Example 6 with CodeSigner
use of java.security.CodeSigner in project robovm by robovm.
the class CodeSignerTest method testHashCode.
/**
* Tests CodeSigner.hashCode()
*/
public void testHashCode() {
CodeSigner cs1 = new CodeSigner(cpath, ts);
CodeSigner cs2 = new CodeSigner(cpath, ts);
CodeSigner cs3 = new CodeSigner(cpath, null);
assertTrue(cs1.hashCode() == cs2.hashCode());
assertTrue(cs2.hashCode() != cs3.hashCode());
}
Also used :
CodeSigner(java.security.CodeSigner)
Example 7 with CodeSigner
use of java.security.CodeSigner in project robovm by robovm.
the class CodeSignerTest method testToString.
/**
* Tests CodeSigner.toString()
*/
public void testToString() {
assertTrue(new CodeSigner(cpath, null).toString().contains(""));
assertTrue(new CodeSigner(cpath, ts).toString().contains(""));
assertTrue(new CodeSigner(cpath, null).toString().contains("Signer"));
assertTrue(new CodeSigner(cpath, ts).toString().contains(ts.toString()));
}
Also used :
CodeSigner(java.security.CodeSigner)
Example 8 with CodeSigner
use of java.security.CodeSigner in project jdk8u_jdk by JetBrains.
the class Pair method doPrintCert.
private void doPrintCert(final PrintStream out) throws Exception {
if (jarfile != null) {
JarFile jf = new JarFile(jarfile, true);
Enumeration<JarEntry> entries = jf.entries();
Set<CodeSigner> ss = new HashSet<>();
byte[] buffer = new byte[8192];
int pos = 0;
while (entries.hasMoreElements()) {
JarEntry je = entries.nextElement();
try (InputStream is = jf.getInputStream(je)) {
while (is.read(buffer) != -1) {
// we just read. this will throw a SecurityException
// if a signature/digest check fails. This also
// populate the signers
}
}
CodeSigner[] signers = je.getCodeSigners();
if (signers != null) {
for (CodeSigner signer : signers) {
if (!ss.contains(signer)) {
ss.add(signer);
out.printf(rb.getString("Signer.d."), ++pos);
out.println();
out.println();
out.println(rb.getString("Signature."));
out.println();
for (Certificate cert : signer.getSignerCertPath().getCertificates()) {
X509Certificate x = (X509Certificate) cert;
if (rfc) {
out.println(rb.getString("Certificate.owner.") + x.getSubjectDN() + "\n");
dumpCert(x, out);
} else {
printX509Cert(x, out);
}
out.println();
}
Timestamp ts = signer.getTimestamp();
if (ts != null) {
out.println(rb.getString("Timestamp."));
out.println();
for (Certificate cert : ts.getSignerCertPath().getCertificates()) {
X509Certificate x = (X509Certificate) cert;
if (rfc) {
out.println(rb.getString("Certificate.owner.") + x.getSubjectDN() + "\n");
dumpCert(x, out);
} else {
printX509Cert(x, out);
}
out.println();
}
}
}
}
}
}
jf.close();
if (ss.isEmpty()) {
out.println(rb.getString("Not.a.signed.jar.file"));
}
} else if (sslserver != null) {
// Lazily load SSLCertStoreHelper if present
CertStoreHelper helper = CertStoreHelper.getInstance("SSLServer");
CertStore cs = helper.getCertStore(new URI("https://" + sslserver));
Collection<? extends Certificate> chain;
try {
chain = cs.getCertificates(null);
if (chain.isEmpty()) {
// even if the URL connection is successful.
throw new Exception(rb.getString("No.certificate.from.the.SSL.server"));
}
} catch (CertStoreException cse) {
if (cse.getCause() instanceof IOException) {
throw new Exception(rb.getString("No.certificate.from.the.SSL.server"), cse.getCause());
} else {
throw cse;
}
}
int i = 0;
for (Certificate cert : chain) {
try {
if (rfc) {
dumpCert(cert, out);
} else {
out.println("Certificate #" + i++);
out.println("====================================");
printX509Cert((X509Certificate) cert, out);
out.println();
}
} catch (Exception e) {
if (debug) {
e.printStackTrace();
}
}
}
} else {
if (filename != null) {
try (FileInputStream inStream = new FileInputStream(filename)) {
printCertFromStream(inStream, out);
}
} else {
printCertFromStream(System.in, out);
}
}
}
Also used :
CertStoreException(java.security.cert.CertStoreException)
JarFile(java.util.jar.JarFile)
JarEntry(java.util.jar.JarEntry)
Timestamp(java.security.Timestamp)
URI(java.net.URI)
X509Certificate(java.security.cert.X509Certificate)
KeyStoreException(java.security.KeyStoreException)
UnrecoverableEntryException(java.security.UnrecoverableEntryException)
CertStoreException(java.security.cert.CertStoreException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
CertificateException(java.security.cert.CertificateException)
CertStoreHelper(sun.security.provider.certpath.CertStoreHelper)
CertStore(java.security.cert.CertStore)
CodeSigner(java.security.CodeSigner)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Example 9 with CodeSigner
use of java.security.CodeSigner in project jdk8u_jdk by JetBrains.
the class SignatureFileVerifier method processImpl.
private void processImpl(Hashtable<String, CodeSigner[]> signers, List<Object> manifestDigests) throws IOException, SignatureException, NoSuchAlgorithmException, JarException, CertificateException {
Manifest sf = new Manifest();
sf.read(new ByteArrayInputStream(sfBytes));
String version = sf.getMainAttributes().getValue(Attributes.Name.SIGNATURE_VERSION);
if ((version == null) || !(version.equalsIgnoreCase("1.0"))) {
// for now we just ignore this signature file
return;
}
SignerInfo[] infos = block.verify(sfBytes);
if (infos == null) {
throw new SecurityException("cannot verify signature block file " + name);
}
CodeSigner[] newSigners = getSigners(infos, block);
// make sure we have something to do all this work for...
if (newSigners == null)
return;
/*
* Look for the latest timestamp in the signature block. If an entry
* has no timestamp, use current time (aka null).
*/
for (CodeSigner s : newSigners) {
if (debug != null) {
debug.println("Gathering timestamp for: " + s.toString());
}
if (s.getTimestamp() == null) {
timestamp = null;
break;
} else if (timestamp == null) {
timestamp = s.getTimestamp();
} else {
if (timestamp.getTimestamp().before(s.getTimestamp().getTimestamp())) {
timestamp = s.getTimestamp();
}
}
}
Iterator<Map.Entry<String, Attributes>> entries = sf.getEntries().entrySet().iterator();
// see if we can verify the whole manifest first
boolean manifestSigned = verifyManifestHash(sf, md, manifestDigests);
// verify manifest main attributes
if (!manifestSigned && !verifyManifestMainAttrs(sf, md)) {
throw new SecurityException("Invalid signature file digest for Manifest main attributes");
}
// go through each section in the signature file
while (entries.hasNext()) {
Map.Entry<String, Attributes> e = entries.next();
String name = e.getKey();
if (manifestSigned || (verifySection(e.getValue(), name, md))) {
if (name.startsWith("./"))
name = name.substring(2);
if (name.startsWith("/"))
name = name.substring(1);
updateSigners(newSigners, signers, name);
if (debug != null) {
debug.println("processSignature signed name = " + name);
}
} else if (debug != null) {
debug.println("processSignature unsigned name = " + name);
}
}
// MANIFEST.MF is always regarded as signed
updateSigners(newSigners, signers, JarFile.MANIFEST_NAME);
}
Also used :
Attributes(java.util.jar.Attributes)
GeneralSecurityException(java.security.GeneralSecurityException)
Manifest(java.util.jar.Manifest)
SignerInfo(sun.security.pkcs.SignerInfo)
ByteArrayInputStream(java.io.ByteArrayInputStream)
HashMap(java.util.HashMap)
Map(java.util.Map)
CodeSigner(java.security.CodeSigner)
Example 10 with CodeSigner
use of java.security.CodeSigner in project jdk8u_jdk by JetBrains.
the class FactoryURLClassLoader method defineClass.
/*
* Defines a Class using the class bytes obtained from the specified
* Resource. The resulting Class must be resolved before it can be
* used.
*/
private Class<?> defineClass(String name, Resource res) throws IOException {
long t0 = System.nanoTime();
int i = name.lastIndexOf('.');
URL url = res.getCodeSourceURL();
if (i != -1) {
String pkgname = name.substring(0, i);
// Check if package already loaded.
Manifest man = res.getManifest();
definePackageInternal(pkgname, man, url);
}
// Now read the class bytes and define the class
java.nio.ByteBuffer bb = res.getByteBuffer();
if (bb != null) {
// Use (direct) ByteBuffer:
CodeSigner[] signers = res.getCodeSigners();
CodeSource cs = new CodeSource(url, signers);
sun.misc.PerfCounter.getReadClassBytesTime().addElapsedTimeFrom(t0);
return defineClass(name, bb, cs);
} else {
byte[] b = res.getBytes();
// must read certificates AFTER reading bytes.
CodeSigner[] signers = res.getCodeSigners();
CodeSource cs = new CodeSource(url, signers);
sun.misc.PerfCounter.getReadClassBytesTime().addElapsedTimeFrom(t0);
return defineClass(name, b, 0, b.length, cs);
}
}
Also used :
Manifest(java.util.jar.Manifest)
CodeSource(java.security.CodeSource)
CodeSigner(java.security.CodeSigner)
Aggregations
CodeSigner (java.security.CodeSigner)31
Certificate (java.security.cert.Certificate)8
CodeSource (java.security.CodeSource)7
X509Certificate (java.security.cert.X509Certificate)6
Manifest (java.util.jar.Manifest)5
IOException (java.io.IOException)4
URL (java.net.URL)4
ByteBuffer (java.nio.ByteBuffer)4
CertPath (java.security.cert.CertPath)4
JarEntry (java.util.jar.JarEntry)4
JarFile (java.util.jar.JarFile)4
SignerInfo (sun.security.pkcs.SignerInfo)4
Timestamp (java.security.Timestamp)3
ArrayList (java.util.ArrayList)3
ByteArrayInputStream (java.io.ByteArrayInputStream)2
InputStream (java.io.InputStream)2
InvocationTargetException (java.lang.reflect.InvocationTargetException)2
URI (java.net.URI)2
GeneralSecurityException (java.security.GeneralSecurityException)2
KeyStoreException (java.security.KeyStoreException)2
