private void addJREPackageCapabilities(Resolver resolver, EE ee) throws IOException { // EE Package Capabilities Properties pkgProps = new Properties(); URL pkgsResource = ResolveOperation.class.getResource(ee.name() + ".properties"); if (pkgsResource == null) throw new IOException( String.format( "No JRE package definition available for Execution Env %s.", ee.getEEName())); InputStream stream = null; try { stream = pkgsResource.openStream(); pkgProps.load(stream); } finally { if (stream != null) IO.close(stream); } String pkgsStr = pkgProps.getProperty(Constants.FRAMEWORK_SYSTEMPACKAGES); Map<String, Map<String, String>> header = OSGiHeader.parseHeader(pkgsStr); for (Entry<String, Map<String, String>> entry : header.entrySet()) { String pkgName = Processor.removeDuplicateMarker(entry.getKey()); String version = entry.getValue().get(Constants.VERSION_ATTRIBUTE); Map<String, String> capabilityProps = new HashMap<String, String>(); capabilityProps.put(ObrConstants.FILTER_PACKAGE, pkgName); if (version != null) capabilityProps.put(ObrConstants.FILTER_VERSION, version); Capability capability = helper.capability(ObrConstants.REQUIREMENT_PACKAGE, capabilityProps); resolver.addGlobalCapability(capability); } }
public void signJar(Jar jar) { if (digestNames == null || digestNames.length == 0) error("Need at least one digest algorithm name, none are specified"); if (keystoreFile == null || !keystoreFile.getAbsoluteFile().exists()) { error("No such keystore file: " + keystoreFile); return; } if (alias == null) { error("Private key alias not set for signing"); return; } MessageDigest digestAlgorithms[] = new MessageDigest[digestNames.length]; getAlgorithms(digestNames, digestAlgorithms); try { Manifest manifest = jar.getManifest(); manifest.getMainAttributes().putValue("Signed-By", "Bnd"); // Create a new manifest that contains the // Name parts with the specified digests ByteArrayOutputStream o = new ByteArrayOutputStream(); manifest.write(o); doManifest(jar, digestNames, digestAlgorithms, o); o.flush(); byte newManifestBytes[] = o.toByteArray(); jar.putResource("META-INF/MANIFEST.MF", new EmbeddedResource(newManifestBytes, 0)); // Use the bytes from the new manifest to create // a signature file byte[] signatureFileBytes = doSignatureFile(digestNames, digestAlgorithms, newManifestBytes); jar.putResource("META-INF/BND.SF", new EmbeddedResource(signatureFileBytes, 0)); // Now we must create an RSA signature // this requires the private key from the keystore KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); KeyStore.PrivateKeyEntry privateKeyEntry = null; java.io.FileInputStream keystoreInputStream = null; try { keystoreInputStream = new java.io.FileInputStream(keystoreFile); char[] pw = password == null ? new char[0] : password.toCharArray(); keystore.load(keystoreInputStream, pw); keystoreInputStream.close(); privateKeyEntry = (PrivateKeyEntry) keystore.getEntry(alias, new KeyStore.PasswordProtection(pw)); } catch (Exception e) { error( "No able to load the private key from the give keystore(" + keystoreFile.getAbsolutePath() + ") with alias " + alias + " : " + e); return; } finally { IO.close(keystoreInputStream); } PrivateKey privateKey = privateKeyEntry.getPrivateKey(); Signature signature = Signature.getInstance("MD5withRSA"); signature.initSign(privateKey); signature.update(signatureFileBytes); signature.sign(); // TODO, place the SF in a PCKS#7 structure ... // no standard class for this? The following // is an idea but we will to have do ASN.1 BER // encoding ... ByteArrayOutputStream tmpStream = new ByteArrayOutputStream(); jar.putResource("META-INF/BND.RSA", new EmbeddedResource(tmpStream.toByteArray(), 0)); } catch (Exception e) { error("During signing: " + e); } }