@Override
public Map<X509Certificate, List<X509Certificate>> getSignerCertificates(int signersType) {
SignedContentFactory factory = equinoxContainer.getSignedContentFactory();
if (factory == null) {
return Collections.emptyMap();
}
try {
SignerInfo[] infos = signerInfos;
if (infos == null) {
SignedContent signedContent = factory.getSignedContent(this);
infos = signedContent.getSignerInfos();
signerInfos = infos;
}
if (infos.length == 0) return Collections.emptyMap();
Map<X509Certificate, List<X509Certificate>> results =
new HashMap<X509Certificate, List<X509Certificate>>(infos.length);
for (int i = 0; i < infos.length; i++) {
if (signersType == SIGNERS_TRUSTED && !infos[i].isTrusted()) continue;
Certificate[] certs = infos[i].getCertificateChain();
if (certs == null || certs.length == 0) continue;
List<X509Certificate> certChain = new ArrayList<X509Certificate>();
for (int j = 0; j < certs.length; j++) certChain.add((X509Certificate) certs[j]);
results.put((X509Certificate) certs[0], certChain);
}
return results;
} catch (Exception e) {
return Collections.emptyMap();
}
}
public DOMReference(
String uri,
String type,
DigestMethod dm,
List appliedTransforms,
Data result,
List transforms,
String id,
byte[] digestValue) {
if (dm == null) {
throw new NullPointerException("DigestMethod must be non-null");
}
if (appliedTransforms == null || appliedTransforms.isEmpty()) {
this.appliedTransforms = Collections.EMPTY_LIST;
} else {
List transformsCopy = new ArrayList(appliedTransforms);
for (int i = 0, size = transformsCopy.size(); i < size; i++) {
if (!(transformsCopy.get(i) instanceof Transform)) {
throw new ClassCastException("appliedTransforms[" + i + "] is not a valid type");
}
}
this.appliedTransforms = Collections.unmodifiableList(transformsCopy);
}
if (transforms == null || transforms.isEmpty()) {
this.transforms = Collections.EMPTY_LIST;
} else {
List transformsCopy = new ArrayList(transforms);
for (int i = 0, size = transformsCopy.size(); i < size; i++) {
if (!(transformsCopy.get(i) instanceof Transform)) {
throw new ClassCastException("transforms[" + i + "] is not a valid type");
}
}
this.transforms = Collections.unmodifiableList(transformsCopy);
}
List all = new ArrayList(this.appliedTransforms);
all.addAll(this.transforms);
this.allTransforms = Collections.unmodifiableList(all);
this.digestMethod = dm;
this.uri = uri;
if ((uri != null) && (!uri.equals(""))) {
try {
new URI(uri);
} catch (URISyntaxException e) {
throw new IllegalArgumentException(e.getMessage());
}
}
this.type = type;
this.id = id;
if (digestValue != null) {
this.digestValue = (byte[]) digestValue.clone();
this.digested = true;
}
this.appliedTransformData = result;
}
static {
FILE_UTILS = FileUtils.getFileUtils();
AntClassLoader.pathMap = Collections.synchronizedMap(new HashMap<String, String>());
AntClassLoader.subClassToLoad = null;
CONSTRUCTOR_ARGS = new Class[] {ClassLoader.class, Project.class, Path.class, Boolean.TYPE};
if (JavaEnvUtils.isAtLeastJavaVersion("1.5")) {
try {
AntClassLoader.subClassToLoad =
Class.forName("org.apache.tools.ant.loader.AntClassLoader5");
} catch (ClassNotFoundException ex) {
}
}
}
/** @return */
public static String getIPv4Address() {
String ipv4address = null;
try {
final List<NetworkInterface> networkinterfaces =
Collections.list(NetworkInterface.getNetworkInterfaces());
for (final NetworkInterface networkinterface : networkinterfaces) {
final List<InetAddress> addresses = Collections.list(networkinterface.getInetAddresses());
for (final InetAddress address : addresses) {
if ((address == null) || address.isLoopbackAddress()) {
continue;
}
if (address instanceof Inet4Address) {
ipv4address = address.getHostAddress().toString();
break;
}
}
}
} catch (Exception x) {
DBG.m(x);
}
return ipv4address;
}
/**
* Creates a <code>DOMReference</code> from an element.
*
* @param refElem a Reference element
*/
public DOMReference(Element refElem, XMLCryptoContext context) throws MarshalException {
// unmarshal Transforms, if specified
Element nextSibling = DOMUtils.getFirstChildElement(refElem);
List transforms = new ArrayList(5);
if (nextSibling.getLocalName().equals("Transforms")) {
Element transformElem = DOMUtils.getFirstChildElement(nextSibling);
while (transformElem != null) {
transforms.add(new DOMTransform(transformElem, context));
transformElem = DOMUtils.getNextSiblingElement(transformElem);
}
nextSibling = DOMUtils.getNextSiblingElement(nextSibling);
}
// unmarshal DigestMethod
Element dmElem = nextSibling;
this.digestMethod = DOMDigestMethod.unmarshal(dmElem);
// unmarshal DigestValue
try {
Element dvElem = DOMUtils.getNextSiblingElement(dmElem);
this.digestValue = Base64.decode(dvElem);
} catch (Base64DecodingException bde) {
throw new MarshalException(bde);
}
// unmarshal attributes
this.uri = DOMUtils.getAttributeValue(refElem, "URI");
this.id = DOMUtils.getAttributeValue(refElem, "Id");
this.type = DOMUtils.getAttributeValue(refElem, "Type");
this.here = refElem.getAttributeNodeNS(null, "URI");
this.refElem = refElem;
if (transforms.isEmpty()) {
this.transforms = Collections.EMPTY_LIST;
} else {
this.transforms = Collections.unmodifiableList(transforms);
}
this.appliedTransforms = Collections.EMPTY_LIST;
this.allTransforms = transforms;
this.appliedTransformData = null;
}
protected void expandSession(AbstractSession session) throws IOException {
if (session != null) {
String id = session.getId();
HttpSession httpSession = lookupHttpSessionById.get(id);
// Set 'timeLastAccess' upon session:
{
if (httpSession != null) {
Date timeLastAccess = new Date(httpSession.getLastAccessedTime());
session.setTimeLastAccess(timeLastAccess);
}
}
expandSessionPrincipal(session);
// Set 'requestURI' upon session:
{
if (httpSession != null) {
List<String> requestURIs = RequestURISessionDecorator.getRequestURIs(httpSession);
if (requestURIs != null) {
Collections.reverse(requestURIs); // reverse the order!
session.setRequestURIs(requestURIs);
}
}
}
// Set 'properties' upon session:
{
if (httpSession != null) {
Map<String, Object> m = PropertiesSessionDecorator.getProperties(httpSession);
if (m != null) {
Properties properties = convertProperties(m);
session.setProperties(properties);
}
}
}
}
}
/** * @author <a href="mailto:[email protected]" >Morten Sabroe Mortensen</a> * @version $Id: HttpSessionAccessor.java,v 1.8 2007/05/21 17:56:06 momor Exp $ */ public class HttpSessionAccessor extends AbstractSessionAccessor { /** Constructor. */ public HttpSessionAccessor() { super(); } /** */ private static final Map<String, AbstractSession> lookupSessionById = new HashMap<String, AbstractSession>(); /** */ private static final Map<String, HttpSession> lookupHttpSessionById = Collections.synchronizedMap(new HashMap<String, HttpSession>()); /** */ private static int sessionCountMax; /** */ private static Long sessionCountMaxTime; /** */ public static synchronized void sessionCreated(HttpSessionEvent ev) { HttpSession httpSession = ev.getSession(); String id = httpSession.getId(); // Remember HTTP-session: { lookupHttpSessionById.put(id, httpSession); } AbstractSession session = null; synchronized (lookupSessionById) { session = lookupSessionById.get(id); } if (session == null) { Principal userPrincipal = null; Date timeCreation = new Date(httpSession.getCreationTime()); Date timeLastAccess = new Date(httpSession.getLastAccessedTime()); List<String> urisForLastRequests = null; Properties properties = null; session = new DefaultSession( id, userPrincipal, timeCreation, timeLastAccess, urisForLastRequests, properties); synchronized (lookupSessionById) { lookupSessionById.put(id, session); // Update 'sessionCountMax': { int sessionCount = lookupSessionById.size(); if (sessionCount > sessionCountMax) { sessionCountMax = sessionCount; sessionCountMaxTime = System.currentTimeMillis(); } } } } } /** */ public static synchronized void sessionDestroyed(HttpSessionEvent ev) { HttpSession httpSession = ev.getSession(); String id = httpSession.getId(); synchronized (lookupSessionById) { lookupSessionById.remove(id); } // Forget HTTP-session: { lookupHttpSessionById.remove(id); } } /** */ public Integer getSessionCount() throws IOException { Integer res = null; { synchronized (lookupSessionById) { res = lookupSessionById.size(); } } return res; } /** */ public Integer getSessionCountMax() throws IOException { Integer res = null; { synchronized (lookupSessionById) { res = sessionCountMax; } } return res; } /** */ public void resetSessionCountMax() throws IOException { synchronized (lookupSessionById) { sessionCountMax = 0; } } /** */ public List<String> getSessionIds() throws IOException { List<String> res = null; { synchronized (lookupSessionById) { Set<String> keySet = lookupSessionById.keySet(); if (keySet != null) { res = new ArrayList<String>(); res.addAll(keySet); } } } return res; } /** */ public List<Session> getSessions() throws IOException { List<Session> res = null; { synchronized (lookupSessionById) { Collection<AbstractSession> values = lookupSessionById.values(); if (values != null) { res = new ArrayList<Session>(); for (AbstractSession session : values) { expandSession(session); } res.addAll(values); } } } return res; } /** */ protected void expandSessionPrincipal(AbstractSession session) throws IOException { if (session != null) { String id = session.getId(); HttpSession httpSession = lookupHttpSessionById.get(id); // Set 'userPrincipal' upon session: { if (httpSession != null) { Principal userPrincipal = PrincipalSessionDecorator.getPrincipal(httpSession); if (userPrincipal != null) { session.setUserPrincipal(userPrincipal); } } } } } /** */ protected void expandSession(AbstractSession session) throws IOException { if (session != null) { String id = session.getId(); HttpSession httpSession = lookupHttpSessionById.get(id); // Set 'timeLastAccess' upon session: { if (httpSession != null) { Date timeLastAccess = new Date(httpSession.getLastAccessedTime()); session.setTimeLastAccess(timeLastAccess); } } expandSessionPrincipal(session); // Set 'requestURI' upon session: { if (httpSession != null) { List<String> requestURIs = RequestURISessionDecorator.getRequestURIs(httpSession); if (requestURIs != null) { Collections.reverse(requestURIs); // reverse the order! session.setRequestURIs(requestURIs); } } } // Set 'properties' upon session: { if (httpSession != null) { Map<String, Object> m = PropertiesSessionDecorator.getProperties(httpSession); if (m != null) { Properties properties = convertProperties(m); session.setProperties(properties); } } } } } /** */ protected Properties convertProperties(Map<String, Object> m) { Properties res = null; { if (m != null) { res = new Properties(); Set<String> keys = m.keySet(); for (String key : keys) { String value = null; // Set 'value': { Object o = m.get(key); if (o != null) { value = o.toString(); } } res.setProperty(key, value); } } } return res; } /** */ public Session getSessionFromId(String id) throws IOException { Session res = null; { synchronized (lookupSessionById) { AbstractSession session = lookupSessionById.get(id); expandSession(session); res = session; } } return res; } /** */ protected List<AbstractSession> filterByUserPrincipal( Collection<AbstractSession> values, Principal userPrincipal) throws IOException { List<AbstractSession> res = null; { if (values != null) { res = new ArrayList<AbstractSession>(); for (AbstractSession session : values) { expandSessionPrincipal(session); } if (userPrincipal == null) { for (AbstractSession session : values) { Principal p = session.getUserPrincipal(); if (p == null) { res.add(session); } } } else { for (AbstractSession session : values) { Principal p = session.getUserPrincipal(); if (PrincipalUtil.equalsIgnoreRealm(userPrincipal, p)) { res.add(session); } } } } } return res; } /** */ public List<Session> getSessionsFromUserPrincipal(Principal userPrincipal) throws IOException { List<Session> res = null; { synchronized (lookupSessionById) { Collection<AbstractSession> values = lookupSessionById.values(); values = filterByUserPrincipal(values, userPrincipal); if (values != null) { res = new ArrayList<Session>(); for (AbstractSession session : values) { expandSession(session); } res.addAll(values); } } } return res; } /** */ public Properties getProperties() throws IOException { Properties res = null; { res = super.getProperties(); if (res == null) { res = new Properties(); } Integer sessionCount = null; Integer sessionCountMax = null; Long sessionCountMaxTime = null; synchronized (lookupSessionById) { sessionCount = lookupSessionById.size(); sessionCountMax = this.sessionCountMax; sessionCountMaxTime = this.sessionCountMaxTime; } if (sessionCount != null) { res.setProperty("session.count", Integer.toString(sessionCount)); } if (sessionCountMax != null) { res.setProperty("session.count-max", Integer.toString(sessionCountMax)); } if (sessionCountMaxTime != null) { String sessionCountMaxTimeText = ApplicationConstants.FORMAT_DATE.format(sessionCountMaxTime); res.setProperty("session.count-max.timestamp", sessionCountMaxTimeText); } } return res; } /** */ public void dispose() { super.dispose(); } }
X509Certificate[] engineValidate(X509Certificate[] chain, Collection otherCerts, Object parameter)
throws CertificateException {
if ((chain == null) || (chain.length == 0)) {
throw new CertificateException("null or zero-length certificate chain");
}
if (TRY_VALIDATOR) {
// check that chain is in correct order and check if chain contains
// trust anchor
X500Principal prevIssuer = null;
for (int i = 0; i < chain.length; i++) {
X509Certificate cert = chain[i];
X500Principal dn = cert.getSubjectX500Principal();
if (i != 0 && !dn.equals(prevIssuer)) {
// chain is not ordered correctly, call builder instead
return doBuild(chain, otherCerts);
}
// Check if chain[i] is already trusted. It may be inside
// trustedCerts, or has the same dn and public key as a cert
// inside trustedCerts. The latter happens when a CA has
// updated its cert with a stronger signature algorithm in JRE
// but the weak one is still in circulation.
if (trustedCerts.contains(cert)
|| // trusted cert
(trustedSubjects.containsKey(dn)
&& // replacing ...
trustedSubjects
.get(dn)
.contains( // ... weak cert
cert.getPublicKey()))) {
if (i == 0) {
return new X509Certificate[] {chain[0]};
}
// Remove and call validator on partial chain [0 .. i-1]
X509Certificate[] newChain = new X509Certificate[i];
System.arraycopy(chain, 0, newChain, 0, i);
return doValidate(newChain);
}
prevIssuer = cert.getIssuerX500Principal();
}
// apparently issued by trust anchor?
X509Certificate last = chain[chain.length - 1];
X500Principal issuer = last.getIssuerX500Principal();
X500Principal subject = last.getSubjectX500Principal();
if (trustedSubjects.containsKey(issuer)
&& isSignatureValid(trustedSubjects.get(issuer), last)) {
return doValidate(chain);
}
// don't fallback to builder if called from plugin/webstart
if (plugin) {
// Validate chain even if no trust anchor is found. This
// allows plugin/webstart to make sure the chain is
// otherwise valid
if (chain.length > 1) {
X509Certificate[] newChain = new X509Certificate[chain.length - 1];
System.arraycopy(chain, 0, newChain, 0, newChain.length);
// temporarily set last cert as sole trust anchor
PKIXBuilderParameters params = (PKIXBuilderParameters) parameterTemplate.clone();
try {
params.setTrustAnchors(
Collections.singleton(new TrustAnchor(chain[chain.length - 1], null)));
} catch (InvalidAlgorithmParameterException iape) {
// should never occur, but ...
throw new CertificateException(iape);
}
doValidate(newChain, params);
}
// if the rest of the chain is valid, throw exception
// indicating no trust anchor was found
throw new ValidatorException(ValidatorException.T_NO_TRUST_ANCHOR);
}
// otherwise, fall back to builder
}
return doBuild(chain, otherCerts);
}
public synchronized List getManifestDigests() {
return Collections.unmodifiableList(manifestDigests);
}