Bug 378155 - Install of plugin fails when signed by Java 1.7 jarsignerv20120508-2119

9 files changed, 89 insertions, 6 deletions

diff --git a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java
index 95c64a2f5..2b84502a2 100644
--- a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java
+++ b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2007, 2011 IBM Corporation and others.
+ * Copyright (c) 2007, 2012 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
@@ -859,4 +859,54 @@ public class SignedBundleTest extends BaseSecurityTest {
 			}
 		}
 	}
+
+	public void testBug378155() {
+		doTestBug378155("SHA1withRSA");
+		doTestBug378155("SHA256withRSA");
+		doTestBug378155("SHA384withRSA");
+		doTestBug378155("SHA512withRSA");
+	}
+
+	private void doTestBug378155(String bundleName) {
+
+		Bundle testBundle = null;
+		try {
+			testBundle = installBundle(getTestJarPath(bundleName));
+			assertNotNull("Test bundle not installed!", testBundle);
+			// get the signed content for the bundle
+			SignedContent signedContent = getSignedContentFactory().getSignedContent(testBundle);
+			assertNotNull("SignedContent is null", signedContent);
+			// check if it is signed
+			assertTrue("Should be signed", signedContent.isSigned());
+			// get the signer infos
+			SignerInfo[] infos = signedContent.getSignerInfos();
+			assertNotNull("SignerInfo is null", infos);
+			assertEquals("wrong number of signers", 1, infos.length);
+			// check the signer validity
+			signedContent.checkValidity(infos[0]);
+			// check the signer trust (it is NOT trusted)
+			assertFalse("Signer is trusted", infos[0].isTrusted());
+			// check the trust anchor
+			assertNull("Trust anchor is not null", infos[0].getTrustAnchor());
+			// verify and validate the entries
+			SignedContentEntry[] entries = signedContent.getSignedEntries();
+			assertNotNull("Entries is null", entries);
+			for (int i = 0; i < entries.length; i++) {
+				entries[i].verify();
+				SignerInfo[] entryInfos = entries[i].getSignerInfos();
+				assertNotNull("SignerInfo is null", entryInfos);
+				assertEquals("wrong number of entry signers", 1, entryInfos.length);
+				assertEquals("Entry signer does not equal content signer", infos[0], entryInfos[0]);
+			}
+		} catch (Exception e) {
+			fail("Unexpected exception", e);
+		} finally {
+			try {
+				if (testBundle != null)
+					testBundle.uninstall();
+			} catch (BundleException e) {
+				fail("Failed to uninstall bundle", e);
+			}
+		}
+	}
 }
diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA1withRSA.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA1withRSA.jar
new file mode 100755
index 000000000..b82c29ca3
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA1withRSA.jar
diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA256withRSA.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA256withRSA.jar
new file mode 100755
index 000000000..e26678903
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA256withRSA.jar
diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA384withRSA.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA384withRSA.jar
new file mode 100755
index 000000000..d8bf7e4c4
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA384withRSA.jar
diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA512withRSA.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA512withRSA.jar
new file mode 100755
index 000000000..c9eac0d57
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA512withRSA.jar
diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/test.bug378155.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/test.bug378155.jar
new file mode 100755
index 000000000..b716290dd
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/test.bug378155.jar
diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java
index 95a77db42..a1267a8e1 100644
--- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java
+++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2006, 2011 IBM Corporation and others. All rights reserved.
+ * Copyright (c) 2006, 2012 IBM Corporation and others. All rights reserved.
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
  * and is available at http://www.eclipse.org/legal/epl-v10.html
@@ -78,6 +78,24 @@ public class PKCS7Processor implements SignedContentConstants {
 		if (Arrays.equals(SHA1_OID, digestOid)) {
 			return SHA1_STR;
 		}
+		if (Arrays.equals(SHA224_OID, digestOid)) {
+			return SHA224_STR;
+		}
+		if (Arrays.equals(SHA256_OID, digestOid)) {
+			return SHA256_STR;
+		}
+		if (Arrays.equals(SHA384_OID, digestOid)) {
+			return SHA384_STR;
+		}
+		if (Arrays.equals(SHA512_OID, digestOid)) {
+			return SHA512_STR;
+		}
+		if (Arrays.equals(SHA512_224_OID, digestOid)) {
+			return SHA512_224_STR;
+		}
+		if (Arrays.equals(SHA512_256_OID, digestOid)) {
+			return SHA512_256_STR;
+		}
 		if (Arrays.equals(MD5_OID, digestOid)) {
 			return MD5_STR;
 		}
diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java
index c9863804c..8f9684147 100644
--- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java
+++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2007, 2011 IBM Corporation and others. All rights reserved.
+ * Copyright (c) 2007, 2012 IBM Corporation and others. All rights reserved.
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
  * and is available at http://www.eclipse.org/legal/epl-v10.html
@@ -143,6 +143,8 @@ public class SignatureBlockProcessor implements SignedContentConstants {
 					manifestDigest = calculateDigest(getMessageDigest(MD5_STR), manifestBytes);
 				else if (digestName.equalsIgnoreCase(SHA1_STR))
 					manifestDigest = calculateDigest(getMessageDigest(SHA1_STR), manifestBytes);
+				else
+					manifestDigest = calculateDigest(getMessageDigest(digestName), manifestBytes);
 				off += digestManifestSearchLen;
 
 				// find out the index of first '\n' after the -Digest-Manifest: 
@@ -270,9 +272,7 @@ public class SignatureBlockProcessor implements SignedContentConstants {
 				// remember the "algorithm type" object
 				return SHA1_STR;
 			} else {
-				// unknown algorithm type, we will stop processing this entry
-				// break;
-				throw new NoSuchAlgorithmException(NLS.bind(SignedContentMessages.Algorithm_Not_Supported, sDigestAlgType));
+				return sDigestAlgType;
 			}
 		}
 		return null;
diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java
index d0c052653..115621a91 100644
--- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java
+++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java
@@ -12,6 +12,12 @@ package org.eclipse.osgi.internal.signedcontent;
 public interface SignedContentConstants {
 
 	public static final String SHA1_STR = "SHA1"; //$NON-NLS-1$
+	public static final String SHA256_STR = "SHA256"; //$NON-NLS-1$
+	public static final String SHA384_STR = "SHA384"; //$NON-NLS-1$
+	public static final String SHA512_STR = "SHA512"; //$NON-NLS-1$
+	public static final String SHA224_STR = "SHA224"; //$NON-NLS-1$
+	public static final String SHA512_224_STR = "SHA512-224"; //$NON-NLS-1$
+	public static final String SHA512_256_STR = "SHA512-256"; //$NON-NLS-1$
 	public static final String MD5_STR = "MD5"; //$NON-NLS-1$
 	public static final String MD2_STR = "MD2"; //$NON-NLS-1$
 
@@ -36,7 +42,16 @@ public interface SignedContentConstants {
 	public static final int SIGNEDDATA_OID[] = {1, 2, 840, 113549, 1, 7, 2};
 	public static final int MD5_OID[] = {1, 2, 840, 113549, 2, 5};
 	public static final int MD2_OID[] = {1, 2, 840, 113549, 2, 2};
+
 	public static final int SHA1_OID[] = {1, 3, 14, 3, 2, 26};
+
+	public static final int SHA256_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 1};
+	public static final int SHA384_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 2};
+	public static final int SHA512_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 3};
+	public static final int SHA224_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 4};
+	public static final int SHA512_224_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 5};
+	public static final int SHA512_256_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 6};
+
 	public static final int DSA_OID[] = {1, 2, 840, 10040, 4, 1};
 	public static final int RSA_OID[] = {1, 2, 840, 113549, 1, 1, 1};