1 /* 2 * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.tools.jar; 27 28 import java.io.*; 29 import java.util.*; 30 import java.security.*; 31 32 import sun.net.www.MessageHeader; 33 import java.util.Base64; 34 35 36 import sun.security.pkcs.*; 37 import sun.security.x509.AlgorithmId; 38 39 /** 40 * <p>A signature file as defined in the <a 41 * href="manifest.html">Manifest and Signature Format</a>. It has 42 * essentially the same structure as a Manifest file in that it is a 43 * set of RFC 822 headers (sections). The first section contains meta 44 * data relevant to the entire file (i.e "Signature-Version:1.0") and 45 * each subsequent section contains data relevant to specific entries: 46 * entry sections. 47 * 48 * <p>Each entry section contains the name of an entry (which must 49 * have a counterpart in the manifest). Like the manifest it contains 50 * a hash, the hash of the manifest section corresponding to the 51 * name. Since the manifest entry contains the hash of the data, this 52 * is equivalent to a signature of the data, plus the attributes of 53 * the manifest entry. 54 * 55 * <p>This signature file format deal with PKCS7 encoded DSA signature 56 * block. It should be straightforward to extent to support other 57 * algorithms. 58 * 59 * @author David Brown 60 * @author Benjamin Renaud */ 61 62 public class SignatureFile { 63 64 /* Are we debugging? */ 65 static final boolean debug = false; 66 67 /* list of headers that all pertain to a particular file in the 68 * archive */ 69 private Vector<MessageHeader> entries = new Vector<>(); 70 71 /* Right now we only support SHA hashes */ 72 static final String[] hashes = {"SHA"}; 73 74 static final void debug(String s) { 75 if (debug) 76 System.out.println("sig> " + s); 77 } 78 79 /* 80 * The manifest we're working with. */ 81 private Manifest manifest; 82 83 /* 84 * The file name for the file. This is the raw name, i.e. the 85 * extention-less 8 character name (such as MYSIGN) which wil be 86 * used to build the signature filename (MYSIGN.SF) and the block 87 * filename (MYSIGN.DSA) */ 88 private String rawName; 89 90 /* The digital signature block corresponding to this signature 91 * file. */ 92 private PKCS7 signatureBlock; 93 94 95 /** 96 * Private constructor which takes a name a given signature 97 * file. The name must be extension-less and less or equal to 8 98 * character in length. */ 99 private SignatureFile(String name) throws JarException { 100 101 entries = new Vector<>(); 102 103 if (name != null) { 104 if (name.length() > 8 || name.indexOf('.') != -1) { 105 throw new JarException("invalid file name"); 106 } 107 rawName = name.toUpperCase(Locale.ENGLISH); 108 } 109 } 110 111 /** 112 * Private constructor which takes a name a given signature file 113 * and a new file predicate. If it is a new file, a main header 114 * will be added. */ 115 private SignatureFile(String name, boolean newFile) 116 throws JarException { 117 118 this(name); 119 120 if (newFile) { 121 MessageHeader globals = new MessageHeader(); 122 globals.set("Signature-Version", "1.0"); 123 entries.addElement(globals); 124 } 125 } 126 127 /** 128 * Constructs a new Signature file corresponding to a given 129 * Manifest. All entries in the manifest are signed. 130 * 131 * @param manifest the manifest to use. 132 * 133 * @param name for this signature file. This should 134 * be less than 8 characters, and without a suffix (i.e. 135 * without a period in it. 136 * 137 * @exception JarException if an invalid name is passed in. 138 */ 139 public SignatureFile(Manifest manifest, String name) 140 throws JarException { 141 142 this(name, true); 143 144 this.manifest = manifest; 145 Enumeration<MessageHeader> enum_ = manifest.entries(); 146 while (enum_.hasMoreElements()) { 147 MessageHeader mh = enum_.nextElement(); 148 String entryName = mh.findValue("Name"); 149 if (entryName != null) { 150 add(entryName); 151 } 152 } 153 } 154 155 /** 156 * Constructs a new Signature file corresponding to a given 157 * Manifest. Specific entries in the manifest are signed. 158 * 159 * @param manifest the manifest to use. 160 * 161 * @param entries the entries to sign. 162 * 163 * @param filename for this signature file. This should 164 * be less than 8 characters, and without a suffix (i.e. 165 * without a period in it. 166 * 167 * @exception JarException if an invalid name is passed in. 168 */ 169 public SignatureFile(Manifest manifest, String[] entries, 170 String filename) 171 throws JarException { 172 this(filename, true); 173 this.manifest = manifest; 174 add(entries); 175 } 176 177 /** 178 * Construct a Signature file from an input stream. 179 * 180 * @exception IOException if an invalid name is passed in or if a 181 * stream exception occurs. 182 */ 183 public SignatureFile(InputStream is, String filename) 184 throws IOException { 185 this(filename); 186 while (is.available() > 0) { 187 MessageHeader m = new MessageHeader(is); 188 entries.addElement(m); 189 } 190 } 191 192 /** 193 * Construct a Signature file from an input stream. 194 * 195 * @exception IOException if an invalid name is passed in or if a 196 * stream exception occurs. 197 */ 198 public SignatureFile(InputStream is) throws IOException { 199 this(is, null); 200 } 201 202 public SignatureFile(byte[] bytes) throws IOException { 203 this(new ByteArrayInputStream(bytes)); 204 } 205 206 /** 207 * Returns the name of the signature file, ending with a ".SF" 208 * suffix */ 209 public String getName() { 210 return "META-INF/" + rawName + ".SF"; 211 } 212 213 /** 214 * Returns the name of the block file, ending with a block suffix 215 * such as ".DSA". */ 216 public String getBlockName() { 217 String suffix = "DSA"; 218 if (signatureBlock != null) { 219 SignerInfo info = signatureBlock.getSignerInfos()[0]; 220 suffix = info.getDigestEncryptionAlgorithmId().getName(); 221 String temp = AlgorithmId.getEncAlgFromSigAlg(suffix); 222 if (temp != null) suffix = temp; 223 } 224 return "META-INF/" + rawName + "." + suffix; 225 } 226 227 /** 228 * Returns the signature block associated with this file. 229 */ 230 public PKCS7 getBlock() { 231 return signatureBlock; 232 } 233 234 /** 235 * Sets the signature block associated with this file. 236 */ 237 public void setBlock(PKCS7 block) { 238 this.signatureBlock = block; 239 } 240 241 /** 242 * Add a set of entries from the current manifest. 243 */ 244 public void add(String[] entries) throws JarException { 245 for (int i = 0; i < entries.length; i++) { 246 add (entries[i]); 247 } 248 } 249 250 /** 251 * Add a specific entry from the current manifest. 252 */ 253 public void add(String entry) throws JarException { 254 MessageHeader mh = manifest.getEntry(entry); 255 if (mh == null) { 256 throw new JarException("entry " + entry + " not in manifest"); 257 } 258 MessageHeader smh; 259 try { 260 smh = computeEntry(mh); 261 } catch (IOException e) { 262 throw new JarException(e.getMessage()); 263 } 264 entries.addElement(smh); 265 } 266 267 /** 268 * Get the entry corresponding to a given name. Returns null if 269 *the entry does not exist. 270 */ 271 public MessageHeader getEntry(String name) { 272 Enumeration<MessageHeader> enum_ = entries(); 273 while(enum_.hasMoreElements()) { 274 MessageHeader mh = enum_.nextElement(); 275 if (name.equals(mh.findValue("Name"))) { 276 return mh; 277 } 278 } 279 return null; 280 } 281 282 /** 283 * Returns the n-th entry. The global header is a entry 0. */ 284 public MessageHeader entryAt(int n) { 285 return entries.elementAt(n); 286 } 287 288 /** 289 * Returns an enumeration of the entries. 290 */ 291 public Enumeration<MessageHeader> entries() { 292 return entries.elements(); 293 } 294 295 /** 296 * Given a manifest entry, computes the signature entry for this 297 * manifest entry. 298 */ 299 private MessageHeader computeEntry(MessageHeader mh) throws IOException { 300 MessageHeader smh = new MessageHeader(); 301 302 String name = mh.findValue("Name"); 303 if (name == null) { 304 return null; 305 } 306 smh.set("Name", name); 307 308 try { 309 for (int i = 0; i < hashes.length; ++i) { 310 MessageDigest dig = getDigest(hashes[i]); 311 ByteArrayOutputStream baos = new ByteArrayOutputStream(); 312 PrintStream ps = new PrintStream(baos); 313 mh.print(ps); 314 byte[] headerBytes = baos.toByteArray(); 315 byte[] digest = dig.digest(headerBytes); 316 smh.set(hashes[i] + "-Digest", Base64.getMimeEncoder().encodeToString(digest)); 317 } 318 return smh; 319 } catch (NoSuchAlgorithmException e) { 320 throw new JarException(e.getMessage()); 321 } 322 } 323 324 private Hashtable<String, MessageDigest> digests = new Hashtable<>(); 325 326 private MessageDigest getDigest(String algorithm) 327 throws NoSuchAlgorithmException { 328 MessageDigest dig = digests.get(algorithm); 329 if (dig == null) { 330 dig = MessageDigest.getInstance(algorithm); 331 digests.put(algorithm, dig); 332 } 333 dig.reset(); 334 return dig; 335 } 336 337 338 /** 339 * Add a signature file at current position in a stream 340 */ 341 public void stream(OutputStream os) throws IOException { 342 343 /* the first header in the file should be the global one. 344 * It should say "SignatureFile-Version: x.x"; barf if not 345 */ 346 MessageHeader globals = entries.elementAt(0); 347 if (globals.findValue("Signature-Version") == null) { 348 throw new JarException("Signature file requires " + 349 "Signature-Version: 1.0 in 1st header"); 350 } 351 352 PrintStream ps = new PrintStream(os); 353 globals.print(ps); 354 355 for (int i = 1; i < entries.size(); ++i) { 356 MessageHeader mh = entries.elementAt(i); 357 mh.print(ps); 358 } 359 } 360 }