Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Watson2008-04-23 17:34:02 +0000
committerThomas Watson2008-04-23 17:34:02 +0000
commit76e41f80a8ecc14e610a3c04a680a8c6d0127d60 (patch)
tree940465ec274d36734bdcca4580f320d07dd25af4
parent92c7b70d9f53020f3f72f3b44825cfce80bbd9e8 (diff)
downloadrt.equinox.framework-76e41f80a8ecc14e610a3c04a680a8c6d0127d60.tar.gz
rt.equinox.framework-76e41f80a8ecc14e610a3c04a680a8c6d0127d60.tar.xz
rt.equinox.framework-76e41f80a8ecc14e610a3c04a680a8c6d0127d60.zip
Bug 228427 Are files signed in META-INF or not?
Diffstat
-rw-r--r--bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java102
-rw-r--r--bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata.jarbin0 -> 3559 bytes
-rw-r--r--bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_added.jarbin0 -> 3851 bytes
-rw-r--r--bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_corrupt.jarbin0 -> 3565 bytes
-rw-r--r--bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_removed.jarbin0 -> 3416 bytes
-rw-r--r--bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedBundleFile.java13
-rw-r--r--bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java3
7 files changed, 115 insertions, 3 deletions
diff --git a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java
index c907b84c8..f292fd9d1 100644
--- a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java
+++ b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java
@@ -695,4 +695,106 @@ public class SignedBundleTest extends BaseSecurityTest {
unsignedFile.delete();
assertFalse("File should not exist", unsignedFile.exists());
}
+
+ public void testBug228427_01() throws Exception {
+ File signedFile = copyEntryFile(getTestJarPath("signed_with_metadata"));
+
+ assertNotNull("Could not find signed file!", signedFile);
+ //getTrustEngine().addTrustAnchor(anchor, alias);
+
+ // get the signed content for the bundle
+ SignedContent signedContent = getSignedContentFactory().getSignedContent(signedFile);
+ assertNotNull("SignedContent is null", signedContent);
+ assertTrue("Content is not signed!!", signedContent.isSigned());
+ SignedContentEntry[] entries = signedContent.getSignedEntries();
+ assertNotNull("Entries is null", entries);
+ assertEquals("Incorrect number of signed entries", 4, entries.length);
+ for (int i = 0; i < entries.length; i++) {
+ entries[i].verify();
+ SignerInfo[] entryInfos = entries[i].getSignerInfos();
+ assertNotNull("SignerInfo is null", entryInfos);
+ assertEquals("wrong number of entry signers", 1, entryInfos.length);
+ }
+ signedFile.delete();
+ assertFalse("File should not exist", signedFile.exists());
+ }
+
+ public void testBug228427_02() throws Exception {
+ File signedFile = copyEntryFile(getTestJarPath("signed_with_metadata_added"));
+
+ assertNotNull("Could not find signed file!", signedFile);
+ //getTrustEngine().addTrustAnchor(anchor, alias);
+
+ // get the signed content for the bundle
+ SignedContent signedContent = getSignedContentFactory().getSignedContent(signedFile);
+ assertNotNull("SignedContent is null", signedContent);
+ assertTrue("Content is not signed!!", signedContent.isSigned());
+ SignedContentEntry[] entries = signedContent.getSignedEntries();
+ assertNotNull("Entries is null", entries);
+ assertEquals("Incorrect number of signed entries", 4, entries.length);
+ for (int i = 0; i < entries.length; i++) {
+ entries[i].verify();
+ SignerInfo[] entryInfos = entries[i].getSignerInfos();
+ assertNotNull("SignerInfo is null", entryInfos);
+ assertEquals("wrong number of entry signers", 1, entryInfos.length);
+ }
+ signedFile.delete();
+ assertFalse("File should not exist", signedFile.exists());
+ }
+
+ public void testBug228427_03() throws Exception {
+ File signedFile = copyEntryFile(getTestJarPath("signed_with_metadata_corrupt"));
+
+ assertNotNull("Could not find signed file!", signedFile);
+ //getTrustEngine().addTrustAnchor(anchor, alias);
+
+ // get the signed content for the bundle
+ SignedContent signedContent = getSignedContentFactory().getSignedContent(signedFile);
+ assertNotNull("SignedContent is null", signedContent);
+ assertTrue("Content is not signed!!", signedContent.isSigned());
+ SignedContentEntry[] entries = signedContent.getSignedEntries();
+ assertNotNull("Entries is null", entries);
+ assertEquals("Incorrect number of signed entries", 4, entries.length);
+ for (int i = 0; i < entries.length; i++) {
+ try {
+ entries[i].verify();
+ assertFalse("Wrong entry is validated: " + entries[i].getName(), "META-INF/test/test1.file".equals(entries[i].getName()));
+ } catch (InvalidContentException e) {
+ assertEquals("Wrong entry is corrupted", "META-INF/test/test1.file", entries[i].getName());
+ }
+ SignerInfo[] entryInfos = entries[i].getSignerInfos();
+ assertNotNull("SignerInfo is null", entryInfos);
+ assertEquals("wrong number of entry signers", 1, entryInfos.length);
+ }
+ signedFile.delete();
+ assertFalse("File should not exist", signedFile.exists());
+ }
+
+ public void testBug228427_04() throws Exception {
+ File signedFile = copyEntryFile(getTestJarPath("signed_with_metadata_removed"));
+
+ assertNotNull("Could not find signed file!", signedFile);
+ //getTrustEngine().addTrustAnchor(anchor, alias);
+
+ // get the signed content for the bundle
+ SignedContent signedContent = getSignedContentFactory().getSignedContent(signedFile);
+ assertNotNull("SignedContent is null", signedContent);
+ assertTrue("Content is not signed!!", signedContent.isSigned());
+ SignedContentEntry[] entries = signedContent.getSignedEntries();
+ assertNotNull("Entries is null", entries);
+ assertEquals("Incorrect number of signed entries", 4, entries.length);
+ for (int i = 0; i < entries.length; i++) {
+ try {
+ entries[i].verify();
+ assertFalse("Wrong entry is validated: " + entries[i].getName(), "META-INF/test.file".equals(entries[i].getName()));
+ } catch (InvalidContentException e) {
+ assertEquals("Wrong entry is corrupted", "META-INF/test.file", entries[i].getName());
+ }
+ SignerInfo[] entryInfos = entries[i].getSignerInfos();
+ assertNotNull("SignerInfo is null", entryInfos);
+ assertEquals("wrong number of entry signers", 1, entryInfos.length);
+ }
+ signedFile.delete();
+ assertFalse("File should not exist", signedFile.exists());
+ }
}
diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata.jar
new file mode 100644
index 000000000..9d693cae2
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata.jar
Binary files differ
diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_added.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_added.jar
new file mode 100644
index 000000000..e97d7c027
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_added.jar
Binary files differ
diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_corrupt.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_corrupt.jar
new file mode 100644
index 000000000..fc717d2b1
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_corrupt.jar
Binary files differ
diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_removed.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_removed.jar
new file mode 100644
index 000000000..3f6493bf3
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_metadata_removed.jar
Binary files differ
diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedBundleFile.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedBundleFile.java
index 9067d06a4..bd19bbe35 100644
--- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedBundleFile.java
+++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedBundleFile.java
@@ -101,8 +101,17 @@ public class SignedBundleFile extends BundleFile implements SignedContentConstan
BundleEntry be = wrappedBundleFile.getEntry(path);
if ((supportFlags & SignedBundleHook.VERIFY_RUNTIME) == 0 || signedContent == null)
return be;
- if (path.startsWith(META_INF))
- return be;
+ if (path.startsWith(META_INF)) {
+ int lastSlash = path.lastIndexOf('/');
+ if (lastSlash == META_INF.length() - 1) {
+ if (path.equals(META_INF_MANIFEST_MF) || path.endsWith(DOT_DSA) || path.endsWith(DOT_RSA) || path.endsWith(DOT_SF) || path.indexOf(SIG_DASH) == META_INF.length())
+ return be;
+ SignedContentEntry signedEntry = signedContent.getSignedEntry(path);
+ if (signedEntry == null)
+ // TODO this is to allow 1.4 signed bundles to work, it would be better if we could detect 1.4 signed bundles and only do this for them.
+ return be;
+ }
+ }
if (be == null) {
// double check that no signer thinks it should exist
SignedContentEntry signedEntry = signedContent.getSignedEntry(path);
diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java
index fef1c4e5a..d0c052653 100644
--- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java
+++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java
@@ -1,5 +1,5 @@
/*******************************************************************************
- * Copyright (c) 2006, 2007 IBM Corporation and others. All rights reserved.
+ * Copyright (c) 2006, 2008 IBM Corporation and others. All rights reserved.
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v1.0 which accompanies this distribution,
* and is available at http://www.eclipse.org/legal/epl-v10.html
@@ -18,6 +18,7 @@ public interface SignedContentConstants {
public static final String DOT_DSA = ".DSA"; //$NON-NLS-1$
public static final String DOT_RSA = ".RSA"; //$NON-NLS-1$
public static final String DOT_SF = ".SF"; //$NON-NLS-1$
+ public static final String SIG_DASH = "SIG-"; //$NON-NLS-1$
public static final String META_INF = "META-INF/"; //$NON-NLS-1$
public static final String META_INF_MANIFEST_MF = "META-INF/MANIFEST.MF"; //$NON-NLS-1$
public static final String[] EMPTY_STRING = new String[0];

Back to the top