On Thu, 13 Jan 2022 12:33:53 GMT, Sean Coffey <coff...@openjdk.org> wrote:
>> If a JAR is signed with multiple digest algorithms and one of the digest >> algorithms is disabled, `ManifestEntryVerifier.verify()` was incorrectly >> returning null indicating that the jar entry has no signers. >> >> This fixes the issue such that an entry is considered signed if at least one >> of the digest algorithms is not disabled and the digest match passes. This >> makes the fix consistent with how multiple digest algorithms are handled in >> the Signature File. This also fixes an issue in the >> `ManifestEntryVerifier.getParams()` method in which it was incorrectly >> checking the algorithm constraints against all signers of a JAR when it >> should check them only against the signers of the entry that is being >> verified. >> >> An additional cache has also been added to avoid checking if the digest >> algorithm is disabled more than once for entries signed by the same set of >> signers. > > src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java line > 212: > >> 210: >> 211: CodeSigner[] entrySigners = sigFileSigners.get(name); >> 212: Map<String, Boolean> permittedAlgs = > > maybe permittedAlgsChecker as variable name ? the Map contains both > permitted and non-permitted algs. `Checker` sounds like it going to do something. But I agree the name could be better. I was mostly being consistent with the `permittedAlgs` variable in `SignatureFileVerifier`. Maybe `algsPermittedStatus`? > src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java line > 239: > >> 237: >> 238: // A non-disabled algorithm was used. >> 239: disabledAlgs = false; > > this usage doesn't seem right. I think it's always set to false no matter > what algs are detected. If all algs are disabled, it will never get here, because it will either continue on line 231 or 234. ------------- PR: https://git.openjdk.java.net/jdk/pull/7056