Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 794e99c0 编写于 作者: V vinnie
浏览文件
操作

8009235: Improve handling of TSA data 

Reviewed-by: ahgross, mullan
上级 5c89aa59
隐藏空白更改
内联 并排
Showing with 36 addition and 1 deletion
src/share/classes/sun/security/pkcs/SignerInfo.java
浏览文件 @ 794e99c0
...@@ -34,6 +34,7 @@ import java.security.cert.CertPath; ...@@ -34,6 +34,7 @@ import java.security.cert.CertPath;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.security.*; import java.security.*;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays;
import sun.security.timestamp.TimestampToken; import sun.security.timestamp.TimestampToken;
import sun.security.util.*; import sun.security.util.*;
...@@ -57,6 +58,7 @@ public class SignerInfo implements DerEncoder { ...@@ -57,6 +58,7 @@ public class SignerInfo implements DerEncoder {
byte[] encryptedDigest; byte[] encryptedDigest;
Timestamp timestamp; Timestamp timestamp;
private boolean hasTimestamp = true; private boolean hasTimestamp = true;
private static final Debug debug = Debug.getInstance("jar");
PKCS9Attributes authenticatedAttributes; PKCS9Attributes authenticatedAttributes;
PKCS9Attributes unauthenticatedAttributes; PKCS9Attributes unauthenticatedAttributes;
...@@ -499,11 +501,40 @@ public class SignerInfo implements DerEncoder { ...@@ -499,11 +501,40 @@ public class SignerInfo implements DerEncoder {
CertPath tsaChain = cf.generateCertPath(chain); CertPath tsaChain = cf.generateCertPath(chain);
// Create a timestamp token info object // Create a timestamp token info object
TimestampToken tsTokenInfo = new TimestampToken(encTsTokenInfo); TimestampToken tsTokenInfo = new TimestampToken(encTsTokenInfo);
// Check that the signature timestamp applies to this signature
verifyTimestamp(tsTokenInfo);
// Create a timestamp object // Create a timestamp object
timestamp = new Timestamp(tsTokenInfo.getDate(), tsaChain); timestamp = new Timestamp(tsTokenInfo.getDate(), tsaChain);
return timestamp; return timestamp;
} }
/*
* Check that the signature timestamp applies to this signature.
* Match the hash present in the signature timestamp token against the hash
* of this signature.
*/
private void verifyTimestamp(TimestampToken token)
throws NoSuchAlgorithmException, SignatureException {
MessageDigest md =
MessageDigest.getInstance(token.getHashAlgorithm().getName());
if (!Arrays.equals(token.getHashedMessage(),
md.digest(encryptedDigest))) {
throw new SignatureException("Signature timestamp (#" +
token.getSerialNumber() + ") generated on " + token.getDate() +
" is inapplicable");
}
if (debug != null) {
debug.println();
debug.println("Detected signature timestamp (#" +
token.getSerialNumber() + ") generated on " + token.getDate());
debug.println();
}
}
public String toString() { public String toString() {
HexDumpEncoder hexDump = new HexDumpEncoder(); HexDumpEncoder hexDump = new HexDumpEncoder();
......
src/share/classes/sun/security/timestamp/TimestampToken.java
浏览文件 @ 794e99c0
/* /*
* Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
...@@ -115,6 +115,10 @@ public class TimestampToken { ...@@ -115,6 +115,10 @@ public class TimestampToken {
return nonce; return nonce;
} }
public BigInteger getSerialNumber() {
return serialNumber;
}
/* /*
* Parses the timestamp token info. * Parses the timestamp token info.
* *
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册