Example 11 with BundleEntry
use of org.eclipse.osgi.storage.bundlefile.BundleEntry in project rt.equinox.framework by eclipse.
the class SignatureBlockProcessor method processSigner.
private void processSigner(BundleFile bf, byte[] manifestBytes, String signer) throws IOException, SignatureException, InvalidKeyException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
BundleEntry be = bf.getEntry(signer);
byte[] pkcs7Bytes = readIntoArray(be);
int dotIndex = signer.lastIndexOf('.');
be = bf.getEntry(signer.substring(0, dotIndex) + DOT_SF);
byte[] sfBytes = readIntoArray(be);
// Step 1, verify the .SF file is signed by the private key that corresponds to the public key
// in the .RSA/.DSA file
String baseFile = bf.getBaseFile() != null ? bf.getBaseFile().toString() : null;
PKCS7Processor processor = new PKCS7Processor(pkcs7Bytes, 0, pkcs7Bytes.length, signer, baseFile);
// call the Step 1 in the Jar File Verification algorithm
processor.verifySFSignature(sfBytes, 0, sfBytes.length);
// algorithm used
String digAlg = getDigAlgFromSF(sfBytes);
if (digAlg == null)
throw new SignatureException(NLS.bind(SignedContentMessages.SF_File_Parsing_Error, new String[] { bf.toString() }));
// get the digest results
// Process the Step 2 in the Jar File Verification algorithm
// Get the manifest out of the signature file and make sure
// it matches MANIFEST.MF
verifyManifestAndSignatureFile(manifestBytes, sfBytes);
// create a SignerInfo with the processed information
SignerInfoImpl signerInfo = new SignerInfoImpl(processor.getCertificates(), null, digAlg);
if ((supportFlags & SignedBundleHook.VERIFY_RUNTIME) != 0)
// only populate the manifests digest information for verifying content at runtime
populateMDResults(manifestBytes, signerInfo);
signerInfos.add(signerInfo);
// check for tsa signers
Certificate[] tsaCerts = processor.getTSACertificates();
Date signingTime = processor.getSigningTime();
if (tsaCerts != null && signingTime != null) {
SignerInfoImpl tsaSignerInfo = new SignerInfoImpl(tsaCerts, null, digAlg);
if (tsaSignerInfos == null)
tsaSignerInfos = new HashMap<>(2);
tsaSignerInfos.put(signerInfo, new Object[] { tsaSignerInfo, signingTime });
}
}
Also used :
BundleEntry(org.eclipse.osgi.storage.bundlefile.BundleEntry)
Certificate(java.security.cert.Certificate)
Aggregations
BundleEntry (org.eclipse.osgi.storage.bundlefile.BundleEntry)11
BundleFile (org.eclipse.osgi.storage.bundlefile.BundleFile)5
IOException (java.io.IOException)3
File (java.io.File)2
FileNotFoundException (java.io.FileNotFoundException)2
ModuleRevision (org.eclipse.osgi.container.ModuleRevision)2
BufferedInputStream (java.io.BufferedInputStream)1
BufferedReader (java.io.BufferedReader)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
DataInputStream (java.io.DataInputStream)1
FileInputStream (java.io.FileInputStream)1
InputStream (java.io.InputStream)1
InputStreamReader (java.io.InputStreamReader)1
Certificate (java.security.cert.Certificate)1
ArrayList (java.util.ArrayList)1
ModuleWiring (org.eclipse.osgi.container.ModuleWiring)1
FrameworkLogEntry (org.eclipse.osgi.framework.log.FrameworkLogEntry)1
ModuleClassLoader (org.eclipse.osgi.internal.loader.ModuleClassLoader)1
SignerInfo (org.eclipse.osgi.signedcontent.SignerInfo)1
BundleInfo (org.eclipse.osgi.storage.BundleInfo)1
