Mercurial > hg > release > icedtea6-1.7
changeset 1960:d88454e407dd
Mark jar as unverified only if it is unsigned (since signed jars -- even ones
with problems, and still 'verified' for contents).
author | Deepak Bhole <dbhole@redhat.com> |
---|---|
date | Thu, 22 Jul 2010 19:27:54 -0400 |
parents | eb2ab50f5a28 |
children | 391a0a5145ca |
files | ChangeLog rt/net/sourceforge/jnlp/tools/JarSigner.java |
diffstat | 2 files changed, 20 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Thu Jul 22 19:24:19 2010 -0400 +++ b/ChangeLog Thu Jul 22 19:27:54 2010 -0400 @@ -1,3 +1,11 @@ +2010-07-22 Deepak Bhole <dbhole@redhat.com> + + * t/net/sourceforge/jnlp/tools/JarSigner.java: Add new verifyResult enum + to track verification status. + (verifyJars): Mark jar unverified only if it has no signature. + (verifyJar): Use new verifyResult enum to return status based on if jar is + unsigned, signed but with errors, or signed and ok. + 2010-07-22 Deepak Bhole <dbhole@redhat.com> * rt/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: Added a new
--- a/rt/net/sourceforge/jnlp/tools/JarSigner.java Thu Jul 22 19:24:19 2010 -0400 +++ b/rt/net/sourceforge/jnlp/tools/JarSigner.java Thu Jul 22 19:27:54 2010 -0400 @@ -75,6 +75,8 @@ static final int IN_KEYSTORE = 0x01; static final int IN_SCOPE = 0x02; + static enum verifyResult {UNSIGNED, SIGNED_OK, SIGNED_NOT_OK} + // signer's certificate chain (when composing) X509Certificate[] certChain; @@ -217,14 +219,14 @@ } String localFile = jarFile.getAbsolutePath(); - boolean result = verifyJar(localFile); + verifyResult result = verifyJar(localFile); - if (!result) { - //allVerified is true until we encounter a problem - //with one or more jars + if (result == verifyResult.UNSIGNED) { + unverifiedJars.add(localFile); + } else if (result == verifyResult.SIGNED_NOT_OK) { noSigningIssues = false; - unverifiedJars.add(localFile); - } else { + verifiedJars.add(localFile); + } else if (result == verifyResult.SIGNED_OK) { verifiedJars.add(localFile); } } catch (Exception e){ @@ -235,7 +237,7 @@ } } - public boolean verifyJar(String jarName) throws Exception { + public verifyResult verifyJar(String jarName) throws Exception { boolean anySigned = false; boolean hasUnsignedEntry = false; JarFile jarFile = null; @@ -319,7 +321,7 @@ //Alert the user if any of the following are true. if (!anySigned) { - + return verifyResult.UNSIGNED; } else { anyJarsSigned = true; @@ -360,9 +362,9 @@ checkTrustedCerts(); //anySigned does not guarantee that all files were signed. - return anySigned && !(hasUnsignedEntry || hasExpiredCert + return (anySigned && !(hasUnsignedEntry || hasExpiredCert || badKeyUsage || badExtendedKeyUsage || badNetscapeCertType - || notYetValidCert); + || notYetValidCert)) ? verifyResult.SIGNED_OK : verifyResult.SIGNED_NOT_OK; } /**