diff options
| author | Danesh Dadachanji <[email protected]> | 2012-10-22 11:02:38 -0400 |
|---|---|---|
| committer | Danesh Dadachanji <[email protected]> | 2012-10-22 11:02:38 -0400 |
| commit | e150560769232e18fa516609933649dab002f358 (patch) | |
| tree | 661e1b4d3c9d101447bc952e541e8f054c1d96be /netx/net/sourceforge/jnlp/security | |
| parent | 229e52bca7c9298d3a0889fe1bc6f9107b32639a (diff) | |
Major rework of JarCertVerifier certificate management.
This is a long-planned rework of JarCertVerifier, allowing it to handle
multiple certificates. The algorithms used to verify jars with multiple
certificates vary between JNLPs and Applets.
Diffstat (limited to 'netx/net/sourceforge/jnlp/security')
8 files changed, 492 insertions, 34 deletions
diff --git a/netx/net/sourceforge/jnlp/security/AppVerifier.java b/netx/net/sourceforge/jnlp/security/AppVerifier.java new file mode 100644 index 0000000..2fc1ec0 --- /dev/null +++ b/netx/net/sourceforge/jnlp/security/AppVerifier.java @@ -0,0 +1,91 @@ +/* AppVerifier.java + Copyright (C) 2012 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. +*/ + +package net.sourceforge.jnlp.security; + +import java.security.cert.CertPath; +import java.util.HashMap; + +import net.sourceforge.jnlp.JNLPFile; +import net.sourceforge.jnlp.LaunchException; +import net.sourceforge.jnlp.tools.CertInformation; +import net.sourceforge.jnlp.tools.JarCertVerifier; + +/** + * An interface that provides various details about an app's signers. + */ +public interface AppVerifier { + + /** + * Checks if the app has already found trust in its publisher(s). + * @param certs The certs to search through and their cert information + * @param signedJars A map of all the jars of this app and the number of + * signed entries each one has. + * @return True if the app trusts its publishers. + */ + public boolean hasAlreadyTrustedPublisher( + HashMap<CertPath, CertInformation> certs, + HashMap<String, Integer> signedJars); + + /** + * Checks if the app has signer(s) whose certs along their chains are in CA certs. + * @param certs The certs to search through and their cert information + * @param signedJars A map of all the jars of this app and the number of + * signed entries each one has. + * @return True if the app has a root in the CA certs store. + */ + public boolean hasRootInCacerts(HashMap<CertPath, CertInformation> certs, + HashMap<String, Integer> signedJars); + + /** + * Checks if the app's jars are covered by the provided certificates, enough + * to consider the app fully signed. + * @param certs Any possible signer and their respective information regarding this app. + * @param signedJars A map of all the jars of this app and the number of + * signed entries each one has. + * @return + */ + public boolean isFullySigned(HashMap<CertPath, CertInformation> certs, + HashMap<String, Integer> signedJars); + + /** + * Prompt the user with requests for trusting the certificates used by this app + * @throws LaunchException + */ + public void checkTrustWithUser(JarCertVerifier jcv, JNLPFile file) + throws LaunchException; +} diff --git a/netx/net/sourceforge/jnlp/security/CertVerifier.java b/netx/net/sourceforge/jnlp/security/CertVerifier.java index 842a865..7769884 100644 --- a/netx/net/sourceforge/jnlp/security/CertVerifier.java +++ b/netx/net/sourceforge/jnlp/security/CertVerifier.java @@ -1,5 +1,5 @@ /* CertVerifier.java - Copyright (C) 2009 Red Hat, Inc. + Copyright (C) 2012 Red Hat, Inc. This file is part of IcedTea. @@ -39,10 +39,10 @@ package net.sourceforge.jnlp.security; import java.security.cert.CertPath; import java.security.cert.Certificate; -import java.util.ArrayList; +import java.util.List; /** - * An interface that provides various details about a certificate + * An interface that provides various details about certificates of an app. */ public interface CertVerifier { @@ -58,36 +58,30 @@ public interface CertVerifier { public boolean getRootInCacerts(); /** - * Return if there are signing issues with the certificate(s) being veried + * Return if there are signing issues with the certificate being verified */ - public boolean hasSigningIssues(); + public boolean hasSigningIssues(CertPath certPath); /** - * Return if there are no signing issues with this cert (!hasSigningIssues()) + * Get the details regarding issue with this certificate */ - public boolean noSigningIssues(); + public List<String> getDetails(CertPath certPath); /** - * Get the details regarding issue(s) with this certificate - */ - public ArrayList<String> getDetails(); - - /** - * Return a valid certificate path to this certificate(s) being verified + * Return a valid certificate path to this certificate being verified * @return The CertPath */ - public CertPath getCertPath(); + public CertPath getCertPath(CertPath certPath); /** * Returns the application's publisher's certificate. */ - public abstract Certificate getPublisher(); + public abstract Certificate getPublisher(CertPath certPath); /** * Returns the application's root's certificate. This - * may return the same certificate as getPublisher() in + * may return the same certificate as getPublisher(CertPath certPath) in * the event that the application is self signed. */ - public abstract Certificate getRoot(); - + public abstract Certificate getRoot(CertPath certPath); } diff --git a/netx/net/sourceforge/jnlp/security/CertWarningPane.java b/netx/net/sourceforge/jnlp/security/CertWarningPane.java index eedd86e..fff814c 100644 --- a/netx/net/sourceforge/jnlp/security/CertWarningPane.java +++ b/netx/net/sourceforge/jnlp/security/CertWarningPane.java @@ -96,7 +96,7 @@ public class CertWarningPane extends SecurityDialogPanel { private void addComponents() { AccessType type = parent.getAccessType(); JNLPFile file = parent.getFile(); - Certificate c = parent.getCertVerifier().getPublisher(); + Certificate c = parent.getCertVerifier().getPublisher(null); String name = ""; String publisher = ""; @@ -253,7 +253,7 @@ public class CertWarningPane extends SecurityDialogPanel { if (alwaysTrust != null && alwaysTrust.isSelected()) { try { KeyStore ks = KeyStores.getKeyStore(Level.USER, Type.CERTS); - X509Certificate c = (X509Certificate) parent.getCertVerifier().getPublisher(); + X509Certificate c = (X509Certificate) parent.getCertVerifier().getPublisher(null); CertificateUtils.addToKeyStore(c, ks); File keyStoreFile = new File(KeyStores.getKeyStoreLocation(Level.USER, Type.CERTS)); if (!keyStoreFile.isFile()) { diff --git a/netx/net/sourceforge/jnlp/security/CertsInfoPane.java b/netx/net/sourceforge/jnlp/security/CertsInfoPane.java index c4f7c67..d22a590 100644 --- a/netx/net/sourceforge/jnlp/security/CertsInfoPane.java +++ b/netx/net/sourceforge/jnlp/security/CertsInfoPane.java @@ -84,7 +84,7 @@ public class CertsInfoPane extends SecurityDialogPanel { * Builds the JTree out of CertPaths. */ void buildTree() { - certPath = parent.getCertVerifier().getCertPath(); + certPath = parent.getCertVerifier().getCertPath(null); X509Certificate firstCert = ((X509Certificate) certPath.getCertificates().get(0)); String subjectString = diff --git a/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java b/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java index 8490cf8..edd5899 100644 --- a/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java +++ b/netx/net/sourceforge/jnlp/security/HttpsCertVerifier.java @@ -80,7 +80,14 @@ public class HttpsCertVerifier implements CertVerifier { return isTrusted; } - public CertPath getCertPath() { + + /* XXX: Most of these methods have a CertPath param that should be passed + * from the UI dialogs. However, this is not implemented yet so most of + * the params are ignored. + */ + + @Override + public CertPath getCertPath(CertPath certPath) { // Parameter ignored. ArrayList<X509Certificate> list = new ArrayList<X509Certificate>(); for (int i = 0; i < chain.length; i++) @@ -99,7 +106,8 @@ public class HttpsCertVerifier implements CertVerifier { return certPaths.get(0); } - public ArrayList<String> getDetails() { + @Override + public List<String> getDetails(CertPath certPath) { // Parameter ignored. boolean hasExpiredCert = false; boolean hasExpiringCert = false; @@ -192,13 +200,15 @@ public class HttpsCertVerifier implements CertVerifier { details.add(detail); } - public Certificate getPublisher() { + @Override + public Certificate getPublisher(CertPath certPath) { // Paramater ignored. if (chain.length > 0) return (Certificate) chain[0]; return null; } - public Certificate getRoot() { + @Override + public Certificate getRoot(CertPath certPath) { // Parameter ignored. if (chain.length > 0) return (Certificate) chain[chain.length - 1]; return null; @@ -207,18 +217,14 @@ public class HttpsCertVerifier implements CertVerifier { public boolean getRootInCacerts() { try { KeyStore[] caCertsKeyStores = KeyStores.getCAKeyStores(); - return CertificateUtils.inKeyStores((X509Certificate) getRoot(), caCertsKeyStores); + return CertificateUtils.inKeyStores((X509Certificate) getRoot(null), caCertsKeyStores); } catch (Exception e) { } return false; } - public boolean hasSigningIssues() { - return false; - } - - public boolean noSigningIssues() { + @Override + public boolean hasSigningIssues(CertPath certPath) { return false; } - } diff --git a/netx/net/sourceforge/jnlp/security/JNLPAppVerifier.java b/netx/net/sourceforge/jnlp/security/JNLPAppVerifier.java new file mode 100644 index 0000000..9dcfaf5 --- /dev/null +++ b/netx/net/sourceforge/jnlp/security/JNLPAppVerifier.java @@ -0,0 +1,143 @@ +/* JNLPAppVerifier.java + Copyright (C) 2012 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + +package net.sourceforge.jnlp.security; + +import static net.sourceforge.jnlp.runtime.Translator.R; + +import java.security.cert.CertPath; +import java.util.HashMap; +import java.util.Map; + +import net.sourceforge.jnlp.JNLPFile; +import net.sourceforge.jnlp.LaunchException; +import net.sourceforge.jnlp.security.SecurityDialogs.AccessType; +import net.sourceforge.jnlp.tools.CertInformation; +import net.sourceforge.jnlp.tools.JarCertVerifier; + +public class JNLPAppVerifier implements AppVerifier { + + @Override + public boolean hasAlreadyTrustedPublisher( + HashMap<CertPath, CertInformation> certs, + HashMap<String, Integer> signedJars) { + int sumOfSignableEntries = JarCertVerifier.getTotalJarEntries(signedJars); + for (CertInformation certInfo : certs.values()) { + Map<String, Integer> certSignedJars = certInfo.getSignedJars(); + + if (JarCertVerifier.getTotalJarEntries(certSignedJars) == sumOfSignableEntries + && certInfo.isPublisherAlreadyTrusted()) { + return true; + } + } + return false; + } + + @Override + public boolean hasRootInCacerts(HashMap<CertPath, CertInformation> certs, + HashMap<String, Integer> signedJars) { + int sumOfSignableEntries = JarCertVerifier.getTotalJarEntries(signedJars); + for (CertInformation certInfo : certs.values()) { + Map<String, Integer> certSignedJars = certInfo.getSignedJars(); + + if (JarCertVerifier.getTotalJarEntries(certSignedJars) == sumOfSignableEntries + && certInfo.isRootInCacerts()) { + return true; + } + } + return false; + } + + @Override + public boolean isFullySigned(HashMap<CertPath, CertInformation> certs, + HashMap<String, Integer> signedJars) { + int sumOfSignableEntries = JarCertVerifier.getTotalJarEntries(signedJars); + for (CertPath cPath : certs.keySet()) { + // If this cert has signed everything, return true + if (hasCompletelySignedApp(certs.get(cPath), sumOfSignableEntries)) { + return true; + } + } + + // No cert found that signed all entries. Return false. + return false; + } + + @Override + public void checkTrustWithUser(JarCertVerifier jcv, JNLPFile file) + throws LaunchException { + + int sumOfSignableEntries = JarCertVerifier.getTotalJarEntries(jcv.getJarSignableEntries()); + for (CertPath cPath : jcv.getCertsList()) { + jcv.setCurrentlyUsedCertPath(cPath); + CertInformation info = jcv.getCertInformation(cPath); + if (hasCompletelySignedApp(info, sumOfSignableEntries)) { + if (info.isPublisherAlreadyTrusted()) { + return; + } + + AccessType dialogType; + if (info.isRootInCacerts() && !info.hasSigningIssues()) { + dialogType = AccessType.VERIFIED; + } else if (info.isRootInCacerts()) { + dialogType = AccessType.SIGNING_ERROR; + } else { + dialogType = AccessType.UNVERIFIED; + } + + boolean wasApproved = SecurityDialogs.showCertWarningDialog( + dialogType, file, jcv); + if (wasApproved) { + return; + } + } + } + + throw new LaunchException(null, null, R("LSFatal"), R("LCLaunching"), + R("LCancelOnUserRequest"), ""); + } + + /** + * Find out if the CertPath with the given info has fully signed the app. + * @param info The information regarding the CertPath in question + * @param sumOfSignableEntries The total number of signable entries in the app. + * @return True if the signer has fully signed this app. + */ + public boolean hasCompletelySignedApp(CertInformation info, int sumOfSignableEntries) { + return JarCertVerifier.getTotalJarEntries(info.getSignedJars()) == sumOfSignableEntries; + } +} diff --git a/netx/net/sourceforge/jnlp/security/MoreInfoPane.java b/netx/net/sourceforge/jnlp/security/MoreInfoPane.java index 3276ea2..1ccd302 100644 --- a/netx/net/sourceforge/jnlp/security/MoreInfoPane.java +++ b/netx/net/sourceforge/jnlp/security/MoreInfoPane.java @@ -44,7 +44,7 @@ import java.awt.Dimension; import java.awt.GridLayout; import java.awt.event.ActionEvent; import java.awt.event.ActionListener; -import java.util.ArrayList; +import java.util.List; import javax.swing.BorderFactory; import javax.swing.ImageIcon; @@ -73,7 +73,7 @@ public class MoreInfoPane extends SecurityDialogPanel { * Constructs the GUI components of this panel */ private void addComponents() { - ArrayList<String> details = certVerifier.getDetails(); + List<String> details = certVerifier.getDetails(null); // Show signed JNLP warning if the signed main jar does not have a // signed JNLP file and the launching JNLP file contains special properties diff --git a/netx/net/sourceforge/jnlp/security/PluginAppVerifier.java b/netx/net/sourceforge/jnlp/security/PluginAppVerifier.java new file mode 100644 index 0000000..a8589d8 --- /dev/null +++ b/netx/net/sourceforge/jnlp/security/PluginAppVerifier.java @@ -0,0 +1,224 @@ +/* PluginAppVerifier.java + Copyright (C) 2012 Red Hat, Inc. + +This file is part of IcedTea. + +IcedTea is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +IcedTea is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with IcedTea; see the file COPYING. If not, write to +the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. + */ + +package net.sourceforge.jnlp.security; + +import static net.sourceforge.jnlp.runtime.Translator.R; + +import java.security.cert.CertPath; +import java.util.ArrayList; +import java.util.HashMap; + +import net.sourceforge.jnlp.JNLPFile; +import net.sourceforge.jnlp.LaunchException; +import net.sourceforge.jnlp.security.SecurityDialogs.AccessType; +import net.sourceforge.jnlp.tools.CertInformation; +import net.sourceforge.jnlp.tools.JarCertVerifier; + +public class PluginAppVerifier implements AppVerifier { + + @Override + public boolean hasAlreadyTrustedPublisher( + HashMap<CertPath, CertInformation> certs, + HashMap<String, Integer> signedJars) { + + boolean allPublishersTrusted = true; + + for(String jarName : signedJars.keySet()) { + int numbSignableEntries = signedJars.get(jarName); + boolean publisherTrusted = false; + + for (CertInformation certInfo : certs.values()) { + if(certInfo.isSignerOfJar(jarName) + && numbSignableEntries == certInfo.getNumJarEntriesSigned(jarName) + && certInfo.isPublisherAlreadyTrusted()) { + publisherTrusted = true; + break; + } + } + + allPublishersTrusted &= publisherTrusted; + } + return allPublishersTrusted; + } + + @Override + public boolean hasRootInCacerts(HashMap<CertPath, CertInformation> certs, + HashMap<String, Integer> signedJars) { + + boolean allRootCAsTrusted = true; + + for(String jarName : signedJars.keySet()) { + int numbSignableEntries = signedJars.get(jarName); + boolean rootCATrusted = false; + + for (CertInformation certInfo : certs.values()) { + if(certInfo.isSignerOfJar(jarName) + && numbSignableEntries == certInfo.getNumJarEntriesSigned(jarName) + && certInfo.isRootInCacerts()) { + rootCATrusted = true; + break; + } + } + + allRootCAsTrusted &= rootCATrusted; + } + return allRootCAsTrusted; + } + + @Override + public boolean isFullySigned(HashMap<CertPath, CertInformation> certs, + HashMap<String, Integer> signedJars) { + + boolean isFullySigned = true; + + for(String jarName : signedJars.keySet()) { + int numbSignableEntries = signedJars.get(jarName); + boolean isSigned = false; + + for (CertInformation certInfo : certs.values()) { + if(certInfo.isSignerOfJar(jarName) + && numbSignableEntries == certInfo.getNumJarEntriesSigned(jarName)) { + isSigned = true; + break; + } + } + + isFullySigned &= isSigned; + } + + return isFullySigned; + } + + @Override + public void checkTrustWithUser(JarCertVerifier jcv, JNLPFile file) + throws LaunchException { + ArrayList<CertPath> certPaths = buildCertPathsList(jcv); + ArrayList<CertPath> alreadyApprovedByUser = new ArrayList<CertPath>(); + for (String jarName : jcv.getJarSignableEntries().keySet()) { + boolean trustFoundOrApproved = false; + for (CertPath cPathApproved : alreadyApprovedByUser) { + jcv.setCurrentlyUsedCertPath(cPathApproved); + CertInformation info = jcv.getCertInformation(cPathApproved); + if (info.isSignerOfJar(jarName) + && alreadyApprovedByUser.contains(cPathApproved)) { + trustFoundOrApproved = true; + break; + } + } + + if (trustFoundOrApproved) { + continue; + } + + for (CertPath cPath : certPaths) { + jcv.setCurrentlyUsedCertPath(cPath); + CertInformation info = jcv.getCertInformation(cPath); + if (info.isSignerOfJar(jarName)) { + if (info.isPublisherAlreadyTrusted()) { + trustFoundOrApproved = true; + alreadyApprovedByUser.add(cPath); + break; + } + + AccessType dialogType; + if (info.isRootInCacerts() && !info.hasSigningIssues()) { + dialogType = AccessType.VERIFIED; + } else if (info.isRootInCacerts()) { + dialogType = AccessType.SIGNING_ERROR; + } else { + dialogType = AccessType.UNVERIFIED; + } + + boolean wasApproved = SecurityDialogs.showCertWarningDialog( + dialogType, file, jcv); + if (wasApproved) { + alreadyApprovedByUser.add(cPath); + trustFoundOrApproved = true; + break; + } + } + } + if (!trustFoundOrApproved) { + throw new LaunchException(null, null, R("LSFatal"), + R("LCLaunching"), R("LCancelOnUserRequest"), ""); + } + } + } + + /** + * Build a list of all the CertPaths that were detected in the provided + * JCV, placing them in the most trusted possible order. + * @param jcv The verifier containing the CertPaths to examine. + * @return A list of CertPaths sorted in the following order: Signers with + * 1. Already trusted publishers + * 2. Roots in the CA store and have no signing issues + * 3. Roots in the CA store but have signing issues + * 4. Everything else + */ + public ArrayList<CertPath> buildCertPathsList(JarCertVerifier jcv) { + ArrayList<CertPath> certPathsList = jcv.getCertsList(); + ArrayList<CertPath> returnList = new ArrayList<CertPath>(); + + for (CertPath cPath : certPathsList) { + if (!returnList.contains(cPath) + && jcv.getCertInformation(cPath).isPublisherAlreadyTrusted()) + returnList.add(cPath); + } + + for (CertPath cPath : certPathsList) { + if (!returnList.contains(cPath) + && jcv.getCertInformation(cPath).isRootInCacerts() + && !jcv.getCertInformation(cPath).hasSigningIssues()) + returnList.add(cPath); + } + + for (CertPath cPath : certPathsList) { + if (!returnList.contains(cPath) + && jcv.getCertInformation(cPath).isRootInCacerts() + && jcv.getCertInformation(cPath).hasSigningIssues()) + returnList.add(cPath); + } + + for (CertPath cPath : certPathsList) { + if (!returnList.contains(cPath)) + returnList.add(cPath); + } + + return returnList; + } +} |