Bug 1369: Source Certification Contract (SCC): Initial SHA256 fingerprint & runtime validation

This change implements a strong SHA256 signature over: 1) source tree inclusive make recipe (SHA256-Source) 2) all class files (SHA256-Classes) 3) all native libraries (SHA256-Natives) 4) the class files as deployed in the jar (SHA256-Classes-this) 5) the native libraries as deployed in the jar (SHA256-Natives-this) and drops all of these in the deployed Jar file. This allows SHA256 validation of (4) + (5) at runtime and further complete validation (1), (2) and (3) offline. Full SCC would now required (1) - (3) to be placed on a server for further validation. Optionally we may use GPG <https://gnupg.org/> or PGP to validate the build entity to implement the chain of trust <https://en.wikipedia.org/wiki/Chain_of_trust> The SHA256 runtime validation is tested via: com.jogamp.common.util.TestVersionInfo
author: Sven Gothel <[email protected]> 2019-04-03 06:04:52 +0200
committer: Sven Gothel <[email protected]> 2019-04-03 06:04:52 +0200
commit: 00ad70b3bd7f8859c710039857aa7da17a29b3d7 (patch)
tree: 6f3652dff1a1db7272b4f3e83ec98eeecf86ad87 /src/java/com/jogamp/common/util/IOUtil.java
parent: 1157b913a068167062c853b4b525954b223a5509 (diff)
1 files changed, 73 insertions, 0 deletions
diff --git a/src/java/com/jogamp/common/util/IOUtil.java b/src/java/com/jogamp/common/util/IOUtil.java
index 066500f..0bee22b 100644
--- a/src/java/com/jogamp/common/util/IOUtil.java
+++ b/src/java/com/jogamp/common/util/IOUtil.java
@@ -50,6 +50,8 @@ import java.net.URLConnection;
 import java.nio.ByteBuffer;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Locale;
 import java.util.regex.Pattern;
 
@@ -1402,4 +1404,75 @@ public class IOUtil {
         }
         return null;
     }
+
+    /**
+     * Retrieve the list of all filenames traversing through given paths
+     * @param paths list of paths to traverse through, containing directories and files
+     * @param excludes optional list of exclude {@link Pattern}. All {@link Pattern#matcher(CharSequence) matching} files or directories will be omitted. Maybe be null or empty.
+     * @param includes optional list of explicit include {@link Pattern}. If given, only {@link Pattern#matcher(CharSequence) matching} files will be returned, otherwise all occurring.
+     * @return list of unsorted filenames within given paths
+     */
+    public static ArrayList<String> filesOf(final List<String> paths, final List<Pattern> excludes, final List<Pattern> includes) {
+        final ArrayList<String> files = new ArrayList<String>(paths.size()*32);
+        final ArrayList<String> todo = new ArrayList<String>(paths);
+        while(todo.size() > 0) {
+            final String p = todo.remove(0);
+            if( null != excludes && excludes.size() > 0) {
+                boolean exclude = false;
+                for(int i=0; !exclude && i<excludes.size(); i++) {
+                    exclude = excludes.get(i).matcher(p).matches();
+                    if( DEBUG ) {
+                        if( exclude ) {
+                            System.err.println("IOUtil.filesOf(): excluding <"+p+"> (exclude["+i+"]: "+excludes.get(i)+")");
+                        }
+                    }
+                }
+                if( exclude ) {
+                    continue; // skip further processing, continue w/ next path
+                }
+            }
+            final File f = new File(p);
+            if( !f.exists() ) {
+                if( DEBUG ) {
+                    System.err.println("IOUtil.filesOf(): not existing: "+f);
+                }
+                continue;
+            } else if( f.isDirectory() ) {
+                final String[] subs = f.list();
+                if( null == subs ) {
+                    if( DEBUG ) {
+                        System.err.println("IOUtil.filesOf(): null list of directory: "+f);
+                    }
+                } else if( 0 == subs.length ) {
+                    if( DEBUG ) {
+                        System.err.println("IOUtil.filesOf(): empty list of directory: "+f);
+                    }
+                } else {
+                    int j=0;
+                    final String pp = p.endsWith("/") ? p : p+"/";
+                    for(int i=0; i<subs.length; i++) {
+                        todo.add(j++, pp+subs[i]); // add 'in-place' to soothe the later sorting algorithm
+                    }
+                }
+            } else {
+                if( null != includes && includes.size() > 0) {
+                    boolean include = false;
+                    for(int i=0; !include && i<includes.size(); i++) {
+                        include = includes.get(i).matcher(p).matches();
+                        if( DEBUG ) {
+                            if( include ) {
+                                System.err.println("IOUtil.filesOf(): including <"+p+"> (including["+i+"]: "+includes.get(i)+")");
+                            }
+                        }
+                    }
+                    if( include ) {
+                        files.add(p);
+                    }
+                } else {
+                    files.add(p);
+                }
+            }
+        }
+        return files;
+    }
 }
author	Sven Gothel <[email protected]>	2019-04-03 06:04:52 +0200
committer	Sven Gothel <[email protected]>	2019-04-03 06:04:52 +0200
commit	00ad70b3bd7f8859c710039857aa7da17a29b3d7 (patch)
tree	6f3652dff1a1db7272b4f3e83ec98eeecf86ad87 /src/java/com/jogamp/common/util/IOUtil.java
parent	1157b913a068167062c853b4b525954b223a5509 (diff)