| blob | cb2cbf4900c13ab173fe92690f2635c0321273f7 |
1 /* JarFile.java - Representation of a jar file
2 Copyright (C) 2000, 2003, 2004 Free Software Foundation, Inc.
4 This file is part of GNU Classpath.
6 GNU Classpath is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2, or (at your option)
9 any later version.
11 GNU Classpath is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with GNU Classpath; see the file COPYING. If not, write to the
18 Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
19 02111-1307 USA.
21 Linking this library statically or dynamically with other modules is
22 making a combined work based on this library. Thus, the terms and
23 conditions of the GNU General Public License cover the whole
24 combination.
26 As a special exception, the copyright holders of this library give you
27 permission to link this library with independent modules to produce an
28 executable, regardless of the license terms of these independent
29 modules, and to copy and distribute the resulting executable under
30 terms of your choice, provided that you also meet, for each linked
31 independent module, the terms and conditions of the license of that
32 module. An independent module is a module which is not derived from
33 or based on this library. If you modify this library, you may extend
34 this exception to your version of the library, but you are not
35 obligated to do so. If you do not wish to do so, delete this
36 exception statement from your version. */
74 /**
75 * Representation of a jar file.
76 * <p>
77 * Note that this class is not a subclass of java.io.File but a subclass of
78 * java.util.zip.ZipFile and you can only read JarFiles with it (although
79 * there are constructors that take a File object).
80 *
81 * @since 1.2
82 * @author Mark Wielaard (mark@klomp.org)
83 * @author Casey Marshall (csm@gnu.org) wrote the certificate and entry
84 * verification code.
85 */
87 {
88 // Fields
90 /** The name of the manifest entry: META-INF/MANIFEST.MF */
93 /** The META-INF directory entry. */
96 /** The suffix for PKCS7 DSA signature entries. */
99 /** The suffix for PKCS7 RSA signature entries. */
102 /** The suffix for digest attributes. */
105 /** The suffix for signature files. */
108 // Signature OIDs.
116 /**
117 * The manifest of this file, if any, otherwise null.
118 * Read when first needed.
119 */
122 /** Whether to verify the manifest and all entries. */
125 /** Whether the has already been loaded. */
128 /** Whether the signature files have been loaded. */
131 /**
132 * A map between entry names and booleans, signaling whether or
133 * not that entry has been verified.
134 * Only be accessed with lock on this JarFile*/
137 /**
138 * A mapping from entry name to certificates, if any.
139 * Only accessed with lock on this JarFile.
140 */
141 HashMap entryCerts;
145 {
149 }
151 // Constructors
153 /**
154 * Creates a new JarFile. All jar entries are verified (when a Manifest file
155 * for this JarFile exists). You need to actually open and read the complete
156 * jar entry (with <code>getInputStream()</code>) to check its signature.
157 *
158 * @param fileName the name of the file to open
159 * @exception FileNotFoundException if the fileName cannot be found
160 * @exception IOException if another IO exception occurs while reading
161 */
163 {
165 }
167 /**
168 * Creates a new JarFile. If verify is true then all jar entries are
169 * verified (when a Manifest file for this JarFile exists). You need to
170 * actually open and read the complete jar entry
171 * (with <code>getInputStream()</code>) to check its signature.
172 *
173 * @param fileName the name of the file to open
174 * @param verify checks manifest and entries when true and a manifest
175 * exists, when false no checks are made
176 * @exception FileNotFoundException if the fileName cannot be found
177 * @exception IOException if another IO exception occurs while reading
178 */
180 FileNotFoundException, IOException
181 {
184 {
187 }
188 }
190 /**
191 * Creates a new JarFile. All jar entries are verified (when a Manifest file
192 * for this JarFile exists). You need to actually open and read the complete
193 * jar entry (with <code>getInputStream()</code>) to check its signature.
194 *
195 * @param file the file to open as a jar file
196 * @exception FileNotFoundException if the file does not exits
197 * @exception IOException if another IO exception occurs while reading
198 */
200 {
202 }
204 /**
205 * Creates a new JarFile. If verify is true then all jar entries are
206 * verified (when a Manifest file for this JarFile exists). You need to
207 * actually open and read the complete jar entry
208 * (with <code>getInputStream()</code>) to check its signature.
209 *
210 * @param file the file to open to open as a jar file
211 * @param verify checks manifest and entries when true and a manifest
212 * exists, when false no checks are made
213 * @exception FileNotFoundException if file does not exist
214 * @exception IOException if another IO exception occurs while reading
215 */
217 IOException
218 {
221 {
224 }
225 }
227 /**
228 * Creates a new JarFile with the indicated mode. If verify is true then
229 * all jar entries are verified (when a Manifest file for this JarFile
230 * exists). You need to actually open and read the complete jar entry
231 * (with <code>getInputStream()</code>) to check its signature.
232 * manifest and if the manifest exists and verify is true verfies it.
233 *
234 * @param file the file to open to open as a jar file
235 * @param verify checks manifest and entries when true and a manifest
236 * exists, when false no checks are made
237 * @param mode either ZipFile.OPEN_READ or
238 * (ZipFile.OPEN_READ | ZipFile.OPEN_DELETE)
239 * @exception FileNotFoundException if the file does not exist
240 * @exception IOException if another IO exception occurs while reading
241 * @exception IllegalArgumentException when given an illegal mode
242 *
243 * @since 1.3
244 */
247 {
250 {
253 }
254 }
256 // Methods
258 /**
259 * XXX - should verify the manifest file
260 */
262 {
263 // only check if manifest is not null
265 {
268 }
271 // XXX - verify manifest
272 }
274 /**
275 * Parses and returns the manifest if it exists, otherwise returns null.
276 */
278 {
279 try
280 {
283 {
287 }
288 else
289 {
292 }
293 }
295 {
298 }
299 }
301 /**
302 * Returns a enumeration of all the entries in the JarFile.
303 * Note that also the Jar META-INF entries are returned.
304 *
305 * @exception IllegalStateException when the JarFile is already closed
306 */
308 {
310 }
312 /**
313 * Wraps a given Zip Entries Enumeration. For every zip entry a
314 * JarEntry is created and the corresponding Attributes are looked up.
315 */
317 {
323 {
326 }
329 {
331 }
334 {
337 Manifest manifest;
338 try
339 {
341 }
343 {
345 }
348 {
350 }
353 {
355 try
356 {
358 }
360 {
362 {
365 }
367 }
369 // Include the certificates only if we have asserted that the
370 // signatures are valid. This means the certificates will not be
371 // available if the entry hasn't been read yet.
374 {
379 }
380 }
382 }
383 }
385 /**
386 * XXX
387 * It actually returns a JarEntry not a zipEntry
388 * @param name XXX
389 */
391 {
394 {
396 Manifest manifest;
397 try
398 {
400 }
402 {
404 }
407 {
409 }
412 try
413 {
415 }
417 {
419 {
422 }
424 }
425 // See the comments in the JarEnumeration for why we do this
426 // check.
431 {
436 }
438 }
440 }
442 /**
443 * Returns an input stream for the given entry. If configured to
444 * verify entries, the input stream returned will verify them while
445 * the stream is read, but only on the first time.
446 *
447 * @param entry The entry to get the input stream for.
448 * @exception ZipException XXX
449 * @exception IOException XXX
450 */
452 ZipException, IOException
453 {
454 // If we haven't verified the hash, do it now.
456 {
460 }
461 else
462 {
468 }
469 }
471 /**
472 * Returns the JarEntry that belongs to the name if such an entry
473 * exists in the JarFile. Returns null otherwise
474 * Convenience method that just casts the result from <code>getEntry</code>
475 * to a JarEntry.
476 *
477 * @param name the jar entry name to look up
478 * @return the JarEntry if it exists, null otherwise
479 */
481 {
483 }
485 /**
486 * Returns the manifest for this JarFile or null when the JarFile does not
487 * contain a manifest file.
488 */
490 {
495 }
497 // Only called with lock on this JarFile.
499 {
504 // Phase 1: Read all signature files. These contain the user
505 // certificates as well as the signatures themselves.
507 {
511 {
517 {
521 try
522 {
524 }
526 {
530 }
532 {
536 }
541 }
543 {
550 }
551 }
552 }
554 // Phase 2: verify the signatures on any signature files.
558 {
565 {
570 }
574 {
579 }
581 // It isn't a signature for anything. Punt it.
583 {
586 }
590 }
592 // Phase 3: verify the signature file signatures against the manifest,
593 // mapping the entry name to the target certificates.
596 {
603 {
608 {
614 else
616 }
617 }
618 }
621 }
623 /**
624 * Tell if the given signer info is over the given alias's signature file,
625 * given one of the certificates specified.
626 */
629 {
631 try
632 {
635 {
639 }
641 {
651 else
653 }
654 else
655 {
659 }
660 }
662 {
664 {
667 }
669 }
674 {
681 try
682 {
692 {
696 }
697 }
699 {
701 }
703 {
705 }
707 {
709 }
710 }
711 }
713 /**
714 * Verifies that the digest(s) in a signature file were, in fact, made
715 * over the manifest entry for ENTRY.
716 *
717 * @param entry The entry name.
718 * @param attr The attributes from the signature file to verify.
719 */
721 {
724 // The bytes for ENTRY's manifest entry, which are signed in the
725 // signature file.
727 try
728 {
731 {
735 }
737 }
739 {
741 {
744 }
746 }
749 {
755 try
756 {
767 verified++;
768 }
770 {
772 {
775 }
777 }
779 {
781 {
784 }
786 }
787 }
789 // We have to find at least one valid digest.
791 }
793 /**
794 * Read the raw bytes that comprise a manifest entry. We can't use the
795 * Manifest object itself, because that loses information (such as line
796 * endings, and order of entries).
797 */
799 {
806 {
807 // if (DEBUG)
808 // debug("read "
809 // + (c == '\n' ? "\\n" : (c == '\r' ? "\\r" : String.valueOf((char) c)))
810 // + " state=" + state + " prev="
811 // + (prev == '\n' ? "\\n" : (prev == '\r' ? "\\r" : String.valueOf((char) prev)))
812 // + " t=" + t + (t < target.length ? (" target[t]=" + (char) target[t]) : "")
813 // + " l=" + l);
815 {
817 // Step 1: read until we find the "target" bytes: the start
818 // of the entry we need to read.
822 else
823 {
824 t++;
826 {
829 }
830 }
833 // Step 2: assert that there is a newline character after
834 // the "target" bytes.
837 {
841 }
842 else
843 {
846 }
849 // Step 3: read this whole entry, until we reach an empty
850 // line.
853 {
855 // NL always terminates a line.
859 }
860 else
861 {
862 // Here we see a blank line terminated by a CR,
863 // followed by the next entry. Technically, `c' should
864 // always be 'N' at this point.
868 l++;
869 }
875 }
876 }
878 // The last entry, with a single CR terminating the line.
882 // We should not reach this point, we didn't find the entry (or, possibly,
883 // it is the last entry and is malformed).
885 }
887 /**
888 * A utility class that verifies jar entries as they are read.
889 */
891 {
903 throws IOException
904 {
913 Attributes attr;
917 else
922 {
925 }
926 else
927 {
931 {
939 try
940 {
943 }
945 {
949 }
950 }
955 }
956 }
959 {
961 }
964 {
965 }
968 {
969 }
972 {
975 {
978 }
981 pos++;
985 }
988 {
990 ? length - pos
993 {
996 }
1003 }
1006 {
1008 }
1011 {
1015 {
1020 }
1022 }
1025 {
1030 {
1037 {
1039 {
1043 }
1045 // XXX ??? what do we do here?
1046 // throw new ZipException("message digest mismatch");
1047 }
1048 }
1051 {
1055 }
1056 }
1057 }
1058 }