archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 23:04:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8273826: Correct Manifest file name and NPE checks

Browse source 
Reviewed-by: weijun, hchao, mullan
This commit is contained in:
Sean Coffey 2021-10-07 15:12:13 +00:00
parent 722d639fad
commit 03a8d342b8
5 changed files with 137 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/java.base/share/classes/java/util/jar/JarFile.java
View file

@ -749,7 +749,7 @@ public class JarFile extends ZipFile {
}
if (mev == null) {
mev = new ManifestEntryVerifier
(getManifestFromReference());
(getManifestFromReference(), jv.manifestName);
}
if (name.equalsIgnoreCase(MANIFEST_NAME)) {
b = jv.manifestRawBytes;

2
src/java.base/share/classes/java/util/jar/JarInputStream.java
View file

@ -95,7 +95,7 @@ public class JarInputStream extends ZipInputStream {
closeEntry();
if (doVerify) {
jv = new JarVerifier(e.getName(), bytes);
mev = new ManifestEntryVerifier(man);
mev = new ManifestEntryVerifier(man, jv.manifestName);
}
return (JarEntry)super.getNextEntry();
}

2
src/java.base/share/classes/java/util/jar/JarVerifier.java
View file

@ -444,7 +444,7 @@ class JarVerifier {
{
this.is = Objects.requireNonNull(is);
this.jv = jv;
this.mev = new ManifestEntryVerifier(man);
this.mev = new ManifestEntryVerifier(man, jv.manifestName);
this.jv.beginEntry(je, mev);
this.numLeft = je.getSize();
if (this.numLeft == 0)

21
src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java
View file

@ -63,7 +63,9 @@ public class ManifestEntryVerifier {
ArrayList<byte[]> manifestHashes;
private String name = null;
private Manifest man;
private final String manifestFileName; // never null
private final Manifest man;
private boolean skip = true;
@ -74,11 +76,12 @@ public class ManifestEntryVerifier {
/**
* Create a new ManifestEntryVerifier object.
*/
public ManifestEntryVerifier(Manifest man)
public ManifestEntryVerifier(Manifest man, String manifestFileName)
{
createdDigests = new HashMap<>(11);
digests = new ArrayList<>();
manifestHashes = new ArrayList<>();
this.manifestFileName = manifestFileName;
this.man = man;
}
@ -187,7 +190,6 @@ public class ManifestEntryVerifier {
* the first time we have verified this object, remove its
* code signers from sigFileSigners and place in verifiedSigners.
*
*
*/
public CodeSigner[] verify(Hashtable<String, CodeSigner[]> verifiedSigners,
Hashtable<String, CodeSigner[]> sigFileSigners)
@ -209,7 +211,6 @@ public class ManifestEntryVerifier {
getParams(verifiedSigners, sigFileSigners);
for (int i=0; i < digests.size(); i++) {
MessageDigest digest = digests.get(i);
if (params != null) {
try {
@ -251,7 +252,8 @@ public class ManifestEntryVerifier {
/**
* Get constraints parameters for JAR. The constraints should be
* checked against all code signers. Returns the parameters,
* or null if the signers for this entry have already been checked.
* or null if the signers for this entry have already been checked
* or there are no signers for this entry.
*/
private JarConstraintsParameters getParams(
Map<String, CodeSigner[]> verifiedSigners,
@ -262,17 +264,20 @@ public class ManifestEntryVerifier {
// the signers of the JAR. But if it doesn't then we need to fallback
// and check verifiedSigners to see if the signers of this entry have
// been checked already.
if (verifiedSigners.containsKey(JarFile.MANIFEST_NAME)) {
if (verifiedSigners.containsKey(manifestFileName)) {
if (verifiedSigners.size() > 1) {
// this means we already checked it previously
return null;
} else {
return new JarConstraintsParameters(
verifiedSigners.get(JarFile.MANIFEST_NAME));
verifiedSigners.get(manifestFileName));
}
} else {
if (debug != null) {
debug.println(manifestFileName + " not present in verifiedSigners");
}
CodeSigner[] signers = sigFileSigners.get(name);
if (verifiedSigners.containsValue(signers)) {
if (signers == null || verifiedSigners.containsValue(signers)) {
return null;
} else {
return new JarConstraintsParameters(signers);