RFR: 8278851: Correct signer logic for jars signed with multiple digestalgs

Sean Mullan mullan at openjdk.java.net
Thu Jan 13 13:59:30 UTC 2022 

On Thu, 13 Jan 2022 12:33:53 GMT, Sean Coffey <coffeys at openjdk.org> wrote:

>> If a JAR is signed with multiple digest algorithms and one of the digest algorithms is disabled, `ManifestEntryVerifier.verify()` was incorrectly returning null indicating that the jar entry has no signers. 
>> 
>> This fixes the issue such that an entry is considered signed if at least one of the digest algorithms is not disabled and the digest match passes. This makes the fix consistent with how multiple digest algorithms are handled in the Signature File. This also fixes an issue in the `ManifestEntryVerifier.getParams()` method in which it was incorrectly checking the algorithm constraints against all signers of a JAR when it should check them only against the signers of the entry that is being verified. 
>> 
>> An additional cache has also been added to avoid checking if the digest algorithm is disabled more than once for entries signed by the same set of signers.
>
> src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java line 212:
> 
>> 210: 
>> 211:         CodeSigner[] entrySigners = sigFileSigners.get(name);
>> 212:         Map<String, Boolean> permittedAlgs =
> 
> maybe permittedAlgsChecker as variable name ?  the Map contains both permitted and non-permitted algs.

`Checker` sounds like it going to do something. But I agree the name could be better. I was mostly being consistent with the `permittedAlgs` variable in `SignatureFileVerifier`. Maybe `algsPermittedStatus`?

> src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java line 239:
> 
>> 237: 
>> 238:             // A non-disabled algorithm was used.
>> 239:             disabledAlgs = false;
> 
> this usage doesn't seem right. I think it's always set to false no matter what algs are detected.

If all algs are disabled, it will never get here, because it will either continue on line 231 or 234.

-------------

PR: https://git.openjdk.java.net/jdk/pull/7056

More information about the core-libs-dev mailing list