1 /*
2 * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.util;
27
28 import java.security.*;
29 import java.io.*;
30 import java.security.CodeSigner;
31 import java.util.*;
32 import java.util.jar.*;
33
34 import sun.misc.BASE64Decoder;
35
36 import sun.security.jca.Providers;
37
38 /**
39 * This class is used to verify each entry in a jar file with its
40 * manifest value.
41 */
42
43 public class ManifestEntryVerifier {
44
45 private static final Debug debug = Debug.getInstance("jar");
46
47 /**
48 * Holder class to lazily load Sun provider. NOTE: if
49 * Providers.getSunProvider returned a cached provider, we could avoid the
50 * need for caching the provider with this holder class; we should try to
51 * revisit this in JDK 8.
52 */
53 private static class SunProviderHolder {
54 private static final Provider instance = Providers.getSunProvider();
55 }
56
57 /** the created digest objects */
58 HashMap<String, MessageDigest> createdDigests;
59
60 /** the digests in use for a given entry*/
61 ArrayList<MessageDigest> digests;
62
63 /** the manifest hashes for the digests in use */
64 ArrayList<byte[]> manifestHashes;
65
66 private BASE64Decoder decoder = null;
67 private String name = null;
68 private Manifest man;
69
70 private boolean skip = true;
71
72 private JarEntry entry;
73
74 private CodeSigner[] signers = null;
75
76 /**
77 * Create a new ManifestEntryVerifier object.
78 */
79 public ManifestEntryVerifier(Manifest man)
80 {
81 createdDigests = new HashMap<String, MessageDigest>(11);
82 digests = new ArrayList<MessageDigest>();
83 manifestHashes = new ArrayList<byte[]>();
84 decoder = new BASE64Decoder();
85 this.man = man;
86 }
87
88 /**
89 * Find the hashes in the
90 * manifest for this entry, save them, and set the MessageDigest
91 * objects to calculate the hashes on the fly. If name is
92 * null it signifies that update/verify should ignore this entry.
93 */
94 public void setEntry(String name, JarEntry entry)
95 throws IOException
96 {
97 digests.clear();
98 manifestHashes.clear();
99 this.name = name;
100 this.entry = entry;
101
102 skip = true;
103 signers = null;
104
105 if (man == null || name == null) {
106 return;
107 }
108
109 /* get the headers from the manifest for this entry */
110 /* if there aren't any, we can't verify any digests for this entry */
111
112 Attributes attr = man.getAttributes(name);
113 if (attr == null) {
114 // ugh. we should be able to remove this at some point.
115 // there are broken jars floating around with ./name and /name
116 // in the manifest, and "name" in the zip/jar file.
117 attr = man.getAttributes("./"+name);
118 if (attr == null) {
119 attr = man.getAttributes("/"+name);
120 if (attr == null)
121 return;
122 }
123 }
124
125 for (Map.Entry<Object,Object> se : attr.entrySet()) {
126 String key = se.getKey().toString();
127
128 if (key.toUpperCase(Locale.ENGLISH).endsWith("-DIGEST")) {
129 // 7 is length of "-Digest"
130 String algorithm = key.substring(0, key.length()-7);
131
132 MessageDigest digest = createdDigests.get(algorithm);
133
134 if (digest == null) {
135 try {
136
137 digest = MessageDigest.getInstance
138 (algorithm, SunProviderHolder.instance);
139 createdDigests.put(algorithm, digest);
140 } catch (NoSuchAlgorithmException nsae) {
141 // ignore
142 }
143 }
144
145 if (digest != null) {
146 skip = false;
147 digest.reset();
148 digests.add(digest);
149 manifestHashes.add(
150 decoder.decodeBuffer((String)se.getValue()));
151 }
152 }
153 }
154 }
155
156 /**
157 * update the digests for the digests we are interested in
158 */
159 public void update(byte buffer) {
160 if (skip) return;
161
162 for (int i=0; i < digests.size(); i++) {
163 digests.get(i).update(buffer);
164 }
165 }
166
167 /**
168 * update the digests for the digests we are interested in
169 */
170 public void update(byte buffer[], int off, int len) {
171 if (skip) return;
172
173 for (int i=0; i < digests.size(); i++) {
174 digests.get(i).update(buffer, off, len);
175 }
176 }
177
178 /**
179 * get the JarEntry for this object
180 */
181 public JarEntry getEntry()
182 {
183 return entry;
184 }
185
186 /**
187 * go through all the digests, calculating the final digest
188 * and comparing it to the one in the manifest. If this is
189 * the first time we have verified this object, remove its
190 * code signers from sigFileSigners and place in verifiedSigners.
191 *
192 *
193 */
194 public CodeSigner[] verify(Hashtable<String, CodeSigner[]> verifiedSigners,
195 Hashtable<String, CodeSigner[]> sigFileSigners)
196 throws JarException
197 {
198 if (skip) {
199 return null;
200 }
201
202 if (signers != null)
203 return signers;
204
205 for (int i=0; i < digests.size(); i++) {
206
207 MessageDigest digest = digests.get(i);
208 byte [] manHash = manifestHashes.get(i);
209 byte [] theHash = digest.digest();
210
211 if (debug != null) {
212 debug.println("Manifest Entry: " +
213 name + " digest=" + digest.getAlgorithm());
214 debug.println(" manifest " + toHex(manHash));
215 debug.println(" computed " + toHex(theHash));
216 debug.println();
217 }
218
219 if (!MessageDigest.isEqual(theHash, manHash))
220 throw new SecurityException(digest.getAlgorithm()+
221 " digest error for "+name);
222 }
223
224 // take it out of sigFileSigners and put it in verifiedSigners...
225 signers = sigFileSigners.remove(name);
226 if (signers != null) {
227 verifiedSigners.put(name, signers);
228 }
229 return signers;
230 }
231
232 // for the toHex function
233 private static final char[] hexc =
234 {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};
235 /**
236 * convert a byte array to a hex string for debugging purposes
237 * @param data the binary data to be converted to a hex string
238 * @return an ASCII hex string
239 */
240
241 static String toHex(byte[] data) {
242
243 StringBuffer sb = new StringBuffer(data.length*2);
244
245 for (int i=0; i<data.length; i++) {
246 sb.append(hexc[(data[i] >>4) & 0x0f]);
247 sb.append(hexc[data[i] & 0x0f]);
248 }
249 return sb.toString();
250 }
251
252 }