1 /* 2 * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.security.util; 27 28 import java.security.*; 29 import java.io.*; 30 import java.security.CodeSigner; 31 import java.util.*; 32 import java.util.jar.*; 33 34 import sun.misc.BASE64Decoder; 35 36 import sun.security.jca.Providers; 37 38 /** 39 * This class is used to verify each entry in a jar file with its 40 * manifest value. 41 */ 42 43 public class ManifestEntryVerifier { 44 45 private static final Debug debug = Debug.getInstance("jar"); 46 47 /** 48 * Holder class to lazily load Sun provider. NOTE: if 49 * Providers.getSunProvider returned a cached provider, we could avoid the 50 * need for caching the provider with this holder class; we should try to 51 * revisit this in JDK 8. 52 */ 53 private static class SunProviderHolder { 54 private static final Provider instance = Providers.getSunProvider(); 55 } 56 57 /** the created digest objects */ 58 HashMap<String, MessageDigest> createdDigests; 59 60 /** the digests in use for a given entry*/ 61 ArrayList<MessageDigest> digests; 62 63 /** the manifest hashes for the digests in use */ 64 ArrayList<byte[]> manifestHashes; 65 66 private BASE64Decoder decoder = null; 67 private String name = null; 68 private Manifest man; 69 70 private boolean skip = true; 71 72 private JarEntry entry; 73 74 private CodeSigner[] signers = null; 75 76 /** 77 * Create a new ManifestEntryVerifier object. 78 */ ManifestEntryVerifier(Manifest man)79 public ManifestEntryVerifier(Manifest man) 80 { 81 createdDigests = new HashMap<String, MessageDigest>(11); 82 digests = new ArrayList<MessageDigest>(); 83 manifestHashes = new ArrayList<byte[]>(); 84 decoder = new BASE64Decoder(); 85 this.man = man; 86 } 87 88 /** 89 * Find the hashes in the 90 * manifest for this entry, save them, and set the MessageDigest 91 * objects to calculate the hashes on the fly. If name is 92 * null it signifies that update/verify should ignore this entry. 93 */ setEntry(String name, JarEntry entry)94 public void setEntry(String name, JarEntry entry) 95 throws IOException 96 { 97 digests.clear(); 98 manifestHashes.clear(); 99 this.name = name; 100 this.entry = entry; 101 102 skip = true; 103 signers = null; 104 105 if (man == null || name == null) { 106 return; 107 } 108 109 /* get the headers from the manifest for this entry */ 110 /* if there aren't any, we can't verify any digests for this entry */ 111 112 Attributes attr = man.getAttributes(name); 113 if (attr == null) { 114 // ugh. we should be able to remove this at some point. 115 // there are broken jars floating around with ./name and /name 116 // in the manifest, and "name" in the zip/jar file. 117 attr = man.getAttributes("./"+name); 118 if (attr == null) { 119 attr = man.getAttributes("/"+name); 120 if (attr == null) 121 return; 122 } 123 } 124 125 for (Map.Entry<Object,Object> se : attr.entrySet()) { 126 String key = se.getKey().toString(); 127 128 if (key.toUpperCase(Locale.ENGLISH).endsWith("-DIGEST")) { 129 // 7 is length of "-Digest" 130 String algorithm = key.substring(0, key.length()-7); 131 132 MessageDigest digest = createdDigests.get(algorithm); 133 134 if (digest == null) { 135 try { 136 137 digest = MessageDigest.getInstance 138 (algorithm, SunProviderHolder.instance); 139 createdDigests.put(algorithm, digest); 140 } catch (NoSuchAlgorithmException nsae) { 141 // ignore 142 } 143 } 144 145 if (digest != null) { 146 skip = false; 147 digest.reset(); 148 digests.add(digest); 149 manifestHashes.add( 150 decoder.decodeBuffer((String)se.getValue())); 151 } 152 } 153 } 154 } 155 156 /** 157 * update the digests for the digests we are interested in 158 */ update(byte buffer)159 public void update(byte buffer) { 160 if (skip) return; 161 162 for (int i=0; i < digests.size(); i++) { 163 digests.get(i).update(buffer); 164 } 165 } 166 167 /** 168 * update the digests for the digests we are interested in 169 */ update(byte buffer[], int off, int len)170 public void update(byte buffer[], int off, int len) { 171 if (skip) return; 172 173 for (int i=0; i < digests.size(); i++) { 174 digests.get(i).update(buffer, off, len); 175 } 176 } 177 178 /** 179 * get the JarEntry for this object 180 */ getEntry()181 public JarEntry getEntry() 182 { 183 return entry; 184 } 185 186 /** 187 * go through all the digests, calculating the final digest 188 * and comparing it to the one in the manifest. If this is 189 * the first time we have verified this object, remove its 190 * code signers from sigFileSigners and place in verifiedSigners. 191 * 192 * 193 */ verify(Hashtable<String, CodeSigner[]> verifiedSigners, Hashtable<String, CodeSigner[]> sigFileSigners)194 public CodeSigner[] verify(Hashtable<String, CodeSigner[]> verifiedSigners, 195 Hashtable<String, CodeSigner[]> sigFileSigners) 196 throws JarException 197 { 198 if (skip) { 199 return null; 200 } 201 202 if (signers != null) 203 return signers; 204 205 for (int i=0; i < digests.size(); i++) { 206 207 MessageDigest digest = digests.get(i); 208 byte [] manHash = manifestHashes.get(i); 209 byte [] theHash = digest.digest(); 210 211 if (debug != null) { 212 debug.println("Manifest Entry: " + 213 name + " digest=" + digest.getAlgorithm()); 214 debug.println(" manifest " + toHex(manHash)); 215 debug.println(" computed " + toHex(theHash)); 216 debug.println(); 217 } 218 219 if (!MessageDigest.isEqual(theHash, manHash)) 220 throw new SecurityException(digest.getAlgorithm()+ 221 " digest error for "+name); 222 } 223 224 // take it out of sigFileSigners and put it in verifiedSigners... 225 signers = sigFileSigners.remove(name); 226 if (signers != null) { 227 verifiedSigners.put(name, signers); 228 } 229 return signers; 230 } 231 232 // for the toHex function 233 private static final char[] hexc = 234 {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}; 235 /** 236 * convert a byte array to a hex string for debugging purposes 237 * @param data the binary data to be converted to a hex string 238 * @return an ASCII hex string 239 */ 240 toHex(byte[] data)241 static String toHex(byte[] data) { 242 243 StringBuffer sb = new StringBuffer(data.length*2); 244 245 for (int i=0; i<data.length; i++) { 246 sb.append(hexc[(data[i] >>4) & 0x0f]); 247 sb.append(hexc[data[i] & 0x0f]); 248 } 249 return sb.toString(); 250 } 251 252 } 253