diff options
author | Thomas Watson | 2012-05-08 21:19:21 +0000 |
---|---|---|
committer | Thomas Watson | 2012-05-08 21:19:21 +0000 |
commit | 7bc8060090621ea117971fd917321d4abbae4f5c (patch) | |
tree | da7848d1df3e933144057005c0daadc5f5ad2827 | |
parent | bef1cc9df1203fe05e5781dbe7b015f317a70cf5 (diff) | |
download | rt.equinox.framework-7bc8060090621ea117971fd917321d4abbae4f5c.tar.gz rt.equinox.framework-7bc8060090621ea117971fd917321d4abbae4f5c.tar.xz rt.equinox.framework-7bc8060090621ea117971fd917321d4abbae4f5c.zip |
Bug 378155 - Install of plugin fails when signed by Java 1.7 jarsignerv20120508-2119
9 files changed, 89 insertions, 6 deletions
diff --git a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java index 95c64a2f5..2b84502a2 100644 --- a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java +++ b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2007, 2011 IBM Corporation and others. + * Copyright (c) 2007, 2012 IBM Corporation and others. * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at @@ -859,4 +859,54 @@ public class SignedBundleTest extends BaseSecurityTest { } } } + + public void testBug378155() { + doTestBug378155("SHA1withRSA"); + doTestBug378155("SHA256withRSA"); + doTestBug378155("SHA384withRSA"); + doTestBug378155("SHA512withRSA"); + } + + private void doTestBug378155(String bundleName) { + + Bundle testBundle = null; + try { + testBundle = installBundle(getTestJarPath(bundleName)); + assertNotNull("Test bundle not installed!", testBundle); + // get the signed content for the bundle + SignedContent signedContent = getSignedContentFactory().getSignedContent(testBundle); + assertNotNull("SignedContent is null", signedContent); + // check if it is signed + assertTrue("Should be signed", signedContent.isSigned()); + // get the signer infos + SignerInfo[] infos = signedContent.getSignerInfos(); + assertNotNull("SignerInfo is null", infos); + assertEquals("wrong number of signers", 1, infos.length); + // check the signer validity + signedContent.checkValidity(infos[0]); + // check the signer trust (it is NOT trusted) + assertFalse("Signer is trusted", infos[0].isTrusted()); + // check the trust anchor + assertNull("Trust anchor is not null", infos[0].getTrustAnchor()); + // verify and validate the entries + SignedContentEntry[] entries = signedContent.getSignedEntries(); + assertNotNull("Entries is null", entries); + for (int i = 0; i < entries.length; i++) { + entries[i].verify(); + SignerInfo[] entryInfos = entries[i].getSignerInfos(); + assertNotNull("SignerInfo is null", entryInfos); + assertEquals("wrong number of entry signers", 1, entryInfos.length); + assertEquals("Entry signer does not equal content signer", infos[0], entryInfos[0]); + } + } catch (Exception e) { + fail("Unexpected exception", e); + } finally { + try { + if (testBundle != null) + testBundle.uninstall(); + } catch (BundleException e) { + fail("Failed to uninstall bundle", e); + } + } + } } diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA1withRSA.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA1withRSA.jar Binary files differnew file mode 100755 index 000000000..b82c29ca3 --- /dev/null +++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA1withRSA.jar diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA256withRSA.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA256withRSA.jar Binary files differnew file mode 100755 index 000000000..e26678903 --- /dev/null +++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA256withRSA.jar diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA384withRSA.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA384withRSA.jar Binary files differnew file mode 100755 index 000000000..d8bf7e4c4 --- /dev/null +++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA384withRSA.jar diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA512withRSA.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA512withRSA.jar Binary files differnew file mode 100755 index 000000000..c9eac0d57 --- /dev/null +++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/SHA512withRSA.jar diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/test.bug378155.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/test.bug378155.jar Binary files differnew file mode 100755 index 000000000..b716290dd --- /dev/null +++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/test.bug378155.jar diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java index 95a77db42..a1267a8e1 100644 --- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java +++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2006, 2011 IBM Corporation and others. All rights reserved. + * Copyright (c) 2006, 2012 IBM Corporation and others. All rights reserved. * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v1.0 which accompanies this distribution, * and is available at http://www.eclipse.org/legal/epl-v10.html @@ -78,6 +78,24 @@ public class PKCS7Processor implements SignedContentConstants { if (Arrays.equals(SHA1_OID, digestOid)) { return SHA1_STR; } + if (Arrays.equals(SHA224_OID, digestOid)) { + return SHA224_STR; + } + if (Arrays.equals(SHA256_OID, digestOid)) { + return SHA256_STR; + } + if (Arrays.equals(SHA384_OID, digestOid)) { + return SHA384_STR; + } + if (Arrays.equals(SHA512_OID, digestOid)) { + return SHA512_STR; + } + if (Arrays.equals(SHA512_224_OID, digestOid)) { + return SHA512_224_STR; + } + if (Arrays.equals(SHA512_256_OID, digestOid)) { + return SHA512_256_STR; + } if (Arrays.equals(MD5_OID, digestOid)) { return MD5_STR; } diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java index c9863804c..8f9684147 100644 --- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java +++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2007, 2011 IBM Corporation and others. All rights reserved. + * Copyright (c) 2007, 2012 IBM Corporation and others. All rights reserved. * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v1.0 which accompanies this distribution, * and is available at http://www.eclipse.org/legal/epl-v10.html @@ -143,6 +143,8 @@ public class SignatureBlockProcessor implements SignedContentConstants { manifestDigest = calculateDigest(getMessageDigest(MD5_STR), manifestBytes); else if (digestName.equalsIgnoreCase(SHA1_STR)) manifestDigest = calculateDigest(getMessageDigest(SHA1_STR), manifestBytes); + else + manifestDigest = calculateDigest(getMessageDigest(digestName), manifestBytes); off += digestManifestSearchLen; // find out the index of first '\n' after the -Digest-Manifest: @@ -270,9 +272,7 @@ public class SignatureBlockProcessor implements SignedContentConstants { // remember the "algorithm type" object return SHA1_STR; } else { - // unknown algorithm type, we will stop processing this entry - // break; - throw new NoSuchAlgorithmException(NLS.bind(SignedContentMessages.Algorithm_Not_Supported, sDigestAlgType)); + return sDigestAlgType; } } return null; diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java index d0c052653..115621a91 100644 --- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java +++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignedContentConstants.java @@ -12,6 +12,12 @@ package org.eclipse.osgi.internal.signedcontent; public interface SignedContentConstants { public static final String SHA1_STR = "SHA1"; //$NON-NLS-1$ + public static final String SHA256_STR = "SHA256"; //$NON-NLS-1$ + public static final String SHA384_STR = "SHA384"; //$NON-NLS-1$ + public static final String SHA512_STR = "SHA512"; //$NON-NLS-1$ + public static final String SHA224_STR = "SHA224"; //$NON-NLS-1$ + public static final String SHA512_224_STR = "SHA512-224"; //$NON-NLS-1$ + public static final String SHA512_256_STR = "SHA512-256"; //$NON-NLS-1$ public static final String MD5_STR = "MD5"; //$NON-NLS-1$ public static final String MD2_STR = "MD2"; //$NON-NLS-1$ @@ -36,7 +42,16 @@ public interface SignedContentConstants { public static final int SIGNEDDATA_OID[] = {1, 2, 840, 113549, 1, 7, 2}; public static final int MD5_OID[] = {1, 2, 840, 113549, 2, 5}; public static final int MD2_OID[] = {1, 2, 840, 113549, 2, 2}; + public static final int SHA1_OID[] = {1, 3, 14, 3, 2, 26}; + + public static final int SHA256_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 1}; + public static final int SHA384_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 2}; + public static final int SHA512_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 3}; + public static final int SHA224_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 4}; + public static final int SHA512_224_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 5}; + public static final int SHA512_256_OID[] = {2, 16, 840, 1, 101, 3, 4, 2, 6}; + public static final int DSA_OID[] = {1, 2, 840, 10040, 4, 1}; public static final int RSA_OID[] = {1, 2, 840, 113549, 1, 1, 1}; |