From 114c88c9dc5fa2ef2e97d58f4b30eabaec35fafb Mon Sep 17 00:00:00 2001 From: Holger Oehm Date: Wed, 7 Sep 2011 16:51:17 +0200 Subject: DirectorApplication: trust every certificate changed default behavior to accept not only unsigned jar files but also signed jar files that have no known root certificate Bug: 340345 --- .../p2/director/app/DirectorApplication.java | 15 ++++- .../p2/tests/director/DirectorApplicationTest.java | 70 +++++++++++++++++++++- 2 files changed, 81 insertions(+), 4 deletions(-) diff --git a/bundles/org.eclipse.equinox.p2.director.app/src/org/eclipse/equinox/internal/p2/director/app/DirectorApplication.java b/bundles/org.eclipse.equinox.p2.director.app/src/org/eclipse/equinox/internal/p2/director/app/DirectorApplication.java index 03a7569ad..4bdaa08fc 100644 --- a/bundles/org.eclipse.equinox.p2.director.app/src/org/eclipse/equinox/internal/p2/director/app/DirectorApplication.java +++ b/bundles/org.eclipse.equinox.p2.director.app/src/org/eclipse/equinox/internal/p2/director/app/DirectorApplication.java @@ -47,7 +47,7 @@ import org.osgi.framework.*; import org.osgi.service.packageadmin.PackageAdmin; public class DirectorApplication implements IApplication, ProvisioningListener { - class AvoidTrustPromptService extends UIServices { + public static class AvoidTrustPromptService extends UIServices { @Override public AuthenticationInfo getUsernamePassword(String location) { return null; @@ -59,8 +59,17 @@ public class DirectorApplication implements IApplication, ProvisioningListener { } @Override - public TrustInfo getTrustInfo(Certificate[][] untrustedChain, String[] unsignedDetail) { - return new TrustInfo(null, false, true); + public TrustInfo getTrustInfo(Certificate[][] untrustedChains, String[] unsignedDetail) { + final Certificate[] trusted; + if (untrustedChains == null) { + trusted = null; + } else { + trusted = new Certificate[untrustedChains.length]; + for (int i = 0; i < untrustedChains.length; i++) { + trusted[i] = untrustedChains[i][0]; + } + } + return new TrustInfo(trusted, false, true); } } diff --git a/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/director/DirectorApplicationTest.java b/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/director/DirectorApplicationTest.java index 415a2ed13..62f7ea21e 100644 --- a/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/director/DirectorApplicationTest.java +++ b/bundles/org.eclipse.equinox.p2.tests/src/org/eclipse/equinox/p2/tests/director/DirectorApplicationTest.java @@ -15,10 +15,14 @@ import java.io.File; import java.io.PrintStream; import java.net.MalformedURLException; import java.net.URI; +import java.security.*; +import java.security.cert.*; +import java.security.cert.Certificate; import org.eclipse.core.runtime.NullProgressMonitor; import org.eclipse.equinox.internal.p2.director.app.DirectorApplication; import org.eclipse.equinox.internal.simpleconfigurator.utils.URIUtil; -import org.eclipse.equinox.p2.core.ProvisionException; +import org.eclipse.equinox.p2.core.*; +import org.eclipse.equinox.p2.core.UIServices.TrustInfo; import org.eclipse.equinox.p2.repository.IRepositoryManager; import org.eclipse.equinox.p2.repository.artifact.IArtifactRepositoryManager; import org.eclipse.equinox.p2.repository.metadata.IMetadataRepositoryManager; @@ -716,4 +720,68 @@ public class DirectorApplicationTest extends AbstractProvisioningTest { metadataManager.removeRepository(srcRepo.toURI()); delete(destinationRepo); } + + @SuppressWarnings("unused") + private final class DummyCertificate extends Certificate { + DummyCertificate(String type) { + super(type); + } + + @Override + public void verify(PublicKey key, String sigProvider) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException { + // + } + + @Override + public void verify(PublicKey key) throws CertificateException, NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, SignatureException { + // + } + + @Override + public String toString() { + return null; + } + + @Override + public PublicKey getPublicKey() { + return null; + } + + @Override + public byte[] getEncoded() throws CertificateEncodingException { + return null; + } + } + + public void testAvoidTrustPromptServiceNoUntrustedCertificates() { + final TrustInfo trustInfo = getTrustInfoFor(null); + assertNotNull(trustInfo); + assertNull(trustInfo.getTrustedCertificates()); + } + + public void testAvoidTrustPromptServiceTrustsOneCertificate() { + final Certificate certificate = new DummyCertificate(""); //$NON-NLS-1$ + final TrustInfo trustInfo = getTrustInfoFor(new Certificate[][] {{certificate}}); + assertNotNull(trustInfo); + final Certificate[] trustedCertificates = trustInfo.getTrustedCertificates(); + assertEquals(1, trustedCertificates.length); + assertSame(certificate, trustedCertificates[0]); + } + + public void testAvoidTrustPromptServiceTrustsManyCertificates() { + final Certificate certificate1 = new DummyCertificate(""); //$NON-NLS-1$ + final Certificate certificate2 = new DummyCertificate(""); //$NON-NLS-1$ + final TrustInfo trustInfo = getTrustInfoFor(new Certificate[][] { {certificate1}, {certificate2}}); + assertNotNull(trustInfo); + final Certificate[] trustedCertificates = trustInfo.getTrustedCertificates(); + assertEquals(2, trustedCertificates.length); + assertSame(certificate1, trustedCertificates[0]); + assertSame(certificate2, trustedCertificates[1]); + } + + private TrustInfo getTrustInfoFor(final Certificate[][] untrustedChain) { + UIServices avoidTrustPromptService = new DirectorApplication.AvoidTrustPromptService(); + return avoidTrustPromptService.getTrustInfo(untrustedChain, null); + } + } -- cgit v1.2.3