diff options
author | Kenny Root <kroot@google.com> | 2014-11-13 10:14:46 -0800 |
---|---|---|
committer | Kenny Root <kroot@google.com> | 2014-11-13 16:41:21 -0800 |
commit | ef7f5a16547089a7cdba9e48d780720f606ff54a (patch) | |
tree | 8fc806054b576aec179b4c46536431254deac294 /harmony-tests/src/test/java | |
parent | 258e3d158c9a876307d5111972f7e9f1ad87b076 (diff) | |
download | libcore-ef7f5a16547089a7cdba9e48d780720f606ff54a.zip libcore-ef7f5a16547089a7cdba9e48d780720f606ff54a.tar.gz libcore-ef7f5a16547089a7cdba9e48d780720f606ff54a.tar.bz2 |
JarUtils: stop trying to build chain past candidates length
If the certs in the PKCS#7 bag are in a loop, it will go on forever
trying to build a chain. Instead just stop trying to build the chain
when our chain exceeds the length of the candidates.
Bug: 17972577
Change-Id: If4f92e3eeabe893612a618bab0068a0f8cf75ea9
Diffstat (limited to 'harmony-tests/src/test/java')
-rw-r--r-- | harmony-tests/src/test/java/org/apache/harmony/tests/java/util/jar/JarFileTest.java | 88 |
1 files changed, 71 insertions, 17 deletions
diff --git a/harmony-tests/src/test/java/org/apache/harmony/tests/java/util/jar/JarFileTest.java b/harmony-tests/src/test/java/org/apache/harmony/tests/java/util/jar/JarFileTest.java index f55829d..0bc8920 100644 --- a/harmony-tests/src/test/java/org/apache/harmony/tests/java/util/jar/JarFileTest.java +++ b/harmony-tests/src/test/java/org/apache/harmony/tests/java/util/jar/JarFileTest.java @@ -37,7 +37,14 @@ import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.Enumeration; +import java.util.List; import java.util.Vector; +import java.util.concurrent.Callable; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.concurrent.Future; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.TimeoutException; import java.util.jar.Attributes; import java.util.jar.JarEntry; import java.util.jar.JarFile; @@ -97,6 +104,27 @@ public class JarFileTest extends TestCase { private final String emptyEntryJar = "EmptyEntries_signed.jar"; + /* + * /usr/bin/openssl genrsa 2048 > root1.pem + * /usr/bin/openssl req -new -key root1.pem -out root1.csr -subj '/CN=root1' + * /usr/bin/openssl x509 -req -days 3650 -in root1.csr -signkey root1.pem -out root1.crt + * /usr/bin/openssl genrsa 2048 > root2.pem + * /usr/bin/openssl req -new -key root2.pem -out root2.csr -subj '/CN=root2' + * echo 4000 > root1.srl + * echo 8000 > root2.srl + * /usr/bin/openssl x509 -req -days 3650 -in root2.csr -CA root1.crt -CAkey root1.pem -out root2.crt + * /usr/bin/openssl x509 -req -days 3650 -in root1.csr -CA root2.crt -CAkey root2.pem -out root1.crt + * /usr/bin/openssl genrsa 2048 > signer.pem + * /usr/bin/openssl req -new -key signer.pem -out signer.csr -subj '/CN=signer' + * /usr/bin/openssl x509 -req -days 3650 -in signer.csr -CA root1.crt -CAkey root1.pem -out signer.crt + * /usr/bin/openssl pkcs12 -inkey signer.pem -in signer.crt -export -out signer.p12 -name signer -passout pass:certloop + * keytool -importkeystore -srckeystore signer.p12 -srcstoretype PKCS12 -destkeystore signer.jks -srcstorepass certloop -deststorepass certloop + * cat signer.crt root1.crt root2.crt > chain.crt + * zip -d hyts_certLoop.jar 'META-INF/*' + * jarsigner -keystore signer.jks -certchain chain.crt -storepass certloop hyts_certLoop.jar signer + */ + private final String certLoopJar = "hyts_certLoop.jar"; + private final String emptyEntry1 = "subfolder/internalSubset01.js"; private final String emptyEntry2 = "svgtest.js"; @@ -616,6 +644,9 @@ public class JarFileTest extends TestCase { // JAR with a signature that has PKCS#7 Authenticated Attributes checkSignedJar(authAttrsJar); + + // JAR with certificates that loop + checkSignedJar(certLoopJar, 3); } /** @@ -628,29 +659,52 @@ public class JarFileTest extends TestCase { checkSignedJar(jarName9); } + /** + * Checks that a JAR is signed correctly with a signature length of 1. + */ private void checkSignedJar(String jarName) throws Exception { - Support_Resources.copyFile(resources, null, jarName); + checkSignedJar(jarName, 1); + } - File file = new File(resources, jarName); - boolean foundCerts = false; + /** + * Checks that a JAR is signed correctly with a signature length of sigLength. + */ + private void checkSignedJar(String jarName, final int sigLength) throws Exception { + Support_Resources.copyFile(resources, null, jarName); - JarFile jarFile = new JarFile(file, true); - try { + final File file = new File(resources, jarName); - Enumeration<JarEntry> e = jarFile.entries(); - while (e.hasMoreElements()) { - JarEntry entry = e.nextElement(); - InputStream is = jarFile.getInputStream(entry); - is.skip(100000); - is.close(); - Certificate[] certs = entry.getCertificates(); - if (certs != null && certs.length > 0) { - foundCerts = true; - break; + ExecutorService executor = Executors.newSingleThreadExecutor(); + Future<Boolean> future = executor.submit(new Callable<Boolean>() { + @Override + public Boolean call() throws Exception { + JarFile jarFile = new JarFile(file, true); + try { + Enumeration<JarEntry> e = jarFile.entries(); + while (e.hasMoreElements()) { + JarEntry entry = e.nextElement(); + InputStream is = jarFile.getInputStream(entry); + is.skip(100000); + is.close(); + Certificate[] certs = entry.getCertificates(); + if (certs != null && certs.length > 0) { + assertEquals(sigLength, certs.length); + return true; + } + } + return false; + } finally { + jarFile.close(); } } - } finally { - jarFile.close(); + }); + executor.shutdown(); + final boolean foundCerts; + try { + foundCerts = future.get(10, TimeUnit.SECONDS); + } catch (TimeoutException e) { + fail("Could not finish building chain; possibly confused by loops"); + return; // Not actually reached. } assertTrue( |