| author | sdrach |
| Mon, 02 May 2016 09:03:38 -0700 | |
| changeset 37785 | daf6dcc73e9d |
| parent 36745 | 51effd3e92d0 |
| child 45975 | d61490c560bf |
| permissions | -rw-r--r-- |
| 2 | 1 |
/* |
|
23010
6dadb192ad81
8029235: Update copyright year to match last edit in jdk8 jdk repository for 2013
lana
parents:
22342
diff
changeset
|
2 |
* Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. |
| 2 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
| 5506 | 7 |
* published by the Free Software Foundation. Oracle designates this |
| 2 | 8 |
* particular file as subject to the "Classpath" exception as provided |
| 5506 | 9 |
* by Oracle in the LICENSE file that accompanied this code. |
| 2 | 10 |
* |
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
| 5506 | 21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
| 2 | 24 |
*/ |
25 |
||
26 |
package java.util.jar; |
|
27 |
||
28 |
import java.io.*; |
|
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
29 |
import java.net.URL; |
| 2 | 30 |
import java.util.*; |
31 |
import java.security.*; |
|
32 |
import java.security.cert.CertificateException; |
|
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
33 |
import java.util.zip.ZipEntry; |
| 2 | 34 |
|
|
36745
51effd3e92d0
8152190: Move sun.misc.JarIndex and InvalidJarIndexException to an internal package
chegar
parents:
29986
diff
changeset
|
35 |
import jdk.internal.util.jar.JarIndex; |
| 2 | 36 |
import sun.security.util.ManifestDigester; |
37 |
import sun.security.util.ManifestEntryVerifier; |
|
38 |
import sun.security.util.SignatureFileVerifier; |
|
39 |
import sun.security.util.Debug; |
|
40 |
||
41 |
/** |
|
42 |
* |
|
43 |
* @author Roland Schemers |
|
44 |
*/ |
|
45 |
class JarVerifier {
|
|
46 |
||
47 |
/* Are we debugging ? */ |
|
48 |
static final Debug debug = Debug.getInstance("jar");
|
|
49 |
||
50 |
/* a table mapping names to code signers, for jar entries that have |
|
51 |
had their actual hashes verified */ |
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
52 |
private Hashtable<String, CodeSigner[]> verifiedSigners; |
| 2 | 53 |
|
54 |
/* a table mapping names to code signers, for jar entries that have |
|
|
4152
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
4049
diff
changeset
|
55 |
passed the .SF/.DSA/.EC -> MANIFEST check */ |
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
56 |
private Hashtable<String, CodeSigner[]> sigFileSigners; |
| 9365 | 57 |
|
58 |
/* a hash table to hold .SF bytes */ |
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
59 |
private Hashtable<String, byte[]> sigFileData; |
| 9365 | 60 |
|
61 |
/** "queue" of pending PKCS7 blocks that we couldn't parse |
|
62 |
* until we parsed the .SF file */ |
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
63 |
private ArrayList<SignatureFileVerifier> pendingBlocks; |
| 2 | 64 |
|
65 |
/* cache of CodeSigner objects */ |
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
66 |
private ArrayList<CodeSigner[]> signerCache; |
| 2 | 67 |
|
| 9365 | 68 |
/* Are we parsing a block? */ |
69 |
private boolean parsingBlockOrSF = false; |
|
70 |
||
71 |
/* Are we done parsing META-INF entries? */ |
|
72 |
private boolean parsingMeta = true; |
|
73 |
||
| 2 | 74 |
/* Are there are files to verify? */ |
75 |
private boolean anyToVerify = true; |
|
76 |
||
| 9365 | 77 |
/* The output stream to use when keeping track of files we are interested |
78 |
in */ |
|
79 |
private ByteArrayOutputStream baos; |
|
80 |
||
| 2 | 81 |
/** The ManifestDigester object */ |
|
5606
63aa4b61c0a8
4465490: Suspicious about double-check locking idiom being used in the code
sherman
parents:
5462
diff
changeset
|
82 |
private volatile ManifestDigester manDig; |
| 2 | 83 |
|
84 |
/** the bytes for the manDig object */ |
|
85 |
byte manifestRawBytes[] = null; |
|
86 |
||
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
87 |
/** controls eager signature validation */ |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
88 |
boolean eagerValidation; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
89 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
90 |
/** makes code source singleton instances unique to us */ |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
91 |
private Object csdomain = new Object(); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
92 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
93 |
/** collect -DIGEST-MANIFEST values for blacklist */ |
|
11119
6ff03c1202ce
7116722: Miscellaneous warnings sun.misc ( and related classes )
chegar
parents:
9365
diff
changeset
|
94 |
private List<Object> manifestDigests; |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
95 |
|
| 9365 | 96 |
public JarVerifier(byte rawBytes[]) {
|
| 2 | 97 |
manifestRawBytes = rawBytes; |
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
98 |
sigFileSigners = new Hashtable<>(); |
|
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
99 |
verifiedSigners = new Hashtable<>(); |
|
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
100 |
sigFileData = new Hashtable<>(11); |
|
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
101 |
pendingBlocks = new ArrayList<>(); |
| 9365 | 102 |
baos = new ByteArrayOutputStream(); |
|
11119
6ff03c1202ce
7116722: Miscellaneous warnings sun.misc ( and related classes )
chegar
parents:
9365
diff
changeset
|
103 |
manifestDigests = new ArrayList<>(); |
| 2 | 104 |
} |
105 |
||
106 |
/** |
|
| 9365 | 107 |
* This method scans to see which entry we're parsing and |
108 |
* keeps various state information depending on what type of |
|
109 |
* file is being parsed. |
|
| 2 | 110 |
*/ |
111 |
public void beginEntry(JarEntry je, ManifestEntryVerifier mev) |
|
112 |
throws IOException |
|
113 |
{
|
|
114 |
if (je == null) |
|
115 |
return; |
|
116 |
||
117 |
if (debug != null) {
|
|
118 |
debug.println("beginEntry "+je.getName());
|
|
119 |
} |
|
120 |
||
121 |
String name = je.getName(); |
|
122 |
||
123 |
/* |
|
124 |
* Assumptions: |
|
125 |
* 1. The manifest should be the first entry in the META-INF directory. |
|
|
4152
bc36a9f01ac6
6870812: enhance security tools to use ECC algorithms
weijun
parents:
4049
diff
changeset
|
126 |
* 2. The .SF/.DSA/.EC files follow the manifest, before any normal entries |
| 2 | 127 |
* 3. Any of the following will throw a SecurityException: |
128 |
* a. digest mismatch between a manifest section and |
|
129 |
* the SF section. |
|
130 |
* b. digest mismatch between the actual jar entry and the manifest |
|
131 |
*/ |
|
132 |
||
| 9365 | 133 |
if (parsingMeta) {
|
134 |
String uname = name.toUpperCase(Locale.ENGLISH); |
|
135 |
if ((uname.startsWith("META-INF/") ||
|
|
136 |
uname.startsWith("/META-INF/"))) {
|
|
137 |
||
138 |
if (je.isDirectory()) {
|
|
139 |
mev.setEntry(null, je); |
|
140 |
return; |
|
141 |
} |
|
142 |
||
|
19598
958f97ba1713
8022761: regression: SecurityException is NOT thrown while trying to pack a wrongly signed Indexed Jar file
weijun
parents:
19376
diff
changeset
|
143 |
if (uname.equals(JarFile.MANIFEST_NAME) || |
|
958f97ba1713
8022761: regression: SecurityException is NOT thrown while trying to pack a wrongly signed Indexed Jar file
weijun
parents:
19376
diff
changeset
|
144 |
uname.equals(JarIndex.INDEX_NAME)) {
|
|
19376
b8743dfc5d00
8021788: JarInputStream doesn't provide certificates for some file under META-INF
weijun
parents:
13795
diff
changeset
|
145 |
return; |
|
b8743dfc5d00
8021788: JarInputStream doesn't provide certificates for some file under META-INF
weijun
parents:
13795
diff
changeset
|
146 |
} |
|
b8743dfc5d00
8021788: JarInputStream doesn't provide certificates for some file under META-INF
weijun
parents:
13795
diff
changeset
|
147 |
|
| 9365 | 148 |
if (SignatureFileVerifier.isBlockOrSF(uname)) {
|
149 |
/* We parse only DSA, RSA or EC PKCS7 blocks. */ |
|
150 |
parsingBlockOrSF = true; |
|
151 |
baos.reset(); |
|
152 |
mev.setEntry(null, je); |
|
|
19376
b8743dfc5d00
8021788: JarInputStream doesn't provide certificates for some file under META-INF
weijun
parents:
13795
diff
changeset
|
153 |
return; |
| 9365 | 154 |
} |
|
19376
b8743dfc5d00
8021788: JarInputStream doesn't provide certificates for some file under META-INF
weijun
parents:
13795
diff
changeset
|
155 |
|
|
b8743dfc5d00
8021788: JarInputStream doesn't provide certificates for some file under META-INF
weijun
parents:
13795
diff
changeset
|
156 |
// If a META-INF entry is not MF or block or SF, they should |
|
b8743dfc5d00
8021788: JarInputStream doesn't provide certificates for some file under META-INF
weijun
parents:
13795
diff
changeset
|
157 |
// be normal entries. According to 2 above, no more block or |
|
b8743dfc5d00
8021788: JarInputStream doesn't provide certificates for some file under META-INF
weijun
parents:
13795
diff
changeset
|
158 |
// SF will appear. Let's doneWithMeta. |
| 9365 | 159 |
} |
160 |
} |
|
161 |
||
162 |
if (parsingMeta) {
|
|
163 |
doneWithMeta(); |
|
164 |
} |
|
165 |
||
| 2 | 166 |
if (je.isDirectory()) {
|
167 |
mev.setEntry(null, je); |
|
168 |
return; |
|
169 |
} |
|
170 |
||
171 |
// be liberal in what you accept. If the name starts with ./, remove |
|
172 |
// it as we internally canonicalize it with out the ./. |
|
173 |
if (name.startsWith("./"))
|
|
174 |
name = name.substring(2); |
|
175 |
||
176 |
// be liberal in what you accept. If the name starts with /, remove |
|
177 |
// it as we internally canonicalize it with out the /. |
|
178 |
if (name.startsWith("/"))
|
|
179 |
name = name.substring(1); |
|
180 |
||
181 |
// only set the jev object for entries that have a signature |
|
| 22311 | 182 |
// (either verified or not) |
183 |
if (sigFileSigners.get(name) != null || |
|
184 |
verifiedSigners.get(name) != null) {
|
|
| 2 | 185 |
mev.setEntry(name, je); |
186 |
return; |
|
187 |
} |
|
188 |
||
189 |
// don't compute the digest for this entry |
|
190 |
mev.setEntry(null, je); |
|
191 |
||
192 |
return; |
|
193 |
} |
|
194 |
||
195 |
/** |
|
196 |
* update a single byte. |
|
197 |
*/ |
|
198 |
||
199 |
public void update(int b, ManifestEntryVerifier mev) |
|
200 |
throws IOException |
|
201 |
{
|
|
202 |
if (b != -1) {
|
|
| 9365 | 203 |
if (parsingBlockOrSF) {
|
204 |
baos.write(b); |
|
205 |
} else {
|
|
206 |
mev.update((byte)b); |
|
207 |
} |
|
| 2 | 208 |
} else {
|
209 |
processEntry(mev); |
|
210 |
} |
|
211 |
} |
|
212 |
||
213 |
/** |
|
214 |
* update an array of bytes. |
|
215 |
*/ |
|
216 |
||
217 |
public void update(int n, byte[] b, int off, int len, |
|
218 |
ManifestEntryVerifier mev) |
|
219 |
throws IOException |
|
220 |
{
|
|
221 |
if (n != -1) {
|
|
| 9365 | 222 |
if (parsingBlockOrSF) {
|
223 |
baos.write(b, off, n); |
|
224 |
} else {
|
|
225 |
mev.update(b, off, n); |
|
226 |
} |
|
| 2 | 227 |
} else {
|
228 |
processEntry(mev); |
|
229 |
} |
|
230 |
} |
|
231 |
||
232 |
/** |
|
233 |
* called when we reach the end of entry in one of the read() methods. |
|
234 |
*/ |
|
235 |
private void processEntry(ManifestEntryVerifier mev) |
|
236 |
throws IOException |
|
237 |
{
|
|
| 9365 | 238 |
if (!parsingBlockOrSF) {
|
239 |
JarEntry je = mev.getEntry(); |
|
240 |
if ((je != null) && (je.signers == null)) {
|
|
241 |
je.signers = mev.verify(verifiedSigners, sigFileSigners); |
|
242 |
je.certs = mapSignersToCertArray(je.signers); |
|
243 |
} |
|
244 |
} else {
|
|
245 |
||
246 |
try {
|
|
247 |
parsingBlockOrSF = false; |
|
248 |
||
249 |
if (debug != null) {
|
|
250 |
debug.println("processEntry: processing block");
|
|
251 |
} |
|
252 |
||
253 |
String uname = mev.getEntry().getName() |
|
254 |
.toUpperCase(Locale.ENGLISH); |
|
255 |
||
256 |
if (uname.endsWith(".SF")) {
|
|
257 |
String key = uname.substring(0, uname.length()-3); |
|
258 |
byte bytes[] = baos.toByteArray(); |
|
259 |
// add to sigFileData in case future blocks need it |
|
260 |
sigFileData.put(key, bytes); |
|
261 |
// check pending blocks, we can now process |
|
262 |
// anyone waiting for this .SF file |
|
|
22078
bdec5d53e98c
8030851: Update code in java.util to use newer language features
psandoz
parents:
19598
diff
changeset
|
263 |
for (SignatureFileVerifier sfv : pendingBlocks) {
|
| 9365 | 264 |
if (sfv.needSignatureFile(key)) {
|
265 |
if (debug != null) {
|
|
266 |
debug.println( |
|
267 |
"processEntry: processing pending block"); |
|
268 |
} |
|
269 |
||
270 |
sfv.setSignatureFile(bytes); |
|
271 |
sfv.process(sigFileSigners, manifestDigests); |
|
272 |
} |
|
273 |
} |
|
274 |
return; |
|
275 |
} |
|
276 |
||
277 |
// now we are parsing a signature block file |
|
278 |
||
|
24685
215fa91e1b4c
8044461: Cleanup new Boolean and single character strings
rriggs
parents:
23912
diff
changeset
|
279 |
String key = uname.substring(0, uname.lastIndexOf('.'));
|
| 9365 | 280 |
|
281 |
if (signerCache == null) |
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
282 |
signerCache = new ArrayList<>(); |
| 9365 | 283 |
|
284 |
if (manDig == null) {
|
|
285 |
synchronized(manifestRawBytes) {
|
|
286 |
if (manDig == null) {
|
|
287 |
manDig = new ManifestDigester(manifestRawBytes); |
|
288 |
manifestRawBytes = null; |
|
289 |
} |
|
290 |
} |
|
291 |
} |
|
292 |
||
293 |
SignatureFileVerifier sfv = |
|
294 |
new SignatureFileVerifier(signerCache, |
|
295 |
manDig, uname, baos.toByteArray()); |
|
296 |
||
297 |
if (sfv.needSignatureFileBytes()) {
|
|
298 |
// see if we have already parsed an external .SF file |
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
299 |
byte[] bytes = sigFileData.get(key); |
| 9365 | 300 |
|
301 |
if (bytes == null) {
|
|
302 |
// put this block on queue for later processing |
|
303 |
// since we don't have the .SF bytes yet |
|
304 |
// (uname, block); |
|
305 |
if (debug != null) {
|
|
306 |
debug.println("adding pending block");
|
|
307 |
} |
|
308 |
pendingBlocks.add(sfv); |
|
309 |
return; |
|
310 |
} else {
|
|
311 |
sfv.setSignatureFile(bytes); |
|
312 |
} |
|
313 |
} |
|
314 |
sfv.process(sigFileSigners, manifestDigests); |
|
315 |
||
|
22078
bdec5d53e98c
8030851: Update code in java.util to use newer language features
psandoz
parents:
19598
diff
changeset
|
316 |
} catch (IOException | CertificateException | |
|
bdec5d53e98c
8030851: Update code in java.util to use newer language features
psandoz
parents:
19598
diff
changeset
|
317 |
NoSuchAlgorithmException | SignatureException e) {
|
|
bdec5d53e98c
8030851: Update code in java.util to use newer language features
psandoz
parents:
19598
diff
changeset
|
318 |
if (debug != null) debug.println("processEntry caught: "+e);
|
| 9365 | 319 |
// ignore and treat as unsigned |
320 |
} |
|
| 2 | 321 |
} |
322 |
} |
|
323 |
||
324 |
/** |
|
325 |
* Return an array of java.security.cert.Certificate objects for |
|
326 |
* the given file in the jar. |
|
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
327 |
* @deprecated |
| 2 | 328 |
*/ |
|
13795
73850c397272
7193406: Clean-up JDK Build Warnings in java.util, java.io
dxu
parents:
11841
diff
changeset
|
329 |
@Deprecated |
| 2 | 330 |
public java.security.cert.Certificate[] getCerts(String name) |
331 |
{
|
|
332 |
return mapSignersToCertArray(getCodeSigners(name)); |
|
333 |
} |
|
334 |
||
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
335 |
public java.security.cert.Certificate[] getCerts(JarFile jar, JarEntry entry) |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
336 |
{
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
337 |
return mapSignersToCertArray(getCodeSigners(jar, entry)); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
338 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
339 |
|
| 2 | 340 |
/** |
341 |
* return an array of CodeSigner objects for |
|
342 |
* the given file in the jar. this array is not cloned. |
|
343 |
* |
|
344 |
*/ |
|
345 |
public CodeSigner[] getCodeSigners(String name) |
|
346 |
{
|
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
347 |
return verifiedSigners.get(name); |
| 2 | 348 |
} |
349 |
||
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
350 |
public CodeSigner[] getCodeSigners(JarFile jar, JarEntry entry) |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
351 |
{
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
352 |
String name = entry.getName(); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
353 |
if (eagerValidation && sigFileSigners.get(name) != null) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
354 |
/* |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
355 |
* Force a read of the entry data to generate the |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
356 |
* verification hash. |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
357 |
*/ |
| 9365 | 358 |
try {
|
359 |
InputStream s = jar.getInputStream(entry); |
|
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
360 |
byte[] buffer = new byte[1024]; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
361 |
int n = buffer.length; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
362 |
while (n != -1) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
363 |
n = s.read(buffer, 0, buffer.length); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
364 |
} |
| 9365 | 365 |
s.close(); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
366 |
} catch (IOException e) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
367 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
368 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
369 |
return getCodeSigners(name); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
370 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
371 |
|
| 2 | 372 |
/* |
373 |
* Convert an array of signers into an array of concatenated certificate |
|
374 |
* arrays. |
|
375 |
*/ |
|
376 |
private static java.security.cert.Certificate[] mapSignersToCertArray( |
|
377 |
CodeSigner[] signers) {
|
|
378 |
||
379 |
if (signers != null) {
|
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
380 |
ArrayList<java.security.cert.Certificate> certChains = new ArrayList<>(); |
|
22078
bdec5d53e98c
8030851: Update code in java.util to use newer language features
psandoz
parents:
19598
diff
changeset
|
381 |
for (CodeSigner signer : signers) {
|
| 2 | 382 |
certChains.addAll( |
|
22078
bdec5d53e98c
8030851: Update code in java.util to use newer language features
psandoz
parents:
19598
diff
changeset
|
383 |
signer.getSignerCertPath().getCertificates()); |
| 2 | 384 |
} |
385 |
||
386 |
// Convert into a Certificate[] |
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
387 |
return certChains.toArray( |
| 2 | 388 |
new java.security.cert.Certificate[certChains.size()]); |
389 |
} |
|
390 |
return null; |
|
391 |
} |
|
392 |
||
393 |
/** |
|
394 |
* returns true if there no files to verify. |
|
395 |
* should only be called after all the META-INF entries |
|
396 |
* have been processed. |
|
397 |
*/ |
|
398 |
boolean nothingToVerify() |
|
399 |
{
|
|
400 |
return (anyToVerify == false); |
|
401 |
} |
|
402 |
||
403 |
/** |
|
404 |
* called to let us know we have processed all the |
|
405 |
* META-INF entries, and if we re-read one of them, don't |
|
406 |
* re-process it. Also gets rid of any data structures |
|
407 |
* we needed when parsing META-INF entries. |
|
408 |
*/ |
|
409 |
void doneWithMeta() |
|
410 |
{
|
|
| 9365 | 411 |
parsingMeta = false; |
| 2 | 412 |
anyToVerify = !sigFileSigners.isEmpty(); |
| 9365 | 413 |
baos = null; |
414 |
sigFileData = null; |
|
415 |
pendingBlocks = null; |
|
| 2 | 416 |
signerCache = null; |
417 |
manDig = null; |
|
|
9001
4eb5b77d7425
7023056: NPE from sun.security.util.ManifestEntryVerifier.verify during Maven build
weijun
parents:
8387
diff
changeset
|
418 |
// MANIFEST.MF is always treated as signed and verified, |
|
4eb5b77d7425
7023056: NPE from sun.security.util.ManifestEntryVerifier.verify during Maven build
weijun
parents:
8387
diff
changeset
|
419 |
// move its signers from sigFileSigners to verifiedSigners. |
|
4eb5b77d7425
7023056: NPE from sun.security.util.ManifestEntryVerifier.verify during Maven build
weijun
parents:
8387
diff
changeset
|
420 |
if (sigFileSigners.containsKey(JarFile.MANIFEST_NAME)) {
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
421 |
CodeSigner[] codeSigners = sigFileSigners.remove(JarFile.MANIFEST_NAME); |
|
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
422 |
verifiedSigners.put(JarFile.MANIFEST_NAME, codeSigners); |
|
9001
4eb5b77d7425
7023056: NPE from sun.security.util.ManifestEntryVerifier.verify during Maven build
weijun
parents:
8387
diff
changeset
|
423 |
} |
| 2 | 424 |
} |
425 |
||
426 |
static class VerifierStream extends java.io.InputStream {
|
|
427 |
||
428 |
private InputStream is; |
|
429 |
private JarVerifier jv; |
|
430 |
private ManifestEntryVerifier mev; |
|
431 |
private long numLeft; |
|
432 |
||
433 |
VerifierStream(Manifest man, |
|
434 |
JarEntry je, |
|
435 |
InputStream is, |
|
436 |
JarVerifier jv) throws IOException |
|
437 |
{
|
|
438 |
this.is = is; |
|
439 |
this.jv = jv; |
|
440 |
this.mev = new ManifestEntryVerifier(man); |
|
441 |
this.jv.beginEntry(je, mev); |
|
442 |
this.numLeft = je.getSize(); |
|
443 |
if (this.numLeft == 0) |
|
444 |
this.jv.update(-1, this.mev); |
|
445 |
} |
|
446 |
||
447 |
public int read() throws IOException |
|
448 |
{
|
|
449 |
if (numLeft > 0) {
|
|
450 |
int b = is.read(); |
|
451 |
jv.update(b, mev); |
|
452 |
numLeft--; |
|
453 |
if (numLeft == 0) |
|
454 |
jv.update(-1, mev); |
|
455 |
return b; |
|
456 |
} else {
|
|
457 |
return -1; |
|
458 |
} |
|
459 |
} |
|
460 |
||
461 |
public int read(byte b[], int off, int len) throws IOException {
|
|
462 |
if ((numLeft > 0) && (numLeft < len)) {
|
|
463 |
len = (int)numLeft; |
|
464 |
} |
|
465 |
||
466 |
if (numLeft > 0) {
|
|
467 |
int n = is.read(b, off, len); |
|
468 |
jv.update(n, b, off, len, mev); |
|
469 |
numLeft -= n; |
|
470 |
if (numLeft == 0) |
|
471 |
jv.update(-1, b, off, len, mev); |
|
472 |
return n; |
|
473 |
} else {
|
|
474 |
return -1; |
|
475 |
} |
|
476 |
} |
|
477 |
||
478 |
public void close() |
|
479 |
throws IOException |
|
480 |
{
|
|
481 |
if (is != null) |
|
482 |
is.close(); |
|
483 |
is = null; |
|
484 |
mev = null; |
|
485 |
jv = null; |
|
486 |
} |
|
487 |
||
488 |
public int available() throws IOException {
|
|
489 |
return is.available(); |
|
490 |
} |
|
491 |
||
492 |
} |
|
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
493 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
494 |
// Extended JavaUtilJarAccess CodeSource API Support |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
495 |
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
496 |
private Map<URL, Map<CodeSigner[], CodeSource>> urlToCodeSourceMap = new HashMap<>(); |
|
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
497 |
private Map<CodeSigner[], CodeSource> signerToCodeSource = new HashMap<>(); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
498 |
private URL lastURL; |
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
499 |
private Map<CodeSigner[], CodeSource> lastURLMap; |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
500 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
501 |
/* |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
502 |
* Create a unique mapping from codeSigner cache entries to CodeSource. |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
503 |
* In theory, multiple URLs origins could map to a single locally cached |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
504 |
* and shared JAR file although in practice there will be a single URL in use. |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
505 |
*/ |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
506 |
private synchronized CodeSource mapSignersToCodeSource(URL url, CodeSigner[] signers) {
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
507 |
Map<CodeSigner[], CodeSource> map; |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
508 |
if (url == lastURL) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
509 |
map = lastURLMap; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
510 |
} else {
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
511 |
map = urlToCodeSourceMap.get(url); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
512 |
if (map == null) {
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
513 |
map = new HashMap<>(); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
514 |
urlToCodeSourceMap.put(url, map); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
515 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
516 |
lastURLMap = map; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
517 |
lastURL = url; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
518 |
} |
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
519 |
CodeSource cs = map.get(signers); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
520 |
if (cs == null) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
521 |
cs = new VerifierCodeSource(csdomain, url, signers); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
522 |
signerToCodeSource.put(signers, cs); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
523 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
524 |
return cs; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
525 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
526 |
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
527 |
private CodeSource[] mapSignersToCodeSources(URL url, List<CodeSigner[]> signers, boolean unsigned) {
|
|
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
528 |
List<CodeSource> sources = new ArrayList<>(); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
529 |
|
|
22078
bdec5d53e98c
8030851: Update code in java.util to use newer language features
psandoz
parents:
19598
diff
changeset
|
530 |
for (CodeSigner[] signer : signers) {
|
|
bdec5d53e98c
8030851: Update code in java.util to use newer language features
psandoz
parents:
19598
diff
changeset
|
531 |
sources.add(mapSignersToCodeSource(url, signer)); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
532 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
533 |
if (unsigned) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
534 |
sources.add(mapSignersToCodeSource(url, null)); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
535 |
} |
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
536 |
return sources.toArray(new CodeSource[sources.size()]); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
537 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
538 |
private CodeSigner[] emptySigner = new CodeSigner[0]; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
539 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
540 |
/* |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
541 |
* Match CodeSource to a CodeSigner[] in the signer cache. |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
542 |
*/ |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
543 |
private CodeSigner[] findMatchingSigners(CodeSource cs) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
544 |
if (cs instanceof VerifierCodeSource) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
545 |
VerifierCodeSource vcs = (VerifierCodeSource) cs; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
546 |
if (vcs.isSameDomain(csdomain)) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
547 |
return ((VerifierCodeSource) cs).getPrivateSigners(); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
548 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
549 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
550 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
551 |
/* |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
552 |
* In practice signers should always be optimized above |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
553 |
* but this handles a CodeSource of any type, just in case. |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
554 |
*/ |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
555 |
CodeSource[] sources = mapSignersToCodeSources(cs.getLocation(), getJarCodeSigners(), true); |
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
556 |
List<CodeSource> sourceList = new ArrayList<>(); |
|
22078
bdec5d53e98c
8030851: Update code in java.util to use newer language features
psandoz
parents:
19598
diff
changeset
|
557 |
for (CodeSource source : sources) {
|
|
bdec5d53e98c
8030851: Update code in java.util to use newer language features
psandoz
parents:
19598
diff
changeset
|
558 |
sourceList.add(source); |
| 9365 | 559 |
} |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
560 |
int j = sourceList.indexOf(cs); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
561 |
if (j != -1) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
562 |
CodeSigner[] match; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
563 |
match = ((VerifierCodeSource) sourceList.get(j)).getPrivateSigners(); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
564 |
if (match == null) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
565 |
match = emptySigner; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
566 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
567 |
return match; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
568 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
569 |
return null; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
570 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
571 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
572 |
/* |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
573 |
* Instances of this class hold uncopied references to internal |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
574 |
* signing data that can be compared by object reference identity. |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
575 |
*/ |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
576 |
private static class VerifierCodeSource extends CodeSource {
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
577 |
private static final long serialVersionUID = -9047366145967768825L; |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
578 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
579 |
URL vlocation; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
580 |
CodeSigner[] vsigners; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
581 |
java.security.cert.Certificate[] vcerts; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
582 |
Object csdomain; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
583 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
584 |
VerifierCodeSource(Object csdomain, URL location, CodeSigner[] signers) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
585 |
super(location, signers); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
586 |
this.csdomain = csdomain; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
587 |
vlocation = location; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
588 |
vsigners = signers; // from signerCache |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
589 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
590 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
591 |
VerifierCodeSource(Object csdomain, URL location, java.security.cert.Certificate[] certs) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
592 |
super(location, certs); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
593 |
this.csdomain = csdomain; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
594 |
vlocation = location; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
595 |
vcerts = certs; // from signerCache |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
596 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
597 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
598 |
/* |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
599 |
* All VerifierCodeSource instances are constructed based on |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
600 |
* singleton signerCache or signerCacheCert entries for each unique signer. |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
601 |
* No CodeSigner<->Certificate[] conversion is required. |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
602 |
* We use these assumptions to optimize equality comparisons. |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
603 |
*/ |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
604 |
public boolean equals(Object obj) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
605 |
if (obj == this) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
606 |
return true; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
607 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
608 |
if (obj instanceof VerifierCodeSource) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
609 |
VerifierCodeSource that = (VerifierCodeSource) obj; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
610 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
611 |
/* |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
612 |
* Only compare against other per-signer singletons constructed |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
613 |
* on behalf of the same JarFile instance. Otherwise, compare |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
614 |
* things the slower way. |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
615 |
*/ |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
616 |
if (isSameDomain(that.csdomain)) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
617 |
if (that.vsigners != this.vsigners |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
618 |
|| that.vcerts != this.vcerts) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
619 |
return false; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
620 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
621 |
if (that.vlocation != null) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
622 |
return that.vlocation.equals(this.vlocation); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
623 |
} else if (this.vlocation != null) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
624 |
return this.vlocation.equals(that.vlocation); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
625 |
} else { // both null
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
626 |
return true; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
627 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
628 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
629 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
630 |
return super.equals(obj); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
631 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
632 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
633 |
boolean isSameDomain(Object csdomain) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
634 |
return this.csdomain == csdomain; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
635 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
636 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
637 |
private CodeSigner[] getPrivateSigners() {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
638 |
return vsigners; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
639 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
640 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
641 |
private java.security.cert.Certificate[] getPrivateCertificates() {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
642 |
return vcerts; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
643 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
644 |
} |
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
645 |
private Map<String, CodeSigner[]> signerMap; |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
646 |
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
647 |
private synchronized Map<String, CodeSigner[]> signerMap() {
|
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
648 |
if (signerMap == null) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
649 |
/* |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
650 |
* Snapshot signer state so it doesn't change on us. We care |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
651 |
* only about the asserted signatures. Verification of |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
652 |
* signature validity happens via the JarEntry apis. |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
653 |
*/ |
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
654 |
signerMap = new HashMap<>(verifiedSigners.size() + sigFileSigners.size()); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
655 |
signerMap.putAll(verifiedSigners); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
656 |
signerMap.putAll(sigFileSigners); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
657 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
658 |
return signerMap; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
659 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
660 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
661 |
public synchronized Enumeration<String> entryNames(JarFile jar, final CodeSource[] cs) {
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
662 |
final Map<String, CodeSigner[]> map = signerMap(); |
|
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
663 |
final Iterator<Map.Entry<String, CodeSigner[]>> itor = map.entrySet().iterator(); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
664 |
boolean matchUnsigned = false; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
665 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
666 |
/* |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
667 |
* Grab a single copy of the CodeSigner arrays. Check |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
668 |
* to see if we can optimize CodeSigner equality test. |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
669 |
*/ |
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
670 |
List<CodeSigner[]> req = new ArrayList<>(cs.length); |
|
22078
bdec5d53e98c
8030851: Update code in java.util to use newer language features
psandoz
parents:
19598
diff
changeset
|
671 |
for (CodeSource c : cs) {
|
|
bdec5d53e98c
8030851: Update code in java.util to use newer language features
psandoz
parents:
19598
diff
changeset
|
672 |
CodeSigner[] match = findMatchingSigners(c); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
673 |
if (match != null) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
674 |
if (match.length > 0) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
675 |
req.add(match); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
676 |
} else {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
677 |
matchUnsigned = true; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
678 |
} |
| 23912 | 679 |
} else {
|
680 |
matchUnsigned = true; |
|
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
681 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
682 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
683 |
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
684 |
final List<CodeSigner[]> signersReq = req; |
|
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
685 |
final Enumeration<String> enum2 = (matchUnsigned) ? unsignedEntryNames(jar) : emptyEnumeration; |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
686 |
|
|
29986
97167d851fc4
8078467: Update core libraries to use diamond with anonymous classes
darcy
parents:
25859
diff
changeset
|
687 |
return new Enumeration<>() {
|
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
688 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
689 |
String name; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
690 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
691 |
public boolean hasMoreElements() {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
692 |
if (name != null) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
693 |
return true; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
694 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
695 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
696 |
while (itor.hasNext()) {
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
697 |
Map.Entry<String, CodeSigner[]> e = itor.next(); |
|
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
698 |
if (signersReq.contains(e.getValue())) {
|
|
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
699 |
name = e.getKey(); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
700 |
return true; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
701 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
702 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
703 |
while (enum2.hasMoreElements()) {
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
704 |
name = enum2.nextElement(); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
705 |
return true; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
706 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
707 |
return false; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
708 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
709 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
710 |
public String nextElement() {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
711 |
if (hasMoreElements()) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
712 |
String value = name; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
713 |
name = null; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
714 |
return value; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
715 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
716 |
throw new NoSuchElementException(); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
717 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
718 |
}; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
719 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
720 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
721 |
/* |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
722 |
* Like entries() but screens out internal JAR mechanism entries |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
723 |
* and includes signed entries with no ZIP data. |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
724 |
*/ |
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
725 |
public Enumeration<JarEntry> entries2(final JarFile jar, Enumeration<? extends ZipEntry> e) {
|
|
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
726 |
final Map<String, CodeSigner[]> map = new HashMap<>(); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
727 |
map.putAll(signerMap()); |
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
728 |
final Enumeration<? extends ZipEntry> enum_ = e; |
|
29986
97167d851fc4
8078467: Update core libraries to use diamond with anonymous classes
darcy
parents:
25859
diff
changeset
|
729 |
return new Enumeration<>() {
|
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
730 |
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
731 |
Enumeration<String> signers = null; |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
732 |
JarEntry entry; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
733 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
734 |
public boolean hasMoreElements() {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
735 |
if (entry != null) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
736 |
return true; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
737 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
738 |
while (enum_.hasMoreElements()) {
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
739 |
ZipEntry ze = enum_.nextElement(); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
740 |
if (JarVerifier.isSigningRelated(ze.getName())) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
741 |
continue; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
742 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
743 |
entry = jar.newEntry(ze); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
744 |
return true; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
745 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
746 |
if (signers == null) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
747 |
signers = Collections.enumeration(map.keySet()); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
748 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
749 |
while (signers.hasMoreElements()) {
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
750 |
String name = signers.nextElement(); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
751 |
entry = jar.newEntry(new ZipEntry(name)); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
752 |
return true; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
753 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
754 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
755 |
// Any map entries left? |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
756 |
return false; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
757 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
758 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
759 |
public JarEntry nextElement() {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
760 |
if (hasMoreElements()) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
761 |
JarEntry je = entry; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
762 |
map.remove(je.getName()); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
763 |
entry = null; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
764 |
return je; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
765 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
766 |
throw new NoSuchElementException(); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
767 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
768 |
}; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
769 |
} |
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
770 |
private Enumeration<String> emptyEnumeration = new Enumeration<String>() {
|
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
771 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
772 |
public boolean hasMoreElements() {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
773 |
return false; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
774 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
775 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
776 |
public String nextElement() {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
777 |
throw new NoSuchElementException(); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
778 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
779 |
}; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
780 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
781 |
// true if file is part of the signature mechanism itself |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
782 |
static boolean isSigningRelated(String name) {
|
| 23912 | 783 |
return SignatureFileVerifier.isSigningRelated(name); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
784 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
785 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
786 |
private Enumeration<String> unsignedEntryNames(JarFile jar) {
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
787 |
final Map<String, CodeSigner[]> map = signerMap(); |
|
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
788 |
final Enumeration<JarEntry> entries = jar.entries(); |
|
29986
97167d851fc4
8078467: Update core libraries to use diamond with anonymous classes
darcy
parents:
25859
diff
changeset
|
789 |
return new Enumeration<>() {
|
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
790 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
791 |
String name; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
792 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
793 |
/* |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
794 |
* Grab entries from ZIP directory but screen out |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
795 |
* metadata. |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
796 |
*/ |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
797 |
public boolean hasMoreElements() {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
798 |
if (name != null) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
799 |
return true; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
800 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
801 |
while (entries.hasMoreElements()) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
802 |
String value; |
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
803 |
ZipEntry e = entries.nextElement(); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
804 |
value = e.getName(); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
805 |
if (e.isDirectory() || isSigningRelated(value)) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
806 |
continue; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
807 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
808 |
if (map.get(value) == null) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
809 |
name = value; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
810 |
return true; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
811 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
812 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
813 |
return false; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
814 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
815 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
816 |
public String nextElement() {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
817 |
if (hasMoreElements()) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
818 |
String value = name; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
819 |
name = null; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
820 |
return value; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
821 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
822 |
throw new NoSuchElementException(); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
823 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
824 |
}; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
825 |
} |
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
826 |
private List<CodeSigner[]> jarCodeSigners; |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
827 |
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
828 |
private synchronized List<CodeSigner[]> getJarCodeSigners() {
|
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
829 |
CodeSigner[] signers; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
830 |
if (jarCodeSigners == null) {
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
831 |
HashSet<CodeSigner[]> set = new HashSet<>(); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
832 |
set.addAll(signerMap().values()); |
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
833 |
jarCodeSigners = new ArrayList<>(); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
834 |
jarCodeSigners.addAll(set); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
835 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
836 |
return jarCodeSigners; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
837 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
838 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
839 |
public synchronized CodeSource[] getCodeSources(JarFile jar, URL url) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
840 |
boolean hasUnsigned = unsignedEntryNames(jar).hasMoreElements(); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
841 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
842 |
return mapSignersToCodeSources(url, getJarCodeSigners(), hasUnsigned); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
843 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
844 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
845 |
public CodeSource getCodeSource(URL url, String name) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
846 |
CodeSigner[] signers; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
847 |
|
|
11841
38a39c748880
7143230: fix warnings in java.util.jar, sun.tools.jar, zipfs demo, etc.
smarks
parents:
11119
diff
changeset
|
848 |
signers = signerMap().get(name); |
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
849 |
return mapSignersToCodeSource(url, signers); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
850 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
851 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
852 |
public CodeSource getCodeSource(URL url, JarFile jar, JarEntry je) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
853 |
CodeSigner[] signers; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
854 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
855 |
return mapSignersToCodeSource(url, getCodeSigners(jar, je)); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
856 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
857 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
858 |
public void setEagerValidation(boolean eager) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
859 |
eagerValidation = eager; |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
860 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
861 |
|
|
11119
6ff03c1202ce
7116722: Miscellaneous warnings sun.misc ( and related classes )
chegar
parents:
9365
diff
changeset
|
862 |
public synchronized List<Object> getManifestDigests() {
|
|
8387
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
863 |
return Collections.unmodifiableList(manifestDigests); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
864 |
} |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
865 |
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
866 |
static CodeSource getUnsignedCS(URL url) {
|
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
867 |
return new VerifierCodeSource(null, url, (java.security.cert.Certificate[]) null); |
|
f0fa7bbf889e
6742654: Code insertion/replacement attacks against signed jars
weijun
parents:
5627
diff
changeset
|
868 |
} |
| 2 | 869 |
} |