Mercurial > hg > release > icedtea6-1.8
changeset 2067:a6cb78541643
2010-07-22 Deepak Bhole <dbhole@redhat.com>
* t/net/sourceforge/jnlp/tools/JarSigner.java: Add new verifyResult enum
to track verification status.
(verifyJars): Mark jar unverified only if it has no signature.
(verifyJar): Use new verifyResult enum to return status based on if jar is
unsigned, signed but with errors, or signed and ok.
author | doko@ubuntu.com |
---|---|
date | Sat, 24 Jul 2010 00:52:38 +0200 |
parents | e59670bc8db8 |
children | 7c6d03b64403 |
files | ChangeLog netx/net/sourceforge/jnlp/tools/JarSigner.java |
diffstat | 2 files changed, 20 insertions(+), 10 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Sat Jul 24 00:51:39 2010 +0200 +++ b/ChangeLog Sat Jul 24 00:52:38 2010 +0200 @@ -1,3 +1,11 @@ +2010-07-22 Deepak Bhole <dbhole@redhat.com> + + * t/net/sourceforge/jnlp/tools/JarSigner.java: Add new verifyResult enum + to track verification status. + (verifyJars): Mark jar unverified only if it has no signature. + (verifyJar): Use new verifyResult enum to return status based on if jar is + unsigned, signed but with errors, or signed and ok. + 2010-07-22 Deepak Bhole <dbhole@redhat.com> * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java: Added a new
--- a/netx/net/sourceforge/jnlp/tools/JarSigner.java Sat Jul 24 00:51:39 2010 +0200 +++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java Sat Jul 24 00:52:38 2010 +0200 @@ -75,6 +75,8 @@ static final int IN_KEYSTORE = 0x01; static final int IN_SCOPE = 0x02; + static enum verifyResult {UNSIGNED, SIGNED_OK, SIGNED_NOT_OK} + // signer's certificate chain (when composing) X509Certificate[] certChain; @@ -217,14 +219,14 @@ } String localFile = jarFile.getAbsolutePath(); - boolean result = verifyJar(localFile); + verifyResult result = verifyJar(localFile); - if (!result) { - //allVerified is true until we encounter a problem - //with one or more jars + if (result == verifyResult.UNSIGNED) { + unverifiedJars.add(localFile); + } else if (result == verifyResult.SIGNED_NOT_OK) { noSigningIssues = false; - unverifiedJars.add(localFile); - } else { + verifiedJars.add(localFile); + } else if (result == verifyResult.SIGNED_OK) { verifiedJars.add(localFile); } } catch (Exception e){ @@ -235,7 +237,7 @@ } } - public boolean verifyJar(String jarName) throws Exception { + public verifyResult verifyJar(String jarName) throws Exception { boolean anySigned = false; boolean hasUnsignedEntry = false; JarFile jarFile = null; @@ -319,7 +321,7 @@ //Alert the user if any of the following are true. if (!anySigned) { - + return verifyResult.UNSIGNED; } else { anyJarsSigned = true; @@ -360,9 +362,9 @@ checkTrustedCerts(); //anySigned does not guarantee that all files were signed. - return anySigned && !(hasUnsignedEntry || hasExpiredCert + return (anySigned && !(hasUnsignedEntry || hasExpiredCert || badKeyUsage || badExtendedKeyUsage || badNetscapeCertType - || notYetValidCert); + || notYetValidCert)) ? verifyResult.SIGNED_OK : verifyResult.SIGNED_NOT_OK; } /**