Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
Copyright (c) 2007, 2008 IBM Corporation and others. All rights reserved. This program and the accompanying materials are made available under the terms of the Eclipse Public License v1.0 which accompanies this distribution, and is available at http://www.eclipse.org/legal/epl-v10.html Contributors: IBM Corporation - initial API and implementation /
  
  package org.eclipse.osgi.internal.signedcontent;
 
 
 public class TrustEngineListener {
 	// this is a singleton listener; see SignedBundleHook for initialization
 	private volatile static TrustEngineListener instance;
 	private final BundleContext context;
 
 		this. = context;
 		// read the trust provider security property
 		String authEngineProp = FrameworkProperties.getProperty(.);
 		Filter filter = null;
 		if (authEngineProp != null)
 			try {
 				filter = FilterImpl.newInstance("(&(" + . + "=" + AuthorizationEngine.class.getName() + ")(" + . + "=" + authEngineProp + "))"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ //$NON-NLS-4$//$NON-NLS-5$
 			} catch (InvalidSyntaxException e) {
 				SignedBundleHook.log("Invalid authorization filter".e); //$NON-NLS-1$
 			}
 		if (filter != null)
 			 = new ServiceTracker(contextfilternull);
 		else
 			 = new ServiceTracker(contextAuthorizationEngine.class.getName(), null);
 		 = this;
 	}
 
 	public static TrustEngineListener getInstance() {
 		return ;
 	}
 
 		 = null;
 	}
 
 	public void addedTrustAnchor(Certificate anchor) {
 		// find any SignedContent with SignerInfos that do not have an anchor;
 		// re-evaluate trust and check authorization for these SignedContents
 		Bundle[] bundles = .getBundles();
 		HashSet unresolved = new HashSet();
 		for (int i = 0; i < bundles.lengthi++) {
 			SignedContentImpl signedContent = getSignedContent(bundles[i]);
 			if (signedContent != null && signedContent.isSigned()) {
 				// check the SignerInfos for this content
 				SignerInfo[] infos = signedContent.getSignerInfos();
 				for (int j = 0; j < infos.lengthj++) {
 					if (infos[j].getTrustAnchor() == null)
 						// one of the signers is not trusted
 						unresolved.add(bundles[i]);
 					SignerInfo tsa = signedContent.getTSASignerInfo(infos[j]);
 					if (tsa != null && tsa.getTrustAnchor() == null)
 						// one of the tsa signers is not trusted
 						unresolved.add(bundles[i]);
 				}
 			}
 			if (unresolved.contains(bundles[i])) {
 				// found an untrusted signer for this bundle re-evaluate trust
 				SignedBundleFile.determineTrust(signedContent.);
 				// now check the authorization handler
 				checkAuthorization(signedContentbundles[i]);
 			}
 		}
 		// try to resolve
 		if (unresolved.size() > 0)
 			resolveBundles((Bundle[]) unresolved.toArray(new Bundle[unresolved.size()]), false);
 	}
 
 	private void checkAuthorization(SignedContentImpl signedContentBundle bundle) {
 		if (authEngine != null)
 			authEngine.authorize(signedContentbundle);
 	}
 
 	}
 
	private void resolveBundles(Bundle[] bundlesboolean refresh) {
		if (ref == null)
			return;
		if (pa == null)
			return;
		try {
			if (refresh)
				pa.refreshPackages(bundles);
			else
				pa.resolveBundles(bundles);
finally {
		}
	}
	public void removedTrustAnchor(Certificate anchor) {
		// find any signed content that has signerinfos with the supplied anchor
		// re-evaluate trust and check authorization again.
		Bundle[] bundles = .getBundles();
		HashSet usingAnchor = new HashSet();
		HashSet untrustedSigners = new HashSet();
		for (int i = 0; i < bundles.lengthi++) {
			SignedContentImpl signedContent = getSignedContent(bundles[i]);
			if (signedContent != null && signedContent.isSigned()) {
				// check signer infos for this content
				SignerInfo[] infos = signedContent.getSignerInfos();
				for (int j = 0; j < infos.lengthj++) {
					if (anchor.equals(infos[j].getTrustAnchor())) {
						// one of the signers uses this anchor
						untrustedSigners.add(infos[j]);
						usingAnchor.add(bundles[i]);
					}
					SignerInfo tsa = signedContent.getTSASignerInfo(infos[j]);
					if (tsa != null && anchor.equals(tsa.getTrustAnchor())) {
						// one of the tsa signers uses this anchor
						usingAnchor.add(bundles[i]);
						untrustedSigners.add(tsa);
					}
				}
			}
		}
		// remove trust anchors from untrusted signers
		for (Iterator untrusted = untrustedSigners.iterator(); untrusted.hasNext();)
			((SignerInfoImpluntrusted.next()).setTrustAnchor(null);
		// re-establish trust and check authorization
		for (Iterator untrustedBundles = usingAnchor.iterator(); untrustedBundles.hasNext();) {
			Bundle bundle = (BundleuntrustedBundles.next();
			SignedContentImpl signedContent = getSignedContent(bundle);
			// found an signer using the anchor for this bundle re-evaluate trust
			SignedBundleFile.determineTrust(signedContent.);
			// now check the authorization handler
			checkAuthorization(signedContentbundle);
		}
		// TODO an optimization here would be to check for real DisabledInfo objects for each bundle
		// try to refresh
		if (usingAnchor.size() > 0)
			resolveBundles((Bundle[]) usingAnchor.toArray(new Bundle[usingAnchor.size()]), true);
	}
		BaseData data = (BaseData) ((AbstractBundlebundle).getBundleData();
		if (hook == null)
			return null;
	}
New to GrepCode? Check out our FAQ X