1 /*
   2  * Copyright (c) 2014, 2017, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package com.oracle.tools.packager.mac;
  27 
  28 import com.oracle.tools.packager.BundlerParamInfo;
  29 import com.oracle.tools.packager.StandardBundlerParam;
  30 import com.oracle.tools.packager.Log;
  31 import com.oracle.tools.packager.ConfigException;
  32 import com.oracle.tools.packager.IOUtils;
  33 import com.oracle.tools.packager.Platform;
  34 import com.oracle.tools.packager.UnsupportedPlatformException;
  35 import jdk.packager.internal.legacy.builders.mac.MacAppImageBuilder;
  36 
  37 import java.io.File;
  38 import java.io.FileNotFoundException;
  39 import java.io.IOException;
  40 import java.text.MessageFormat;
  41 import java.util.ArrayList;
  42 import java.util.Arrays;
  43 import java.util.Collection;
  44 import java.util.LinkedHashSet;
  45 import java.util.List;
  46 import java.util.Map;
  47 import java.util.Optional;
  48 import java.util.ResourceBundle;
  49 
  50 import static com.oracle.tools.packager.StandardBundlerParam.*;
  51 import static com.oracle.tools.packager.mac.MacAppBundler.*;
  52 import jdk.packager.internal.legacy.mac.MacCertificate;
  53 
  54 public class MacAppStoreBundler extends MacBaseInstallerBundler {
  55 
  56     private static final ResourceBundle I18N =
  57             ResourceBundle.getBundle(MacAppStoreBundler.class.getName());
  58 
  59     private static final String TEMPLATE_BUNDLE_ICON_HIDPI = "GenericAppHiDPI.icns";
  60     private final static String DEFAULT_ENTITLEMENTS = "MacAppStore.entitlements";
  61     private final static String DEFAULT_INHERIT_ENTITLEMENTS = "MacAppStore_Inherit.entitlements";
  62 
  63     public static final BundlerParamInfo<String> MAC_APP_STORE_APP_SIGNING_KEY = new StandardBundlerParam<>(
  64             I18N.getString("param.signing-key-app.name"),
  65             I18N.getString("param.signing-key-app.description"),
  66             "mac.signing-key-app",
  67             String.class,
  68             params -> {
  69                     String result = MacBaseInstallerBundler.findKey("3rd Party Mac Developer Application: " + SIGNING_KEY_USER.fetchFrom(params),
  70                                                                     SIGNING_KEYCHAIN.fetchFrom(params),
  71                                                                     VERBOSE.fetchFrom(params));
  72                     if (result != null) {
  73                         MacCertificate certificate = new MacCertificate(result, VERBOSE.fetchFrom(params));
  74 
  75                         if (!certificate.isValid()) {
  76                             Log.info(MessageFormat.format(I18N.getString("error.certificate.expired"), result));
  77                         }
  78                     }
  79 
  80                     return result;
  81                 },
  82             (s, p) -> s);
  83 
  84     public static final BundlerParamInfo<String> MAC_APP_STORE_PKG_SIGNING_KEY = new StandardBundlerParam<>(
  85             I18N.getString("param.signing-key-pkg.name"),
  86             I18N.getString("param.signing-key-pkg.description"),
  87             "mac.signing-key-pkg",
  88             String.class,
  89             params -> {
  90                     String result = MacBaseInstallerBundler.findKey("3rd Party Mac Developer Installer: " + SIGNING_KEY_USER.fetchFrom(params), SIGNING_KEYCHAIN.fetchFrom(params), VERBOSE.fetchFrom(params));
  91 
  92                     if (result != null) {
  93                         MacCertificate certificate = new MacCertificate(result, VERBOSE.fetchFrom(params));
  94 
  95                         if (!certificate.isValid()) {
  96                             Log.info(MessageFormat.format(I18N.getString("error.certificate.expired"), result));
  97                         }
  98                     }
  99 
 100                     return result;
 101                 },
 102             (s, p) -> s);
 103 
 104     public static final StandardBundlerParam<File> MAC_APP_STORE_ENTITLEMENTS  = new StandardBundlerParam<>(
 105             I18N.getString("param.mac-app-store-entitlements.name"),
 106             I18N.getString("param.mac-app-store-entitlements.description"),
 107             "mac.app-store-entitlements",
 108             File.class,
 109             params -> null,
 110             (s, p) -> new File(s));
 111 
 112     public static final BundlerParamInfo<String> INSTALLER_SUFFIX = new StandardBundlerParam<> (
 113             I18N.getString("param.installer-suffix.name"),
 114             I18N.getString("param.installer-suffix.description"),
 115             "mac.app-store.installerName.suffix",
 116             String.class,
 117             params -> "-MacAppStore",
 118             (s, p) -> s);
 119 
 120     public MacAppStoreBundler() {
 121         super();
 122         baseResourceLoader = MacResources.class;
 123     }
 124 
 125     //@Override
 126     public File bundle(Map<String, ? super Object> p, File outdir) {
 127         Log.info(MessageFormat.format(I18N.getString("message.building-bundle"), APP_NAME.fetchFrom(p)));
 128         if (!outdir.isDirectory() && !outdir.mkdirs()) {
 129             throw new RuntimeException(MessageFormat.format(I18N.getString("error.cannot-create-output-dir"), outdir.getAbsolutePath()));
 130         }
 131         if (!outdir.canWrite()) {
 132             throw new RuntimeException(MessageFormat.format(I18N.getString("error.cannot-write-to-output-dir"), outdir.getAbsolutePath()));
 133         }
 134 
 135         // first, load in some overrides
 136         // icns needs @2 versions, so load in the @2 default
 137         p.put(DEFAULT_ICNS_ICON.getID(), TEMPLATE_BUNDLE_ICON_HIDPI);
 138 
 139         // next we need to change the jdk/jre stripping to strip gstreamer
 140 //        p.put(MAC_RULES.getID(), createMacAppStoreRuntimeRules(p));
 141 
 142         // now we create the app
 143         File appImageDir = APP_IMAGE_BUILD_ROOT.fetchFrom(p);
 144         try {
 145             appImageDir.mkdirs();
 146 
 147             try {
 148                 MacAppImageBuilder.addNewKeychain(p);
 149             } catch (InterruptedException e) {
 150                 Log.error(e.getMessage());
 151             }
 152             // first, make sure we don't use the local signing key
 153             p.put(DEVELOPER_ID_APP_SIGNING_KEY.getID(), null);
 154             File appLocation = prepareAppBundle(p);
 155 
 156             prepareEntitlements(p);
 157 
 158             String signingIdentity = MAC_APP_STORE_APP_SIGNING_KEY.fetchFrom(p);
 159             String identifierPrefix = BUNDLE_ID_SIGNING_PREFIX.fetchFrom(p);
 160             String entitlementsFile = getConfig_Entitlements(p).toString();
 161             String inheritEntitlements = getConfig_Inherit_Entitlements(p).toString();
 162 
 163             MacAppImageBuilder.signAppBundle(p, appLocation.toPath(), signingIdentity, identifierPrefix, entitlementsFile, inheritEntitlements);
 164             MacAppImageBuilder.restoreKeychainList(p);
 165 
 166             ProcessBuilder pb;
 167 
 168             // create the final pkg file
 169             File finalPKG = new File(outdir, INSTALLER_NAME.fetchFrom(p)
 170                     + INSTALLER_SUFFIX.fetchFrom(p)
 171                     + ".pkg");
 172             outdir.mkdirs();
 173 
 174             String installIdentify = MAC_APP_STORE_PKG_SIGNING_KEY.fetchFrom(p);
 175 
 176             List<String> buildOptions = new ArrayList<>();
 177             buildOptions.add("productbuild");
 178             buildOptions.add("--component");
 179             buildOptions.add(appLocation.toString());
 180             buildOptions.add("/Applications");
 181             buildOptions.add("--sign");
 182             buildOptions.add(installIdentify);
 183             buildOptions.add("--product");
 184             buildOptions.add(appLocation + "/Contents/Info.plist");
 185             String keychainName = SIGNING_KEYCHAIN.fetchFrom(p);
 186             if (keychainName != null && !keychainName.isEmpty()) {
 187                 buildOptions.add("--keychain");
 188                 buildOptions.add(keychainName);
 189             }
 190             buildOptions.add(finalPKG.getAbsolutePath());
 191 
 192             pb = new ProcessBuilder(buildOptions);
 193 
 194             IOUtils.exec(pb, VERBOSE.fetchFrom(p));
 195             return finalPKG;
 196         } catch (Exception ex) {
 197             Log.info("App Store Ready Bundle failed : " + ex.getMessage());
 198             ex.printStackTrace();
 199             Log.debug(ex);
 200             return null;
 201         } finally {
 202             try {
 203                 if (appImageDir != null && !Log.isDebug()) {
 204                     IOUtils.deleteRecursive(appImageDir);
 205                 } else if (appImageDir != null) {
 206                     Log.info(MessageFormat.format(I18N.getString("mesasge.intermediate-bundle-location"), appImageDir.getAbsolutePath()));
 207                 }
 208                 if (!VERBOSE.fetchFrom(p)) {
 209                     //cleanup
 210                     cleanupConfigFiles(p);
 211                 } else {
 212                     Log.info(MessageFormat.format(I18N.getString("message.config-save-location"), CONFIG_ROOT.fetchFrom(p).getAbsolutePath()));
 213                 }
 214             } catch (IOException ex) {
 215                 //noinspection ReturnInsideFinallyBlock
 216                 Log.debug(ex.getMessage());
 217                 return null;
 218             }
 219         }
 220     }
 221 
 222     protected void cleanupConfigFiles(Map<String, ? super Object> params) {
 223         if (getConfig_Entitlements(params) != null) {
 224             getConfig_Entitlements(params).delete();
 225         }
 226         if (getConfig_Inherit_Entitlements(params) != null) {
 227             getConfig_Inherit_Entitlements(params).delete();
 228         }
 229         if (MAC_APP_IMAGE.fetchFrom(params) == null) {
 230             APP_BUNDLER.fetchFrom(params).cleanupConfigFiles(params);
 231         }
 232     }
 233 
 234     private File getConfig_Entitlements(Map<String, ? super Object> params) {
 235         return new File(CONFIG_ROOT.fetchFrom(params), APP_NAME.fetchFrom(params) + ".entitlements");
 236     }
 237 
 238     private File getConfig_Inherit_Entitlements(Map<String, ? super Object> params) {
 239         return new File(CONFIG_ROOT.fetchFrom(params), APP_NAME.fetchFrom(params) + "_Inherit.entitlements");
 240     }
 241 
 242     private void prepareEntitlements(Map<String, ? super Object> params) throws IOException {
 243         File entitlements = MAC_APP_STORE_ENTITLEMENTS.fetchFrom(params);
 244         if (entitlements == null || !entitlements.exists()) {
 245             fetchResource(getEntitlementsFileName(params),
 246                     I18N.getString("resource.mac-app-store-entitlements"),
 247                     DEFAULT_ENTITLEMENTS,
 248                     getConfig_Entitlements(params),
 249                     VERBOSE.fetchFrom(params),
 250                     DROP_IN_RESOURCES_ROOT.fetchFrom(params));
 251         } else {
 252             fetchResource(getEntitlementsFileName(params),
 253                     I18N.getString("resource.mac-app-store-entitlements"),
 254                     entitlements,
 255                     getConfig_Entitlements(params),
 256                     VERBOSE.fetchFrom(params),
 257                     DROP_IN_RESOURCES_ROOT.fetchFrom(params));
 258         }
 259         fetchResource(getInheritEntitlementsFileName(params),
 260                 I18N.getString("resource.mac-app-store-inherit-entitlements"),
 261                 DEFAULT_INHERIT_ENTITLEMENTS,
 262                 getConfig_Inherit_Entitlements(params),
 263                 VERBOSE.fetchFrom(params),
 264                 DROP_IN_RESOURCES_ROOT.fetchFrom(params));
 265     }
 266 
 267     private String getEntitlementsFileName(Map<String, ? super Object> params) {
 268         return MAC_BUNDLER_PREFIX+ APP_NAME.fetchFrom(params) +".entitlements";
 269     }
 270 
 271     private String getInheritEntitlementsFileName(Map<String, ? super Object> params) {
 272         return MAC_BUNDLER_PREFIX+ APP_NAME.fetchFrom(params) +"_Inherit.entitlements";
 273     }
 274 
 275 
 276     //////////////////////////////////////////////////////////////////////////////////
 277     // Implement Bundler
 278     //////////////////////////////////////////////////////////////////////////////////
 279 
 280     @Override
 281     public String getName() {
 282         return I18N.getString("bundler.name");
 283     }
 284 
 285     @Override
 286     public String getDescription() {
 287         return I18N.getString("bundler.description");
 288     }
 289 
 290     @Override
 291     public String getID() {
 292         return "mac.appStore";
 293     }
 294 
 295     @Override
 296     public Collection<BundlerParamInfo<?>> getBundleParameters() {
 297         Collection<BundlerParamInfo<?>> results = new LinkedHashSet<>();
 298         results.addAll(getAppBundleParameters());
 299         results.addAll(getMacAppStoreBundleParameters());
 300         return results;
 301     }
 302 
 303     public Collection<BundlerParamInfo<?>> getMacAppStoreBundleParameters() {
 304         Collection<BundlerParamInfo<?>> results = new LinkedHashSet<>();
 305 
 306         results.addAll(getAppBundleParameters());
 307         results.remove(DEVELOPER_ID_APP_SIGNING_KEY);
 308         results.addAll(Arrays.asList(
 309                 INSTALLER_SUFFIX,
 310                 MAC_APP_STORE_APP_SIGNING_KEY,
 311                 MAC_APP_STORE_ENTITLEMENTS,
 312                 MAC_APP_STORE_PKG_SIGNING_KEY,
 313                 SIGNING_KEYCHAIN
 314         ));
 315 
 316         return results;
 317     }
 318 
 319     @Override
 320     public boolean validate(Map<String, ? super Object> params) throws UnsupportedPlatformException, ConfigException {
 321         try {
 322             if (Platform.getPlatform() != Platform.MAC) {
 323                 throw new UnsupportedPlatformException();
 324             }
 325 
 326             if (params == null) {
 327                 throw new ConfigException(
 328                         I18N.getString("error.parameters-null"),
 329                         I18N.getString("error.parameters-null.advice"));
 330             }
 331 
 332             // hdiutil is always available so there's no need to test for availability.
 333             //run basic validation to ensure requirements are met
 334 
 335             //TODO Mac App Store apps cannot use the system runtime
 336 
 337             //we are not interested in return code, only possible exception
 338             validateAppImageAndBundeler(params);
 339 
 340             // reject explicitly set to not sign
 341             if (!Optional.ofNullable(SIGN_BUNDLE.fetchFrom(params)).orElse(Boolean.TRUE)) {
 342                 throw new ConfigException(
 343                         I18N.getString("error.must-sign-app-store"),
 344                         I18N.getString("error.must-sign-app-store.advice"));
 345             }
 346 
 347             // make sure we have settings for signatures
 348             if (MAC_APP_STORE_APP_SIGNING_KEY.fetchFrom(params) == null) {
 349                 throw new ConfigException(
 350                         I18N.getString("error.no-app-signing-key"),
 351                         I18N.getString("error.no-app-signing-key.advice"));
 352             }
 353             if (MAC_APP_STORE_PKG_SIGNING_KEY.fetchFrom(params) == null) {
 354                 throw new ConfigException(
 355                         I18N.getString("error.no-pkg-signing-key"),
 356                         I18N.getString("error.no-pkg-signing-key.advice"));
 357             }
 358 
 359             // things we could check...
 360             // check the icons, make sure it has hidpi icons
 361             // check the category, make sure it fits in the list apple has provided
 362             // validate bundle identifier is reverse dns
 363             //  check for \a+\.\a+\..
 364 
 365             return true;
 366         } catch (RuntimeException re) {
 367             if (re.getCause() instanceof ConfigException) {
 368                 throw (ConfigException) re.getCause();
 369             } else {
 370                 throw new ConfigException(re);
 371             }
 372         }
 373     }
 374 
 375     @Override
 376     public File execute(Map<String, ? super Object> params, File outputParentDir) {
 377         return bundle(params, outputParentDir);
 378     }
 379 }