|
 |
6f88fb |
commit 09bcd3ebb639af6cfd83ff2203ffeb80a59cc0eb
|
|
|
6f88fb |
Author: Jiri Vanek <jvanek@redhat.com>
|
|
|
6f88fb |
Date: Fri Jun 28 16:05:35 2019 +0200
|
|
|
6f88fb |
|
|
|
6f88fb |
All files, except signaturre files, are now checked for signatures
|
|
|
6f88fb |
|
|
|
6f88fb |
diff --git a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
|
|
|
6f88fb |
index 759bedfb..cabfb3c5 100644
|
|
|
6f88fb |
--- a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
|
|
|
6f88fb |
+++ b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
|
|
|
6f88fb |
@@ -41,6 +41,7 @@
|
|
|
6f88fb |
import java.util.Map;
|
|
|
6f88fb |
import java.util.Vector;
|
|
|
6f88fb |
import java.util.jar.JarEntry;
|
|
|
6f88fb |
+import java.util.regex.Pattern;
|
|
|
6f88fb |
|
|
|
6f88fb |
import net.sourceforge.jnlp.JARDesc;
|
|
|
6f88fb |
import net.sourceforge.jnlp.JNLPFile;
|
|
|
6f88fb |
@@ -67,6 +68,7 @@
|
|
|
6f88fb |
public class JarCertVerifier implements CertVerifier {
|
|
|
6f88fb |
|
|
|
6f88fb |
private static final String META_INF = "META-INF/";
|
|
|
6f88fb |
+ private static final Pattern SIG = Pattern.compile(".*" + META_INF + "SIG-.*");
|
|
|
6f88fb |
|
|
|
6f88fb |
// prefix for new signature-related files in META-INF directory
|
|
|
6f88fb |
private static final String SIG_PREFIX = META_INF + "SIG-";
|
|
|
6f88fb |
@@ -500,12 +502,20 @@
|
|
|
6f88fb |
|
|
|
6f88fb |
/**
|
|
|
6f88fb |
* Returns whether a file is in META-INF, and thus does not require signing.
|
|
|
6f88fb |
- *
|
|
|
6f88fb |
+ *
|
|
|
6f88fb |
* Signature-related files under META-INF include: . META-INF/MANIFEST.MF . META-INF/SIG-* . META-INF/*.SF . META-INF/*.DSA . META-INF/*.RSA
|
|
|
6f88fb |
*/
|
|
|
6f88fb |
static boolean isMetaInfFile(String name) {
|
|
|
6f88fb |
- String ucName = name.toUpperCase();
|
|
|
6f88fb |
- return ucName.startsWith(META_INF);
|
|
|
6f88fb |
+ if (name.endsWith("class")) {
|
|
|
6f88fb |
+ return false;
|
|
|
6f88fb |
+ }
|
|
|
6f88fb |
+ return name.startsWith(META_INF) && (
|
|
|
6f88fb |
+ name.endsWith(".MF") ||
|
|
|
6f88fb |
+ name.endsWith(".SF") ||
|
|
|
6f88fb |
+ name.endsWith(".DSA") ||
|
|
|
6f88fb |
+ name.endsWith(".RSA") ||
|
|
|
6f88fb |
+ SIG.matcher(name).matches()
|
|
|
6f88fb |
+ );
|
|
|
6f88fb |
}
|
|
|
6f88fb |
|
|
|
6f88fb |
/**
|
|
|
6f88fb |
diff --git a/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java b/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java
|
|
|
6f88fb |
index 4661fb87..44253e08 100644
|
|
|
6f88fb |
--- a/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java
|
|
|
6f88fb |
+++ b/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java
|
|
|
6f88fb |
@@ -58,9 +58,22 @@ public class JarCertVerifierTest {
|
|
|
6f88fb |
@Test
|
|
|
6f88fb |
public void testIsMetaInfFile() {
|
|
|
6f88fb |
final String METAINF = "META-INF";
|
|
|
6f88fb |
+ assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/file.MF"));
|
|
|
6f88fb |
+ assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/file.SF"));
|
|
|
6f88fb |
+ assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/file.DSA"));
|
|
|
6f88fb |
+ assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/file.RSA"));
|
|
|
6f88fb |
+ assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/SIG-blah.blah"));
|
|
|
6f88fb |
+
|
|
|
6f88fb |
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/file.MF.class"));
|
|
|
6f88fb |
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/file.SF.class"));
|
|
|
6f88fb |
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/file.DSA.class"));
|
|
|
6f88fb |
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/file.RSA.class"));
|
|
|
6f88fb |
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/SIG-blah.blah.class"));
|
|
|
6f88fb |
+
|
|
|
6f88fb |
assertFalse(JarCertVerifier.isMetaInfFile("some_dir/" + METAINF + "/filename"));
|
|
|
6f88fb |
assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "filename"));
|
|
|
6f88fb |
- assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/filename"));
|
|
|
6f88fb |
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/filename"));
|
|
|
6f88fb |
+ assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/filename"));
|
|
|
6f88fb |
}
|
|
|
6f88fb |
|
|
|
6f88fb |
class JarCertVerifierEntry extends JarEntry {
|