Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEd Merks2020-01-04 11:31:41 +0000
committerEd Merks2020-01-04 11:31:41 +0000
commit2f54a7ecc098f91c081ba080b4f651bf53470611 (patch)
tree1eb5571b5ea3d10f701a1756b14c70b33c135abd
parent8144483681c0d27350923526454fb5f6c81419b2 (diff)
downloadrt.equinox.p2-I20200108-0025.tar.gz
rt.equinox.p2-I20200108-0025.tar.xz
rt.equinox.p2-I20200108-0025.zip
Changed CertificateChecker to skip the untrusted certificate chains dialog for bundles that have at least one trusted certificate chain. Change-Id: Id8d7ca99d59b56973e53b999db27a00da1e8a31e Signed-off-by: Carsten Reckord <reckord@yatta.de>
-rw-r--r--bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java50
1 files changed, 30 insertions, 20 deletions
diff --git a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java
index 61d962663..7e1e729a8 100644
--- a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java
+++ b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java
@@ -72,7 +72,7 @@ public class CertificateChecker {
IStatus status = Status.OK_STATUS;
if (artifacts.size() == 0 || serviceUI == null)
return status;
- for (File artifact : artifacts) {
+ checkArtifacts: for (File artifact : artifacts) {
try {
content = verifierFactory.getSignedContent(artifact);
if (!content.isSigned()) {
@@ -85,6 +85,15 @@ public class CertificateChecker {
} catch (IOException e) {
return new Status(IStatus.ERROR, EngineActivator.ID, Messages.CertificateChecker_SignedContentIOError, e);
}
+
+ // Determine if any element is trusted.
+ for (SignerInfo element : signerInfo) {
+ if (element.isTrusted()) {
+ continue checkArtifacts;
+ }
+ }
+
+ // Only record the untrusted elements if there are no trusted elements.
for (SignerInfo element : signerInfo) {
if (!element.isTrusted()) {
Certificate[] certificateChain = element.getCertificateChain();
@@ -100,30 +109,31 @@ public class CertificateChecker {
}
}
}
+ }
+ }
- // log the unsigned artifacts if requested
- if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNSIGNED && !unsigned.isEmpty()) {
- StringBuilder message = new StringBuilder("The following artifacts are unsigned:\n"); //$NON-NLS-1$
- for (File file : unsigned) {
- message.append(NLS.bind(" {0}\n", file.getPath())); //$NON-NLS-1$
- }
- DebugHelper.debug(DEBUG_PREFIX, message.toString());
- }
+ // log the unsigned artifacts if requested
+ if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNSIGNED && !unsigned.isEmpty()) {
+ StringBuilder message = new StringBuilder("The following artifacts are unsigned:\n"); //$NON-NLS-1$
+ for (File file : unsigned) {
+ message.append(NLS.bind(" {0}\n", file.getPath())); //$NON-NLS-1$
+ }
+ DebugHelper.debug(DEBUG_PREFIX, message.toString());
+ }
- // log the untrusted certificates if requested
- if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNTRUSTED && !untrusted.isEmpty()) {
- StringBuilder message = new StringBuilder("The following certificates are untrusted:\n"); //$NON-NLS-1$
- for (Certificate cert : untrustedArtifacts.keySet()) {
- message.append(cert.toString() + "\n"); //$NON-NLS-1$
- message.append(" used by the following artifacts:\n"); //$NON-NLS-1$
- for (File file : untrustedArtifacts.get(cert)) {
- message.append(NLS.bind(" {0}\n", file.getPath())); //$NON-NLS-1$
- }
- }
- DebugHelper.debug(DEBUG_PREFIX, message.toString());
+ // log the untrusted certificates if requested
+ if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNTRUSTED && !untrusted.isEmpty()) {
+ StringBuilder message = new StringBuilder("The following certificates are untrusted:\n"); //$NON-NLS-1$
+ for (Certificate cert : untrustedArtifacts.keySet()) {
+ message.append(cert.toString() + "\n"); //$NON-NLS-1$
+ message.append(" used by the following artifacts:\n"); //$NON-NLS-1$
+ for (File file : untrustedArtifacts.get(cert)) {
+ message.append(NLS.bind(" {0}\n", file.getPath())); //$NON-NLS-1$
}
}
+ DebugHelper.debug(DEBUG_PREFIX, message.toString());
}
+
String policy = getUnsignedContentPolicy();
//if there is unsigned content and we should never allow it, then fail without further checking certificates
if (!unsigned.isEmpty() && EngineActivator.UNSIGNED_FAIL.equals(policy))

Back to the top