org.structr.function.CreateJarFileFunction Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of structr-ui Show documentation
Show all versions of structr-ui Show documentation
Structr is an open source framework based on the popular Neo4j graph database.
The newest version!
/**
* Copyright (C) 2010-2016 Structr GmbH
*
* This file is part of Structr .
*
* Structr is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* Structr is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with Structr. If not, see aliases = keystore.aliases(); aliases.hasMoreElements();) {
//
// final String alias = aliases.nextElement();
//
// if (keystore.isCertificateEntry(alias)) {
//
// System.out.println("Using certificate entry " + alias);
// cert = (X509Certificate)keystore.getCertificate(alias);
//
// } else if (keystore.isKeyEntry(alias)) {
//
// System.out.println("Using private key entry " + alias);
// privateKey = (PrivateKey)keystore.getKey(alias, keystorePassword.toCharArray());
//
// }
// }
//
//
// } catch (Throwable t) {
//
// logger.log(Level.WARNING, "", t);
// }
// }
// }
// maximum compression
jos.setLevel(9);
// initialize manifest
mainAttributes.put(Attributes.Name.MANIFEST_VERSION, "1.0");
// add entries from scripting context
for (final Object source : sources) {
if (source != null && source instanceof NameAndContent) {
final NameAndContent content = (NameAndContent)source;
final JarEntry entry = new JarEntry(content.getName());
final byte[] data = content.getContent().getBytes("utf-8");
entry.setTime(System.currentTimeMillis());
// write JarEntry
jos.putNextEntry(entry);
jos.write(data);
jos.closeEntry();
jos.flush();
// update message digest with data
md.update(data);
// create new attribute with the entry's name
Attributes attr = manifest.getAttributes(entry.getName());
if (attr == null) {
attr = new Attributes();
manifest.getEntries().put(entry.getName(), attr);
}
// store SHA1-Digest for the new entry
attr.putValue(algorithm + "-Digest", new String(Base64.encode(md.digest()), "ASCII"));
}
}
// add manifest entry
jos.putNextEntry(new JarEntry(JarFile.MANIFEST_NAME));
manifest.write(jos);
// add signature entry
final byte[] signedData = getSignatureForManifest(manifest, algorithm);
jos.putNextEntry(new JarEntry("META-INF/CERT.SF"));
jos.write(signedData);
if (privateKey != null && cert != null) {
// add certificate entry
jos.putNextEntry(new JarEntry("META-INF/CERT." + privateKey.getAlgorithm()));
writeSignatureBlock(jos, algorithm, new CMSProcessableByteArray(signedData), cert, privateKey);
} else {
System.out.println("No certificate / key found, signinig disabled.");
}
// use finish() here to avoid an "already closed" exception later
jos.flush();
jos.finish();
} catch (Throwable t) {
logException(entity, t, sources);
}
} else {
logger.log(Level.WARNING, "First parameter of create_jar_file() must be an output stream. Parameters: {0}", getParametersAsString(sources));
return "First parameter of create_jar_file() must be an output stream.";
}
} else {
logParameterError(entity, sources, ctx.isJavaScriptContext());
}
return "";
}
@Override
public String usage(boolean inJavaScriptContext) {
return "create_jar_file()";
}
@Override
public String shortDescription() {
return "Creates a signed JAR file from the given contents.";
}
// ----- private methods -----
private byte[] getSignatureForManifest(final Manifest forManifest, final String algorithm) throws IOException, GeneralSecurityException {
final ByteArrayOutputStream bos = new ByteArrayOutputStream();
final Manifest signatureFile = new Manifest();
final Attributes main = signatureFile.getMainAttributes();
final MessageDigest md = MessageDigest.getInstance(algorithm);
final PrintStream print = new PrintStream(new DigestOutputStream(new ByteArrayOutputStream(), md), true, "UTF-8");
main.putValue("Signature-Version", "1.0");
forManifest.write(print);
print.flush();
main.putValue(algorithm + "-Digest-Manifest", new String(Base64.encode(md.digest()), "ASCII"));
final Map entries = forManifest.getEntries();
for (Map.Entry entry : entries.entrySet()) {
// Digest of the manifest stanza for this entry.
print.print("Name: " + entry.getKey() + "\r\n");
for (Map.Entry att : entry.getValue().entrySet()) {
print.print(att.getKey() + ": " + att.getValue() + "\r\n");
}
print.print("\r\n");
print.flush();
final Attributes sfAttr = new Attributes();
sfAttr.putValue(algorithm + "-Digest", new String(Base64.encode(md.digest()), "ASCII"));
signatureFile.getEntries().put(entry.getKey(), sfAttr);
}
signatureFile.write(bos);
return bos.toByteArray();
}
private void writeSignatureBlock(final JarOutputStream jos, final String algorithm, final CMSTypedData data, final X509Certificate publicKey, final PrivateKey privateKey) throws IOException, CertificateEncodingException, OperatorCreationException, CMSException {
final List certList = new ArrayList<>();
certList.add(publicKey);
final JcaCertStore certs = new JcaCertStore(certList);
final CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
final ContentSigner signer = new JcaContentSignerBuilder(algorithm + "with" + privateKey.getAlgorithm()).build(privateKey);
final SignerInfoGenerator infoGenerator = new JcaSignerInfoGeneratorBuilder(new JcaDigestCalculatorProviderBuilder().build()).setDirectSignature(true).build(signer, publicKey);
gen.addSignerInfoGenerator(infoGenerator);
gen.addCertificates(certs);
final CMSSignedData sigData = gen.generate(data, false);
final ASN1InputStream asn1 = new ASN1InputStream(sigData.getEncoded());
final DEROutputStream dos = new DEROutputStream(jos);
final ASN1Primitive obj = asn1.readObject();
dos.writeObject(obj);
}
private PrivateKey getOrCreatePrivateKey(final String keygenAlgorithm, final String srngAlgorithm, final String signAlgorithm) {
final KeyStore keyStore = getOrCreateKeystore(keygenAlgorithm, srngAlgorithm, signAlgorithm);
final String keystorePass = "test";
if (keyStore != null) {
try {
return (PrivateKey)keyStore.getKey("priv", keystorePass.toCharArray());
} catch (Throwable t) {
logger.log(Level.WARNING, "", t);
}
}
return null;
}
private X509Certificate getOrCreateCertificate(final String keygenAlgorithm, final String srngAlgorithm, final String signAlgorithm) {
final KeyStore keyStore = getOrCreateKeystore(keygenAlgorithm, srngAlgorithm, signAlgorithm);
if (keyStore != null) {
try {
return (X509Certificate)keyStore.getCertificate("cert");
} catch (Throwable t) {
logger.log(Level.WARNING, "", t);
}
}
return null;
}
private KeyStore getOrCreateKeystore(final String keygenAlgorithm, final String srngAlgorithm, final String signAlgorithm) {
final String keystorePath = "test.keystore";
final String keystorePass = "test";
final java.io.File keystoreFile = new java.io.File(keystorePath);
if (keystoreFile.exists()) {
try (final FileInputStream fis = new FileInputStream(keystoreFile)) {
final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(fis, keystorePass.toCharArray());
return keystore;
} catch (Throwable t) {
logger.log(Level.WARNING, "", t);
}
} else {
try (final FileOutputStream fos = new FileOutputStream(keystoreFile)) {
final KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(null, keystorePass.toCharArray());
final KeyPairGenerator gen = KeyPairGenerator.getInstance(keygenAlgorithm);
gen.initialize(1024, SecureRandom.getInstance(srngAlgorithm));
final KeyPair keyPair = gen.generateKeyPair();
final SimpleDateFormat dateFormat = new SimpleDateFormat("dd.MM.yyyy");
final Date startDate = dateFormat.parse("01.01.2015");
final Date expiryDate = dateFormat.parse("01.01.2017");
final BigInteger serialNumber = BigInteger.valueOf(1234);
final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
final X500Principal dnName = new X500Principal("CN=Test CA Certificate");
certGen.setSerialNumber(serialNumber);
certGen.setIssuerDN(dnName);
certGen.setNotBefore(startDate);
certGen.setNotAfter(expiryDate);
certGen.setSubjectDN(dnName);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm(signAlgorithm);
final X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC");
keystore.setCertificateEntry("cert", cert);
keystore.setKeyEntry("priv", keyPair.getPrivate(), keystorePass.toCharArray(), new Certificate[] { cert } );
keystore.store(fos, keystorePass.toCharArray());
fos.flush();
return keystore;
} catch (Throwable t) {
logger.log(Level.WARNING, "", t);
}
}
return null;
}
public String hex(final Certificate cert) {
byte[] encoded;
try {
encoded = cert.getEncoded();
} catch (CertificateEncodingException e) {
encoded = new byte[0];
}
return hex(encoded);
}
public String hex(byte[] sig) {
byte[] csig = new byte[sig.length * 2];
for (int j = 0; j < sig.length; j++) {
byte v = sig[j];
int d = (v >> 4) & 0xf;
csig[j * 2] = (byte) (d >= 10 ? ('a' + d - 10) : ('0' + d));
d = v & 0xf;
csig[j * 2 + 1] = (byte) (d >= 10 ? ('a' + d - 10) : ('0' + d));
}
return new String(csig);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy