org.eclipse.osgi.internal.signedcontent

Class SignedBundleFile

java.lang.Object

org.eclipse.osgi.baseadaptor.bundlefile.BundleFile

org.eclipse.osgi.internal.signedcontent.SignedBundleFile

All Implemented Interfaces:

SignedContentConstants, SignedContent

public class SignedBundleFile
extends BundleFile
implements SignedContentConstants, SignedContent

This class wraps a Repository of classes and resources to check and enforce signatures. It requires full signing of the manifest by all signers. If no signatures are found, the classes and resources are retrieved without checks.

Field Summary

Fields inherited from class org.eclipse.osgi.baseadaptor.bundlefile.BundleFile

basefile, PROP_SETPERMS_CMD

Fields inherited from interface org.eclipse.osgi.internal.signedcontent.SignedContentConstants

AUTHORIZATION_ENGINE, DEFAULT_AUTHORIZATION_ENGINE, DEFAULT_TRUST_ENGINE, digestManifestSearch, digestManifestSearchLen, DOT_DSA, DOT_RSA, DOT_SF, DSA_OID, EMPTY_STRING, MD2_OID, MD2_STR, MD5_OID, MD5_STR, META_INF, META_INF_MANIFEST_MF, MF_DIGEST_PART, MF_ENTRY_NAME, MF_ENTRY_NEWLN_NAME, RSA_OID, SHA1_OID, SHA1_STR, SHA224_OID, SHA224_STR, SHA256_OID, SHA256_STR, SHA384_OID, SHA384_STR, SHA512_224_OID, SHA512_224_STR, SHA512_256_OID, SHA512_256_STR, SHA512_OID, SHA512_STR, SIG_DASH, SIGNEDDATA_OID, SIGNING_TIME, TIMESTAMP_OID, TIMESTAMP_TST_OID, TRUST_ENGINE

Method Summary

Methods

Modifier and Type	Method and Description
void	checkValidity(SignerInfo signerInfo) Checks if the certificates are valid for the specified signer.
void	close() Closes the BundleFile.
boolean	containsDir(String dir) Determines if any BundleEntries exist in the given directory path.
File	getBaseFile() Returns the base file for this BundleFile
BundleEntry	getEntry(String path) Locates a file name in this bundle and returns a BundleEntry object
Enumeration<String>	getEntryPaths(String path) Allows to access the entries of the bundle.
File	getFile(String path, boolean nativeCode) Returns a File for the bundle entry specified by the path.
SignedContentEntry[]	getSignedEntries() Returns all entries of the content.
SignedContentEntry	getSignedEntry(String name) Returns the signed entry for the specified name.
SignerInfo[]	getSignerInfos() Returns all the signer infos for this SignedContent.
Date	getSigningTime(SignerInfo signerInfo) Returns the signing time for the signer info.
SignerInfo	getTSASignerInfo(SignerInfo signerInfo) Returns the TSA signer info used to authenticate the signer time of a signer info.
boolean	isSigned() Returns true if the content is signed; false otherwise.
void	open() Opens the BundleFiles.

Methods inherited from class org.eclipse.osgi.baseadaptor.bundlefile.BundleFile

fixTrailingSlash, getResourceURL, getResourceURL, getResourceURL, setPermissions, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Method Detail

getFile

public File getFile(String path,
           boolean nativeCode)

Description copied from class: BundleFile

Returns a File for the bundle entry specified by the path. If required the content of the bundle entry is extracted into a file on the file system.

Specified by:

getFile in class BundleFile

Parameters:

path - The path to the entry to locate a File for.

nativeCode - true if the path is native code.

Returns:

A File object to access the contents of the bundle entry.

getEntry

public BundleEntry getEntry(String path)

Description copied from class: BundleFile

Locates a file name in this bundle and returns a BundleEntry object

Specified by:

getEntry in class BundleFile

Parameters:

path - path of the entry to locate in the bundle

Returns:

BundleEntry object or null if the file name does not exist in the bundle

getEntryPaths

public Enumeration<String> getEntryPaths(String path)

Description copied from class: BundleFile

Allows to access the entries of the bundle. Since the bundle content is usually a jar, this allows to access the jar contents. GetEntryPaths allows to enumerate the content of "path". If path is a directory, it is equivalent to listing the directory contents. The returned names are either files or directories themselves. If a returned name is a directory, it finishes with a slash. If a returned name is a file, it does not finish with a slash.

Specified by:

getEntryPaths in class BundleFile

Parameters:

path - path of the entry to locate in the bundle

Returns:

an Enumeration of Strings that indicate the paths found or null if the path does not exist.

close

public void close()
           throws IOException

Description copied from class: BundleFile

Closes the BundleFile.

Specified by:

close in class BundleFile

Throws:

IOException - if any error occurs.

open

public void open()
          throws IOException

Description copied from class: BundleFile

Opens the BundleFiles.

Specified by:

open in class BundleFile

Throws:

IOException - if any error occurs.

containsDir

public boolean containsDir(String dir)

Description copied from class: BundleFile

Determines if any BundleEntries exist in the given directory path.

Specified by:

containsDir in class BundleFile

Parameters:

dir - The directory path to check existence of.

Returns:

true if the BundleFile contains entries under the given directory path; false otherwise.

getBaseFile

public File getBaseFile()

Description copied from class: BundleFile

Returns the base file for this BundleFile

Overrides:

getBaseFile in class BundleFile

Returns:

the base file for this BundleFile

getSignedEntries

public SignedContentEntry[] getSignedEntries()

Description copied from interface: SignedContent

Returns all entries of the content. The returned entries can be used to verify the entry content using SignedContentEntry.verify() and get signer info for each entry in this content using SignedContentEntry.getSignerInfos(). Note that this operation may be expensive because it requires an exhaustive search for entries over the entire content.

Unsigned entries are included in the result. Entries for which signer info exists but no content is found are also returned. For example, when an entry is removed from a signed jar but the jar is not resigned, the signer thinks the entry should exist but the content got removed. This would be considered an invalid entry which would fail verification.

Specified by:

getSignedEntries in interface SignedContent

Returns:

all entries of the content

getSignedEntry

public SignedContentEntry getSignedEntry(String name)

Description copied from interface: SignedContent

Returns the signed entry for the specified name.

Specified by:

getSignedEntry in interface SignedContent

Parameters:

name - the name of the entry

Returns:

the entry or null if the entry could not be found

getSignerInfos

public SignerInfo[] getSignerInfos()

Description copied from interface: SignedContent

Returns all the signer infos for this SignedContent. If the content is not signed then an empty array is returned.

Specified by:

getSignerInfos in interface SignedContent

Returns:

all the signer infos for this SignedContent

getSigningTime

public Date getSigningTime(SignerInfo signerInfo)

Description copied from interface: SignedContent

Returns the signing time for the signer info. If no TSA signers exist then null is returned

Specified by:

getSigningTime in interface SignedContent

Parameters:

signerInfo - the signer info to get the signing time for

Returns:

the signing time

getTSASignerInfo

public SignerInfo getTSASignerInfo(SignerInfo signerInfo)

Description copied from interface: SignedContent

Returns the TSA signer info used to authenticate the signer time of a signer info.

Specified by:

getTSASignerInfo in interface SignedContent

Parameters:

signerInfo - the signer info to get the TSA signer for

Returns:

the TSA signer info

isSigned

public boolean isSigned()

Description copied from interface: SignedContent

Returns true if the content is signed; false otherwise. This is a convenience method equivalent to calling SignedContent.getSignerInfos().length > 0

Specified by:

isSigned in interface SignedContent

Returns:

true if the content is signed

checkValidity

public void checkValidity(SignerInfo signerInfo)
                   throws CertificateExpiredException,
                          CertificateNotYetValidException

Description copied from interface: SignedContent

Checks if the certificates are valid for the specified signer. If the signer has a singing time returned by SignedContent.getSigningTime(SignerInfo) then that time is used to check the validity of the certificates; otherwise the current time is used.

Specified by:

checkValidity in interface SignedContent

Parameters:

signerInfo - the signer info to check validity for.

Throws:

CertificateExpiredException - if one of the certificates of this signer is expired

CertificateNotYetValidException - if one of the certificates of this signer is not yet valid