diff options
author | Thomas Watson | 2016-03-22 21:11:06 +0000 |
---|---|---|
committer | Thomas Watson | 2016-03-29 15:50:43 +0000 |
commit | 1b7bd98d0c6b8334fa838e7d1c875b24c58c1384 (patch) | |
tree | 5e91fad8d6f1ee14e066648cfe3b595498c172a2 | |
parent | 745d1292dc616ca4304ca1b61fd9a0c9fa4d9b4e (diff) | |
download | rt.equinox.framework-1b7bd98d0c6b8334fa838e7d1c875b24c58c1384.tar.gz rt.equinox.framework-1b7bd98d0c6b8334fa838e7d1c875b24c58c1384.tar.xz rt.equinox.framework-1b7bd98d0c6b8334fa838e7d1c875b24c58c1384.zip |
Bug 489686 - Some bundles in Orbit Recipes cannot be used in target
platform, p2 hangs
Change-Id: I3ca09f6789af33f1ab0a86ce44ced87720fcf0ee
Signed-off-by: Thomas Watson <tjwatson@us.ibm.com>
3 files changed, 53 insertions, 13 deletions
diff --git a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java index 66d81b7ef..c204b9817 100644 --- a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java +++ b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2007, 2014 IBM Corporation and others. + * Copyright (c) 2007, 2016 IBM Corporation and others. * All rights reserved. This program and the accompanying materials * are made available under the terms of the Eclipse Public License v1.0 * which accompanies this distribution, and is available at @@ -49,12 +49,12 @@ public class SignedBundleTest extends BaseSecurityTest { n/a n/a n/a = positive, unsigned ('unsigned.jar') yes n/a yes = positive, 1 signer ('signed.jar','ca1_leafa') yes yes yes = positive, 2 signers ('multiply_signed.jar','ca1_leafa,'ca1_leafb') - + //negative = untrusted tests no n/a yes = negative, 1 signer, 1 untrusted ('signed.jar') no no yes = negative, 2 signers, 2 untrusted ('multiply_signed.jar') yes no yes = negative, 2 signers, 1 untrusted ('multiply_signed.jar', 'ca1_leafa') - + //negative = validity tests yes n/a no = negative, 1 signer, 1 corrupt ('signed_with_corrupt.jar','ca1_leafa') yes yes no = negative, 2 signers, 2 corrupt @@ -91,11 +91,11 @@ public class SignedBundleTest extends BaseSecurityTest { registerEclipseTrustEngine(); /* TrustEngine engine = getTrustEngine(); - + if (supportStore == null) { fail("Could not open keystore with test certificates!"); } - + // get the certs from the support store and add for (int i = 0; i < aliases.length; i++) { Certificate cert = supportStore.getCertificate(aliases[i]); @@ -925,4 +925,45 @@ public class SignedBundleTest extends BaseSecurityTest { fail("Unexpected exception", e); } } + + public void test489686() { + Bundle testBundle = null; + try { + testBundle = installBundle(getTestJarPath("signed_with_missing_digest")); + + // get the signed content for the bundle + SignedContent signedContent = getSignedContentFactory().getSignedContent(testBundle); + assertNotNull("SignedContent is null", signedContent); + // check if it is signed + assertTrue("Should be signed", signedContent.isSigned()); + // get the signer infos + SignerInfo[] infos = signedContent.getSignerInfos(); + assertNotNull("SignerInfo is null", infos); + assertEquals("wrong number of signers", 1, infos.length); + + SignedContentEntry[] entries = signedContent.getSignedEntries(); + assertNotNull("Entries is null", entries); + for (int i = 0; i < entries.length; i++) { + try { + entries[i].verify(); + fail("Expected a corruption for: " + entries[i].getName()); + } catch (InvalidContentException e) { + // expected + } + SignerInfo[] entryInfos = entries[i].getSignerInfos(); + assertNotNull("SignerInfo is null", entryInfos); + assertEquals("wrong number of entry signers", 1, entryInfos.length); + assertEquals("Entry signer does not equal content signer", infos[0], entryInfos[0]); + } + + } catch (Exception e) { + fail("Unexpected exception", e); + } finally { + try { + testBundle.uninstall(); + } catch (Exception e) { + fail("Failed to uninstall bundle", e); + } + } + } } diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_missing_digest.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_missing_digest.jar Binary files differnew file mode 100755 index 000000000..7f0c67aa6 --- /dev/null +++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_missing_digest.jar diff --git a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java index 446b1ca5d..03afd0e30 100644 --- a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java +++ b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java @@ -1,5 +1,5 @@ /******************************************************************************* - * Copyright (c) 2007, 2015 IBM Corporation and others. All rights reserved. + * Copyright (c) 2007, 2016 IBM Corporation and others. All rights reserved. * This program and the accompanying materials are made available under the * terms of the Eclipse Public License v1.0 which accompanies this distribution, * and is available at http://www.eclipse.org/legal/epl-v10.html @@ -182,19 +182,21 @@ public class SignatureBlockProcessor implements SignedContentConstants { } // get the string for this entry only, since the entryStartOffset - // points to the '\n' befor the 'Name: ' we increase it by 1 + // points to the '\n' before the 'Name: ' we increase it by 1 // this is guaranteed to not go past end-of-string and be less // then entryEndOffset. String entryStr = mfStr.substring(entryStartOffset + 1, entryEndOffset); entryStr = stripContinuations(entryStr); + // increment the offset to the ending entry for the next iteration of the loop ... + entryStartOffset = entryEndOffset; + // entry points to the start of the next 'entry' String entryName = getEntryFileName(entryStr); // if we could retrieve an entry name, then we will extract // digest type list, and the digest value list if (entryName != null) { - String aDigestLine = getDigestLine(entryStr, signerInfo.getMessageDigestAlgorithm()); if (aDigestLine != null) { @@ -231,8 +233,6 @@ public class SignatureBlockProcessor implements SignedContentConstants { mdResult[1].add(digestResult); } // could get lines of digest entries in this MF file entry } // could retrieve entry name - // increment the offset to the ending entry... - entryStartOffset = entryEndOffset; } } @@ -335,7 +335,7 @@ public class SignatureBlockProcessor implements SignedContentConstants { int entryStartOffset = mfStr.indexOf(MF_ENTRY_NEWLN_NAME); int length = mfStr.length(); - while ((entryStartOffset != -1) && (entryStartOffset < length)) { + if ((entryStartOffset != -1) && (entryStartOffset < length)) { // get the start of the next 'entry', i.e. the end of this entry int entryEndOffset = mfStr.indexOf(MF_ENTRY_NEWLN_NAME, entryStartOffset + 1); @@ -346,12 +346,11 @@ public class SignatureBlockProcessor implements SignedContentConstants { } // get the string for this entry only, since the entryStartOffset - // points to the '\n' befor the 'Name: ' we increase it by 1 + // points to the '\n' before the 'Name: ' we increase it by 1 // this is guaranteed to not go past end-of-string and be less // then entryEndOffset. entryStr = mfStr.substring(entryStartOffset + 1, entryEndOffset); entryStr = stripContinuations(entryStr); - break; } if (entryStr != null) { |