Skip to content

Commit

Permalink
Skip JAR checking for overlays
Browse files Browse the repository at this point in the history 
It depends on overlay-info.txt resource being present.
  • Loading branch information
@mederly
mederly committed Jan 23, 2024
1 parent 4362396 commit a40a6fa
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 7 deletions.
23 changes: 19 additions & 4 deletions gui/admin-gui/src/main/java/com/evolveum/midpoint/web/boot/MidPointJarSignatureChecker.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,11 @@
import java.util.jar.JarEntry;
import java.util.jar.JarFile;

/** Checks the signature of `midpoint.jar` file. Currently, it uses enclosed certificate file to check the authenticity. */
/**
* Checks the signature of `midpoint.jar` file (if applicable).
*
* Currently, it uses enclosed certificate file to check the authenticity.
*/
public class MidPointJarSignatureChecker {

private static final Trace LOGGER = TraceManager.getTrace(MidPointJarSignatureChecker.class);
Expand All @@ -38,6 +42,10 @@ public static void setupJarSignature() {
}

private static @NotNull Validity checkJarSignature() {
if (isOverlayDetected()) {
return Validity.OVERLAY_DETECTED;
}

try {
var home = new ApplicationHome(MidPointSpringApplication.class);
var source = home.getSource();
Expand All @@ -54,6 +62,15 @@ public static void setupJarSignature() {
}
}

private static boolean isOverlayDetected() {
if (MidPointJarSignatureChecker.class.getClassLoader().getResource("overlay-info.txt") != null) {
LOGGER.info("The overlay-info.txt file was found, skipping JAR signature check");
return true;
} else {
return false;
}
}

private static Validity verify(JarFile jar) throws IOException, CertificateException {

X509Certificate ourCertificate;
Expand All @@ -66,7 +83,6 @@ private static Validity verify(JarFile jar) throws IOException, CertificateExcep
ourCertificate = (X509Certificate) certFactory.generateCertificate(cert);
}

int checkedFiles = 0;
byte[] scratchBuffer = new byte[8192];
Enumeration<JarEntry> entries = jar.entries();
while (entries.hasMoreElements()) {
Expand Down Expand Up @@ -106,10 +122,9 @@ private static Validity verify(JarFile jar) throws IOException, CertificateExcep
LOGGER.info("File without matching certificate in JAR: {}", entry);
return Validity.INVALID;
}
checkedFiles++;
}
}
LOGGER.info("JAR signature verification succeeded for all {} relevant entries in {}", checkedFiles, jar.getName());
LOGGER.info("JAR signature verification succeeded for {}", jar.getName());
return Validity.VALID;
}
}
3 changes: 3 additions & 0 deletions ...admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/configuration/PageAbout.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,9 @@ <h3 class="card-title"><wicket:message key="PageAbout.title.basic"/></h3>
<i class="fa fa-exclamation-circle color-yellow"></i>
<wicket:message key="PageAbout.unofficialBuild"/>
</span>
<span wicket:id="overlay">
<wicket:message key="PageAbout.overlay"/>
</span>
</td>
</tr>
</table>
Expand Down
9 changes: 7 additions & 2 deletions ...admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/configuration/PageAbout.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@ public class PageAbout extends PageAdminConfiguration {
private static final String ID_VALUE = "value";
private static final String ID_OFFICIAL_BUILD = "officialBuild";
private static final String ID_UNOFFICIAL_BUILD = "unofficialBuild";
private static final String ID_OVERLAY = "overlay";
private static final String ID_LIST_SYSTEM_ITEMS = "listSystemItems";
private static final String ID_TEST_REPOSITORY = "testRepository";
private static final String ID_TEST_REPOSITORY_CHECK_ORG_CLOSURE = "testRepositoryCheckOrgClosure";
Expand Down Expand Up @@ -210,12 +211,16 @@ private void initLayout() {
add(build);

boolean jarSignatureValid = JarSignatureHolder.isJarSignatureValid();
boolean overlay = JarSignatureHolder.isOverlayDetected();
add(new WebMarkupContainer(ID_OFFICIAL_BUILD)
.setRenderBodyOnly(true)
.setVisible(jarSignatureValid));
.setVisible(!overlay && jarSignatureValid));
add(new WebMarkupContainer(ID_UNOFFICIAL_BUILD)
.setRenderBodyOnly(true)
.setVisible(!jarSignatureValid));
.setVisible(!overlay && !jarSignatureValid));
add(new WebMarkupContainer(ID_OVERLAY)
.setRenderBodyOnly(true)
.setVisible(overlay));

ListView<LabeledString> listSystemItems = new ListView<>(ID_LIST_SYSTEM_ITEMS, getItems()) {
private static final long serialVersionUID = 1L;
Expand Down
9 changes: 8 additions & 1 deletion ...mmon/src/main/java/com/evolveum/midpoint/repo/common/subscription/JarSignatureHolder.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,10 @@ public static boolean isJarSignatureValid() {
return jarSignatureValidity == Validity.VALID;
}

public static boolean isOverlayDetected() {
return jarSignatureValidity == Validity.OVERLAY_DETECTED;
}

public enum Validity {

/** The signature is present and valid. */
Expand All @@ -36,6 +40,9 @@ public enum Validity {
ERROR,

/** The signature checking is not applicable, e.g. because we are not running from a JAR file. */
NOT_APPLICABLE
NOT_APPLICABLE,

/** The overlay was detected, so the signature is not checked at all. */
OVERLAY_DETECTED
}
}

0 comments on commit a40a6fa

Please sign in to comment.