public virtual CodeSigner[] GetCodeSigners(JarFile jar, JarEntry entry)
{
String name = entry.Name;
if (EagerValidation_Renamed && SigFileSigners.Get(name) != null)
{
/*
* Force a read of the entry data to generate the
* verification hash.
*/
try
{
InputStream s = jar.GetInputStream(entry);
sbyte[] buffer = new sbyte[1024];
int n = buffer.Length;
while (n != -1)
{
n = s.Read(buffer, 0, buffer.Length);
}
s.Close();
}
catch (IOException)
{
}
}
return(GetCodeSigners(name));
}
/// <summary>
/// Creates a new <code>JarEntry</code> (<code>ZipEntry</code>) for the
/// specified JAR file entry name. The manifest attributes of
/// the specified JAR file entry name will be copied to the new
/// <CODE>JarEntry</CODE>.
/// </summary>
/// <param name="name"> the name of the JAR/ZIP file entry </param>
/// <returns> the <code>JarEntry</code> object just created </returns>
protected internal override ZipEntry CreateZipEntry(String name)
{
JarEntry e = new JarEntry(name);
if (Man != null)
{
e.Attr = Man.GetAttributes(name);
}
return(e);
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: VerifierStream(Manifest man, JarEntry je, InputStream is, JarVerifier jv) throws IOException
internal VerifierStream(Manifest man, JarEntry je, InputStream @is, JarVerifier jv)
{
this.@is = @is;
this.Jv = jv;
this.Mev = new ManifestEntryVerifier(man);
this.Jv.BeginEntry(je, Mev);
this.NumLeft = je.Size;
if (this.NumLeft == 0)
{
this.Jv.Update(-1, this.Mev);
}
}
/// <summary>
/// Creates a new <code>JarInputStream</code> and reads the optional
/// manifest. If a manifest is present and verify is true, also attempts
/// to verify the signatures if the JarInputStream is signed.
/// </summary>
/// <param name="in"> the actual input stream </param>
/// <param name="verify"> whether or not to verify the JarInputStream if
/// it is signed. </param>
/// <exception cref="IOException"> if an I/O error has occurred </exception>
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: public JarInputStream(InputStream in, boolean verify) throws IOException
public JarInputStream(InputStream @in, bool verify) : base(@in)
{
this.DoVerify = verify;
// This implementation assumes the META-INF/MANIFEST.MF entry
// should be either the first or the second entry (when preceded
// by the dir META-INF/). It skips the META-INF/ and then
// "consumes" the MANIFEST.MF to initialize the Manifest object.
JarEntry e = (JarEntry)base.NextEntry;
if (e != null && e.Name.EqualsIgnoreCase("META-INF/"))
{
e = (JarEntry)base.NextEntry;
}
First = CheckManifest(e);
}
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: private JarEntry checkManifest(JarEntry e) throws IOException
private JarEntry CheckManifest(JarEntry e)
{
if (e != null && JarFile.MANIFEST_NAME.EqualsIgnoreCase(e.Name))
{
Man = new Manifest();
sbyte[] bytes = GetBytes(new BufferedInputStream(this));
Man.Read(new ByteArrayInputStream(bytes));
CloseEntry();
if (DoVerify)
{
Jv = new JarVerifier(bytes);
Mev = new ManifestEntryVerifier(Man);
}
return((JarEntry)base.NextEntry);
}
return(e);
}
public virtual java.security.cert.Certificate[] GetCerts(JarFile jar, JarEntry entry)
{
return(MapSignersToCertArray(GetCodeSigners(jar, entry)));
}
/// <summary>
/// called when we reach the end of entry in one of the read() methods.
/// </summary>
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: private void processEntry(sun.security.util.ManifestEntryVerifier mev) throws IOException
private void ProcessEntry(ManifestEntryVerifier mev)
{
if (!ParsingBlockOrSF)
{
JarEntry je = mev.Entry;
if ((je != null) && (je.Signers == null))
{
je.Signers = mev.verify(VerifiedSigners, SigFileSigners);
je.Certs = MapSignersToCertArray(je.Signers);
}
}
else
{
try
{
ParsingBlockOrSF = false;
if (Debug != null)
{
Debug.println("processEntry: processing block");
}
String uname = mev.Entry.Name.ToUpperCase(Locale.ENGLISH);
if (uname.EndsWith(".SF"))
{
String key = uname.Substring(0, uname.Length() - 3);
sbyte[] bytes = Baos.ToByteArray();
// add to sigFileData in case future blocks need it
SigFileData.Put(key, bytes);
// check pending blocks, we can now process
// anyone waiting for this .SF file
Iterator <SignatureFileVerifier> it = PendingBlocks.Iterator();
while (it.HasNext())
{
SignatureFileVerifier sfv = it.Next();
if (sfv.needSignatureFile(key))
{
if (Debug != null)
{
Debug.println("processEntry: processing pending block");
}
sfv.SignatureFile = bytes;
sfv.process(SigFileSigners, ManifestDigests_Renamed);
}
}
return;
}
// now we are parsing a signature block file
String key = uname.Substring(0, uname.LastIndexOf("."));
if (SignerCache == null)
{
SignerCache = new List <>();
}
if (ManDig == null)
{
lock (ManifestRawBytes)
{
if (ManDig == null)
{
ManDig = new ManifestDigester(ManifestRawBytes);
ManifestRawBytes = null;
}
}
}
SignatureFileVerifier sfv = new SignatureFileVerifier(SignerCache, ManDig, uname, Baos.ToByteArray());
if (sfv.needSignatureFileBytes())
{
// see if we have already parsed an external .SF file
sbyte[] bytes = SigFileData.Get(key);
if (bytes == null)
{
// put this block on queue for later processing
// since we don't have the .SF bytes yet
// (uname, block);
if (Debug != null)
{
Debug.println("adding pending block");
}
PendingBlocks.Add(sfv);
return;
}
else
{
sfv.SignatureFile = bytes;
}
}
sfv.process(SigFileSigners, ManifestDigests_Renamed);
}
catch (IOException ioe)
{
// e.g. sun.security.pkcs.ParsingException
if (Debug != null)
{
Debug.println("processEntry caught: " + ioe);
}
// ignore and treat as unsigned
}
catch (SignatureException se)
{
if (Debug != null)
{
Debug.println("processEntry caught: " + se);
}
// ignore and treat as unsigned
}
catch (NoSuchAlgorithmException nsae)
{
if (Debug != null)
{
Debug.println("processEntry caught: " + nsae);
}
// ignore and treat as unsigned
}
catch (CertificateException ce)
{
if (Debug != null)
{
Debug.println("processEntry caught: " + ce);
}
// ignore and treat as unsigned
}
}
}
/// <summary>
/// This method scans to see which entry we're parsing and
/// keeps various state information depending on what type of
/// file is being parsed.
/// </summary>
//JAVA TO C# CONVERTER WARNING: Method 'throws' clauses are not available in .NET:
//ORIGINAL LINE: public void beginEntry(JarEntry je, sun.security.util.ManifestEntryVerifier mev) throws IOException
public virtual void BeginEntry(JarEntry je, ManifestEntryVerifier mev)
{
if (je == null)
{
return;
}
if (Debug != null)
{
Debug.println("beginEntry " + je.Name);
}
String name = je.Name;
/*
* Assumptions:
* 1. The manifest should be the first entry in the META-INF directory.
* 2. The .SF/.DSA/.EC files follow the manifest, before any normal entries
* 3. Any of the following will throw a SecurityException:
* a. digest mismatch between a manifest section and
* the SF section.
* b. digest mismatch between the actual jar entry and the manifest
*/
if (ParsingMeta)
{
String uname = name.ToUpperCase(Locale.ENGLISH);
if ((uname.StartsWith("META-INF/") || uname.StartsWith("/META-INF/")))
{
if (je.Directory)
{
mev.setEntry(null, je);
return;
}
if (uname.Equals(JarFile.MANIFEST_NAME) || uname.Equals(JarIndex.INDEX_NAME))
{
return;
}
if (SignatureFileVerifier.isBlockOrSF(uname))
{
/* We parse only DSA, RSA or EC PKCS7 blocks. */
ParsingBlockOrSF = true;
Baos.Reset();
mev.setEntry(null, je);
return;
}
// If a META-INF entry is not MF or block or SF, they should
// be normal entries. According to 2 above, no more block or
// SF will appear. Let's doneWithMeta.
}
}
if (ParsingMeta)
{
DoneWithMeta();
}
if (je.Directory)
{
mev.setEntry(null, je);
return;
}
// be liberal in what you accept. If the name starts with ./, remove
// it as we internally canonicalize it with out the ./.
if (name.StartsWith("./"))
{
name = name.Substring(2);
}
// be liberal in what you accept. If the name starts with /, remove
// it as we internally canonicalize it with out the /.
if (name.StartsWith("/"))
{
name = name.Substring(1);
}
// only set the jev object for entries that have a signature
// (either verified or not)
if (SigFileSigners.Get(name) != null || VerifiedSigners.Get(name) != null)
{
mev.setEntry(name, je);
return;
}
// don't compute the digest for this entry
mev.setEntry(null, je);
return;
}
