--- a/javacommons/security/javasrc/com/nokia/mj/impl/security/midp/authentication/AuthenticationModule.java Wed Sep 15 12:05:25 2010 +0300
+++ b/javacommons/security/javasrc/com/nokia/mj/impl/security/midp/authentication/AuthenticationModule.java Wed Oct 13 14:23:59 2010 +0300
@@ -266,22 +266,18 @@
* (if applicable)
* @param appJARPath the path to the JAR being authenticated
*/
- public AuthenticationCredentials[] authenticateJar(
+ public void authenticateJar(
+ StorageSession storageSession,
Uid msUID,
Uid oldMSUID,
String appJARPath,
boolean drmContent)
{
AuthenticationStorageData data = null;
- Credentials selectedCredentials = null;
try
{
Vector allAuthCredentials = (Vector)iAuthCredentials.get(msUID);
- String jarHash = null;
- try
- {
- jarHash = _computeHash(appJARPath);
- }catch(AuthenticationException e) {}
+ String jarHash = _computeHash(appJARPath);
if (jarHash == null || jarHash.length() == 0)
{
// could not compute hash for the given application
@@ -307,15 +303,15 @@
null /*validatedChainIndexes*/,
null /* jarPath*/,
iSecurityWarningsMode);
- selectedCredentials = new Credentials(
- data.getProtectionDomain(),
- data.getProtectionDomainCategory(),
- jarHash,
- null /* root hash */,
- -1 /* validated chain index*/,
- null /* signing cert */);
verifyUpdate(
- new Credentials[] {selectedCredentials},
+ new Credentials[] {new Credentials(
+ data.getProtectionDomain(),
+ data.getProtectionDomainCategory(),
+ jarHash,
+ null /* root hash */,
+ -1 /* validated chain index*/,
+ null /* signing cert */)
+ },
oldMSUID);
}
else
@@ -328,7 +324,7 @@
String jarHashValue = null;
String rootHashValue = null;
Vector validatedChainIndexes = new Vector();
- selectedCredentials = selectCredentials(jarHash, allAuthCredentials, validatedChainIndexes);
+ Credentials selectedCredentials = selectCredentials(jarHash, allAuthCredentials, validatedChainIndexes);
if (selectedCredentials == null
|| selectedCredentials.getProtectionDomainName() == null)
{
@@ -378,6 +374,8 @@
validatedChainIndexes,
iSecurityWarningsMode);
}
+
+ writeAuthenticationStorageData(storageSession, msUID, data, (oldMSUID != null && oldMSUID.equals(msUID)));
}
finally
{
@@ -387,18 +385,17 @@
iSelectedAuthCredentials.put(msUID, data);
}
}
- return new AuthenticationCredentials[] {selectedCredentials};
}
/**
*/
- public AuthenticationCredentials[] authenticateJar(
+ public void authenticateJar(
+ StorageSession storageSession,
Uid uid,
Uid oldUid,
ProtectionDomain protectionDomain,
String appJARPath)
{
- Credentials selectedCredentials = null;
if (protectionDomain == null
|| (!protectionDomain.equals(ProtectionDomain.getManufacturerDomain())
&& !protectionDomain.equals(ProtectionDomain.getOperatorDomain())
@@ -413,11 +410,7 @@
new String[] {"Unknown protection domain " + protectionDomain},
OtaStatusCode.INTERNAL_ERROR);
}
- String jarHash = null;
- try
- {
- jarHash = _computeHash(appJARPath);
- }catch(AuthenticationException e) {}
+ String jarHash = _computeHash(appJARPath);
if (jarHash == null || jarHash.length() == 0)
{
// could not compute hash for the given application
@@ -437,20 +430,18 @@
null /*validatedChainIndexes*/,
null /* jarPath*/,
iSecurityWarningsMode);
- selectedCredentials = new Credentials(
- data.getProtectionDomain(),
- data.getProtectionDomainCategory(),
- jarHash,
- null /* root hash */,
- -1 /* validated chain index*/,
- null /* signing cert */);
verifyUpdate(
- new Credentials[] {selectedCredentials},
+ new Credentials[] {new Credentials(
+ data.getProtectionDomain(),
+ data.getProtectionDomainCategory(),
+ jarHash,
+ null /* root hash */,
+ -1 /* validated chain index*/,
+ null /* signing cert */)
+ },
oldUid);
- iSelectedAuthCredentials.put(uid, data);
-
- return new AuthenticationCredentials[] {selectedCredentials};
+ writeAuthenticationStorageData(storageSession, uid, data, (oldUid != null && oldUid.equals(uid)));
}
/**
@@ -582,24 +573,6 @@
}
/**
- * Writes to storage all the security data related to a certain MIDlet suite
- *
- * @param sessionID the JavaStorage session to be used when
- * writing the security data into storage
- * @param msUID the UID if the MIDlet suite whose security data is
- * being written
- */
- public void addSecurityData(StorageSession storageSession, Uid msUID, Uid oldMsUID)
- {
- Logger.log("Write authentication data to storage");
- AuthenticationStorageData authStorageData =
- (AuthenticationStorageData)iSelectedAuthCredentials.remove(
- msUID);
- writeAuthenticationStorageData(storageSession, msUID, authStorageData,
- (oldMsUID != null && oldMsUID.equals(msUID)));
- }
-
- /**
* Returns the details of the certificates used for authenticating a
* MIDlet suite. This method is used at installation time.
*
@@ -680,20 +653,31 @@
* @param aMediaId the identifier of the media where the MIDlet
* suite is installed
*/
- public void setMediaId(Uid aMsUid, int aMediaId)
+ public void setMediaId(StorageSession aStorageSession, Uid aMsUid, int aMediaId)
{
// store the jar hash only if the suite was installed on a non-protected media
if (isDriveProtected(aMediaId))
{
- AuthenticationStorageData authStorageData =
- (AuthenticationStorageData)iSelectedAuthCredentials.get(
- aMsUid);
- if (authStorageData != null)
+ SecurityStorage storage = new SecurityStorage(aStorageSession);
+ try
{
- Logger.log("Suite installed on protected media -> the runtime tamper detection is disabled");
- authStorageData.setJarHashValue(null);
- iSelectedAuthCredentials.put(aMsUid, authStorageData);
+ AuthenticationStorageData authStorageData =
+ (AuthenticationStorageData)iSelectedAuthCredentials.get(
+ aMsUid);
+ if (authStorageData != null)
+ {
+ Logger.log("Suite installed on protected media -> the runtime tamper detection is disabled");
+ authStorageData.setJarHashValue(null);
+ storage.writeAuthenticationStorageData(aMsUid,
+ authStorageData,
+ true /* this is an update */);
+ }
}
+ finally
+ {
+ iSelectedAuthCredentials.remove(aMsUid);
+ }
+
}
}
@@ -841,23 +825,7 @@
&& authStorageData.getJarHashValue().length() > 0)
{
Logger.log(" Doing tamper detection");
- String computedJarHash = null;
- try
- {
- computedJarHash = _computeHash(authStorageData.getJarPath());
- }catch(AuthenticationException e)
- {
- if (e.getErrorCode()
- == AuthenticationException.JAR_NOT_FOUND)
- {
- Logger.logWarning(" Jar not found while trying to compute hash");
- throw new RuntimeSecurityException(
- SecurityErrorMessage.JAR_NOT_FOUND,
- null, /* no params for short msg */
- SecurityDetailedErrorMessage.JAR_NOT_FOUND,
- null /* no params for detailed msg */);
- }
- }
+ String computedJarHash = _computeHash(authStorageData.getJarPath());
// do the tampering check: compute the hash and compare it with the stored hash
if (computedJarHash == null || !computedJarHash.equals(
authStorageData.getJarHashValue()))
@@ -1152,7 +1120,6 @@
private boolean isDriveProtected(int aMediaId)
{
DriveInfo[] allDrives = DriveUtilities.getAllDrives();
- boolean driveFound = false;
if (allDrives != null)
{
for (int i=0; i<allDrives.length; i++)
@@ -1167,11 +1134,11 @@
{
return false;
}
- driveFound = true;
+ return true;
}
}
}
- return driveFound;
+ return false;
}
private Credentials selectCredentials(String selectedJarHash, Vector allAuthCredentials, Vector validatedChainIndexes)