Mercurial > hg > release > icedtea-web-1.7

changeset 538:8eb44f9dc27c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fix regression with trivially signed (eg, just META-INF/) jars
author Adam Domurad <adomurad@redhat.com>
date Fri, 19 Oct 2012 15:08:40 -0400
parents 09c91b85a1a7
children d076dbf927b8
files ChangeLog netx/net/sourceforge/jnlp/tools/JarCertVerifier.java tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java
diffstat 3 files changed, 24 insertions(+), 12 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Fri Oct 19 14:34:16 2012 -0400
+++ b/ChangeLog	Fri Oct 19 15:08:40 2012 -0400
@@ -30,6 +30,17 @@
 
 2012-10-19  Adam Domurad  <adomurad@redhat.com>
 
+	Fixes JCV#isTriviallySigned(). Reproducer 'EmptySignedJar' passes 
+	again.
+	* netx/net/sourceforge/jnlp/tools/JarCertVerifier.java: Remove 
+	problematic 'triviallySigned' variable and instead determine 
+	whether triviallySigned on the fly. Consider jars with 0 signable 
+	entries as SIGNED_OK.
+	* tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java:
+	Update no-signers unit test.
+
+2012-10-19  Adam Domurad  <adomurad@redhat.com>
+
 	* netx/net/sourceforge/jnlp/security/AppVerifier.java: Use interface 
 	types for declared types where applicable.
 	* netx/net/sourceforge/jnlp/security/PluginAppVerifier.java: Same.
--- a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java	Fri Oct 19 14:34:16 2012 -0400
+++ b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java	Fri Oct 19 15:08:40 2012 -0400
@@ -105,14 +105,13 @@
         appVerifier = verifier;
     }
 
-    /** Whether a signable entry was found within jars (jars with content more than just META-INF/*) */
-    private boolean triviallySigned = false;
-
     /**
-     * Return true if there are signable entries in the jars, otherwise false
+     * Return true if there are no signable entries in the jar.
+     * This will return false if any of verified jars have content more than just META-INF/.
      */
     public boolean isTriviallySigned() {
-        return triviallySigned;
+        return getTotalJarEntries(jarSignableEntries) <= 0
+                && certs.size() <= 0;
     }
 
     public boolean getAlreadyTrustPublisher() {
@@ -178,7 +177,7 @@
      */
     // FIXME: Change javadoc once applets do not need entire jars signed.
     public boolean isFullySigned() {
-        if (triviallySigned)
+        if (isTriviallySigned())
             return true;
         boolean fullySigned = appVerifier.isFullySigned(certs,
                 jarSignableEntries);
@@ -236,7 +235,6 @@
                 }
 
                 VerifyResult result = verifyJar(localFile);
-                triviallySigned = false;
 
                 if (result == VerifyResult.UNSIGNED) {
                     unverifiedJars.add(localFile);
@@ -244,8 +242,6 @@
                     verifiedJars.add(localFile);
                 } else if (result == VerifyResult.SIGNED_OK) {
                     verifiedJars.add(localFile);
-                    triviallySigned = getTotalJarEntries(jarSignableEntries) <= 0
-                            && certs.size() <= 0;
                 }
             } catch (Exception e) {
                 // We may catch exceptions from using verifyJar()
@@ -399,7 +395,12 @@
         // Every signable entry of this jar needs to be signed by at least
         // one signer for the jar to be considered successfully signed.
         VerifyResult result = null;
-        if (allEntriesSignedBySingleCert) {
+
+        if (numSignableEntriesInJar == 0) {
+            // Allow jars with no signable entries to simply be considered signed.
+            // There should be no security risk in doing so.
+            result = VerifyResult.SIGNED_OK;
+        } else if (allEntriesSignedBySingleCert) {
 
             // We need to find at least one signer without any issues.
             for (CertPath entryCertPath : jarSignCount.keySet()) {
--- a/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java	Fri Oct 19 14:34:16 2012 -0400
+++ b/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java	Fri Oct 19 15:08:40 2012 -0400
@@ -121,8 +121,8 @@
         entries.add(new JarCertVerifierEntry("META-INF/MANIFEST.MF"));
         VerifyResult result = jcv.verifyJarEntryCerts("", true, entries);
 
-        Assert.assertEquals("No signable entry (only dirs/manifests) should be considered unsigned.",
-                VerifyResult.UNSIGNED, result);
+        Assert.assertEquals("No signable entry (only dirs/manifests) should be considered trivially signed.",
+                VerifyResult.SIGNED_OK, result);
         Assert.assertEquals("No signable entry (only dirs/manifests) means no signers in the verifier.",
                 0, jcv.getCertsList().size());
     }