CertVerifier.java

/*******************************************************************************
 * Copyright (c) 2000, 2008 IBM Corporation and others.
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 *
 * Contributors:
 *     IBM Corporation - initial API and implementation
 *******************************************************************************/
package org.eclipse.update.internal.verifier;

import java.io.File;
import java.io.IOException;
import java.util.*;
import java.util.jar.JarFile;
import java.util.zip.ZipException;
import org.eclipse.core.runtime.CoreException;
import org.eclipse.core.runtime.IProgressMonitor;
import org.eclipse.osgi.signedcontent.*;
import org.eclipse.osgi.util.NLS;
import org.eclipse.update.core.*;
import org.eclipse.update.internal.core.Messages;
import org.eclipse.update.internal.core.UpdateCore;

/**
 * The JarVerifier will check the integrity of the JAR.
 * If the Jar is signed and the integrity is validated,
 * it will check if one of the certificate of each file
 * is in one of the keystore.
 *
 */

public class CertVerifier extends Verifier {

	private CertVerificationResult result;
	private boolean acceptUnsignedFiles;
	private IProgressMonitor monitor;
	private File jarFile;
	private SignedContentFactory factory;
	private List trustedSignerInfos;

	/*
	 * Default Constructor
	 */
	public CertVerifier(SignedContentFactory factory) {
		this.factory = factory;
		initialize();
	}


	/*
	 * 
	 */
	private void initialize() {
		result = null;
		acceptUnsignedFiles = false;
	}

	/*
	 * init
	 */
	private void init(IFeature feature, ContentReference contentRef) throws CoreException {
		jarFile = null;
		if (contentRef instanceof JarContentReference) {
			JarContentReference jarReference = (JarContentReference) contentRef;
			try {
				jarFile = jarReference.asFile();
				if (UpdateCore.DEBUG && UpdateCore.DEBUG_SHOW_INSTALL)
					UpdateCore.debug("Attempting to read JAR file:"+jarFile); //$NON-NLS-1$
			
				// # of entries
				if (!jarFile.exists()) throw new IOException();
				JarFile jar = new JarFile(jarFile);
				if (jar !=null){
					try {
						jar.close();
					} catch (IOException ex) {
						// unchecked
					}
				}
			} catch (ZipException e){
				throw Utilities.newCoreException(NLS.bind(Messages.JarVerifier_InvalidJar, (new String[] { jarReference.toString() })), e);				
			} catch (IOException e) {
				throw Utilities.newCoreException(NLS.bind(Messages.JarVerifier_UnableToAccessJar, (new String[] { jarReference.toString() })), e);
			}
		}

		result = new CertVerificationResult();
		result.setVerificationCode(IVerificationResult.UNKNOWN_ERROR);
		result.setResultException(null);
		result.setFeature(feature);
		result.setContentReference(contentRef);
	}

	/*
	 * @param newMonitor org.eclipse.core.runtime.IProgressMonitor
	 */
	private void setMonitor(IProgressMonitor newMonitor) {
		monitor = newMonitor;
	}

	/*
	 * @see IVerifier#verify(IFeature,ContentReference,boolean, InstallMonitor)
	 */
	public IVerificationResult verify(
		IFeature feature,
		ContentReference reference,
		boolean isFeatureVerification,
		InstallMonitor monitor)
		throws CoreException {

		if (reference == null)
			return result;

		// if parent knows how to verify, ask the parent first
		if (getParent() != null) {
			IVerificationResult vr =
				getParent().verify(feature, reference, isFeatureVerification, monitor);
			if (vr.getVerificationCode() != IVerificationResult.TYPE_ENTRY_UNRECOGNIZED)
				return vr;
		}

		// the parent couldn't verify
		setMonitor(monitor);
		init(feature, reference);
		result.isFeatureVerification(isFeatureVerification);

		if (jarFile!=null) {
			result = verify(jarFile.getAbsolutePath(), reference.getIdentifier());
		} else {
			result.setVerificationCode(IVerificationResult.TYPE_ENTRY_UNRECOGNIZED);
		}

		return result;
	}

	/*
	 * 
	 */
	private CertVerificationResult verify(String file, String identifier) {

		try {
			SignedContent verifier = factory.getSignedContent(new File(file));
			// verify integrity
			verifyIntegrity(verifier, identifier);

			//if user already said yes
			result.alreadySeen(alreadyValidated());

			// save the fact the file is not signed, so the user will not be prompted again 
			if (result.getVerificationCode()
				== IVerificationResult.TYPE_ENTRY_NOT_SIGNED) {
				acceptUnsignedFiles = true;
			}

		} catch (Exception e) {
			result.setVerificationCode(IVerificationResult.UNKNOWN_ERROR);
			result.setResultException(e);
		}

		if (monitor != null) {
			monitor.worked(1);
			if (monitor.isCanceled()) {
				result.setVerificationCode(IVerificationResult.VERIFICATION_CANCELLED);
			}
		}

		return result;
	}

	/*
	 * Verifies the integrity of the JAR
	 */
	private void verifyIntegrity(SignedContent verifier, String identifier) {
		try {
			if (verifier.isSigned()) {
				// If the JAR is signed and invalid then mark as corrupted
				if (hasValidContent(verifier.getSignedEntries())) {
					result.setSignedContent(verifier);
					SignerInfo[] signers = verifier.getSignerInfos();
					for (int i = 0; i < signers.length; i++)
						if (signers[i].isTrusted()) {
							result.setVerificationCode(IVerificationResult.TYPE_ENTRY_SIGNED_RECOGNIZED);
							break;
						}
					if (result.getVerificationCode() != IVerificationResult.TYPE_ENTRY_SIGNED_RECOGNIZED)
						result.setVerificationCode(IVerificationResult.TYPE_ENTRY_SIGNED_UNRECOGNIZED);
				} else
					result.setVerificationCode(IVerificationResult.TYPE_ENTRY_CORRUPTED);
			} else {
				result.setVerificationCode(IVerificationResult.TYPE_ENTRY_NOT_SIGNED);
				return;
			}
		} catch (Exception e) {
			result.setVerificationCode(IVerificationResult.UNKNOWN_ERROR);
			result.setResultException(e);
		}
	}

	private boolean hasValidContent(SignedContentEntry[] signedEntries) {
		try {
			for (int i = 0; i < signedEntries.length; i++)
				signedEntries[i].verify();
		} catch (InvalidContentException e) {
			return false;
		} catch (IOException e) {
			return false;
		}
		return true;
	}


	/*
	 * 
	 */
	private boolean alreadyValidated() {
		int verifyCode = result.getVerificationCode();
		if (verifyCode == IVerificationResult.TYPE_ENTRY_NOT_SIGNED)
			return (acceptUnsignedFiles);
		if (verifyCode == IVerificationResult.UNKNOWN_ERROR)
			return false;
		if (result.getSigners() != null) { //getTrustedCertificates() can't be null as it is lazy initialized
			Iterator iter = getTrustedInfos().iterator();
			SignerInfo[] signers = result.getSigners();

			// check if this is not a user accepted certificate for this feature	
			while (iter.hasNext()) {
				SignerInfo chain = (SignerInfo) iter.next();
				for (int i = 0; i < signers.length; i++)
					if (chain.equals(signers[i]))
						return true;
			}

			// if certificate pair not found in trusted add it for next time
			for (int i = 0; i < signers.length; i++) {
				addTrustedSignerInfo(signers[i]);
			}
		}

		return false;
	}

	/*
	 * 
	 */
	private void addTrustedSignerInfo(SignerInfo signer) {
		if (trustedSignerInfos == null)
			trustedSignerInfos = new ArrayList();
		if (signer != null)
			trustedSignerInfos.add(signer);
	}

	/*
	 * 
	 */
	private List getTrustedInfos() {
		if (trustedSignerInfos == null)
			trustedSignerInfos = new ArrayList();
		return trustedSignerInfos;
	}

	/**
	 * @see IVerifier#setParent(IVerifier)
	 */
	public void setParent(IVerifier parentVerifier) {
		super.setParent(parentVerifier);
		initialize();
	}

}