summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHolger Oehm2011-09-07 10:51:17 (EDT)
committer Tobias Oberlies2011-09-08 03:57:30 (EDT)
commit114c88c9dc5fa2ef2e97d58f4b30eabaec35fafb (patch)
treed861138d1e570dfb652609a8c64fba8bb3385cfe
parentcca13ad4e969670bcb3025d11ac5ec6b31c1ebf3 (diff)
downloadrt.equinox.p2-114c88c9dc5fa2ef2e97d58f4b30eabaec35fafb.zip
rt.equinox.p2-114c88c9dc5fa2ef2e97d58f4b30eabaec35fafb.tar.gz
rt.equinox.p2-114c88c9dc5fa2ef2e97d58f4b30eabaec35fafb.tar.bz2
DirectorApplication: trust every certificatev20110908-0757
changed default behavior to accept not only unsigned jar files but also signed jar files that have no known root certificate Bug: 340345
-rw-r--r--bundles/org.eclipse.equinox.p2.director.app/src/org/eclipse/equinox/internal/p2/director/app/DirectorApplication.java15
-rw-r--r--bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/director/DirectorApplicationTest.java70
2 files changed, 81 insertions, 4 deletions
diff --git a/bundles/org.eclipse.equinox.p2.director.app/src/org/eclipse/equinox/internal/p2/director/app/DirectorApplication.java b/bundles/org.eclipse.equinox.p2.director.app/src/org/eclipse/equinox/internal/p2/director/app/DirectorApplication.java
index 03a7569..4bdaa08 100644
--- a/bundles/org.eclipse.equinox.p2.director.app/src/org/eclipse/equinox/internal/p2/director/app/DirectorApplication.java
+++ b/bundles/org.eclipse.equinox.p2.director.app/src/org/eclipse/equinox/internal/p2/director/app/DirectorApplication.java
@@ -47,7 +47,7 @@ import org.osgi.framework.*;
import org.osgi.service.packageadmin.PackageAdmin;
public class DirectorApplication implements IApplication, ProvisioningListener {
- class AvoidTrustPromptService extends UIServices {
+ public static class AvoidTrustPromptService extends UIServices {
@Override
public AuthenticationInfo getUsernamePassword(String location) {
return null;
@@ -59,8 +59,17 @@ public class DirectorApplication implements IApplication, ProvisioningListener {
}
@Override
- public TrustInfo getTrustInfo(Certificate[][] untrustedChain, String[] unsignedDetail) {
- return new TrustInfo(null, false, true);
+ public TrustInfo getTrustInfo(Certificate[][] untrustedChains, String[] unsignedDetail) {
+ final Certificate[] trusted;
+ if (untrustedChains == null) {
+ trusted = null;
+ } else {
+ trusted = new Certificate[untrustedChains.length];
+ for (int i = 0; i < untrustedChains.length; i++) {
+ trusted[i] = untrustedChains[i][0];
+ }
+ }
+ return new TrustInfo(trusted, false, true);
}
}
diff --git a/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/director/DirectorApplicationTest.java b/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/director/DirectorApplicationTest.java
index 415a2ed..62f7ea2 100644
--- a/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/director/DirectorApplicationTest.java
+++ b/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/director/DirectorApplicationTest.java
@@ -15,10 +15,14 @@ import java.io.File;
import java.io.PrintStream;
import java.net.MalformedURLException;
import java.net.URI;
+import java.security.*;
+import java.security.cert.*;
+import java.security.cert.Certificate;
import org.eclipse.core.runtime.NullProgressMonitor;
import org.eclipse.equinox.internal.p2.director.app.DirectorApplication;
import org.eclipse.equinox.internal.simpleconfigurator.utils.URIUtil;
-import org.eclipse.equinox.p2.core.ProvisionException;
+import org.eclipse.equinox.p2.core.*;
+import org.eclipse.equinox.p2.core.UIServices.TrustInfo;
import org.eclipse.equinox.p2.repository.IRepositoryManager;
import org.eclipse.equinox.p2.repository.artifact.IArtifactRepositoryManager;
import org.eclipse.equinox.p2.repository.metadata.IMetadataRepositoryManager;
@@ -716,4 +720,68 @@ public class DirectorApplicationTest extends AbstractProvisioningTest {
metadataManager.removeRepository(srcRepo.toURI());
delete(destinationRepo);
}
+
+ @SuppressWarnings("unused")
+ private final class DummyCertificate extends Certificate {
+ DummyCertificate(String type) {
+ super(type);
+ }
+
+ @Override
+ public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
+ //
+ }
+
+ @Override
+ public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException {
+ //
+ }
+
+ @Override
+ public String toString() {
+ return null;
+ }
+
+ @Override
+ public PublicKey getPublicKey() {
+ return null;
+ }
+
+ @Override
+ public byte[] getEncoded() throws CertificateEncodingException {
+ return null;
+ }
+ }
+
+ public void testAvoidTrustPromptServiceNoUntrustedCertificates() {
+ final TrustInfo trustInfo = getTrustInfoFor(null);
+ assertNotNull(trustInfo);
+ assertNull(trustInfo.getTrustedCertificates());
+ }
+
+ public void testAvoidTrustPromptServiceTrustsOneCertificate() {
+ final Certificate certificate = new DummyCertificate(""); //$NON-NLS-1$
+ final TrustInfo trustInfo = getTrustInfoFor(new Certificate[][] {{certificate}});
+ assertNotNull(trustInfo);
+ final Certificate[] trustedCertificates = trustInfo.getTrustedCertificates();
+ assertEquals(1, trustedCertificates.length);
+ assertSame(certificate, trustedCertificates[0]);
+ }
+
+ public void testAvoidTrustPromptServiceTrustsManyCertificates() {
+ final Certificate certificate1 = new DummyCertificate(""); //$NON-NLS-1$
+ final Certificate certificate2 = new DummyCertificate(""); //$NON-NLS-1$
+ final TrustInfo trustInfo = getTrustInfoFor(new Certificate[][] { {certificate1}, {certificate2}});
+ assertNotNull(trustInfo);
+ final Certificate[] trustedCertificates = trustInfo.getTrustedCertificates();
+ assertEquals(2, trustedCertificates.length);
+ assertSame(certificate1, trustedCertificates[0]);
+ assertSame(certificate2, trustedCertificates[1]);
+ }
+
+ private TrustInfo getTrustInfoFor(final Certificate[][] untrustedChain) {
+ UIServices avoidTrustPromptService = new DirectorApplication.AvoidTrustPromptService();
+ return avoidTrustPromptService.getTrustInfo(untrustedChain, null);
+ }
+
}