public byte[] fromFile(File file) throws IOException {
InputStream fis = null;
BufferedInputStream bis = null;
try {
fis = new FileInputStream(file);
bis = new BufferedInputStream(fis);
return fromInputStream(bis);
} finally {
LauncherUtils.close(bis);
LauncherUtils.close(fis);
}
}
public byte[] fromZipContents(File file) throws IOException {
SignatureList list = new SignatureList();
InputStream fis = null;
ZipInputStream zip = null;
try {
fis = new FileInputStream(file);
zip = new ZipInputStream(fis);
ZipEntry entry;
while ((entry = zip.getNextEntry()) != null) {
list.add(entry.getName(), fromInputStream(zip));
}
return list.toDigest();
} finally {
LauncherUtils.close(zip);
LauncherUtils.close(fis);
}
}
public WebpagePanel createPanel(URL baseUrl) throws IOException {
switch (getType()) {
case URL:
URL url = LauncherUtils.concat(baseUrl, getContent());
return WebpagePanel.forURL(url, false);
case HTML:
return WebpagePanel.forHTML(getContent());
}
throw new IOException("Invalid content type");
}
/**
* Attempt to verify that a file is signed.
*
* @param in input stream
* @param ext file extension
* @throws SecurityException throw on verification failure
* @throws IOException on I/O error
*/
public void verify(InputStream in, String ext) throws SecurityException, IOException {
try {
if (ext.equalsIgnoreCase("jar") || ext.equalsIgnoreCase("zip")) {
verifyJar(in);
} else {
throw new SecurityException("Not sure how to verify the signature for '" + ext + "'");
}
} finally {
LauncherUtils.close(in);
}
}
/**
* Attempt to verify that a Jar file is signed. All files (aside from ones in META-INF) must be
* signed and trusted.
*
* @param in input stream
* @throws SecurityException throw on verification failure
* @throws IOException on I/O error
*/
@SuppressWarnings("resource")
public void verifyJar(InputStream in) throws IOException {
JarInputStream jarFile = null;
try {
jarFile = new JarInputStream(in);
Manifest manifest = jarFile.getManifest();
if (manifest == null) {
throw new SecurityException("The given file was not digitally signed");
}
// Ensure all the entries' signatures verify correctly
byte[] buffer = new byte[8192];
JarEntry entry;
while ((entry = jarFile.getNextJarEntry()) != null) {
if (entry.isDirectory()) continue;
do {} while (jarFile.read(buffer, 0, buffer.length) != -1);
Certificate[] certs = entry.getCertificates();
if (isMetaInf(entry.getName())) {
continue;
} else if (certs == null || certs.length == 0) {
throw new SecurityException("The archive contains files that are not digitally signed");
} else {
int i = 0;
boolean verified = false;
while (i < certs.length) {
X509Certificate[] chain = findChain(certs, i);
try {
verify(chain);
verified = true;
break;
} catch (SecurityException e) {
}
i += chain.length;
}
if (!verified) {
throw new SecurityException(
"The file(s) are signed by an entity that is not registered as 'trusted' with the launcher");
}
}
}
} finally {
LauncherUtils.close(jarFile);
}
}
public byte[] toDigest() {
if (DEBUG) {
logger.info("------------------- Signature List -------------------");
}
Collections.sort(files);
MessageDigest digest = createDigest();
for (FileSignature file : files) {
digest.update(file.key.getBytes());
digest.update((byte) 0);
digest.update(file.digest);
if (DEBUG) {
logger.info(LauncherUtils.getHexString(file.digest) + " " + file.key);
}
}
if (DEBUG) {
logger.info("------------------------------------------------------");
}
return digest.digest();
}