[cp-patches] PATCH: signed JAR support

classpath-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cp-patches] PATCH: signed JAR support

From:	Casey Marshall
Subject:	[cp-patches] PATCH: signed JAR support
Date:	Sun, 12 Sep 2004 20:34:46 -0700
User-agent:	Gnus/5.1002 (Gnus v5.10.2) Emacs/21.2 (gnu/linux)

Hi,

The attached patch provides support for signed Jar files, and modifies
URLClassLoader to use them properly.

This implementation only handles X.509 certificates stored as a PKCS
#7 SignedData objects; the docs state that OpenPGP is also supported
in the standard, but since classpath doesn't support OpenPGP, and I
don't know of anyone who uses it in Java, it is probably ok to omit it
for now.

Comments and test are welcome; this turned out to be a fairly
complicated thing to implement.

Cheers,

2004-09-12  Casey Marshall  <address@hidden>

        Signed JAR file support.

        * java/net/URLClassLoader.java
        (JarURLResource.getCertificates): re-read jar entry to ensure
        certificates are picked up.
        (findClass): fill in class `signers' field, too.

        * java/util/jar/JarFile.java (META_INF): new constant.
        (PKCS7_DSA_SUFFIX): new constant.
        (PKCS7_RSA_SUFFIX): new constant.
        (DIGEST_KEY_SUFFIX): new constant.
        (SF_SUFFIX): new constant.
        (MD2_OID): new constant.
        (MD4_OID): new constant.
        (MD5_OID): new constant.
        (SHA1_OID): new constant.
        (DSA_ENCRYPTION_OID): new constant.
        (RSA_ENCRYPTION_OID): new constant.
        (signaturesRead): new field.
        (verified): new field.
        (entryCerts): new field.
        (DEBUG): new constant.
        (debug): new method.
        (JarEnumeration.nextElement): fill in entry certificates, read
        signatures if they haven't been read.
        (getEntry): likewise.
        (getInputStream): verify stream if it hasn't been verified
        yet.
        (readSignatures): new method.
        (verify): new method.
        (verifyHashes): new method.
        (readManifestEntry): new method.
        (EntryInputStream): new class.

        * java/util/zip/InflaterInputStream.java
        Don't defer to underlying stream for mark/reset.
        (markSupported): new method; return `false'.
        (mark): new method.
        (reset): new method.

        * gnu/java/io/Base64InputStream.java (decode): new class
        method.

        * gnu/java/security/der/DERReader.java: don't make class
        final.
        (in): made protected.
        (encBuf): likewise.
        (readLength): likewise.

        * gnu/java/security/ber/BER.java: new file.
        * gnu/java/security/ber/BEREncodingException.java: new file.
        * gnu/java/security/ber/BERReader.java: new file.
        * gnu/java/security/ber/BERValue.java: new file.
        * gnu/java/security/pkcs/PKCS7SignedData.java: new file.
        * gnu/java/security/pkcs/SignerInfo.java: new file.

-- 
Casey Marshall || address@hidden

signedjar.patch
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

[cp-patches] PATCH: signed JAR support, Casey Marshall <=

Prev by Date: [cp-patches] Patch: FYI: javax.naming.CompoundName serialization fixlet
Next by Date: Re: [cp-patches] Documentation update for java.util.GregorianCalendar
Previous by thread: [cp-patches] Patch: FYI: javax.naming.CompoundName serialization fixlet
Next by thread: [cp-patches] logging.properties fixlet and 0.11 version number update
Index(es):
- Date
- Thread