Mercurial > hg > icedtea12
changeset 2325:645e965b61e7
Mark jar as unverified only if it is unsigned (since signed jars -- even ones
with problems, and still 'verified' for contents).
author | Deepak Bhole <dbhole@redhat.com> |
---|---|
date | Wed, 28 Jul 2010 15:40:48 -0400 |
parents | 3918f39eab4d |
children | d0941d204617 |
files | ChangeLog netx/net/sourceforge/jnlp/tools/JarSigner.java |
diffstat | 2 files changed, 20 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Jul 28 15:38:26 2010 -0400 +++ b/ChangeLog Wed Jul 28 15:40:48 2010 -0400 @@ -1,3 +1,11 @@ +2010-07-28 Deepak Bhole <dbhole@redhat.com> + + * netx/net/sourceforge/jnlp/tools/JarSigner.java: Add new verifyResult enum + to track verification status. + (verifyJars): Mark jar unverified only if it has no signature. + (verifyJar): Use new verifyResult enum to return status based on if jar is + unsigned, signed but with errors, or signed and ok. + 2010-07-28 Deepak Bhole <dbhole@redhat.com> * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (getInstance):
--- a/netx/net/sourceforge/jnlp/tools/JarSigner.java Wed Jul 28 15:38:26 2010 -0400 +++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java Wed Jul 28 15:40:48 2010 -0400 @@ -75,6 +75,8 @@ static final int IN_KEYSTORE = 0x01; static final int IN_SCOPE = 0x02; + static enum verifyResult {UNSIGNED, SIGNED_OK, SIGNED_NOT_OK} + // signer's certificate chain (when composing) X509Certificate[] certChain; @@ -217,14 +219,14 @@ } String localFile = jarFile.getAbsolutePath(); - boolean result = verifyJar(localFile); + verifyResult result = verifyJar(localFile); - if (!result) { - //allVerified is true until we encounter a problem - //with one or more jars + if (result == verifyResult.UNSIGNED) { + unverifiedJars.add(localFile); + } else if (result == verifyResult.SIGNED_NOT_OK) { noSigningIssues = false; - unverifiedJars.add(localFile); - } else { + verifiedJars.add(localFile); + } else if (result == verifyResult.SIGNED_OK) { verifiedJars.add(localFile); } } catch (Exception e){ @@ -235,7 +237,7 @@ } } - public boolean verifyJar(String jarName) throws Exception { + public verifyResult verifyJar(String jarName) throws Exception { boolean anySigned = false; boolean hasUnsignedEntry = false; JarFile jarFile = null; @@ -319,7 +321,7 @@ //Alert the user if any of the following are true. if (!anySigned) { - + return verifyResult.UNSIGNED; } else { anyJarsSigned = true; @@ -360,9 +362,9 @@ checkTrustedCerts(); //anySigned does not guarantee that all files were signed. - return anySigned && !(hasUnsignedEntry || hasExpiredCert + return (anySigned && !(hasUnsignedEntry || hasExpiredCert || badKeyUsage || badExtendedKeyUsage || badNetscapeCertType - || notYetValidCert); + || notYetValidCert)) ? verifyResult.SIGNED_OK : verifyResult.SIGNED_NOT_OK; } /**