Mercurial > hg > icedtea9

changeset 2325:645e965b61e7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Mark jar as unverified only if it is unsigned (since signed jars -- even ones with problems, and still 'verified' for contents).
author Deepak Bhole <dbhole@redhat.com>
date Wed, 28 Jul 2010 15:40:48 -0400
parents 3918f39eab4d
children d0941d204617
files ChangeLog netx/net/sourceforge/jnlp/tools/JarSigner.java
diffstat 2 files changed, 20 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Wed Jul 28 15:38:26 2010 -0400
+++ b/ChangeLog	Wed Jul 28 15:40:48 2010 -0400
@@ -1,3 +1,11 @@
+2010-07-28  Deepak Bhole <dbhole@redhat.com>
+
+	* netx/net/sourceforge/jnlp/tools/JarSigner.java: Add new verifyResult enum
+	to track verification status.
+	(verifyJars): Mark jar unverified only if it has no signature.
+	(verifyJar): Use new verifyResult enum to return status based on if jar is
+	unsigned, signed but with errors, or signed and ok.
+
 2010-07-28  Deepak Bhole <dbhole@redhat.com>
 
 	* netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java (getInstance):
--- a/netx/net/sourceforge/jnlp/tools/JarSigner.java	Wed Jul 28 15:38:26 2010 -0400
+++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java	Wed Jul 28 15:40:48 2010 -0400
@@ -75,6 +75,8 @@
     static final int IN_KEYSTORE = 0x01;
     static final int IN_SCOPE = 0x02;
 
+    static enum verifyResult {UNSIGNED, SIGNED_OK, SIGNED_NOT_OK}
+
     // signer's certificate chain (when composing)
     X509Certificate[] certChain;
 
@@ -217,14 +219,14 @@
                 }
 
                 String localFile = jarFile.getAbsolutePath();
-                boolean result = verifyJar(localFile);
+                verifyResult result = verifyJar(localFile);
 
-                if (!result) {
-                    //allVerified is true until we encounter a problem
-                    //with one or more jars
+                if (result == verifyResult.UNSIGNED) {
+                    unverifiedJars.add(localFile);
+                } else if (result == verifyResult.SIGNED_NOT_OK) {
                     noSigningIssues = false;
-                    unverifiedJars.add(localFile);
-                } else {
+                    verifiedJars.add(localFile);
+                } else if (result == verifyResult.SIGNED_OK) {
                     verifiedJars.add(localFile);
                 }
             } catch (Exception e){
@@ -235,7 +237,7 @@
         }
     }
 
-    public boolean verifyJar(String jarName) throws Exception {
+    public verifyResult verifyJar(String jarName) throws Exception {
         boolean anySigned = false;
         boolean hasUnsignedEntry = false;
         JarFile jarFile = null;
@@ -319,7 +321,7 @@
 
             //Alert the user if any of the following are true.
             if (!anySigned) {
-
+                return verifyResult.UNSIGNED;
             } else {
                 anyJarsSigned = true;
 
@@ -360,9 +362,9 @@
         checkTrustedCerts();
 
         //anySigned does not guarantee that all files were signed.
-        return anySigned && !(hasUnsignedEntry || hasExpiredCert
+        return (anySigned && !(hasUnsignedEntry || hasExpiredCert
                               || badKeyUsage || badExtendedKeyUsage || badNetscapeCertType
-                              || notYetValidCert);
+                              || notYetValidCert)) ? verifyResult.SIGNED_OK : verifyResult.SIGNED_NOT_OK;
     }
 
     /**