Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Watson2012-05-08 17:19:21 -0400
committerThomas Watson2012-05-08 17:19:21 -0400
commit7bc8060090621ea117971fd917321d4abbae4f5c (patch)
treeda7848d1df3e933144057005c0daadc5f5ad2827
parentbef1cc9df1203fe05e5781dbe7b015f317a70cf5 (diff)
downloadrt.equinox.framework-7bc8060090621ea117971fd917321d4abbae4f5c.tar.gz
rt.equinox.framework-7bc8060090621ea117971fd917321d4abbae4f5c.tar.xz
rt.equinox.framework-7bc8060090621ea117971fd917321d4abbae4f5c.zip
Bug 378155 - Install of plugin fails when signed by Java 1.7 jarsignerv20120508-2119
-rw-r--r--bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java52
-rwxr-xr-xbundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA1withRSA.jarbin0 -> 4300 bytes
-rwxr-xr-xbundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA256withRSA.jarbin0 -> 4308 bytes
-rwxr-xr-xbundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA384withRSA.jarbin0 -> 4312 bytes
-rwxr-xr-xbundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA512withRSA.jarbin0 -> 4309 bytes
-rwxr-xr-xbundles/org.eclipse.osgi.tests/test_files/security/bundles/test.bug378155.jarbin0 -> 2917 bytes
-rw-r--r--bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java20
-rw-r--r--bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java8
-rw-r--r--bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java15
9 files changed, 89 insertions, 6 deletions
diff --git a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java
index 95c64a2f5..2b84502a2 100644
--- a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java
+++ b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java
@@ -1,5 +1,5 @@
/*******************************************************************************
- * Copyright (c) 2007, 2011 IBM Corporation and others.
+ * Copyright (c) 2007, 2012 IBM Corporation and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
@@ -859,4 +859,54 @@ public class SignedBundleTest extends BaseSecurityTest {
}
}
}
+
+ public void testBug378155() {
+ doTestBug378155("SHA1withRSA");
+ doTestBug378155("SHA256withRSA");
+ doTestBug378155("SHA384withRSA");
+ doTestBug378155("SHA512withRSA");
+ }
+
+ private void doTestBug378155(String bundleName) {
+
+ Bundle testBundle = null;
+ try {
+ testBundle = installBundle(getTestJarPath(bundleName));
+ assertNotNull("Test bundle not installed!", testBundle);
+ // get the signed content for the bundle
+ SignedContent signedContent = getSignedContentFactory().getSignedContent(testBundle);
+ assertNotNull("SignedContent is null", signedContent);
+ // check if it is signed
+ assertTrue("Should be signed", signedContent.isSigned());
+ // get the signer infos
+ SignerInfo[] infos = signedContent.getSignerInfos();
+ assertNotNull("SignerInfo is null", infos);
+ assertEquals("wrong number of signers", 1, infos.length);
+ // check the signer validity
+ signedContent.checkValidity(infos[0]);
+ // check the signer trust (it is NOT trusted)
+ assertFalse("Signer is trusted", infos[0].isTrusted());
+ // check the trust anchor
+ assertNull("Trust anchor is not null", infos[0].getTrustAnchor());
+ // verify and validate the entries
+ SignedContentEntry[] entries = signedContent.getSignedEntries();
+ assertNotNull("Entries is null", entries);
+ for (int i = 0; i < entries.length; i++) {
+ entries[i].verify();
+ SignerInfo[] entryInfos = entries[i].getSignerInfos();
+ assertNotNull("SignerInfo is null", entryInfos);
+ assertEquals("wrong number of entry signers", 1, entryInfos.length);
+ assertEquals("Entry signer does not equal content signer", infos[0], entryInfos[0]);
+ }
+ } catch (Exception e) {
+ fail("Unexpected exception", e);
+ } finally {
+ try {
+ if (testBundle != null)
+ testBundle.uninstall();
+ } catch (BundleException e) {
+ fail("Failed to uninstall bundle", e);
+ }
+ }
+ }
}
diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA1withRSA.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA1withRSA.jar
new file mode 100755
index 000000000..b82c29ca3
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA1withRSA.jar
Binary files differ
diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA256withRSA.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA256withRSA.jar
new file mode 100755
index 000000000..e26678903
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA256withRSA.jar
Binary files differ
diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA384withRSA.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA384withRSA.jar
new file mode 100755
index 000000000..d8bf7e4c4
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA384withRSA.jar
Binary files differ
diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA512withRSA.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA512withRSA.jar
new file mode 100755
index 000000000..c9eac0d57
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA512withRSA.jar
Binary files differ
diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/test.bug378155.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/test.bug378155.jar
new file mode 100755
index 000000000..b716290dd
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/test.bug378155.jar
Binary files differ
diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java
index 95a77db42..a1267a8e1 100644
--- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java
+++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java
@@ -1,5 +1,5 @@
/*******************************************************************************
- * Copyright (c) 2006, 2011 IBM Corporation and others. All rights reserved.
+ * Copyright (c) 2006, 2012 IBM Corporation and others. All rights reserved.
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v1.0 which accompanies this distribution,
* and is available at http://www.eclipse.org/legal/epl-v10.html
@@ -78,6 +78,24 @@ public class PKCS7Processor implements SignedContentConstants {
if (Arrays.equals(SHA1_OID, digestOid)) {
return SHA1_STR;
}
+ if (Arrays.equals(SHA224_OID, digestOid)) {
+ return SHA224_STR;
+ }
+ if (Arrays.equals(SHA256_OID, digestOid)) {
+ return SHA256_STR;
+ }
+ if (Arrays.equals(SHA384_OID, digestOid)) {
+ return SHA384_STR;
+ }
+ if (Arrays.equals(SHA512_OID, digestOid)) {
+ return SHA512_STR;
+ }
+ if (Arrays.equals(SHA512_224_OID, digestOid)) {
+ return SHA512_224_STR;
+ }
+ if (Arrays.equals(SHA512_256_OID, digestOid)) {
+ return SHA512_256_STR;
+ }
if (Arrays.equals(MD5_OID, digestOid)) {
return MD5_STR;
}
diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java
index c9863804c..8f9684147 100644
--- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java
+++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java
@@ -1,5 +1,5 @@
/*******************************************************************************
- * Copyright (c) 2007, 2011 IBM Corporation and others. All rights reserved.
+ * Copyright (c) 2007, 2012 IBM Corporation and others. All rights reserved.
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v1.0 which accompanies this distribution,
* and is available at http://www.eclipse.org/legal/epl-v10.html
@@ -143,6 +143,8 @@ public class SignatureBlockProcessor implements SignedContentConstants {
manifestDigest = calculateDigest(getMessageDigest(MD5_STR), manifestBytes);
else if (digestName.equalsIgnoreCase(SHA1_STR))
manifestDigest = calculateDigest(getMessageDigest(SHA1_STR), manifestBytes);
+ else
+ manifestDigest = calculateDigest(getMessageDigest(digestName), manifestBytes);
off += digestManifestSearchLen;
// find out the index of first '\n' after the -Digest-Manifest:
@@ -270,9 +272,7 @@ public class SignatureBlockProcessor implements SignedContentConstants {
// remember the "algorithm type" object
return SHA1_STR;
} else {
- // unknown algorithm type, we will stop processing this entry
- // break;
- throw new NoSuchAlgorithmException(NLS.bind(SignedContentMessages.Algorithm_Not_Supported, sDigestAlgType));
+ return sDigestAlgType;
}
}
return null;
diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java
index d0c052653..115621a91 100644
--- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java
+++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java
@@ -12,6 +12,12 @@ package org.eclipse.osgi.internal.signedcontent;
public interface SignedContentConstants {
public static final String SHA1_STR = "SHA1"; //$NON-NLS-1$
+ public static final String SHA256_STR = "SHA256"; //$NON-NLS-1$
+ public static final String SHA384_STR = "SHA384"; //$NON-NLS-1$
+ public static final String SHA512_STR = "SHA512"; //$NON-NLS-1$
+ public static final String SHA224_STR = "SHA224"; //$NON-NLS-1$
+ public static final String SHA512_224_STR = "SHA512-224"; //$NON-NLS-1$
+ public static final String SHA512_256_STR = "SHA512-256"; //$NON-NLS-1$
public static final String MD5_STR = "MD5"; //$NON-NLS-1$
public static final String MD2_STR = "MD2"; //$NON-NLS-1$
@@ -36,7 +42,16 @@ public interface SignedContentConstants {
public static final int SIGNEDDATA_OID[] = {1, 2, 840, 113549, 1, 7, 2};
public static final int MD5_OID[] = {1, 2, 840, 113549, 2, 5};
public static final int MD2_OID[] = {1, 2, 840, 113549, 2, 2};
+
public static final int SHA1_OID[] = {1, 3, 14, 3, 2, 26};
+
+ public static final int SHA256_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 1};
+ public static final int SHA384_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 2};
+ public static final int SHA512_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 3};
+ public static final int SHA224_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 4};
+ public static final int SHA512_224_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 5};
+ public static final int SHA512_256_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 6};
+
public static final int DSA_OID[] = {1, 2, 840, 10040, 4, 1};
public static final int RSA_OID[] = {1, 2, 840, 113549, 1, 1, 1};

Back to the top