archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-27 06:45:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8218021: Have jarsigner preserve posix permission attributes

Browse source 
Reviewed-by: weijun, lancea, alanb
This commit is contained in:
Sean Coffey 2020-07-02 08:17:31 +00:00
parent dc63bf261b
commit 3d9bad16d1
14 changed files with 292 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

23
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
View file

@ -50,6 +50,8 @@ import java.security.cert.CertificateNotYetValidException;
import java.security.cert.TrustAnchor;
import java.util.Map.Entry;
import jdk.internal.access.JavaUtilZipFileAccess;
import jdk.internal.access.SharedSecrets;
import jdk.security.jarsigner.JarSigner;
import jdk.security.jarsigner.JarSignerException;
import sun.security.pkcs.PKCS7;
@ -108,6 +110,8 @@ public class Main {
private static final Set<CryptoPrimitive> SIG_PRIMITIVE_SET = Collections
.unmodifiableSet(EnumSet.of(CryptoPrimitive.SIGNATURE));
private static boolean permsDetected;
static final String VERSION = "1.0";
static final int IN_KEYSTORE = 0x01; // signer is in keystore
@ -115,6 +119,8 @@ public class Main {
// signer is not in alias list
static final int SIGNED_BY_ALIAS = 0x08; // signer is in alias list
static final JavaUtilZipFileAccess JUZFA = SharedSecrets.getJavaUtilZipFileAccess();
// Attention:
// This is the entry that get launched by the security tool jarsigner.
public static void main(String args[]) throws Exception {
@ -294,7 +300,7 @@ public class Main {
Arrays.fill(storepass, ' ');
storepass = null;
}
Event.clearReportListener();
Event.clearReportListener(Event.ReporterCategory.CRLCHECK);
}
if (strict) {
@ -776,6 +782,9 @@ public class Main {
JarEntry je = e.nextElement();
String name = je.getName();
if (!permsDetected && JUZFA.getPosixPerms(je) != -1) {
permsDetected = true;
}
hasSignature = hasSignature
|| SignatureFileVerifier.isBlockOrSF(name);
@ -1217,7 +1226,8 @@ public class Main {
if (hasExpiringCert ||
(hasExpiringTsaCert && expireDate != null) ||
(noTimestamp && expireDate != null) ||
(hasExpiredTsaCert && signerNotExpired)) {
(hasExpiredTsaCert && signerNotExpired) ||
permsDetected) {
if (hasExpiredTsaCert && signerNotExpired) {
if (expireDate != null) {
@ -1254,6 +1264,9 @@ public class Main {
: rb.getString("no.timestamp.verifying"), expireDate));
}
}
if (permsDetected) {
warnings.add(rb.getString("posix.attributes.detected"));
}
}
System.out.println(result);
@ -1771,6 +1784,8 @@ public class Main {
String failedMessage = null;
try {
Event.setReportListener(Event.ReporterCategory.POSIXPERMS,
(t, o) -> permsDetected = true);
builder.build().sign(zipFile, fos);
} catch (JarSignerException e) {
failedCause = e.getCause();
@ -1805,6 +1820,7 @@ public class Main {
fos.close();
}
Event.clearReportListener(Event.ReporterCategory.POSIXPERMS);
}
if (failedCause != null) {
@ -2064,7 +2080,8 @@ public class Main {
if (revocationCheck) {
Security.setProperty("ocsp.enable", "true");
System.setProperty("com.sun.security.enableCRLDP", "true");
Event.setReportListener((t, o) -> System.out.println(String.format(rb.getString(t), o)));
Event.setReportListener(Event.ReporterCategory.CRLCHECK,
(t, o) -> System.out.println(String.format(rb.getString(t), o)));
}
pkixParameters.setRevocationEnabled(revocationCheck);
} catch (InvalidAlgorithmParameterException ex) {