diff options
author | Ed Merks | 2020-01-04 11:31:41 +0000 |
---|---|---|
committer | Ed Merks | 2020-01-04 11:31:41 +0000 |
commit | 2f54a7ecc098f91c081ba080b4f651bf53470611 (patch) | |
tree | 1eb5571b5ea3d10f701a1756b14c70b33c135abd | |
parent | 8144483681c0d27350923526454fb5f6c81419b2 (diff) | |
download | rt.equinox.p2-I20200110-0905.tar.gz rt.equinox.p2-I20200110-0905.tar.xz rt.equinox.p2-I20200110-0905.zip |
Bug 544874 - Trust bundles with at least one trusted certificateY20200108-0435S4_15_0_M1I20200110-0905I20200110-0200I20200109-2350I20200108-2240I20200108-0600I20200108-0025I20200107-1800I20200107-0600I20200106-1805I20200106-0600I20200105-1800I20200105-0955I20200105-0600I20200104-1800
Changed CertificateChecker to skip the untrusted certificate chains
dialog for bundles that have at least one trusted certificate chain.
Change-Id: Id8d7ca99d59b56973e53b999db27a00da1e8a31e
Signed-off-by: Carsten Reckord <reckord@yatta.de>
-rw-r--r-- | bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java | 50 |
1 files changed, 30 insertions, 20 deletions
diff --git a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java index 61d962663..7e1e729a8 100644 --- a/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java +++ b/bundles/org.eclipse.equinox.p2.engine/src/org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.java @@ -72,7 +72,7 @@ public class CertificateChecker { IStatus status = Status.OK_STATUS; if (artifacts.size() == 0 || serviceUI == null) return status; - for (File artifact : artifacts) { + checkArtifacts: for (File artifact : artifacts) { try { content = verifierFactory.getSignedContent(artifact); if (!content.isSigned()) { @@ -85,6 +85,15 @@ public class CertificateChecker { } catch (IOException e) { return new Status(IStatus.ERROR, EngineActivator.ID, Messages.CertificateChecker_SignedContentIOError, e); } + + // Determine if any element is trusted. + for (SignerInfo element : signerInfo) { + if (element.isTrusted()) { + continue checkArtifacts; + } + } + + // Only record the untrusted elements if there are no trusted elements. for (SignerInfo element : signerInfo) { if (!element.isTrusted()) { Certificate[] certificateChain = element.getCertificateChain(); @@ -100,30 +109,31 @@ public class CertificateChecker { } } } + } + } - // log the unsigned artifacts if requested - if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNSIGNED && !unsigned.isEmpty()) { - StringBuilder message = new StringBuilder("The following artifacts are unsigned:\n"); //$NON-NLS-1$ - for (File file : unsigned) { - message.append(NLS.bind(" {0}\n", file.getPath())); //$NON-NLS-1$ - } - DebugHelper.debug(DEBUG_PREFIX, message.toString()); - } + // log the unsigned artifacts if requested + if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNSIGNED && !unsigned.isEmpty()) { + StringBuilder message = new StringBuilder("The following artifacts are unsigned:\n"); //$NON-NLS-1$ + for (File file : unsigned) { + message.append(NLS.bind(" {0}\n", file.getPath())); //$NON-NLS-1$ + } + DebugHelper.debug(DEBUG_PREFIX, message.toString()); + } - // log the untrusted certificates if requested - if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNTRUSTED && !untrusted.isEmpty()) { - StringBuilder message = new StringBuilder("The following certificates are untrusted:\n"); //$NON-NLS-1$ - for (Certificate cert : untrustedArtifacts.keySet()) { - message.append(cert.toString() + "\n"); //$NON-NLS-1$ - message.append(" used by the following artifacts:\n"); //$NON-NLS-1$ - for (File file : untrustedArtifacts.get(cert)) { - message.append(NLS.bind(" {0}\n", file.getPath())); //$NON-NLS-1$ - } - } - DebugHelper.debug(DEBUG_PREFIX, message.toString()); + // log the untrusted certificates if requested + if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNTRUSTED && !untrusted.isEmpty()) { + StringBuilder message = new StringBuilder("The following certificates are untrusted:\n"); //$NON-NLS-1$ + for (Certificate cert : untrustedArtifacts.keySet()) { + message.append(cert.toString() + "\n"); //$NON-NLS-1$ + message.append(" used by the following artifacts:\n"); //$NON-NLS-1$ + for (File file : untrustedArtifacts.get(cert)) { + message.append(NLS.bind(" {0}\n", file.getPath())); //$NON-NLS-1$ } } + DebugHelper.debug(DEBUG_PREFIX, message.toString()); } + String policy = getUnsignedContentPolicy(); //if there is unsigned content and we should never allow it, then fail without further checking certificates if (!unsigned.isEmpty() && EngineActivator.UNSIGNED_FAIL.equals(policy)) |