Bug 489686 - Some bundles in Orbit Recipes cannot be used in target

platform, p2 hangs

Change-Id: I3ca09f6789af33f1ab0a86ce44ced87720fcf0ee
Signed-off-by: Thomas Watson <tjwatson@us.ibm.com>

3 files changed, 53 insertions, 13 deletions

diff --git a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java
index 66d81b7ef..c204b9817 100644
--- a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java
+++ b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2007, 2014 IBM Corporation and others.
+ * Copyright (c) 2007, 2016 IBM Corporation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
@@ -49,12 +49,12 @@ public class SignedBundleTest extends BaseSecurityTest {
 	n/a		n/a		n/a		= positive, unsigned				('unsigned.jar')
 	yes		n/a		yes		= positive, 1 signer				('signed.jar','ca1_leafa')
 	yes		yes		yes		= positive, 2 signers				('multiply_signed.jar','ca1_leafa,'ca1_leafb')
-
+	
 	//negative = untrusted tests
 	no		n/a		yes		= negative, 1 signer, 1 untrusted	('signed.jar')		
 	no		no		yes		= negative, 2 signers, 2 untrusted  ('multiply_signed.jar')
 	yes		no		yes		= negative, 2 signers, 1 untrusted	('multiply_signed.jar', 'ca1_leafa')
-
+	
 	//negative = validity tests
 	yes		n/a		no		= negative, 1 signer, 1 corrupt		('signed_with_corrupt.jar','ca1_leafa')
 	yes		yes		no		= negative, 2 signers, 2 corrupt
@@ -91,11 +91,11 @@ public class SignedBundleTest extends BaseSecurityTest {
 		registerEclipseTrustEngine();
 		/*
 				TrustEngine engine = getTrustEngine();
-
+		
 				if (supportStore == null) {
 					fail("Could not open keystore with test certificates!");
 				}
-
+		
 				// get the certs from the support store and add
 				for (int i = 0; i < aliases.length; i++) {
 					Certificate cert = supportStore.getCertificate(aliases[i]);
@@ -925,4 +925,45 @@ public class SignedBundleTest extends BaseSecurityTest {
 			fail("Unexpected exception", e);
 		}
 	}
+
+	public void test489686() {
+		Bundle testBundle = null;
+		try {
+			testBundle = installBundle(getTestJarPath("signed_with_missing_digest"));
+
+			// get the signed content for the bundle
+			SignedContent signedContent = getSignedContentFactory().getSignedContent(testBundle);
+			assertNotNull("SignedContent is null", signedContent);
+			// check if it is signed
+			assertTrue("Should be signed", signedContent.isSigned());
+			// get the signer infos
+			SignerInfo[] infos = signedContent.getSignerInfos();
+			assertNotNull("SignerInfo is null", infos);
+			assertEquals("wrong number of signers", 1, infos.length);
+
+			SignedContentEntry[] entries = signedContent.getSignedEntries();
+			assertNotNull("Entries is null", entries);
+			for (int i = 0; i < entries.length; i++) {
+				try {
+					entries[i].verify();
+					fail("Expected a corruption for: " + entries[i].getName());
+				} catch (InvalidContentException e) {
+					// expected
+				}
+				SignerInfo[] entryInfos = entries[i].getSignerInfos();
+				assertNotNull("SignerInfo is null", entryInfos);
+				assertEquals("wrong number of entry signers", 1, entryInfos.length);
+				assertEquals("Entry signer does not equal content signer", infos[0], entryInfos[0]);
+			}
+
+		} catch (Exception e) {
+			fail("Unexpected exception", e);
+		} finally {
+			try {
+				testBundle.uninstall();
+			} catch (Exception e) {
+				fail("Failed to uninstall bundle", e);
+			}
+		}
+	}
 }
diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_missing_digest.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_missing_digest.jar
new file mode 100755
index 000000000..7f0c67aa6
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_missing_digest.jar
diff --git a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java
index 446b1ca5d..03afd0e30 100644
--- a/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java
+++ b/bundles/org.eclipse.osgi/container/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java
@@ -1,5 +1,5 @@
 /*******************************************************************************
- * Copyright (c) 2007, 2015 IBM Corporation and others. All rights reserved.
+ * Copyright (c) 2007, 2016 IBM Corporation and others. All rights reserved.
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v1.0 which accompanies this distribution,
  * and is available at http://www.eclipse.org/legal/epl-v10.html
@@ -182,19 +182,21 @@ public class SignatureBlockProcessor implements SignedContentConstants {
 			}
 
 			// get the string for this entry only, since the entryStartOffset
-			// points to the '\n' befor the 'Name: ' we increase it by 1
+			// points to the '\n' before the 'Name: ' we increase it by 1
 			// this is guaranteed to not go past end-of-string and be less
 			// then entryEndOffset.
 			String entryStr = mfStr.substring(entryStartOffset + 1, entryEndOffset);
 			entryStr = stripContinuations(entryStr);
 
+			// increment the offset to the ending entry for the next iteration of the loop ...
+			entryStartOffset = entryEndOffset;
+
 			// entry points to the start of the next 'entry'
 			String entryName = getEntryFileName(entryStr);
 
 			// if we could retrieve an entry name, then we will extract
 			// digest type list, and the digest value list
 			if (entryName != null) {
-
 				String aDigestLine = getDigestLine(entryStr, signerInfo.getMessageDigestAlgorithm());
 
 				if (aDigestLine != null) {
@@ -231,8 +233,6 @@ public class SignatureBlockProcessor implements SignedContentConstants {
 					mdResult[1].add(digestResult);
 				} // could get lines of digest entries in this MF file entry
 			} // could retrieve entry name
-				// increment the offset to the ending entry...
-			entryStartOffset = entryEndOffset;
 		}
 	}
 
@@ -335,7 +335,7 @@ public class SignatureBlockProcessor implements SignedContentConstants {
 		int entryStartOffset = mfStr.indexOf(MF_ENTRY_NEWLN_NAME);
 		int length = mfStr.length();
 
-		while ((entryStartOffset != -1) && (entryStartOffset < length)) {
+		if ((entryStartOffset != -1) && (entryStartOffset < length)) {
 
 			// get the start of the next 'entry', i.e. the end of this entry
 			int entryEndOffset = mfStr.indexOf(MF_ENTRY_NEWLN_NAME, entryStartOffset + 1);
@@ -346,12 +346,11 @@ public class SignatureBlockProcessor implements SignedContentConstants {
 			}
 
 			// get the string for this entry only, since the entryStartOffset
-			// points to the '\n' befor the 'Name: ' we increase it by 1
+			// points to the '\n' before the 'Name: ' we increase it by 1
 			// this is guaranteed to not go past end-of-string and be less
 			// then entryEndOffset.
 			entryStr = mfStr.substring(entryStartOffset + 1, entryEndOffset);
 			entryStr = stripContinuations(entryStr);
-			break;
 		}
 
 		if (entryStr != null) {