diff options
author | Thomas Watson | 2008-04-23 17:34:02 +0000 |
---|---|---|
committer | Thomas Watson | 2008-04-23 17:34:02 +0000 |
commit | 76e41f80a8ecc14e610a3c04a680a8c6d0127d60 (patch) | |
tree | 940465ec274d36734bdcca4580f320d07dd25af4 | |
parent | 92c7b70d9f53020f3f72f3b44825cfce80bbd9e8 (diff) | |
download | rt.equinox.framework-76e41f80a8ecc14e610a3c04a680a8c6d0127d60.tar.gz rt.equinox.framework-76e41f80a8ecc14e610a3c04a680a8c6d0127d60.tar.xz rt.equinox.framework-76e41f80a8ecc14e610a3c04a680a8c6d0127d60.zip |
Bug 228427 Are files signed in META-INF or not?
7 files changed, 115 insertions, 3 deletions
diff --git a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java index c907b84c8..f292fd9d1 100644 --- a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java +++ b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java @@ -695,4 +695,106 @@ public class SignedBundleTest extends BaseSecurityTest { unsignedFile.delete(); assertFalse("File should not exist", unsignedFile.exists()); } + + public void testBug228427_01() throws Exception { + File signedFile = copyEntryFile(getTestJarPath("signed_with_metadata")); + + assertNotNull("Could not find signed file!", signedFile); + //getTrustEngine().addTrustAnchor(anchor, alias); + + // get the signed content for the bundle + SignedContent signedContent = getSignedContentFactory().getSignedContent(signedFile); + assertNotNull("SignedContent is null", signedContent); + assertTrue("Content is not signed!!", signedContent.isSigned()); + SignedContentEntry[] entries = signedContent.getSignedEntries(); + assertNotNull("Entries is null", entries); + assertEquals("Incorrect number of signed entries", 4, entries.length); + for (int i = 0; i < entries.length; i++) { + entries[i].verify(); + SignerInfo[] entryInfos = entries[i].getSignerInfos(); + assertNotNull("SignerInfo is null", entryInfos); + assertEquals("wrong number of entry signers", 1, entryInfos.length); + } + signedFile.delete(); + assertFalse("File should not exist", signedFile.exists()); + } + + public void testBug228427_02() throws Exception { + File signedFile = copyEntryFile(getTestJarPath("signed_with_metadata_added")); + + assertNotNull("Could not find signed file!", signedFile); + //getTrustEngine().addTrustAnchor(anchor, alias); + + // get the signed content for the bundle + SignedContent signedContent = getSignedContentFactory().getSignedContent(signedFile); + assertNotNull("SignedContent is null", signedContent); + assertTrue("Content is not signed!!", signedContent.isSigned()); + SignedContentEntry[] entries = signedContent.getSignedEntries(); + assertNotNull("Entries is null", entries); + assertEquals("Incorrect number of signed entries", 4, entries.length); + for (int i = 0; i < entries.length; i++) { + entries[i].verify(); + SignerInfo[] entryInfos = entries[i].getSignerInfos(); + assertNotNull("SignerInfo is null", entryInfos); + assertEquals("wrong number of entry signers", 1, entryInfos.length); + } + signedFile.delete(); + assertFalse("File should not exist", signedFile.exists()); + } + + public void testBug228427_03() throws Exception { + File signedFile = copyEntryFile(getTestJarPath("signed_with_metadata_corrupt")); + + assertNotNull("Could not find signed file!", signedFile); + //getTrustEngine().addTrustAnchor(anchor, alias); + + // get the signed content for the bundle + SignedContent signedContent = getSignedContentFactory().getSignedContent(signedFile); + assertNotNull("SignedContent is null", signedContent); + assertTrue("Content is not signed!!", signedContent.isSigned()); + SignedContentEntry[] entries = signedContent.getSignedEntries(); + assertNotNull("Entries is null", entries); + assertEquals("Incorrect number of signed entries", 4, entries.length); + for (int i = 0; i < entries.length; i++) { + try { + entries[i].verify(); + assertFalse("Wrong entry is validated: " + entries[i].getName(), "META-INF/test/test1.file".equals(entries[i].getName())); + } catch (InvalidContentException e) { + assertEquals("Wrong entry is corrupted", "META-INF/test/test1.file", entries[i].getName()); + } + SignerInfo[] entryInfos = entries[i].getSignerInfos(); + assertNotNull("SignerInfo is null", entryInfos); + assertEquals("wrong number of entry signers", 1, entryInfos.length); + } + signedFile.delete(); + assertFalse("File should not exist", signedFile.exists()); + } + + public void testBug228427_04() throws Exception { + File signedFile = copyEntryFile(getTestJarPath("signed_with_metadata_removed")); + + assertNotNull("Could not find signed file!", signedFile); + //getTrustEngine().addTrustAnchor(anchor, alias); + + // get the signed content for the bundle + SignedContent signedContent = getSignedContentFactory().getSignedContent(signedFile); + assertNotNull("SignedContent is null", signedContent); + assertTrue("Content is not signed!!", signedContent.isSigned()); + SignedContentEntry[] entries = signedContent.getSignedEntries(); + assertNotNull("Entries is null", entries); + assertEquals("Incorrect number of signed entries", 4, entries.length); + for (int i = 0; i < entries.length; i++) { + try { + entries[i].verify(); + assertFalse("Wrong entry is validated: " + entries[i].getName(), "META-INF/test.file".equals(entries[i].getName())); + } catch (InvalidContentException e) { + assertEquals("Wrong entry is corrupted", "META-INF/test.file", entries[i].getName()); + } + SignerInfo[] entryInfos = entries[i].getSignerInfos(); + assertNotNull("SignerInfo is null", entryInfos); + assertEquals("wrong number of entry signers", 1, entryInfos.length); + } + signedFile.delete(); + assertFalse("File should not exist", signedFile.exists()); + } } diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata.jar Binary files differnew file mode 100644 index 000000000..9d693cae2 --- /dev/null +++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata.jar diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_added.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_added.jar Binary files differnew file mode 100644 index 000000000..e97d7c027 --- /dev/null +++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_added.jar diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_corrupt.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_corrupt.jar Binary files differnew file mode 100644 index 000000000..fc717d2b1 --- /dev/null +++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_corrupt.jar diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_removed.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_removed.jar Binary files differnew file mode 100644 index 000000000..3f6493bf3 --- /dev/null +++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_removed.jar diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedBundleFile.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedBundleFile.java index 9067d06a4..bd19bbe35 100644 --- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedBundleFile.java +++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedBundleFile.java @@ -101,8 +101,17 @@ public class SignedBundleFile extends BundleFile implements SignedContentConstan BundleEntry be = wrappedBundleFile.getEntry(path); if ((supportFlags & SignedBundleHook.VERIFY_RUNTIME) == 0 || signedContent == null) return be; - if (path.startsWith(META_INF)) - return be; + if (path.startsWith(META_INF)) { + int lastSlash = path.lastIndexOf('/'); + if (lastSlash == META_INF.length() - 1) { + if (path.equals(META_INF_MANIFEST_MF) || path.endsWith(DOT_DSA) || path.endsWith(DOT_RSA) || path.endsWith(DOT_SF) || path.indexOf(SIG_DASH) == META_INF.length()) + return be; + SignedContentEntry signedEntry = signedContent.getSignedEntry(path); + if (signedEntry == null) + // TODO this is to allow 1.4 signed bundles to work, it would be better if we could detect 1.4 signed bundles and only do this for them. + return be; + } + } if (be == null) { // double check that no signer thinks it should exist SignedContentEntry signedEntry = signedContent.getSignedEntry(path); diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java index fef1c4e5a..d0c052653 100644 --- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java +++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2006, 2007 IBM Corporation and others. All rights reserved. + * Copyright (c) 2006, 2008 IBM Corporation and others. All rights reserved. * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v1.0 which accompanies this distribution, * and is available at http://www.eclipse.org/legal/epl-v10.html @@ -18,6 +18,7 @@ public interface SignedContentConstants { public static final String DOT_DSA = ".DSA"; //$NON-NLS-1$ public static final String DOT_RSA = ".RSA"; //$NON-NLS-1$ public static final String DOT_SF = ".SF"; //$NON-NLS-1$ + public static final String SIG_DASH = "SIG-"; //$NON-NLS-1$ public static final String META_INF = "META-INF/"; //$NON-NLS-1$ public static final String META_INF_MANIFEST_MF = "META-INF/MANIFEST.MF"; //$NON-NLS-1$ public static final String[] EMPTY_STRING = new String[0]; |