1 /* 2 * Copyright (c) 2016, 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package jdk.incubator.jpackage.internal; 27 28 import java.io.ByteArrayInputStream; 29 import java.io.ByteArrayOutputStream; 30 import java.io.File; 31 import java.io.IOException; 32 import java.io.PrintStream; 33 import java.nio.file.StandardCopyOption; 34 import java.nio.file.Files; 35 import java.text.DateFormat; 36 import java.text.ParseException; 37 import java.text.SimpleDateFormat; 38 import java.util.ArrayList; 39 import java.util.Calendar; 40 import java.util.Date; 41 import java.util.List; 42 import java.util.Locale; 43 44 public final class MacCertificate { 45 private final String certificate; 46 47 public MacCertificate(String certificate) { 48 this.certificate = certificate; 49 } 50 51 public boolean isValid() { 52 return verifyCertificate(this.certificate); 53 } 54 55 private static File findCertificate(String certificate) { 56 File result = null; 57 58 List<String> args = new ArrayList<>(); 59 args.add("security"); 60 args.add("find-certificate"); 61 args.add("-c"); 62 args.add(certificate); 63 args.add("-a"); 64 args.add("-p"); 65 66 try (ByteArrayOutputStream baos = new ByteArrayOutputStream(); 67 PrintStream ps = new PrintStream(baos)) { 68 ProcessBuilder security = new ProcessBuilder(args); 69 IOUtils.exec(security, false, ps); 70 71 File output = File.createTempFile("tempfile", ".tmp"); 72 73 Files.copy(new ByteArrayInputStream(baos.toByteArray()), 74 output.toPath(), StandardCopyOption.REPLACE_EXISTING); 75 76 result = output; 77 } 78 catch (IOException ignored) {} 79 80 return result; 81 } 82 83 private static Date findCertificateDate(String filename) { 84 Date result = null; 85 86 List<String> args = new ArrayList<>(); 87 args.add("/usr/bin/openssl"); 88 args.add("x509"); 89 args.add("-noout"); 90 args.add("-enddate"); 91 args.add("-in"); 92 args.add(filename); 93 94 try (ByteArrayOutputStream baos = new ByteArrayOutputStream(); 95 PrintStream ps = new PrintStream(baos)) { 96 ProcessBuilder security = new ProcessBuilder(args); 97 IOUtils.exec(security, false, ps); 98 String output = baos.toString(); 99 output = output.substring(output.indexOf("=") + 1); 100 DateFormat df = new SimpleDateFormat( 101 "MMM dd kk:mm:ss yyyy z", Locale.ENGLISH); 102 result = df.parse(output); 103 } catch (IOException | ParseException ex) { 104 Log.verbose(ex); 105 } 106 107 return result; 108 } 109 110 private static boolean verifyCertificate(String certificate) { 111 boolean result = false; 112 113 try { 114 File file = null; 115 Date certificateDate = null; 116 117 try { 118 file = findCertificate(certificate); 119 120 if (file != null) { 121 certificateDate = findCertificateDate( 122 file.getCanonicalPath()); 123 } 124 } 125 finally { 126 if (file != null) { 127 file.delete(); 128 } 129 } 130 131 if (certificateDate != null) { 132 Calendar c = Calendar.getInstance(); 133 Date today = c.getTime(); 134 135 if (certificateDate.after(today)) { 136 result = true; 137 } 138 } 139 } 140 catch (IOException ignored) {} 141 142 return result; 143 } 144 }