6876328: different names for the same digest algorithms breaks jarsigner
Reviewed-by: mullan
--- a/jdk/src/share/classes/sun/security/tools/JarSigner.java Mon Aug 31 15:00:04 2009 -0700
+++ b/jdk/src/share/classes/sun/security/tools/JarSigner.java Fri Sep 04 14:58:01 2009 +0800
@@ -1978,20 +1978,35 @@
String[] base64Digests = getDigests(ze, zf, digests, encoder);
for (int i=0; i<digests.length; i++) {
- String name = digests[i].getAlgorithm()+"-Digest";
- String mfDigest = attrs.getValue(name);
- if (mfDigest == null
- && digests[i].getAlgorithm().equalsIgnoreCase("SHA")) {
- // treat "SHA" and "SHA1" the same
- mfDigest = attrs.getValue("SHA-Digest");
+ // The entry name to be written into attrs
+ String name = null;
+ try {
+ // Find if the digest already exists
+ AlgorithmId aid = AlgorithmId.get(digests[i].getAlgorithm());
+ for (Object key: attrs.keySet()) {
+ if (key instanceof Attributes.Name) {
+ String n = ((Attributes.Name)key).toString();
+ if (n.toUpperCase(Locale.ENGLISH).endsWith("-DIGEST")) {
+ String tmp = n.substring(0, n.length() - 7);
+ if (AlgorithmId.get(tmp).equals(aid)) {
+ name = n;
+ break;
+ }
+ }
+ }
+ }
+ } catch (NoSuchAlgorithmException nsae) {
+ // Ignored. Writing new digest entry.
}
- if (mfDigest == null) {
- // compute digest and add it to list of attributes
+
+ if (name == null) {
+ name = digests[i].getAlgorithm()+"-Digest";
attrs.putValue(name, base64Digests[i]);
update=true;
} else {
// compare digests, and replace the one in the manifest
// if they are different
+ String mfDigest = attrs.getValue(name);
if (!mfDigest.equalsIgnoreCase(base64Digests[i])) {
attrs.putValue(name, base64Digests[i]);
update=true;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/tools/jarsigner/nameclash.sh Fri Sep 04 14:58:01 2009 +0800
@@ -0,0 +1,66 @@
+#
+# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+# CA 95054 USA or visit www.sun.com if you need additional information or
+# have any questions.
+#
+
+# @test
+# @bug 6876328
+# @summary different names for the same digest algorithms breaks jarsigner
+#
+
+if [ "${TESTJAVA}" = "" ] ; then
+ JAVAC_CMD=`which javac`
+ TESTJAVA=`dirname $JAVAC_CMD`/..
+fi
+
+# set platform-dependent variables
+OS=`uname -s`
+case "$OS" in
+ Windows_* )
+ FS="\\"
+ ;;
+ * )
+ FS="/"
+ ;;
+esac
+
+KS=nc.jks
+JFILE=nc.jar
+
+KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit -keystore $KS"
+JAR=$TESTJAVA${FS}bin${FS}jar
+JARSIGNER=$TESTJAVA${FS}bin${FS}jarsigner
+
+rm $KS $JFILE
+
+$KT -alias a -dname CN=a -keyalg rsa -genkey -validity 300
+$KT -alias b -dname CN=b -keyalg rsa -genkey -validity 300
+
+echo A > A
+$JAR cvf $JFILE A
+
+$JARSIGNER -keystore $KS -storepass changeit $JFILE a -digestalg SHA1 || exit 1
+$JARSIGNER -keystore $KS -storepass changeit $JFILE b -digestalg SHA-1 || exit 2
+
+$JARSIGNER -keystore $KS -verify -debug -strict $JFILE || exit 3
+
+exit 0
+