Example 26 with Manifest
use of java.util.jar.Manifest in project otertool by wuntee.
the class JarSigner method signJar.
void signJar(String jarName, String alias, String[] args) throws Exception {
boolean aliasUsed = false;
X509Certificate tsaCert = null;
if (sigfile == null) {
sigfile = alias;
aliasUsed = true;
}
if (sigfile.length() > 8) {
sigfile = sigfile.substring(0, 8).toUpperCase();
} else {
sigfile = sigfile.toUpperCase();
}
StringBuilder tmpSigFile = new StringBuilder(sigfile.length());
for (int j = 0; j < sigfile.length(); j++) {
char c = sigfile.charAt(j);
if (!((c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || (c == '-') || (c == '_'))) {
if (aliasUsed) {
// convert illegal characters from the alias to be _'s
c = '_';
} else {
throw new RuntimeException(rb.getString("signature filename must consist of the following characters: A-Z, 0-9, _ or -"));
}
}
tmpSigFile.append(c);
}
sigfile = tmpSigFile.toString();
String tmpJarName;
if (signedjar == null)
tmpJarName = jarName + ".sig";
else
tmpJarName = signedjar;
File jarFile = new File(jarName);
File signedJarFile = new File(tmpJarName);
// Open the jar (zip) file
try {
zipFile = new ZipFile(jarName);
} catch (IOException ioe) {
error(rb.getString("unable to open jar file: ") + jarName, ioe);
}
FileOutputStream fos = null;
try {
fos = new FileOutputStream(signedJarFile);
} catch (IOException ioe) {
error(rb.getString("unable to create: ") + tmpJarName, ioe);
}
PrintStream ps = new PrintStream(fos);
ZipOutputStream zos = new ZipOutputStream(ps);
/* First guess at what they might be - we don't xclude RSA ones. */
String sfFilename = (META_INF + sigfile + ".SF").toUpperCase();
String bkFilename = (META_INF + sigfile + ".DSA").toUpperCase();
Manifest manifest = new Manifest();
Map<String, Attributes> mfEntries = manifest.getEntries();
// The Attributes of manifest before updating
Attributes oldAttr = null;
boolean mfModified = false;
boolean mfCreated = false;
byte[] mfRawBytes = null;
try {
MessageDigest[] digests = { MessageDigest.getInstance(digestalg) };
// Check if manifest exists
ZipEntry mfFile;
if ((mfFile = getManifestFile(zipFile)) != null) {
// Manifest exists. Read its raw bytes.
mfRawBytes = getBytes(zipFile, mfFile);
manifest.read(new ByteArrayInputStream(mfRawBytes));
oldAttr = (Attributes) (manifest.getMainAttributes().clone());
} else {
// Create new manifest
Attributes mattr = manifest.getMainAttributes();
mattr.putValue(Attributes.Name.MANIFEST_VERSION.toString(), "1.0");
String javaVendor = System.getProperty("java.vendor");
String jdkVersion = System.getProperty("java.version");
mattr.putValue("Created-By", jdkVersion + " (" + javaVendor + ")");
mfFile = new ZipEntry(JarFile.MANIFEST_NAME);
mfCreated = true;
}
/*
* For each entry in jar
* (except for signature-related META-INF entries),
* do the following:
*
* - if entry is not contained in manifest, add it to manifest;
* - if entry is contained in manifest, calculate its hash and
* compare it with the one in the manifest; if they are
* different, replace the hash in the manifest with the newly
* generated one. (This may invalidate existing signatures!)
*/
BASE64Encoder encoder = new JarBASE64Encoder();
Vector<ZipEntry> mfFiles = new Vector<ZipEntry>();
for (Enumeration<? extends ZipEntry> enum_ = zipFile.entries(); enum_.hasMoreElements(); ) {
ZipEntry ze = enum_.nextElement();
if (ze.getName().startsWith(META_INF)) {
// Store META-INF files in vector, so they can be written
// out first
mfFiles.addElement(ze);
if (signatureRelated(ze.getName())) {
// ignore signature-related and manifest files
continue;
}
}
if (manifest.getAttributes(ze.getName()) != null) {
// possibly update its digest attributes
if (updateDigests(ze, zipFile, digests, encoder, manifest) == true) {
mfModified = true;
}
} else if (!ze.isDirectory()) {
// Add entry to manifest
Attributes attrs = getDigestAttributes(ze, zipFile, digests, encoder);
mfEntries.put(ze.getName(), attrs);
mfModified = true;
}
}
// Recalculate the manifest raw bytes if necessary
if (mfModified) {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
manifest.write(baos);
byte[] newBytes = baos.toByteArray();
if (mfRawBytes != null && oldAttr.equals(manifest.getMainAttributes())) {
/*
* Note:
*
* The Attributes object is based on HashMap and can handle
* continuation columns. Therefore, even if the contents are
* not changed (in a Map view), the bytes that it write()
* may be different from the original bytes that it read()
* from. Since the signature on the main attributes is based
* on raw bytes, we must retain the exact bytes.
*/
int newPos = findHeaderEnd(newBytes);
int oldPos = findHeaderEnd(mfRawBytes);
if (newPos == oldPos) {
System.arraycopy(mfRawBytes, 0, newBytes, 0, oldPos);
} else {
// cat oldHead newTail > newBytes
byte[] lastBytes = new byte[oldPos + newBytes.length - newPos];
System.arraycopy(mfRawBytes, 0, lastBytes, 0, oldPos);
System.arraycopy(newBytes, newPos, lastBytes, oldPos, newBytes.length - newPos);
newBytes = lastBytes;
}
}
mfRawBytes = newBytes;
}
// Write out the manifest
if (mfModified) {
// manifest file has new length
mfFile = new ZipEntry(JarFile.MANIFEST_NAME);
}
zos.putNextEntry(mfFile);
zos.write(mfRawBytes);
// Calculate SignatureFile (".SF") and SignatureBlockFile
ManifestDigester manDig = new ManifestDigester(mfRawBytes);
SignatureFile sf = new SignatureFile(digests, manifest, manDig, sigfile, signManifest);
if (tsaAlias != null) {
tsaCert = getTsaCert(tsaAlias);
}
SignatureFile.Block block = null;
try {
block = sf.generateBlock(privateKey, sigalg, certChain, externalSF, tsaUrl, tsaCert, signingMechanism, args, zipFile);
} catch (SocketTimeoutException e) {
// Provide a helpful message when TSA is beyond a firewall
error(rb.getString("unable to sign jar: ") + rb.getString("no response from the Timestamping Authority. ") + rb.getString("When connecting from behind a firewall then an HTTP proxy may need to be specified. ") + rb.getString("Supply the following options to jarsigner: ") + "\n -J-Dhttp.proxyHost=<hostname> " + "\n -J-Dhttp.proxyPort=<portnumber> ", e);
}
sfFilename = sf.getMetaName();
bkFilename = block.getMetaName();
ZipEntry sfFile = new ZipEntry(sfFilename);
ZipEntry bkFile = new ZipEntry(bkFilename);
long time = System.currentTimeMillis();
sfFile.setTime(time);
bkFile.setTime(time);
// signature file
zos.putNextEntry(sfFile);
sf.write(zos);
// signature block file
zos.putNextEntry(bkFile);
block.write(zos);
// vector
for (int i = 0; i < mfFiles.size(); i++) {
ZipEntry ze = mfFiles.elementAt(i);
if (!ze.getName().equalsIgnoreCase(JarFile.MANIFEST_NAME) && !ze.getName().equalsIgnoreCase(sfFilename) && !ze.getName().equalsIgnoreCase(bkFilename)) {
writeEntry(zipFile, zos, ze);
}
}
// Write out all other files
for (Enumeration<? extends ZipEntry> enum_ = zipFile.entries(); enum_.hasMoreElements(); ) {
ZipEntry ze = enum_.nextElement();
if (!ze.getName().startsWith(META_INF)) {
writeEntry(zipFile, zos, ze);
}
}
} catch (IOException ioe) {
error(rb.getString("unable to sign jar: ") + ioe, ioe);
} finally {
// close the resouces
if (zipFile != null) {
zipFile.close();
zipFile = null;
}
if (zos != null) {
zos.close();
}
}
// try {
if (signedjar == null) {
// one, then delete the original.
if (!signedJarFile.renameTo(jarFile)) {
File origJar = new File(jarName + ".orig");
if (jarFile.renameTo(origJar)) {
if (signedJarFile.renameTo(jarFile)) {
origJar.delete();
} else {
MessageFormat form = new MessageFormat(rb.getString("attempt to rename signedJarFile to jarFile failed"));
Object[] source = { signedJarFile, jarFile };
error(form.format(source));
}
} else {
MessageFormat form = new MessageFormat(rb.getString("attempt to rename jarFile to origJar failed"));
Object[] source = { jarFile, origJar };
error(form.format(source));
}
}
}
if (hasExpiredCert || hasExpiringCert || notYetValidCert || badKeyUsage || badExtendedKeyUsage || badNetscapeCertType) {
logger.warn(rb.getString("Warning: "));
if (badKeyUsage) {
logger.warn(rb.getString("The signer certificate's KeyUsage extension doesn't allow code signing."));
}
if (badExtendedKeyUsage) {
logger.warn(rb.getString("The signer certificate's ExtendedKeyUsage extension doesn't allow code signing."));
}
if (badNetscapeCertType) {
logger.warn(rb.getString("The signer certificate's NetscapeCertType extension doesn't allow code signing."));
}
if (hasExpiredCert) {
logger.warn(rb.getString("The signer certificate has expired."));
} else if (hasExpiringCert) {
logger.warn(rb.getString("The signer certificate will expire within six months."));
} else if (notYetValidCert) {
logger.warn(rb.getString("The signer certificate is not yet valid."));
}
}
// no IOException thrown in the above try clause, so disable
// the catch clause.
// } catch(IOException ioe) {
// error(rb.getString("unable to sign jar: ")+ioe, ioe);
// }
}
Also used :
ZipEntry(java.util.zip.ZipEntry)
Attributes(java.util.jar.Attributes)
MessageDigest(java.security.MessageDigest)
Vector(java.util.Vector)
PrintStream(java.io.PrintStream)
MessageFormat(java.text.MessageFormat)
BASE64Encoder(sun.misc.BASE64Encoder)
IOException(java.io.IOException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Manifest(java.util.jar.Manifest)
X509Certificate(java.security.cert.X509Certificate)
SocketTimeoutException(java.net.SocketTimeoutException)
ZipFile(java.util.zip.ZipFile)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ZipOutputStream(java.util.zip.ZipOutputStream)
ManifestDigester(sun.security.util.ManifestDigester)
FileOutputStream(java.io.FileOutputStream)
JarFile(java.util.jar.JarFile)
ZipFile(java.util.zip.ZipFile)
File(java.io.File)
Example 27 with Manifest
use of java.util.jar.Manifest in project otertool by wuntee.
the class JarSigner15 method getManifestFile.
// retrieve the manifest from a jar file -- this will either
// load a pre-existing META-INF/MANIFEST.MF, or create a new
// one
private static Manifest getManifestFile(JarFile jarFile) throws IOException {
JarEntry je = jarFile.getJarEntry("META-INF/MANIFEST.MF");
if (je != null) {
Enumeration entries = jarFile.entries();
while (entries.hasMoreElements()) {
je = (JarEntry) entries.nextElement();
if ("META-INF/MANIFEST.MF".equalsIgnoreCase(je.getName()))
break;
else
je = null;
}
}
// create the manifest object
Manifest manifest = new Manifest();
if (je != null)
manifest.read(jarFile.getInputStream(je));
return manifest;
}
Also used :
Enumeration(java.util.Enumeration)
JarEntry(java.util.jar.JarEntry)
Manifest(java.util.jar.Manifest)
Example 28 with Manifest
use of java.util.jar.Manifest in project otertool by wuntee.
the class JarSigner15 method signJarFile.
// the actual JAR signing method -- this is the method which
// will be called by those wrapping the JARSigner class
public void signJarFile(JarFile jarFile, OutputStream outputStream) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException, IOException, IllegalAccessException, InvocationTargetException, NoSuchMethodException, CertificateException, InstantiationException, ClassNotFoundException {
// calculate the necessary files for the signed jAR
// get the manifest out of the jar and verify that
// all the entries in the manifest are correct
Manifest manifest = getManifestFile(jarFile);
Map entries = createEntries(manifest, jarFile);
// create the message digest and start updating the
// the attributes in the manifest to contain the SHA1
// digests
MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
updateManifestDigest(manifest, jarFile, messageDigest, entries);
// construct the signature file object and the
// signature block objects
SignatureFile signatureFile = createSignatureFile(manifest, messageDigest);
SignatureFile.Block block = signatureFile.generateBlock(privateKey, certChain, true, jarFile);
// start writing out the signed JAR file
// write out the manifest to the output jar stream
String manifestFileName = "META-INF/MANIFEST.MF";
JarOutputStream jos = new JarOutputStream(outputStream);
JarEntry manifestFile = new JarEntry(manifestFileName);
jos.putNextEntry(manifestFile);
byte[] manifestBytes = serialiseManifest(manifest);
jos.write(manifestBytes, 0, manifestBytes.length);
jos.closeEntry();
// write out the signature file -- the signatureFile
// object will name itself appropriately
String signatureFileName = signatureFile.getMetaName();
JarEntry signatureFileEntry = new JarEntry(signatureFileName);
jos.putNextEntry(signatureFileEntry);
signatureFile.write(jos);
jos.closeEntry();
// write out the signature block file -- again, the block
// will name itself appropriately
String signatureBlockName = block.getMetaName();
JarEntry signatureBlockEntry = new JarEntry(signatureBlockName);
jos.putNextEntry(signatureBlockEntry);
block.write(jos);
jos.closeEntry();
// commit the rest of the original entries in the
// META-INF directory. if any of their names conflict
// with one that we created for the signed JAR file, then
// we simply ignore it
Enumeration metaEntries = jarFile.entries();
while (metaEntries.hasMoreElements()) {
JarEntry metaEntry = (JarEntry) metaEntries.nextElement();
if (metaEntry.getName().startsWith("META-INF") && !(manifestFileName.equalsIgnoreCase(metaEntry.getName()) || signatureFileName.equalsIgnoreCase(metaEntry.getName()) || signatureBlockName.equalsIgnoreCase(metaEntry.getName())))
writeJarEntry(metaEntry, jarFile, jos);
}
// now write out the rest of the files to the stream
Enumeration allEntries = jarFile.entries();
while (allEntries.hasMoreElements()) {
JarEntry entry = (JarEntry) allEntries.nextElement();
if (!entry.getName().startsWith("META-INF"))
writeJarEntry(entry, jarFile, jos);
}
// finish the stream that we have been writing to
jos.flush();
jos.finish();
// close the JAR file that we have been using
jarFile.close();
}
Also used :
Enumeration(java.util.Enumeration)
JarOutputStream(java.util.jar.JarOutputStream)
Manifest(java.util.jar.Manifest)
MessageDigest(java.security.MessageDigest)
JarEntry(java.util.jar.JarEntry)
Map(java.util.Map)
Example 29 with Manifest
use of java.util.jar.Manifest in project tdi-studio-se by Talend.
the class JobJavaScriptOSGIForESBManager method getManifest.
private Manifest getManifest(ExportFileResource libResource, ProcessItem processItem) throws IOException {
Analyzer analyzer = createAnalyzer(libResource, processItem);
// Calculate the manifest
Manifest manifest = null;
try {
manifest = analyzer.calcManifest();
} catch (IOException e) {
throw e;
} catch (Exception e) {
ExceptionHandler.process(e);
} finally {
analyzer.close();
}
return manifest;
}
Also used :
IOException(java.io.IOException)
Analyzer(aQute.bnd.osgi.Analyzer)
Manifest(java.util.jar.Manifest)
ProcessorException(org.talend.designer.runprocess.ProcessorException)
MalformedURLException(java.net.MalformedURLException)
IOException(java.io.IOException)
PersistenceException(org.talend.commons.exception.PersistenceException)
Example 30 with Manifest
use of java.util.jar.Manifest in project tdi-studio-se by Talend.
the class JarBuilder method getManifest.
private Manifest getManifest() {
Manifest manifest = new Manifest();
Attributes a = new Attributes();
//$NON-NLS-1$
a.put(Attributes.Name.IMPLEMENTATION_VERSION, "1.0");
//$NON-NLS-1$
a.put(Attributes.Name.IMPLEMENTATION_VENDOR, "Talend Open Studio");
manifest.getEntries().put(jarFile.getName(), a);
return manifest;
}
Also used :
Attributes(java.util.jar.Attributes)
Manifest(java.util.jar.Manifest)
Aggregations
Manifest (java.util.jar.Manifest)1226
Attributes (java.util.jar.Attributes)392
File (java.io.File)391
IOException (java.io.IOException)336
JarFile (java.util.jar.JarFile)231
InputStream (java.io.InputStream)184
URL (java.net.URL)177
JarOutputStream (java.util.jar.JarOutputStream)145
FileOutputStream (java.io.FileOutputStream)131
Test (org.junit.Test)129
FileInputStream (java.io.FileInputStream)119
Jar (aQute.bnd.osgi.Jar)105
JarInputStream (java.util.jar.JarInputStream)104
Builder (aQute.bnd.osgi.Builder)99
ZipEntry (java.util.zip.ZipEntry)99
ByteArrayOutputStream (java.io.ByteArrayOutputStream)96
JarEntry (java.util.jar.JarEntry)96
ByteArrayInputStream (java.io.ByteArrayInputStream)93
ArrayList (java.util.ArrayList)83
Map (java.util.Map)83
