You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
648 lines
22 KiB
648 lines
22 KiB
/*
|
|
* Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
|
|
* ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*
|
|
*/
|
|
|
|
package java.security;
|
|
|
|
|
|
import java.net.URL;
|
|
import java.net.SocketPermission;
|
|
import java.util.ArrayList;
|
|
import java.util.List;
|
|
import java.util.Hashtable;
|
|
import java.io.ByteArrayInputStream;
|
|
import java.io.IOException;
|
|
import java.security.cert.*;
|
|
import sun.misc.IOUtils;
|
|
|
|
/**
|
|
*
|
|
* <p>This class extends the concept of a codebase to
|
|
* encapsulate not only the location (URL) but also the certificate chains
|
|
* that were used to verify signed code originating from that location.
|
|
*
|
|
* @author Li Gong
|
|
* @author Roland Schemers
|
|
*/
|
|
|
|
public class CodeSource implements java.io.Serializable {
|
|
|
|
private static final long serialVersionUID = 4977541819976013951L;
|
|
|
|
/**
|
|
* The code location.
|
|
*
|
|
* @serial
|
|
*/
|
|
private URL location;
|
|
|
|
/*
|
|
* The code signers.
|
|
*/
|
|
private transient CodeSigner[] signers = null;
|
|
|
|
/*
|
|
* The code signers. Certificate chains are concatenated.
|
|
*/
|
|
private transient java.security.cert.Certificate certs[] = null;
|
|
|
|
// cached SocketPermission used for matchLocation
|
|
private transient SocketPermission sp;
|
|
|
|
// for generating cert paths
|
|
private transient CertificateFactory factory = null;
|
|
|
|
/**
|
|
* Constructs a CodeSource and associates it with the specified
|
|
* location and set of certificates.
|
|
*
|
|
* @param url the location (URL).
|
|
*
|
|
* @param certs the certificate(s). It may be null. The contents of the
|
|
* array are copied to protect against subsequent modification.
|
|
*/
|
|
public CodeSource(URL url, java.security.cert.Certificate certs[]) {
|
|
this.location = url;
|
|
|
|
// Copy the supplied certs
|
|
if (certs != null) {
|
|
this.certs = certs.clone();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Constructs a CodeSource and associates it with the specified
|
|
* location and set of code signers.
|
|
*
|
|
* @param url the location (URL).
|
|
* @param signers the code signers. It may be null. The contents of the
|
|
* array are copied to protect against subsequent modification.
|
|
*
|
|
* @since 1.5
|
|
*/
|
|
public CodeSource(URL url, CodeSigner[] signers) {
|
|
this.location = url;
|
|
|
|
// Copy the supplied signers
|
|
if (signers != null) {
|
|
this.signers = signers.clone();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns the hash code value for this object.
|
|
*
|
|
* @return a hash code value for this object.
|
|
*/
|
|
@Override
|
|
public int hashCode() {
|
|
if (location != null)
|
|
return location.hashCode();
|
|
else
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* Tests for equality between the specified object and this
|
|
* object. Two CodeSource objects are considered equal if their
|
|
* locations are of identical value and if their signer certificate
|
|
* chains are of identical value. It is not required that
|
|
* the certificate chains be in the same order.
|
|
*
|
|
* @param obj the object to test for equality with this object.
|
|
*
|
|
* @return true if the objects are considered equal, false otherwise.
|
|
*/
|
|
@Override
|
|
public boolean equals(Object obj) {
|
|
if (obj == this)
|
|
return true;
|
|
|
|
// objects types must be equal
|
|
if (!(obj instanceof CodeSource))
|
|
return false;
|
|
|
|
CodeSource cs = (CodeSource) obj;
|
|
|
|
// URLs must match
|
|
if (location == null) {
|
|
// if location is null, then cs.location must be null as well
|
|
if (cs.location != null) return false;
|
|
} else {
|
|
// if location is not null, then it must equal cs.location
|
|
if (!location.equals(cs.location)) return false;
|
|
}
|
|
|
|
// certs must match
|
|
return matchCerts(cs, true);
|
|
}
|
|
|
|
/**
|
|
* Returns the location associated with this CodeSource.
|
|
*
|
|
* @return the location (URL).
|
|
*/
|
|
public final URL getLocation() {
|
|
/* since URL is practically immutable, returning itself is not
|
|
a security problem */
|
|
return this.location;
|
|
}
|
|
|
|
/**
|
|
* Returns the certificates associated with this CodeSource.
|
|
* <p>
|
|
* If this CodeSource object was created using the
|
|
* {@link #CodeSource(URL url, CodeSigner[] signers)}
|
|
* constructor then its certificate chains are extracted and used to
|
|
* create an array of Certificate objects. Each signer certificate is
|
|
* followed by its supporting certificate chain (which may be empty).
|
|
* Each signer certificate and its supporting certificate chain is ordered
|
|
* bottom-to-top (i.e., with the signer certificate first and the (root)
|
|
* certificate authority last).
|
|
*
|
|
* @return A copy of the certificates array, or null if there is none.
|
|
*/
|
|
public final java.security.cert.Certificate[] getCertificates() {
|
|
if (certs != null) {
|
|
return certs.clone();
|
|
|
|
} else if (signers != null) {
|
|
// Convert the code signers to certs
|
|
ArrayList<java.security.cert.Certificate> certChains =
|
|
new ArrayList<>();
|
|
for (int i = 0; i < signers.length; i++) {
|
|
certChains.addAll(
|
|
signers[i].getSignerCertPath().getCertificates());
|
|
}
|
|
certs = certChains.toArray(
|
|
new java.security.cert.Certificate[certChains.size()]);
|
|
return certs.clone();
|
|
|
|
} else {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns the code signers associated with this CodeSource.
|
|
* <p>
|
|
* If this CodeSource object was created using the
|
|
* {@link #CodeSource(URL url, java.security.cert.Certificate[] certs)}
|
|
* constructor then its certificate chains are extracted and used to
|
|
* create an array of CodeSigner objects. Note that only X.509 certificates
|
|
* are examined - all other certificate types are ignored.
|
|
*
|
|
* @return A copy of the code signer array, or null if there is none.
|
|
*
|
|
* @since 1.5
|
|
*/
|
|
public final CodeSigner[] getCodeSigners() {
|
|
if (signers != null) {
|
|
return signers.clone();
|
|
|
|
} else if (certs != null) {
|
|
// Convert the certs to code signers
|
|
signers = convertCertArrayToSignerArray(certs);
|
|
return signers.clone();
|
|
|
|
} else {
|
|
return null;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Returns true if this CodeSource object "implies" the specified CodeSource.
|
|
* <p>
|
|
* More specifically, this method makes the following checks.
|
|
* If any fail, it returns false. If they all succeed, it returns true.
|
|
* <ul>
|
|
* <li> <i>codesource</i> must not be null.
|
|
* <li> If this object's certificates are not null, then all
|
|
* of this object's certificates must be present in <i>codesource</i>'s
|
|
* certificates.
|
|
* <li> If this object's location (getLocation()) is not null, then the
|
|
* following checks are made against this object's location and
|
|
* <i>codesource</i>'s:
|
|
* <ul>
|
|
* <li> <i>codesource</i>'s location must not be null.
|
|
*
|
|
* <li> If this object's location
|
|
* equals <i>codesource</i>'s location, then return true.
|
|
*
|
|
* <li> This object's protocol (getLocation().getProtocol()) must be
|
|
* equal to <i>codesource</i>'s protocol, ignoring case.
|
|
*
|
|
* <li> If this object's host (getLocation().getHost()) is not null,
|
|
* then the SocketPermission
|
|
* constructed with this object's host must imply the
|
|
* SocketPermission constructed with <i>codesource</i>'s host.
|
|
*
|
|
* <li> If this object's port (getLocation().getPort()) is not
|
|
* equal to -1 (that is, if a port is specified), it must equal
|
|
* <i>codesource</i>'s port or default port
|
|
* (codesource.getLocation().getDefaultPort()).
|
|
*
|
|
* <li> If this object's file (getLocation().getFile()) doesn't equal
|
|
* <i>codesource</i>'s file, then the following checks are made:
|
|
* If this object's file ends with "/-",
|
|
* then <i>codesource</i>'s file must start with this object's
|
|
* file (exclusive the trailing "-").
|
|
* If this object's file ends with a "/*",
|
|
* then <i>codesource</i>'s file must start with this object's
|
|
* file and must not have any further "/" separators.
|
|
* If this object's file doesn't end with a "/",
|
|
* then <i>codesource</i>'s file must match this object's
|
|
* file with a '/' appended.
|
|
*
|
|
* <li> If this object's reference (getLocation().getRef()) is
|
|
* not null, it must equal <i>codesource</i>'s reference.
|
|
*
|
|
* </ul>
|
|
* </ul>
|
|
* <p>
|
|
* For example, the codesource objects with the following locations
|
|
* and null certificates all imply
|
|
* the codesource with the location "http://java.sun.com/classes/foo.jar"
|
|
* and null certificates:
|
|
* <pre>
|
|
* http:
|
|
* http://*.sun.com/classes/*
|
|
* http://java.sun.com/classes/-
|
|
* http://java.sun.com/classes/foo.jar
|
|
* </pre>
|
|
*
|
|
* Note that if this CodeSource has a null location and a null
|
|
* certificate chain, then it implies every other CodeSource.
|
|
*
|
|
* @param codesource CodeSource to compare against.
|
|
*
|
|
* @return true if the specified codesource is implied by this codesource,
|
|
* false if not.
|
|
*/
|
|
|
|
public boolean implies(CodeSource codesource)
|
|
{
|
|
if (codesource == null)
|
|
return false;
|
|
|
|
return matchCerts(codesource, false) && matchLocation(codesource);
|
|
}
|
|
|
|
/**
|
|
* Returns true if all the certs in this
|
|
* CodeSource are also in <i>that</i>.
|
|
*
|
|
* @param that the CodeSource to check against.
|
|
* @param strict If true then a strict equality match is performed.
|
|
* Otherwise a subset match is performed.
|
|
*/
|
|
private boolean matchCerts(CodeSource that, boolean strict)
|
|
{
|
|
boolean match;
|
|
|
|
// match any key
|
|
if (certs == null && signers == null) {
|
|
if (strict) {
|
|
return (that.certs == null && that.signers == null);
|
|
} else {
|
|
return true;
|
|
}
|
|
// both have signers
|
|
} else if (signers != null && that.signers != null) {
|
|
if (strict && signers.length != that.signers.length) {
|
|
return false;
|
|
}
|
|
for (int i = 0; i < signers.length; i++) {
|
|
match = false;
|
|
for (int j = 0; j < that.signers.length; j++) {
|
|
if (signers[i].equals(that.signers[j])) {
|
|
match = true;
|
|
break;
|
|
}
|
|
}
|
|
if (!match) return false;
|
|
}
|
|
return true;
|
|
|
|
// both have certs
|
|
} else if (certs != null && that.certs != null) {
|
|
if (strict && certs.length != that.certs.length) {
|
|
return false;
|
|
}
|
|
for (int i = 0; i < certs.length; i++) {
|
|
match = false;
|
|
for (int j = 0; j < that.certs.length; j++) {
|
|
if (certs[i].equals(that.certs[j])) {
|
|
match = true;
|
|
break;
|
|
}
|
|
}
|
|
if (!match) return false;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
|
|
/**
|
|
* Returns true if two CodeSource's have the "same" location.
|
|
*
|
|
* @param that CodeSource to compare against
|
|
*/
|
|
private boolean matchLocation(CodeSource that) {
|
|
if (location == null)
|
|
return true;
|
|
|
|
if ((that == null) || (that.location == null))
|
|
return false;
|
|
|
|
if (location.equals(that.location))
|
|
return true;
|
|
|
|
if (!location.getProtocol().equalsIgnoreCase(that.location.getProtocol()))
|
|
return false;
|
|
|
|
int thisPort = location.getPort();
|
|
if (thisPort != -1) {
|
|
int thatPort = that.location.getPort();
|
|
int port = thatPort != -1 ? thatPort
|
|
: that.location.getDefaultPort();
|
|
if (thisPort != port)
|
|
return false;
|
|
}
|
|
|
|
if (location.getFile().endsWith("/-")) {
|
|
// Matches the directory and (recursively) all files
|
|
// and subdirectories contained in that directory.
|
|
// For example, "/a/b/-" implies anything that starts with
|
|
// "/a/b/"
|
|
String thisPath = location.getFile().substring(0,
|
|
location.getFile().length()-1);
|
|
if (!that.location.getFile().startsWith(thisPath))
|
|
return false;
|
|
} else if (location.getFile().endsWith("/*")) {
|
|
// Matches the directory and all the files contained in that
|
|
// directory.
|
|
// For example, "/a/b/*" implies anything that starts with
|
|
// "/a/b/" but has no further slashes
|
|
int last = that.location.getFile().lastIndexOf('/');
|
|
if (last == -1)
|
|
return false;
|
|
String thisPath = location.getFile().substring(0,
|
|
location.getFile().length()-1);
|
|
String thatPath = that.location.getFile().substring(0, last+1);
|
|
if (!thatPath.equals(thisPath))
|
|
return false;
|
|
} else {
|
|
// Exact matches only.
|
|
// For example, "/a/b" and "/a/b/" both imply "/a/b/"
|
|
if ((!that.location.getFile().equals(location.getFile()))
|
|
&& (!that.location.getFile().equals(location.getFile()+"/"))) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
if (location.getRef() != null
|
|
&& !location.getRef().equals(that.location.getRef())) {
|
|
return false;
|
|
}
|
|
|
|
String thisHost = location.getHost();
|
|
String thatHost = that.location.getHost();
|
|
if (thisHost != null) {
|
|
if (("".equals(thisHost) || "localhost".equals(thisHost)) &&
|
|
("".equals(thatHost) || "localhost".equals(thatHost))) {
|
|
// ok
|
|
} else if (!thisHost.equals(thatHost)) {
|
|
if (thatHost == null) {
|
|
return false;
|
|
}
|
|
if (this.sp == null) {
|
|
this.sp = new SocketPermission(thisHost, "resolve");
|
|
}
|
|
if (that.sp == null) {
|
|
that.sp = new SocketPermission(thatHost, "resolve");
|
|
}
|
|
if (!this.sp.implies(that.sp)) {
|
|
return false;
|
|
}
|
|
}
|
|
}
|
|
// everything matches
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Returns a string describing this CodeSource, telling its
|
|
* URL and certificates.
|
|
*
|
|
* @return information about this CodeSource.
|
|
*/
|
|
@Override
|
|
public String toString() {
|
|
StringBuilder sb = new StringBuilder();
|
|
sb.append("(");
|
|
sb.append(this.location);
|
|
|
|
if (this.certs != null && this.certs.length > 0) {
|
|
for (int i = 0; i < this.certs.length; i++) {
|
|
sb.append( " " + this.certs[i]);
|
|
}
|
|
|
|
} else if (this.signers != null && this.signers.length > 0) {
|
|
for (int i = 0; i < this.signers.length; i++) {
|
|
sb.append( " " + this.signers[i]);
|
|
}
|
|
} else {
|
|
sb.append(" <no signer certificates>");
|
|
}
|
|
sb.append(")");
|
|
return sb.toString();
|
|
}
|
|
|
|
/**
|
|
* Writes this object out to a stream (i.e., serializes it).
|
|
*
|
|
* @serialData An initial {@code URL} is followed by an
|
|
* {@code int} indicating the number of certificates to follow
|
|
* (a value of "zero" denotes that there are no certificates associated
|
|
* with this object).
|
|
* Each certificate is written out starting with a {@code String}
|
|
* denoting the certificate type, followed by an
|
|
* {@code int} specifying the length of the certificate encoding,
|
|
* followed by the certificate encoding itself which is written out as an
|
|
* array of bytes. Finally, if any code signers are present then the array
|
|
* of code signers is serialized and written out too.
|
|
*/
|
|
private void writeObject(java.io.ObjectOutputStream oos)
|
|
throws IOException
|
|
{
|
|
oos.defaultWriteObject(); // location
|
|
|
|
// Serialize the array of certs
|
|
if (certs == null || certs.length == 0) {
|
|
oos.writeInt(0);
|
|
} else {
|
|
// write out the total number of certs
|
|
oos.writeInt(certs.length);
|
|
// write out each cert, including its type
|
|
for (int i = 0; i < certs.length; i++) {
|
|
java.security.cert.Certificate cert = certs[i];
|
|
try {
|
|
oos.writeUTF(cert.getType());
|
|
byte[] encoded = cert.getEncoded();
|
|
oos.writeInt(encoded.length);
|
|
oos.write(encoded);
|
|
} catch (CertificateEncodingException cee) {
|
|
throw new IOException(cee.getMessage());
|
|
}
|
|
}
|
|
}
|
|
|
|
// Serialize the array of code signers (if any)
|
|
if (signers != null && signers.length > 0) {
|
|
oos.writeObject(signers);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Restores this object from a stream (i.e., deserializes it).
|
|
*/
|
|
private void readObject(java.io.ObjectInputStream ois)
|
|
throws IOException, ClassNotFoundException
|
|
{
|
|
CertificateFactory cf;
|
|
Hashtable<String, CertificateFactory> cfs = null;
|
|
List<java.security.cert.Certificate> certList = null;
|
|
|
|
ois.defaultReadObject(); // location
|
|
|
|
// process any new-style certs in the stream (if present)
|
|
int size = ois.readInt();
|
|
if (size > 0) {
|
|
// we know of 3 different cert types: X.509, PGP, SDSI, which
|
|
// could all be present in the stream at the same time
|
|
cfs = new Hashtable<String, CertificateFactory>(3);
|
|
certList = new ArrayList<>(size > 20 ? 20 : size);
|
|
} else if (size < 0) {
|
|
throw new IOException("size cannot be negative");
|
|
}
|
|
|
|
for (int i = 0; i < size; i++) {
|
|
// read the certificate type, and instantiate a certificate
|
|
// factory of that type (reuse existing factory if possible)
|
|
String certType = ois.readUTF();
|
|
if (cfs.containsKey(certType)) {
|
|
// reuse certificate factory
|
|
cf = cfs.get(certType);
|
|
} else {
|
|
// create new certificate factory
|
|
try {
|
|
cf = CertificateFactory.getInstance(certType);
|
|
} catch (CertificateException ce) {
|
|
throw new ClassNotFoundException
|
|
("Certificate factory for " + certType + " not found");
|
|
}
|
|
// store the certificate factory so we can reuse it later
|
|
cfs.put(certType, cf);
|
|
}
|
|
// parse the certificate
|
|
byte[] encoded = IOUtils.readNBytes(ois, ois.readInt());
|
|
ByteArrayInputStream bais = new ByteArrayInputStream(encoded);
|
|
try {
|
|
certList.add(cf.generateCertificate(bais));
|
|
} catch (CertificateException ce) {
|
|
throw new IOException(ce.getMessage());
|
|
}
|
|
bais.close();
|
|
}
|
|
|
|
if (certList != null) {
|
|
this.certs = certList.toArray(
|
|
new java.security.cert.Certificate[size]);
|
|
}
|
|
// Deserialize array of code signers (if any)
|
|
try {
|
|
this.signers = ((CodeSigner[])ois.readObject()).clone();
|
|
} catch (IOException ioe) {
|
|
// no signers present
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Convert an array of certificates to an array of code signers.
|
|
* The array of certificates is a concatenation of certificate chains
|
|
* where the initial certificate in each chain is the end-entity cert.
|
|
*
|
|
* @return An array of code signers or null if none are generated.
|
|
*/
|
|
private CodeSigner[] convertCertArrayToSignerArray(
|
|
java.security.cert.Certificate[] certs) {
|
|
|
|
if (certs == null) {
|
|
return null;
|
|
}
|
|
|
|
try {
|
|
// Initialize certificate factory
|
|
if (factory == null) {
|
|
factory = CertificateFactory.getInstance("X.509");
|
|
}
|
|
|
|
// Iterate through all the certificates
|
|
int i = 0;
|
|
List<CodeSigner> signers = new ArrayList<>();
|
|
while (i < certs.length) {
|
|
List<java.security.cert.Certificate> certChain =
|
|
new ArrayList<>();
|
|
certChain.add(certs[i++]); // first cert is an end-entity cert
|
|
int j = i;
|
|
|
|
// Extract chain of certificates
|
|
// (loop while certs are not end-entity certs)
|
|
while (j < certs.length &&
|
|
certs[j] instanceof X509Certificate &&
|
|
((X509Certificate)certs[j]).getBasicConstraints() != -1) {
|
|
certChain.add(certs[j]);
|
|
j++;
|
|
}
|
|
i = j;
|
|
CertPath certPath = factory.generateCertPath(certChain);
|
|
signers.add(new CodeSigner(certPath, null));
|
|
}
|
|
|
|
if (signers.isEmpty()) {
|
|
return null;
|
|
} else {
|
|
return signers.toArray(new CodeSigner[signers.size()]);
|
|
}
|
|
|
|
} catch (CertificateException e) {
|
|
return null; //TODO - may be better to throw an ex. here
|
|
}
|
|
}
|
|
}
|