Mercurial > hg > release > icedtea7-forest-2.2 > jdk
changeset 5351:48b820bbd7ca
8009235: Improve handling of TSA data
Reviewed-by: ahgross, mullan
author | vinnie |
---|---|
date | Mon, 08 Apr 2013 21:17:57 +0100 |
parents | b18a44fda9ac |
children | 6f9ab9374923 |
files | src/share/classes/sun/security/timestamp/TimestampToken.java src/share/classes/sun/security/util/SignatureFileVerifier.java |
diffstat | 2 files changed, 33 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/security/timestamp/TimestampToken.java Tue Jun 11 13:24:21 2013 +0100 +++ b/src/share/classes/sun/security/timestamp/TimestampToken.java Mon Apr 08 21:17:57 2013 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -115,6 +115,10 @@ return nonce; } + public BigInteger getSerialNumber() { + return serialNumber; + } + /* * Parses the timestamp token info. *
--- a/src/share/classes/sun/security/util/SignatureFileVerifier.java Tue Jun 11 13:24:21 2013 +0100 +++ b/src/share/classes/sun/security/util/SignatureFileVerifier.java Mon Apr 08 21:17:57 2013 +0100 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -548,6 +548,8 @@ // Create a timestamp token info object TimestampToken timestampTokenInfo = new TimestampToken(encodedTimestampTokenInfo); + // Check that the signature timestamp applies to this signature + verifyTimestamp(timestampTokenInfo, info.getEncryptedDigest()); // Create a timestamp object timestamp = new Timestamp(timestampTokenInfo.getDate(), tsaChain); @@ -556,6 +558,31 @@ return timestamp; } + /* + * Check that the signature timestamp applies to this signature. + * Match the hash present in the signature timestamp token against the hash + * of this signature. + */ + private void verifyTimestamp(TimestampToken token, byte[] signature) + throws NoSuchAlgorithmException, SignatureException { + + MessageDigest md = + MessageDigest.getInstance(token.getHashAlgorithm().getName()); + + if (!Arrays.equals(token.getHashedMessage(), md.digest(signature))) { + throw new SignatureException("Signature timestamp (#" + + token.getSerialNumber() + ") generated on " + token.getDate() + + " is inapplicable"); + } + + if (debug != null) { + debug.println(); + debug.println("Detected signature timestamp (#" + + token.getSerialNumber() + ") generated on " + token.getDate()); + debug.println(); + } + } + // for the toHex function private static final char[] hexc = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'};