanel method loadCatalogDD.
//GEN-LAST:event_jButton1ActionPerformed
private void loadCatalogDD() {
try {
String catKey = (String) cbCategory.getSelectedItem();
String sexKey = (String) cbSex.getSelectedItem();
RuleSet oldRS = (RuleSet) cbCatalog.getSelectedItem();
String catalogKey = "";
if (oldRS != null) {
catalogKey = oldRS.getTitle();
}
List<RuleSet> cats = categories.get(catKey);
List<RuleSet> sexes = categories.get("Sex: " + sexKey);
List<RuleSet> join = new ArrayList<>(cats);
join.retainAll(sexes);
join.sort(new DataElementComperator());
Vector<RuleSet> catalogs = new Vector<>();
int oldSelected = -1;
int n = 0;
for (final RuleSet rs : join) {
if (rs.getUsage().equals("final")) {
catalogs.add(rs);
if (rs.getTitle().equals(catalogKey)) {
oldSelected = n;
}
n++;
}
}
ComboBoxModel catalogModel = new DefaultComboBoxModel(catalogs);
cbCatalog.setModel(catalogModel);
if (oldSelected >= 0)
cbCatalog.setSelectedIndex(oldSelected);
} catch (Exception e) {
Logging.errorPrint(e.getMessage(), e);
}
}
use of java.util.Vector in project OpenAM by OpenRock.
the class SecureFileHandler method initializeSecurity.
void initializeSecurity() {
String currentFileName = logName;
try {
String logPath = lmanager.getProperty(LogConstants.LOG_LOCATION);
if (!logPath.endsWith("/"))
logPath += "/";
String FileName = currentFileName;
String loggerFileName = logPath + PREFIX + "log." + FileName;
String verifierFileName = logPath + PREFIX + "ver." + FileName;
helper = (SecureLogHelper) getSecureLogHelper(logName);
if (helper == null) {
helper = getSecureLogHelperInst();
setSecureLogHelper(logName, helper);
}
helper.initializeSecureLogHelper(loggerFileName, logPassword, verifierFileName, logPassword);
if (verificationInitialized) {
helper.initializeVerifier(verifierFileName, logPassword, verPassword);
}
} catch (Exception e) {
Debug.error(logName + ":Logger: exception thrown while initializing secure logger", e);
//throw custom defined exception
}
Archiver archiver = null;
try {
if (getArchiver(logName) == null) {
archiver = (Archiver) Class.forName(archiverClass).newInstance();
setArchiver(logName, archiver);
}
} catch (Exception e) {
Debug.error(logName + ":SecureFileHandler: Could Not set Archiver", e);
}
String Interval = lmanager.getProperty(LogConstants.LOGSIGN_PERIODINSECONDS);
if ((Interval == null) || (Interval.length() == 0)) {
signInterval = LogConstants.LOGSIGN_PERIODINSECONDS_DEFAULT * 1000;
} else {
signInterval = Long.parseLong(Interval) * 1000;
}
startPeriodicLogSigner();
// Uncomment lines before deploying
if (verificationInitialized) {
startVerifierThread();
}
Debug.message(logName + ":Done initializeSecurity in Handler");
// add the non archived files in the current file list.
VerifierList vl = new VerifierList();
String path = location;
if (!path.endsWith("/")) {
path += "/";
}
TreeMap tm = vl.getKeysAndFiles(new File(path), logName);
Vector logFiles = (Vector) tm.get(PREFIX + "log." + logName);
for (int j = 1; j < logFiles.size(); j++) {
// fiels are sorted according to the timestamp so first add all the
// files ending with timestamp
String name = (String) logFiles.elementAt(j);
name = name.substring(PREFIX.length(), name.length());
addToCurrentFileList(name, name, logName);
if (archiver != null) {
// increment filesPerKeystoreCounter
archiver.incrementCount();
}
}
// now add the current file (without time stamp)
String name = (String) logFiles.elementAt(0);
name = name.substring(PREFIX.length(), name.length());
addToCurrentFileList(name, name, logName);
}
Aggregations