3570N/A * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 2362N/A * published by the Free Software Foundation. Oracle designates this 0N/A * particular file as subject to the "Classpath" exception as provided 2362N/A * by Oracle in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 2362N/A * or visit www.oracle.com if you need additional information or have any 0N/A * @author Roland Schemers 0N/A /* Are we debugging ? */ 0N/A /* a table mapping names to code signers, for jar entries that have 0N/A had their actual hashes verified */ 0N/A /* a table mapping names to code signers, for jar entries that have 1786N/A passed the .SF/.DSA/.EC -> MANIFEST check */ 4046N/A /* a hash table to hold .SF bytes */ 4046N/A /** "queue" of pending PKCS7 blocks that we couldn't parse 4046N/A * until we parsed the .SF file */ 0N/A /* cache of CodeSigner objects */ 4046N/A /* Are we parsing a block? */ 4046N/A /* Are we done parsing META-INF entries? */ 0N/A /* Are there are files to verify? */ 4046N/A /* The output stream to use when keeping track of files we are interested 0N/A /** The ManifestDigester object */ 0N/A /** the bytes for the manDig object */ 3570N/A /** controls eager signature validation */ 3570N/A /** makes code source singleton instances unique to us */ 3570N/A /** collect -DIGEST-MANIFEST values for blacklist */ 4046N/A * This method scans to see which entry we're parsing and 4046N/A * keeps various state information depending on what type of 0N/A * 1. The manifest should be the first entry in the META-INF directory. 1786N/A * 2. The .SF/.DSA/.EC files follow the manifest, before any normal entries 0N/A * 3. Any of the following will throw a SecurityException: 0N/A * a. digest mismatch between a manifest section and 0N/A * b. digest mismatch between the actual jar entry and the manifest 4046N/A /* We parse only DSA, RSA or EC PKCS7 blocks. */ 0N/A // be liberal in what you accept. If the name starts with ./, remove 0N/A // it as we internally canonicalize it with out the ./. 0N/A // be liberal in what you accept. If the name starts with /, remove 0N/A // it as we internally canonicalize it with out the /. 0N/A // only set the jev object for entries that have a signature 0N/A // don't compute the digest for this entry 0N/A * update a single byte. 0N/A * update an array of bytes. 0N/A * called when we reach the end of entry in one of the read() methods. 4046N/A // add to sigFileData in case future blocks need it 4046N/A // check pending blocks, we can now process 4046N/A // anyone waiting for this .SF file 4046N/A "processEntry: processing pending block");
4046N/A // now we are parsing a signature block file 4046N/A // see if we have already parsed an external .SF file 4046N/A // put this block on queue for later processing 4046N/A // since we don't have the .SF bytes yet 4046N/A // e.g. sun.security.pkcs.ParsingException 4046N/A // ignore and treat as unsigned 4046N/A // ignore and treat as unsigned 4046N/A // ignore and treat as unsigned 4046N/A // ignore and treat as unsigned 0N/A * Return an array of java.security.cert.Certificate objects for 0N/A * the given file in the jar. 0N/A * return an array of CodeSigner objects for 0N/A * the given file in the jar. this array is not cloned. 3570N/A * Force a read of the entry data to generate the 0N/A * Convert an array of signers into an array of concatenated certificate 0N/A // Convert into a Certificate[] 0N/A * returns true if there no files to verify. 0N/A * should only be called after all the META-INF entries 0N/A * have been processed. 0N/A * called to let us know we have processed all the 0N/A * META-INF entries, and if we re-read one of them, don't 0N/A * re-process it. Also gets rid of any data structures 0N/A * we needed when parsing META-INF entries. 3875N/A // MANIFEST.MF is always treated as signed and verified, 3875N/A // move its signers from sigFileSigners to verifiedSigners. 3570N/A // Extended JavaUtilJarAccess CodeSource API Support 3570N/A * Create a unique mapping from codeSigner cache entries to CodeSource. 3570N/A * In theory, multiple URLs origins could map to a single locally cached 3570N/A * and shared JAR file although in practice there will be a single URL in use. 3570N/A * Match CodeSource to a CodeSigner[] in the signer cache. 3570N/A * In practice signers should always be optimized above 3570N/A * but this handles a CodeSource of any type, just in case. 3570N/A * Instances of this class hold uncopied references to internal 3570N/A * signing data that can be compared by object reference identity. 3570N/A * All VerifierCodeSource instances are constructed based on 3570N/A * singleton signerCache or signerCacheCert entries for each unique signer. 3570N/A * No CodeSigner<->Certificate[] conversion is required. 3570N/A * We use these assumptions to optimize equality comparisons. 3570N/A * Only compare against other per-signer singletons constructed 3570N/A * on behalf of the same JarFile instance. Otherwise, compare 3570N/A * Snapshot signer state so it doesn't change on us. We care 3570N/A * only about the asserted signatures. Verification of 3570N/A * signature validity happens via the JarEntry apis. 3570N/A * Grab a single copy of the CodeSigner arrays. Check 3570N/A * to see if we can optimize CodeSigner equality test. 3570N/A * Like entries() but screens out internal JAR mechanism entries 3570N/A * and includes signed entries with no ZIP data. 3570N/A // true if file is part of the signature mechanism itself 3570N/A * Grab entries from ZIP directory but screen out