264 * @param msUID the UID if the MIDlet suite being authenticated |
264 * @param msUID the UID if the MIDlet suite being authenticated |
265 * @param oldMSUID the UID if the MIDlet suite being updated |
265 * @param oldMSUID the UID if the MIDlet suite being updated |
266 * (if applicable) |
266 * (if applicable) |
267 * @param appJARPath the path to the JAR being authenticated |
267 * @param appJARPath the path to the JAR being authenticated |
268 */ |
268 */ |
269 public void authenticateJar( |
269 public AuthenticationCredentials[] authenticateJar( |
270 StorageSession storageSession, |
|
271 Uid msUID, |
270 Uid msUID, |
272 Uid oldMSUID, |
271 Uid oldMSUID, |
273 String appJARPath, |
272 String appJARPath, |
274 boolean drmContent) |
273 boolean drmContent) |
275 { |
274 { |
276 AuthenticationStorageData data = null; |
275 AuthenticationStorageData data = null; |
|
276 Credentials selectedCredentials = null; |
277 try |
277 try |
278 { |
278 { |
279 Vector allAuthCredentials = (Vector)iAuthCredentials.get(msUID); |
279 Vector allAuthCredentials = (Vector)iAuthCredentials.get(msUID); |
280 String jarHash = null; |
280 String jarHash = null; |
281 try |
281 try |
305 jarHash, |
305 jarHash, |
306 null /*rootHashValue*/, |
306 null /*rootHashValue*/, |
307 null /*validatedChainIndexes*/, |
307 null /*validatedChainIndexes*/, |
308 null /* jarPath*/, |
308 null /* jarPath*/, |
309 iSecurityWarningsMode); |
309 iSecurityWarningsMode); |
|
310 selectedCredentials = new Credentials( |
|
311 data.getProtectionDomain(), |
|
312 data.getProtectionDomainCategory(), |
|
313 jarHash, |
|
314 null /* root hash */, |
|
315 -1 /* validated chain index*/, |
|
316 null /* signing cert */); |
310 verifyUpdate( |
317 verifyUpdate( |
311 new Credentials[] {new Credentials( |
318 new Credentials[] {selectedCredentials}, |
312 data.getProtectionDomain(), |
|
313 data.getProtectionDomainCategory(), |
|
314 jarHash, |
|
315 null /* root hash */, |
|
316 -1 /* validated chain index*/, |
|
317 null /* signing cert */) |
|
318 }, |
|
319 oldMSUID); |
319 oldMSUID); |
320 } |
320 } |
321 else |
321 else |
322 { |
322 { |
323 // get the authentication credential candidates and select the right |
323 // get the authentication credential candidates and select the right |
326 String protectionDomainName = null; |
326 String protectionDomainName = null; |
327 String protectionDomainCategory = null; |
327 String protectionDomainCategory = null; |
328 String jarHashValue = null; |
328 String jarHashValue = null; |
329 String rootHashValue = null; |
329 String rootHashValue = null; |
330 Vector validatedChainIndexes = new Vector(); |
330 Vector validatedChainIndexes = new Vector(); |
331 Credentials selectedCredentials = selectCredentials(jarHash, allAuthCredentials, validatedChainIndexes); |
331 selectedCredentials = selectCredentials(jarHash, allAuthCredentials, validatedChainIndexes); |
332 if (selectedCredentials == null |
332 if (selectedCredentials == null |
333 || selectedCredentials.getProtectionDomainName() == null) |
333 || selectedCredentials.getProtectionDomainName() == null) |
334 { |
334 { |
335 if (!drmContent) |
335 if (!drmContent) |
336 { |
336 { |
376 selectedCredentials.jarHashValue, |
376 selectedCredentials.jarHashValue, |
377 selectedCredentials.rootHashValue, |
377 selectedCredentials.rootHashValue, |
378 validatedChainIndexes, |
378 validatedChainIndexes, |
379 iSecurityWarningsMode); |
379 iSecurityWarningsMode); |
380 } |
380 } |
381 |
|
382 writeAuthenticationStorageData(storageSession, msUID, data, (oldMSUID != null && oldMSUID.equals(msUID))); |
|
383 } |
381 } |
384 finally |
382 finally |
385 { |
383 { |
386 // remove all the auth credentials with the selection |
384 // remove all the auth credentials with the selection |
387 if (data != null) |
385 if (data != null) |
388 { |
386 { |
389 iSelectedAuthCredentials.put(msUID, data); |
387 iSelectedAuthCredentials.put(msUID, data); |
390 } |
388 } |
391 } |
389 } |
392 } |
390 return new AuthenticationCredentials[] {selectedCredentials}; |
393 |
391 } |
394 /** |
392 |
395 */ |
393 /** |
396 public void authenticateJar( |
394 */ |
397 StorageSession storageSession, |
395 public AuthenticationCredentials[] authenticateJar( |
398 Uid uid, |
396 Uid uid, |
399 Uid oldUid, |
397 Uid oldUid, |
400 ProtectionDomain protectionDomain, |
398 ProtectionDomain protectionDomain, |
401 String appJARPath) |
399 String appJARPath) |
402 { |
400 { |
|
401 Credentials selectedCredentials = null; |
403 if (protectionDomain == null |
402 if (protectionDomain == null |
404 || (!protectionDomain.equals(ProtectionDomain.getManufacturerDomain()) |
403 || (!protectionDomain.equals(ProtectionDomain.getManufacturerDomain()) |
405 && !protectionDomain.equals(ProtectionDomain.getOperatorDomain()) |
404 && !protectionDomain.equals(ProtectionDomain.getOperatorDomain()) |
406 && !protectionDomain.equals(ProtectionDomain.getIdentifiedThirdPartyDomain()) |
405 && !protectionDomain.equals(ProtectionDomain.getIdentifiedThirdPartyDomain()) |
407 && !protectionDomain.equals(ProtectionDomain.getUnidentifiedThirdPartyDomain()))) |
406 && !protectionDomain.equals(ProtectionDomain.getUnidentifiedThirdPartyDomain()))) |
436 jarHash, |
435 jarHash, |
437 null /*rootHashValue*/, |
436 null /*rootHashValue*/, |
438 null /*validatedChainIndexes*/, |
437 null /*validatedChainIndexes*/, |
439 null /* jarPath*/, |
438 null /* jarPath*/, |
440 iSecurityWarningsMode); |
439 iSecurityWarningsMode); |
|
440 selectedCredentials = new Credentials( |
|
441 data.getProtectionDomain(), |
|
442 data.getProtectionDomainCategory(), |
|
443 jarHash, |
|
444 null /* root hash */, |
|
445 -1 /* validated chain index*/, |
|
446 null /* signing cert */); |
441 verifyUpdate( |
447 verifyUpdate( |
442 new Credentials[] {new Credentials( |
448 new Credentials[] {selectedCredentials}, |
443 data.getProtectionDomain(), |
|
444 data.getProtectionDomainCategory(), |
|
445 jarHash, |
|
446 null /* root hash */, |
|
447 -1 /* validated chain index*/, |
|
448 null /* signing cert */) |
|
449 }, |
|
450 oldUid); |
449 oldUid); |
451 |
450 |
452 writeAuthenticationStorageData(storageSession, uid, data, (oldUid != null && oldUid.equals(uid))); |
451 iSelectedAuthCredentials.put(uid, data); |
|
452 |
|
453 return new AuthenticationCredentials[] {selectedCredentials}; |
453 } |
454 } |
454 |
455 |
455 /** |
456 /** |
456 * Registers a listener for ocsp events corresponding to the |
457 * Registers a listener for ocsp events corresponding to the |
457 * installation of a certain MIDlet suite |
458 * installation of a certain MIDlet suite |
579 } |
580 } |
580 iOcspEventListeners.remove(msUID); |
581 iOcspEventListeners.remove(msUID); |
581 } |
582 } |
582 |
583 |
583 /** |
584 /** |
|
585 * Writes to storage all the security data related to a certain MIDlet suite |
|
586 * |
|
587 * @param sessionID the JavaStorage session to be used when |
|
588 * writing the security data into storage |
|
589 * @param msUID the UID if the MIDlet suite whose security data is |
|
590 * being written |
|
591 */ |
|
592 public void addSecurityData(StorageSession storageSession, Uid msUID, Uid oldMsUID) |
|
593 { |
|
594 Logger.log("Write authentication data to storage"); |
|
595 AuthenticationStorageData authStorageData = |
|
596 (AuthenticationStorageData)iSelectedAuthCredentials.remove( |
|
597 msUID); |
|
598 writeAuthenticationStorageData(storageSession, msUID, authStorageData, |
|
599 (oldMsUID != null && oldMsUID.equals(msUID))); |
|
600 } |
|
601 |
|
602 /** |
584 * Returns the details of the certificates used for authenticating a |
603 * Returns the details of the certificates used for authenticating a |
585 * MIDlet suite. This method is used at installation time. |
604 * MIDlet suite. This method is used at installation time. |
586 * |
605 * |
587 * @param sessionID the JavaStorage session to be used when |
606 * @param sessionID the JavaStorage session to be used when |
588 * retrieving the certificates details |
607 * retrieving the certificates details |
659 * @param aMsUid the UID of the MIDlet suite whose media info is |
678 * @param aMsUid the UID of the MIDlet suite whose media info is |
660 * notified |
679 * notified |
661 * @param aMediaId the identifier of the media where the MIDlet |
680 * @param aMediaId the identifier of the media where the MIDlet |
662 * suite is installed |
681 * suite is installed |
663 */ |
682 */ |
664 public void setMediaId(StorageSession aStorageSession, Uid aMsUid, int aMediaId) |
683 public void setMediaId(Uid aMsUid, int aMediaId) |
665 { |
684 { |
666 // store the jar hash only if the suite was installed on a non-protected media |
685 // store the jar hash only if the suite was installed on a non-protected media |
667 if (isDriveProtected(aMediaId)) |
686 if (isDriveProtected(aMediaId)) |
668 { |
687 { |
669 SecurityStorage storage = new SecurityStorage(aStorageSession); |
688 AuthenticationStorageData authStorageData = |
670 try |
689 (AuthenticationStorageData)iSelectedAuthCredentials.get( |
671 { |
690 aMsUid); |
672 AuthenticationStorageData authStorageData = |
691 if (authStorageData != null) |
673 (AuthenticationStorageData)iSelectedAuthCredentials.get( |
692 { |
674 aMsUid); |
693 Logger.log("Suite installed on protected media -> the runtime tamper detection is disabled"); |
675 if (authStorageData != null) |
694 authStorageData.setJarHashValue(null); |
676 { |
695 iSelectedAuthCredentials.put(aMsUid, authStorageData); |
677 Logger.log("Suite installed on protected media -> the runtime tamper detection is disabled"); |
696 } |
678 authStorageData.setJarHashValue(null); |
|
679 storage.writeAuthenticationStorageData(aMsUid, |
|
680 authStorageData, |
|
681 true /* this is an update */); |
|
682 } |
|
683 } |
|
684 finally |
|
685 { |
|
686 iSelectedAuthCredentials.remove(aMsUid); |
|
687 } |
|
688 |
|
689 } |
697 } |
690 } |
698 } |
691 |
699 |
692 /** |
700 /** |
693 * Setter for the OCSP settings |
701 * Setter for the OCSP settings |
831 // do the tamper detection |
839 // do the tamper detection |
832 if (authStorageData.getJarHashValue() != null |
840 if (authStorageData.getJarHashValue() != null |
833 && authStorageData.getJarHashValue().length() > 0) |
841 && authStorageData.getJarHashValue().length() > 0) |
834 { |
842 { |
835 Logger.log(" Doing tamper detection"); |
843 Logger.log(" Doing tamper detection"); |
836 String computedJarHash = null; |
844 String computedJarHash = null; |
837 try |
845 try |
838 { |
846 { |
839 computedJarHash = _computeHash(authStorageData.getJarPath()); |
847 computedJarHash = _computeHash(authStorageData.getJarPath()); |
840 }catch(AuthenticationException e) |
848 }catch(AuthenticationException e) |
841 { |
849 { |
842 if (e.getErrorCode() |
850 if (e.getErrorCode() |
843 == AuthenticationException.JAR_NOT_FOUND) |
851 == AuthenticationException.JAR_NOT_FOUND) |
844 { |
852 { |
845 Logger.logWarning(" Jar not found while trying to compute hash"); |
853 Logger.logWarning(" Jar not found while trying to compute hash"); |
846 throw new RuntimeSecurityException( |
854 throw new RuntimeSecurityException( |
847 SecurityErrorMessage.JAR_NOT_FOUND, |
855 SecurityErrorMessage.JAR_NOT_FOUND, |