提交 50874d19 编写于 作者: I igerasim

8169392: Additional jar validation steps

Reviewed-by: mullan, herrick, ahgross
上级 655050a6
/* /*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -180,10 +180,12 @@ class JarVerifier { ...@@ -180,10 +180,12 @@ class JarVerifier {
// only set the jev object for entries that have a signature // only set the jev object for entries that have a signature
// (either verified or not) // (either verified or not)
if (sigFileSigners.get(name) != null || if (!name.equals(JarFile.MANIFEST_NAME)) {
verifiedSigners.get(name) != null) { if (sigFileSigners.get(name) != null ||
mev.setEntry(name, je); verifiedSigners.get(name) != null) {
return; mev.setEntry(name, je);
return;
}
} }
// don't compute the digest for this entry // don't compute the digest for this entry
......
/* /*
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -107,6 +107,8 @@ public class ManifestEntryVerifier { ...@@ -107,6 +107,8 @@ public class ManifestEntryVerifier {
/* get the headers from the manifest for this entry */ /* get the headers from the manifest for this entry */
/* if there aren't any, we can't verify any digests for this entry */ /* if there aren't any, we can't verify any digests for this entry */
skip = false;
Attributes attr = man.getAttributes(name); Attributes attr = man.getAttributes(name);
if (attr == null) { if (attr == null) {
// ugh. we should be able to remove this at some point. // ugh. we should be able to remove this at some point.
...@@ -141,7 +143,6 @@ public class ManifestEntryVerifier { ...@@ -141,7 +143,6 @@ public class ManifestEntryVerifier {
} }
if (digest != null) { if (digest != null) {
skip = false;
digest.reset(); digest.reset();
digests.add(digest); digests.add(digest);
manifestHashes.add( manifestHashes.add(
...@@ -197,6 +198,10 @@ public class ManifestEntryVerifier { ...@@ -197,6 +198,10 @@ public class ManifestEntryVerifier {
return null; return null;
} }
if (digests.isEmpty()) {
throw new SecurityException("digest missing for " + name);
}
if (signers != null) if (signers != null)
return signers; return signers;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册