Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Watson2008-07-02 17:08:42 -0400
committerThomas Watson2008-07-02 17:08:42 -0400
commit309ba21d25b16ef094287ae8ee4b31d04ffdf42f (patch)
tree2b578e7e60df493cd698c62c2208780f11120ec8 /bundles
parent4741bdda3ea01c6f7bc498880b54b57bc04cc390 (diff)
downloadrt.equinox.framework-309ba21d25b16ef094287ae8ee4b31d04ffdf42f.tar.gz
rt.equinox.framework-309ba21d25b16ef094287ae8ee4b31d04ffdf42f.tar.xz
rt.equinox.framework-309ba21d25b16ef094287ae8ee4b31d04ffdf42f.zip
Bug 239360 [sec] Unchecked SecurityException thrown when SignatureException makes more sense
Diffstat (limited to 'bundles')
-rw-r--r--bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java16
-rw-r--r--bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_sf_corrupted.jarbin0 -> 4856 bytes
-rw-r--r--bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java4
-rw-r--r--bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java13
4 files changed, 25 insertions, 8 deletions
diff --git a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java
index f292fd9d1..927aad040 100644
--- a/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java
+++ b/bundles/org.eclipse.osgi.tests/src/org/eclipse/osgi/tests/security/SignedBundleTest.java
@@ -11,6 +11,7 @@
package org.eclipse.osgi.tests.security;
import java.io.File;
+import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import junit.framework.Test;
@@ -797,4 +798,19 @@ public class SignedBundleTest extends BaseSecurityTest {
signedFile.delete();
assertFalse("File should not exist", signedFile.exists());
}
+
+ public void testBug236329_01() throws Exception {
+ File signedFile = copyEntryFile(getTestJarPath("signed_with_sf_corrupted"));
+
+ assertNotNull("Could not find signed file!", signedFile);
+ //getTrustEngine().addTrustAnchor(anchor, alias);
+
+ // get the signed content for the bundle
+ try {
+ getSignedContentFactory().getSignedContent(signedFile);
+ fail("Should have gotten a SignatureException for file: " + signedFile);
+ } catch (SignatureException e) {
+ // expected
+ }
+ }
}
diff --git a/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_sf_corrupted.jar b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_sf_corrupted.jar
new file mode 100644
index 000000000..99b955046
--- /dev/null
+++ b/bundles/org.eclipse.osgi.tests/test_files/security/bundles/signed_with_sf_corrupted.jar
Binary files differ
diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java
index 5989221cb..5591b0795 100644
--- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java
+++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/PKCS7Processor.java
@@ -1,5 +1,5 @@
/*******************************************************************************
- * Copyright (c) 2006, 2007 IBM Corporation and others. All rights reserved.
+ * Copyright (c) 2006, 2008 IBM Corporation and others. All rights reserved.
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v1.0 which accompanies this distribution,
* and is available at http://www.eclipse.org/legal/epl-v10.html
@@ -122,7 +122,7 @@ public class PKCS7Processor implements SignedContentConstants {
}
if (certs == null || certs.size() < 1)
- throw new SecurityException("There are no certificates in the .RSA/.DSA file!"); //$NON-NLS-1$
+ throw new SignatureException("There are no certificates in the .RSA/.DSA file!"); //$NON-NLS-1$
// Okay, here are our certificates.
bp.stepOver();
diff --git a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java
index a6bf865fc..df54292ae 100644
--- a/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java
+++ b/bundles/org.eclipse.osgi/security/src/org/eclipse/osgi/internal/signedcontent/SignatureBlockProcessor.java
@@ -1,5 +1,5 @@
/*******************************************************************************
- * Copyright (c) 2007 IBM Corporation and others. All rights reserved.
+ * Copyright (c) 2007, 2008 IBM Corporation and others. All rights reserved.
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v1.0 which accompanies this distribution,
* and is available at http://www.eclipse.org/legal/epl-v10.html
@@ -101,7 +101,7 @@ public class SignatureBlockProcessor implements SignedContentConstants {
// Process the Step 2 in the Jar File Verification algorithm
// Get the manifest out of the signature file and make sure
// it matches MANIFEST.MF
- verifyManifestAndSingatureFile(manifestBytes, sfBytes);
+ verifyManifestAndSignatureFile(manifestBytes, sfBytes);
// create a SignerInfo with the processed information
SignerInfoImpl signerInfo = new SignerInfoImpl(processor.getCertificates(), null, digAlg);
@@ -122,8 +122,9 @@ public class SignatureBlockProcessor implements SignedContentConstants {
/**
* Verify the digest listed in each entry in the .SF file with corresponding section in the manifest
+ * @throws SignatureException
*/
- private void verifyManifestAndSingatureFile(byte[] manifestBytes, byte[] sfBytes) {
+ private void verifyManifestAndSignatureFile(byte[] manifestBytes, byte[] sfBytes) throws SignatureException {
String sf = new String(sfBytes);
sf = stripContinuations(sf);
@@ -150,9 +151,9 @@ public class SignatureBlockProcessor implements SignedContentConstants {
// check if the the computed digest value of manifest file equals to the digest value in the .sf file
if (!digestValue.equals(manifestDigest)) {
- Exception e = new SecurityException(NLS.bind(SignedContentMessages.Security_File_Is_Tampered, new String[] {signedBundle.getBaseFile().toString()}));
- SignedBundleHook.log(e.getMessage(), FrameworkLogEntry.ERROR, e);
- throw (SecurityException) e;
+ SignatureException se = new SignatureException(NLS.bind(SignedContentMessages.Security_File_Is_Tampered, new String[] {signedBundle.getBaseFile().toString()}));
+ SignedBundleHook.log(se.getMessage(), FrameworkLogEntry.ERROR, se);
+ throw se;
}
}
}

Back to the top