appdescriptor.java

This is a resource based on j2me embedded,if you dont understand,you can connection with me .

/*
 *   
 *
 * Copyright  1990-2007 Sun Microsystems, Inc. All Rights Reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License version
 * 2 only, as published by the Free Software Foundation.
 * 
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License version 2 for more details (a copy is
 * included at /legal/license.txt).
 * 
 * You should have received a copy of the GNU General Public License
 * version 2 along with this work; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA
 * 
 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa
 * Clara, CA 95054 or visit www.sun.com if you need additional
 * information or have any questions.
 */

package com.sun.midp.jadtool;


/*
 * Web proxy  - The URL retrieval mechanism in AppDescriptor does not
 *              work through a proxy server at this time.
 */

import java.io.*;
import java.util.*;
import java.net.URL;
import java.net.MalformedURLException;

import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.DigestInputStream;
import java.security.NoSuchAlgorithmException;
import java.security.KeyStoreException;
import java.security.Key;
import java.security.PrivateKey;
import java.security.Signature;

import java.security.SignatureException;
import java.security.InvalidKeyException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;

import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateFactory;

import java.security.cert.CertificateException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;

import com.sun.midp.jadtool.AppDescriptorException;

import com.sun.midp.installer.*;

/**
 * Java API for signing MIDletSuites.
 * <p>
 * AppDescriptor is an extension of the Properties class which provides
 * additional methods for adding message digest and certificate 
 * properties as well as signing the app descriptor file and verifying
 * a signed app descriptor file.
 */
public class AppDescriptor extends JadProperties {
    
    /** Index of the key in arrays returned by getAllCerts. */
    public static int KEY = 0;

    /** Index of the cert in arrays returned by getAllCerts. */
    public static int CERT = 1;

    /** App Descriptor key for . */
    public static final String JAR_SIGNATURE = "MIDlet-Jar-RSA-SHA1";
    /** App Descriptor key for . */
    public static final String CP_ATTR = "MIDlet-Certificate-";
    /** App Descriptor key for . */
    public static final String JAR_URL = "MIDlet-Jar-URL";
    /** App Descriptor key for . */
    public static final String JAR_SIZE = "MIDlet-Jar-Size";
    /** App Descriptor key for . */
    public static final String SEP_ATTR = ": ";    

    /** SHA1 with RSA constant. */
    public static final String SIGN_ALG = "SHA1withRSA";

    /** KeyStore to get certificates and keys from. */
    private KeyStore keystore = null;

    /**
     * Default constructor
     */
    public AppDescriptor() {
        super();
    }

    /**
     * Used to input a stored app descriptor into an AppDescriptor
     * instance from a stream.  The input stream will be converted 
     * to Unicode using <code>encoding</code> if it is specified.
     * If <code>encoding</code> is not specified, a default 
     * encoding of type "UTF8" escapes will be used.
     *
     * Overrides <code>Properties.load</code>
     *
     * @param inputJad App descriptor input stream.
     * @param encoding Encoding of the inputJad stream.
     *
     * @exception IOException If an error occurs while loading the 
     *            inputJad stream.
     * @exception UnsupportedEncodingException If the given encoding
     *            type is not supported.
     * @exception InvalidJadException If the JAD has a format error
     */
    public synchronized void load(InputStream inputJad, String encoding)
        throws UnsupportedEncodingException, IOException, InvalidJadException {
            super.load(inputJad, encoding);
    }

    /**
     * Used to store an app descriptor instance into a jad file 
     * through an output stream.  The internal Unicode stream 
     * will be converted to an output format using
     * <code>encoding</code> if it is specified.
     * If <code>encoding</code> is not specified, a default 
     * encoding of type Ascii with Unicode escapes will be used.
     *
     * Overrides <code>Properties.store</code>
     *
     * @param outputJad App descriptor output stream.
     * @param encoding Encoding of the outputJad stream.
     *
     * @exception IOException If an error occurs while writing the 
     *            inputJad stream.
     * @exception UnsupportedEncodingException If the given encoding
     *            type is not supported.
     */
    public synchronized void store(OutputStream outputJad, String encoding)
            throws UnsupportedEncodingException, IOException {
   
        if (encoding != null) {
            JadWriter.write(this, outputJad, encoding);
        } else {
            JadWriter.write(this, outputJad);
        }
    }

    /**
     * Provides a KeyStore instance for use by this AppDescriptor
     * object.  (The default KeyStore type from the Java security
     * properties file is used.  This should be type "JKS", and is
     * the only supported keystore format.)
     * <p>
     * This KeyStore is required by the <code>addcert</code>,
     * <code>sign</code>, <code>signcert</code>, and <code>verify</code> 
     * methods.  If any of these methods is called before 
     * <code>loadKeyStore</code> an exception will be thrown. 
     *
     * @param ksfile The input stream stream to load a KeyStore from.
     * @param storepass The password to unlock the KeyStore, can be null.
     * @exception KeyStoreException The default keystore provider type
     *            is not available in any of the provider packages 
     *            searched.  
     * @exception IOException Thrown if there is a problem parsing 
     *            the input stream or loading its data.
     * @exception CertificateException Thrown if there is trouble loading
     *            certificates into the KeyStore
     * @exception NoSuchAlgorithmException Thrown if the algorithm
     *            needed to verify the KeyStore cannot be found.
     */
    public synchronized void loadKeyStore(InputStream ksfile,
                                          char[] storepass)
        throws KeyStoreException, IOException, 
               NoSuchAlgorithmException, CertificateException, Exception {
        try {
            keystore = KeyStore.getInstance(KeyStore.getDefaultType());
            keystore.load(ksfile, storepass);
        } catch (Exception e) {
            throw new Exception("loadKeyStore failed");
        }
    }

    /**
     * Store a the keystore in the descriptor in a file.
     *
     * @param ksfname file to use
     * @param storepass password of keystore
     */
    public synchronized void storeKeyStore(String ksfname,
                                           char[] storepass)
        throws IOException, KeyStoreException, 
        NoSuchAlgorithmException, CertificateException {

        FileOutputStream fout = new FileOutputStream(ksfname);
        keystore.store(fout, storepass);
        fout.close();
    }

    /**
     * Adds a Base64 encoded signature of the jar file at the URL 
     * specified by the MIDlet-Jar-URL key in the app descriptor.
     * <code>load</code> and <code>loadKeyStore</code> must be
     * call before this method.
     * <p>
     * The line in the app descriptor corresponding to this
     * insertion will look like this:
     * <p>
     *   MIDlet-Jar-RSA-SHA1:j3zKCv6eud2Ubkw80XjpNb7tk5s...
     *
     * If a MIDlet-Jar-RSA-SHA1 property already exists it will
     * be replaced.
     *
     * @param alias  Alias of the signing key in the keystore.
     * @param keypass Password to access the signing (private) key.
     *
     * @exception AppDescriptorException JAR URL or content provider
     *            certificate was
     *            not found in the app descriptor.
     * @exception MalformedURLException The URL corresponding to 
     *            the MIDlet-Jar-URL key could not be parsed.
     * @exception IOException error reading the JAR
     * @exception NoSuchAlgorithmException If SHA1 or RSA need by
     *            getEncodedSig could not be found in an
     *            installed JCA provider.    
     * @exception KeyStoreException
     * @exception InvalidKeyException
     * @exception SignatureException
     * @exception UnrecoverableKeyException
     */
    public void addJarSignature(String alias, char[] keypass)
        throws AppDescriptorException, MalformedURLException, IOException, 
               KeyStoreException, InvalidKeyException, 
               SignatureException, NoSuchAlgorithmException, 
               UnrecoverableKeyException {

        String urlStr = getProperty(JAR_URL);

        if (urlStr == null) {
            throw new AppDescriptorException(JAR_URL + " not in descriptor");
        }

        URL url = new URL(urlStr);
        InputStream jarStream = url.openStream();
        addJarSignature(alias, keypass, jarStream);
    }
    
    /**
     * Adds a Base64 encoded signature of the jar file provided in
     * an input stream to the app descriptor.
     * <p>
     * The line in the app descriptor corresponding to this
     * insertion will look like this:
     *
     *   MIDlet-Jar-RSA-SHA1:j3zKCv6eud2Ubkw80XjpNb7tk5s...
     *
     * If a MIDlet-Jar-RSA-SHA1 property already exists it will
     * be replaced.
     *
     * @param alias  Alias of the signing key in the keystore.
     * @param keypass Password to access the signing (private) key.
     * @param jarStream stream to read the jar file from
     *
     * @exception IOException If there is a problem reading the 
     *            input stream.
     * @exception NoSuchAlgorithmException If SHA1 or RSA need by
     *            getEncodedSig could not be found in an
     *            installed JCA provider.    
     * @exception KeyStoreException
     * @exception InvalidKeyException
     * @exception SignatureException
     * @exception UnrecoverableKeyException
     */
    public void addJarSignature(String alias, char[] keypass,
            InputStream jarStream) throws IOException,
        NoSuchAlgorithmException, 
        KeyStoreException, InvalidKeyException, SignatureException,
        NoSuchAlgorithmException, UnrecoverableKeyException {

        setProperty(JAR_SIGNATURE, getEncodedSig(alias, keypass, jarStream));
    }

    /**
     * Retrieves a certificate out of a KeyStore and adds it 
     * to the app descriptor as:
     * <p>
     *   content_provider.certificate-1-1:<Base64 encoded newcert>
     * <p>
     * Instance variable <code>keystore</code> must not be null, 
     * and should have been set by <code>loadKeyStore</code>
     * before this method is called.
     *
     * @param alias Alias of the chosen certificate in the keystore
     * @param chainNum number of the chain to add certificate to
     * @param certNum number of the certificate in the chain to replace it,
     *        or 0 to add the certificate at the end of the chain
     *
     * @exception KeyStoreException If there is an error with the keystore.
     * @exception CertificateException If there is a problem with the
     *            encoding of the certificate.
     * @exception AppDescriptorException If the KeyStore has not been 
     *            initialized (keystore is null)
     */    
    public void addCert(String alias, int chainNum, int certNum)
    throws CertificateException, KeyStoreException, AppDescriptorException {
	Certificate[] chain = getCertificatesFromKeyStore(alias);
	if (certNum == 0) {
	    // find next number after the highest existing certificate number
	    for (certNum = 1;
		 getProperty(CP_ATTR + chainNum + "-" + certNum) != null;
		 certNum++);

	    for (int i = 0; i < chain.length; i++) {
		addEncodedCertificate(chain[i], chainNum, certNum + i);
	    }
	} else {
	    addEncodedCertificate(chain[certNum-1], chainNum, certNum);
	}
    }

    /**
     * Returns an X509Certificate object from the app descriptor property
     * chosen by <code>certnum</code>, or 
     * null if that certificate does not exist in the descriptor.
     * <p>
     * After finding the chosen property in the app descriptor, 
     * decodes it from Base64 into a byte-encoded certificate and then
     * creates the X509 format certificate from that opaque data.
     *
     * @param chainNum number of the certificate chain
     * @param certNum number of the certificate in the chain
     *
     * @return an X509Certificate object or null if the certificate is
     * not in the JAD
     *
     * @exception CertificateException If there is a format problem with
     *            the certificate
     */
    public X509Certificate getCert(int chainNum, int certNum)
        throws CertificateException {

        X509Certificate c = null;
        
        String base64 = getProperty(CP_ATTR + chainNum + "-" + certNum);
        if (base64 != null) {
            c = base64CertToX509Cert(base64);
        } 

        return c;
    }
  
    /**
     * Returns an X509Certificate object from the app descriptor property
     * chosen by <code>certnum</code>, or 
     * null if that certificate does not exist in the descriptor.
     * <p>
     * After finding the chosen property in the app descriptor, 
     * decodes it from Base64 into a byte-encoded certificate and then
     * creates the X509 format certificate from that opaque data.
     *
     * @param chainNum number of the certificate chain
     * @param certNum number of the certificate in the chain
     *
     * @return an X509Certificate object or null if the certificate is
     * not in the JAD
     *
     * @exception CertificateException If there is a format problem with
     *            the certificate
     */
    public X509Certificate getCertAttribute(int chainNum, int certNum)
        throws CertificateException {

        X509Certificate c = null;
        
        String base64 = getProperty(CP_ATTR + chainNum + "-" + certNum);
        if (base64 != null) {
            c = base64CertToX509Cert(base64);
        } 

        return c;
    }
  
    /**
     * Returns all X509Certificate objects from the app descriptor.
     * <p>
     * After finding a certificate property in the app descriptor, 
     * decodes it from Base64 into a byte-encoded certificate and then
     * creates the X509 format certificate from that opaque data.
     *
     * @return Vector of object arrays, each containing key, and a
     * X509Certificate object
     */
    public Vector getAllCerts() throws CertificateException {