java.security.CodeSigner Java Examples

The following examples show how to use java.security.CodeSigner. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: XJarClassLoader.java    From xjar with Apache License 2.0 6 votes vote down vote up
@Override
protected Class<?> findClass(String name) throws ClassNotFoundException {
    try {
        return super.findClass(name);
    } catch (ClassFormatError e) {
        String path = name.replace('.', '/').concat(".class");
        URL url = findResource(path);
        if (url == null) {
            throw new ClassNotFoundException(name, e);
        }
        try (InputStream in = url.openStream()) {
            ByteArrayOutputStream bos = new ByteArrayOutputStream();
            XKit.transfer(in, bos);
            byte[] bytes = bos.toByteArray();
            Object resource = getResource.invoke(urlClassPath, path);
            URL codeSourceURL = (URL) getCodeSourceURL.invoke(resource);
            CodeSigner[] codeSigners = (CodeSigner[]) getCodeSigners.invoke(resource);
            CodeSource codeSource = new CodeSource(codeSourceURL, codeSigners);
            return defineClass(name, bytes, 0, bytes.length, codeSource);
        } catch (Throwable t) {
            throw new ClassNotFoundException(name, t);
        }
    }
}
 
Example #2
Source File: GridUriDeploymentJarVerifier.java    From ignite with Apache License 2.0 6 votes vote down vote up
/**
 * Gets all JAR file entry certificates.
 * Method scans entry for signers and than collects all their certificates.
 *
 * @param entry JAR file entry.
 * @return Array of certificates which corresponds to the entry.
 */
private static Certificate[] getCertificates(JarEntry entry) {
    Certificate[] certs = null;

    CodeSigner[] signers = entry.getCodeSigners();

    // Extract the certificates in each code signer's cert chain.
    if (signers != null) {
        List<Certificate> certChains = new ArrayList<>();

        for (CodeSigner signer : signers)
            certChains.addAll(signer.getSignerCertPath().getCertificates());

        // Convert into a Certificate[]
        return certChains.toArray(new Certificate[certChains.size()]);
    }

    return certs;
}
 
Example #3
Source File: SignatureFileVerifier.java    From openjdk-jdk9 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * process the signature block file. Goes through the .SF file
 * and adds code signers for each section where the .SF section
 * hash was verified against the Manifest section.
 *
 *
 */
public void process(Hashtable<String, CodeSigner[]> signers,
        List<Object> manifestDigests)
    throws IOException, SignatureException, NoSuchAlgorithmException,
        JarException, CertificateException
{
    // calls Signature.getInstance() and MessageDigest.getInstance()
    // need to use local providers here, see Providers class
    Object obj = null;
    try {
        obj = Providers.startJarVerification();
        processImpl(signers, manifestDigests);
    } finally {
        Providers.stopJarVerification(obj);
    }

}
 
Example #4
Source File: SignatureFileVerifier.java    From Bytecoder with Apache License 2.0 6 votes vote down vote up
/**
 * process the signature block file. Goes through the .SF file
 * and adds code signers for each section where the .SF section
 * hash was verified against the Manifest section.
 *
 *
 */
public void process(Hashtable<String, CodeSigner[]> signers,
        List<Object> manifestDigests)
    throws IOException, SignatureException, NoSuchAlgorithmException,
        JarException, CertificateException
{
    // calls Signature.getInstance() and MessageDigest.getInstance()
    // need to use local providers here, see Providers class
    Object obj = null;
    try {
        obj = Providers.startJarVerification();
        processImpl(signers, manifestDigests);
    } finally {
        Providers.stopJarVerification(obj);
    }

}
 
Example #5
Source File: SignatureFileVerifier.java    From openjdk-jdk8u with GNU General Public License v2.0 6 votes vote down vote up
/**
 * process the signature block file. Goes through the .SF file
 * and adds code signers for each section where the .SF section
 * hash was verified against the Manifest section.
 *
 *
 */
public void process(Hashtable<String, CodeSigner[]> signers,
        List<Object> manifestDigests)
    throws IOException, SignatureException, NoSuchAlgorithmException,
        JarException, CertificateException
{
    // calls Signature.getInstance() and MessageDigest.getInstance()
    // need to use local providers here, see Providers class
    Object obj = null;
    try {
        obj = Providers.startJarVerification();
        processImpl(signers, manifestDigests);
    } finally {
        Providers.stopJarVerification(obj);
    }

}
 
Example #6
Source File: SignatureFileVerifier.java    From Bytecoder with Apache License 2.0 6 votes vote down vote up
/**
 * Create the named SignatureFileVerifier.
 *
 * @param name the name of the signature block file (.DSA/.RSA/.EC)
 *
 * @param rawBytes the raw bytes of the signature block file
 */
public SignatureFileVerifier(ArrayList<CodeSigner[]> signerCache,
                             ManifestDigester md,
                             String name,
                             byte[] rawBytes)
    throws IOException, CertificateException
{
    // new PKCS7() calls CertificateFactory.getInstance()
    // need to use local providers here, see Providers class
    Object obj = null;
    try {
        obj = Providers.startJarVerification();
        block = new PKCS7(rawBytes);
        sfBytes = block.getContentInfo().getData();
        certificateFactory = CertificateFactory.getInstance("X509");
    } finally {
        Providers.stopJarVerification(obj);
    }
    this.name = name.substring(0, name.lastIndexOf('.'))
                                               .toUpperCase(Locale.ENGLISH);
    this.md = md;
    this.signerCache = signerCache;
}
 
Example #7
Source File: SignatureFileVerifier.java    From TencentKona-8 with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Create the named SignatureFileVerifier.
 *
 * @param name the name of the signature block file (.DSA/.RSA/.EC)
 *
 * @param rawBytes the raw bytes of the signature block file
 */
public SignatureFileVerifier(ArrayList<CodeSigner[]> signerCache,
                             ManifestDigester md,
                             String name,
                             byte[] rawBytes)
    throws IOException, CertificateException
{
    // new PKCS7() calls CertificateFactory.getInstance()
    // need to use local providers here, see Providers class
    Object obj = null;
    try {
        obj = Providers.startJarVerification();
        block = new PKCS7(rawBytes);
        sfBytes = block.getContentInfo().getData();
        certificateFactory = CertificateFactory.getInstance("X509");
    } finally {
        Providers.stopJarVerification(obj);
    }
    this.name = name.substring(0, name.lastIndexOf('.'))
                                               .toUpperCase(Locale.ENGLISH);
    this.md = md;
    this.signerCache = signerCache;
}
 
Example #8
Source File: Serialize.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        // Create a certpath consisting of one certificate
        File f = new File(System.getProperty("test.src", "."), "cert_file");
        FileInputStream fis = new FileInputStream(f);
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        Certificate c = cf.generateCertificate(fis);
        fis.close();
        CertPath cp = cf.generateCertPath(Collections.singletonList(c));

        // Create a code signer
        CodeSigner cs = new CodeSigner(cp, new Timestamp(new Date(), cp));

        // Serialize the code signer
        ByteArrayOutputStream byteOut = new ByteArrayOutputStream();
        ObjectOutputStream out = new ObjectOutputStream(byteOut);
        out.writeObject(cs);
        out.close();

        // Deserialize the code signer
        byte[] data = byteOut.toByteArray();
        CodeSigner cs2 = (CodeSigner) new ObjectInputStream(
            new ByteArrayInputStream(data)).readObject();

        // Test for equality
        if (!cs.equals(cs2) || cs.hashCode() != cs2.hashCode()) {
            throw new Exception("CodeSigner serialization test FAILED");
        }
    }
 
Example #9
Source File: PluginClassLoader.java    From Kettle with GNU General Public License v3.0 5 votes vote down vote up
private Class<?> remappedFindClass(String name) throws ClassNotFoundException {
    Class<?> result = null;

    try {
        String path = name.replace('.', '/').concat(".class");
        URL url = this.findResource(path);
        if (url != null) {
            InputStream stream = url.openStream();
            if (stream != null) {
                byte[] bytecode;

                bytecode = remapper.remapClassFile(stream, RuntimeRepo.getInstance());
                bytecode = Transformer.transform(bytecode);

                JarURLConnection jarURLConnection = (JarURLConnection) url.openConnection();
                URL jarURL = jarURLConnection.getJarFileURL();
                CodeSource codeSource = new CodeSource(jarURL, new CodeSigner[0]);

                result = this.defineClass(name, bytecode, 0, bytecode.length, codeSource);
                if (result != null) {
                    this.resolveClass(result);
                }
            }
        }
    } catch (Throwable t) {
        throw new ClassNotFoundException("Failed to remap class " + name, t);
    }

    return result;
}
 
Example #10
Source File: JarEntry.java    From jtransc with Apache License 2.0 5 votes vote down vote up
/**
 * Returns the code signers for the digital signatures associated with the
 * JAR file. If there is no such code signer, it returns {@code null}. Make
 * sure that the everything is read from the input stream before calling
 * this method, or else the method returns {@code null}.
 *
 * @return the code signers for the JAR entry.
 * @see CodeSigner
 */
public CodeSigner[] getCodeSigners() {
	if (signers == null) {
		signers = getCodeSigners(getCertificates());
	}
	if (signers == null) {
		return null;
	}

	CodeSigner[] tmp = new CodeSigner[signers.length];
	System.arraycopy(signers, 0, tmp, 0, tmp.length);
	return tmp;
}
 
Example #11
Source File: CodeSignerTest.java    From j2objc with Apache License 2.0 5 votes vote down vote up
/**
 * timestamp can be null
 */
public final void testCodeSigner_01() {
    try {
        CodeSigner cs = new CodeSigner(cpath, null);
        assertNotNull(cs);
    } catch (Exception e) {
        fail("Unexpected exception");
    }
}
 
Example #12
Source File: Serialize.java    From openjdk-8 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        // Create a certpath consisting of one certificate
        File f = new File(System.getProperty("test.src", "."), "cert_file");
        FileInputStream fis = new FileInputStream(f);
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        Certificate c = cf.generateCertificate(fis);
        fis.close();
        CertPath cp = cf.generateCertPath(Collections.singletonList(c));

        // Create a code signer
        CodeSigner cs = new CodeSigner(cp, new Timestamp(new Date(), cp));

        // Serialize the code signer
        ByteArrayOutputStream byteOut = new ByteArrayOutputStream();
        ObjectOutputStream out = new ObjectOutputStream(byteOut);
        out.writeObject(cs);
        out.close();

        // Deserialize the code signer
        byte[] data = byteOut.toByteArray();
        CodeSigner cs2 = (CodeSigner) new ObjectInputStream(
            new ByteArrayInputStream(data)).readObject();

        // Test for equality
        if (!cs.equals(cs2) || cs.hashCode() != cs2.hashCode()) {
            throw new Exception("CodeSigner serialization test FAILED");
        }
    }
 
Example #13
Source File: JarFile.java    From Java8CN with Apache License 2.0 5 votes vote down vote up
public CodeSigner[] getCodeSigners() {
    try {
        maybeInstantiateVerifier();
    } catch (IOException e) {
        throw new RuntimeException(e);
    }
    if (signers == null && jv != null) {
        signers = jv.getCodeSigners(JarFile.this, this);
    }
    return signers == null ? null : signers.clone();
}
 
Example #14
Source File: JavaAdapterFactory.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
private static ProtectionDomain createMinimalPermissionDomain() {
    // Generated classes need to have at least the permission to access Nashorn runtime and runtime.linker packages.
    final Permissions permissions = new Permissions();
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.objects"));
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime"));
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime.linker"));
    return new ProtectionDomain(new CodeSource(null, (CodeSigner[])null), permissions);
}
 
Example #15
Source File: SignatureFileVerifier.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
static boolean contains(CodeSigner[] set, CodeSigner signer)
{
    for (int i = 0; i < set.length; i++) {
        if (set[i].equals(signer))
            return true;
    }
    return false;
}
 
Example #16
Source File: Serialize.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        // Create a certpath consisting of one certificate
        File f = new File(System.getProperty("test.src", "."), "cert_file");
        FileInputStream fis = new FileInputStream(f);
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        Certificate c = cf.generateCertificate(fis);
        fis.close();
        CertPath cp = cf.generateCertPath(Collections.singletonList(c));

        // Create a code signer
        CodeSigner cs = new CodeSigner(cp, new Timestamp(new Date(), cp));

        // Serialize the code signer
        ByteArrayOutputStream byteOut = new ByteArrayOutputStream();
        ObjectOutputStream out = new ObjectOutputStream(byteOut);
        out.writeObject(cs);
        out.close();

        // Deserialize the code signer
        byte[] data = byteOut.toByteArray();
        CodeSigner cs2 = (CodeSigner) new ObjectInputStream(
            new ByteArrayInputStream(data)).readObject();

        // Test for equality
        if (!cs.equals(cs2) || cs.hashCode() != cs2.hashCode()) {
            throw new Exception("CodeSigner serialization test FAILED");
        }
    }
 
Example #17
Source File: SignatureFileVerifier.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Given the PKCS7 block and SignerInfo[], create an array of
 * CodeSigner objects. We do this only *once* for a given
 * signature block file.
 */
private CodeSigner[] getSigners(SignerInfo infos[], PKCS7 block)
    throws IOException, NoSuchAlgorithmException, SignatureException,
        CertificateException {

    ArrayList<CodeSigner> signers = null;

    for (int i = 0; i < infos.length; i++) {

        SignerInfo info = infos[i];
        ArrayList<X509Certificate> chain = info.getCertificateChain(block);
        CertPath certChain = certificateFactory.generateCertPath(chain);
        if (signers == null) {
            signers = new ArrayList<CodeSigner>();
        }
        // Append the new code signer
        signers.add(new CodeSigner(certChain, info.getTimestamp()));

        if (debug != null) {
            debug.println("Signature Block Certificate: " +
                chain.get(0));
        }
    }

    if (signers != null) {
        return signers.toArray(new CodeSigner[signers.size()]);
    } else {
        return null;
    }
}
 
Example #18
Source File: SignatureFileVerifier.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Given the PKCS7 block and SignerInfo[], create an array of
 * CodeSigner objects. We do this only *once* for a given
 * signature block file.
 */
private CodeSigner[] getSigners(SignerInfo[] infos, PKCS7 block)
    throws IOException, NoSuchAlgorithmException, SignatureException,
        CertificateException {

    ArrayList<CodeSigner> signers = null;

    for (int i = 0; i < infos.length; i++) {

        SignerInfo info = infos[i];
        ArrayList<X509Certificate> chain = info.getCertificateChain(block);
        CertPath certChain = certificateFactory.generateCertPath(chain);
        if (signers == null) {
            signers = new ArrayList<>();
        }
        // Append the new code signer. If timestamp is invalid, this
        // jar will be treated as unsigned.
        signers.add(new CodeSigner(certChain, info.getTimestamp()));

        if (debug != null) {
            debug.println("Signature Block Certificate: " +
                chain.get(0));
        }
    }

    if (signers != null) {
        return signers.toArray(new CodeSigner[signers.size()]);
    } else {
        return null;
    }
}
 
Example #19
Source File: SignatureFileVerifier.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
static boolean isSubSet(CodeSigner[] subset, CodeSigner[] set)
{
    // check for the same object
    if (set == subset)
        return true;

    boolean match;
    for (int i = 0; i < subset.length; i++) {
        if (!contains(set, subset[i]))
            return false;
    }
    return true;
}
 
Example #20
Source File: SignatureFileVerifier.java    From Bytecoder with Apache License 2.0 5 votes vote down vote up
/**
 * Given the PKCS7 block and SignerInfo[], create an array of
 * CodeSigner objects. We do this only *once* for a given
 * signature block file.
 */
private CodeSigner[] getSigners(SignerInfo[] infos, PKCS7 block)
    throws IOException, NoSuchAlgorithmException, SignatureException,
        CertificateException {

    ArrayList<CodeSigner> signers = null;

    for (int i = 0; i < infos.length; i++) {

        SignerInfo info = infos[i];
        ArrayList<X509Certificate> chain = info.getCertificateChain(block);
        CertPath certChain = certificateFactory.generateCertPath(chain);
        if (signers == null) {
            signers = new ArrayList<>();
        }
        // Append the new code signer. If timestamp is invalid, this
        // jar will be treated as unsigned.
        signers.add(new CodeSigner(certChain, info.getTimestamp()));

        if (debug != null) {
            debug.println("Signature Block Certificate: " +
                chain.get(0));
        }
    }

    if (signers != null) {
        return signers.toArray(new CodeSigner[signers.size()]);
    } else {
        return null;
    }
}
 
Example #21
Source File: SignatureFileVerifier.java    From openjdk-jdk8u with GNU General Public License v2.0 5 votes vote down vote up
void updateSigners(CodeSigner[] newSigners,
    Hashtable<String, CodeSigner[]> signers, String name) {

    CodeSigner[] oldSigners = signers.get(name);

    // search through the cache for a match, go in reverse order
    // as we are more likely to find a match with the last one
    // added to the cache

    CodeSigner[] cachedSigners;
    for (int i = signerCache.size() - 1; i != -1; i--) {
        cachedSigners = signerCache.get(i);
        if (matches(cachedSigners, oldSigners, newSigners)) {
            signers.put(name, cachedSigners);
            return;
        }
    }

    if (oldSigners == null) {
        cachedSigners = newSigners;
    } else {
        cachedSigners =
            new CodeSigner[oldSigners.length + newSigners.length];
        System.arraycopy(oldSigners, 0, cachedSigners, 0,
            oldSigners.length);
        System.arraycopy(newSigners, 0, cachedSigners, oldSigners.length,
            newSigners.length);
    }
    signerCache.add(cachedSigners);
    signers.put(name, cachedSigners);
}
 
Example #22
Source File: SignatureFileVerifier.java    From jdk8u-jdk with GNU General Public License v2.0 5 votes vote down vote up
static boolean contains(CodeSigner[] set, CodeSigner signer)
{
    for (int i = 0; i < set.length; i++) {
        if (set[i].equals(signer))
            return true;
    }
    return false;
}
 
Example #23
Source File: JarEntry.java    From sofa-ark with Apache License 2.0 5 votes vote down vote up
@Override
public CodeSigner[] getCodeSigners() {
    if (this.jarFile.isSigned() && this.codeSigners == null) {
        this.jarFile.setupEntryCertificates(this);
    }
    return this.codeSigners;
}
 
Example #24
Source File: SignatureFileVerifier.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
static boolean isSubSet(CodeSigner[] subset, CodeSigner[] set)
{
    // check for the same object
    if (set == subset)
        return true;

    boolean match;
    for (int i = 0; i < subset.length; i++) {
        if (!contains(set, subset[i]))
            return false;
    }
    return true;
}
 
Example #25
Source File: JavaAdapterFactory.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
private static ProtectionDomain createMinimalPermissionDomain() {
    // Generated classes need to have at least the permission to access Nashorn runtime and runtime.linker packages.
    final Permissions permissions = new Permissions();
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime"));
    permissions.add(new RuntimePermission("accessClassInPackage.jdk.nashorn.internal.runtime.linker"));
    return new ProtectionDomain(new CodeSource(null, (CodeSigner[])null), permissions);
}
 
Example #26
Source File: SignatureFileVerifier.java    From openjdk-jdk9 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Given the PKCS7 block and SignerInfo[], create an array of
 * CodeSigner objects. We do this only *once* for a given
 * signature block file.
 */
private CodeSigner[] getSigners(SignerInfo[] infos, PKCS7 block)
    throws IOException, NoSuchAlgorithmException, SignatureException,
        CertificateException {

    ArrayList<CodeSigner> signers = null;

    for (int i = 0; i < infos.length; i++) {

        SignerInfo info = infos[i];
        ArrayList<X509Certificate> chain = info.getCertificateChain(block);
        CertPath certChain = certificateFactory.generateCertPath(chain);
        if (signers == null) {
            signers = new ArrayList<>();
        }
        // Append the new code signer
        signers.add(new CodeSigner(certChain, info.getTimestamp()));

        if (debug != null) {
            debug.println("Signature Block Certificate: " +
                chain.get(0));
        }
    }

    if (signers != null) {
        return signers.toArray(new CodeSigner[signers.size()]);
    } else {
        return null;
    }
}
 
Example #27
Source File: ScanSignedJar.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        System.out.println("Opening " + JAR_LOCATION + "...");
        JarInputStream inStream =
            new JarInputStream(new URL(JAR_LOCATION).openStream(), true);
        JarEntry entry;
        byte[] buffer = new byte[1024];

        while ((entry = inStream.getNextJarEntry()) != null) {

            // need to read the entry's data to see the certs.
            while(inStream.read(buffer) != -1)
                ;

            String name = entry.getName();
            long size = entry.getSize();
            Certificate[] certificates = entry.getCertificates();
            CodeSigner[] signers = entry.getCodeSigners();

            if (signers == null && certificates == null) {
                System.out.println("[unsigned]\t" + name + "\t(" + size +
                    " bytes)");
                if (name.equals("Count.class")) {
                    throw new Exception("Count.class should be signed");
                }
            } else if (signers != null && certificates != null) {
                System.out.println("[" + signers.length +
                    (signers.length == 1 ? " signer" : " signers") + "]\t" +
                    name + "\t(" + size + " bytes)");
            } else {
                System.out.println("[*ERROR*]\t" + name + "\t(" + size +
                    " bytes)");
                throw new Exception("Cannot determine whether the entry is " +
                    "signed or unsigned (signers[] doesn't match certs[]).");
            }
        }
    }
 
Example #28
Source File: ManifestEntryVerifier.java    From jdk8u60 with GNU General Public License v2.0 5 votes vote down vote up
/**
 * go through all the digests, calculating the final digest
 * and comparing it to the one in the manifest. If this is
 * the first time we have verified this object, remove its
 * code signers from sigFileSigners and place in verifiedSigners.
 *
 *
 */
public CodeSigner[] verify(Hashtable<String, CodeSigner[]> verifiedSigners,
            Hashtable<String, CodeSigner[]> sigFileSigners)
    throws JarException
{
    if (skip) {
        return null;
    }

    if (signers != null)
        return signers;

    for (int i=0; i < digests.size(); i++) {

        MessageDigest digest  = digests.get(i);
        byte [] manHash = manifestHashes.get(i);
        byte [] theHash = digest.digest();

        if (debug != null) {
            debug.println("Manifest Entry: " +
                               name + " digest=" + digest.getAlgorithm());
            debug.println("  manifest " + toHex(manHash));
            debug.println("  computed " + toHex(theHash));
            debug.println();
        }

        if (!MessageDigest.isEqual(theHash, manHash))
            throw new SecurityException(digest.getAlgorithm()+
                                        " digest error for "+name);
    }

    // take it out of sigFileSigners and put it in verifiedSigners...
    signers = sigFileSigners.remove(name);
    if (signers != null) {
        verifiedSigners.put(name, signers);
    }
    return signers;
}
 
Example #29
Source File: SignatureFileVerifier.java    From jdk8u_jdk with GNU General Public License v2.0 5 votes vote down vote up
static boolean isSubSet(CodeSigner[] subset, CodeSigner[] set)
{
    // check for the same object
    if (set == subset)
        return true;

    boolean match;
    for (int i = 0; i < subset.length; i++) {
        if (!contains(set, subset[i]))
            return false;
    }
    return true;
}
 
Example #30
Source File: ScanSignedJar.java    From hottub with GNU General Public License v2.0 5 votes vote down vote up
public static void main(String[] args) throws Exception {

        System.out.println("Opening " + JAR_LOCATION + "...");
        JarInputStream inStream =
            new JarInputStream(new URL(JAR_LOCATION).openStream(), true);
        JarEntry entry;
        byte[] buffer = new byte[1024];

        while ((entry = inStream.getNextJarEntry()) != null) {

            // need to read the entry's data to see the certs.
            while(inStream.read(buffer) != -1)
                ;

            String name = entry.getName();
            long size = entry.getSize();
            Certificate[] certificates = entry.getCertificates();
            CodeSigner[] signers = entry.getCodeSigners();

            if (signers == null && certificates == null) {
                System.out.println("[unsigned]\t" + name + "\t(" + size +
                    " bytes)");
                if (name.equals("Count.class")) {
                    throw new Exception("Count.class should be signed");
                }
            } else if (signers != null && certificates != null) {
                System.out.println("[" + signers.length +
                    (signers.length == 1 ? " signer" : " signers") + "]\t" +
                    name + "\t(" + size + " bytes)");
            } else {
                System.out.println("[*ERROR*]\t" + name + "\t(" + size +
                    " bytes)");
                throw new Exception("Cannot determine whether the entry is " +
                    "signed or unsigned (signers[] doesn't match certs[]).");
            }
        }
    }