Hi,
This fixes PR 24464, which was caused by us needing a security
provider to verify the entries of a signed jar file, but when we are
loading our only possible security provider *from* a signed jar file,
we run into trouble.
This changes the Jar file implementation to always query the `Gnu'
provider when getting cryptographic algorithms, by creating a new
instance of the provider, and passing that to `getInstance.' This
ensures that we will always get the right algorithm, even if the GNU
provider is removed from the providers list.
2006-04-07 Casey Marshall <[EMAIL PROTECTED]>
Fixes PR classpath/24464
* java/util/jar/JarFile.java (verify, verifyHashes,
EntryInputStream.<init>): pass the Gnu provider directly to
`getInstance.'
Thanks.
Index: java/util/jar/JarFile.java
===================================================================
RCS file: /cvsroot/classpath/classpath/java/util/jar/JarFile.java,v
retrieving revision 1.19
diff -u -B -b -r1.19 JarFile.java
--- java/util/jar/JarFile.java 1 Sep 2005 18:13:47 -0000 1.19
+++ java/util/jar/JarFile.java 8 Apr 2006 06:11:55 -0000
@@ -42,6 +42,7 @@
import gnu.java.security.OID;
import gnu.java.security.pkcs.PKCS7SignedData;
import gnu.java.security.pkcs.SignerInfo;
+import gnu.java.security.provider.Gnu;
import java.io.ByteArrayOutputStream;
import java.io.File;
@@ -631,24 +632,25 @@
Signature sig = null;
try
{
+ Gnu provider = new Gnu ();
OID alg = signerInfo.getDigestEncryptionAlgorithmId();
if (alg.equals(DSA_ENCRYPTION_OID))
{
if (!signerInfo.getDigestAlgorithmId().equals(SHA1_OID))
return;
- sig = Signature.getInstance("SHA1withDSA");
+ sig = Signature.getInstance("SHA1withDSA", provider);
}
else if (alg.equals(RSA_ENCRYPTION_OID))
{
OID hash = signerInfo.getDigestAlgorithmId();
if (hash.equals(MD2_OID))
- sig = Signature.getInstance("md2WithRsaEncryption");
+ sig = Signature.getInstance("md2WithRsaEncryption", provider);
else if (hash.equals(MD4_OID))
- sig = Signature.getInstance("md4WithRsaEncryption");
+ sig = Signature.getInstance("md4WithRsaEncryption", provider);
else if (hash.equals(MD5_OID))
- sig = Signature.getInstance("md5WithRsaEncryption");
+ sig = Signature.getInstance("md5WithRsaEncryption", provider);
else if (hash.equals(SHA1_OID))
- sig = Signature.getInstance("sha1WithRsaEncryption");
+ sig = Signature.getInstance("sha1WithRsaEncryption", provider);
else
return;
}
@@ -756,7 +758,7 @@
try
{
byte[] hash = Base64InputStream.decode((String) e.getValue());
- MessageDigest md = MessageDigest.getInstance(alg);
+ MessageDigest md = MessageDigest.getInstance(alg, new Gnu ());
md.update(entryBytes);
byte[] hash2 = md.digest();
if (DEBUG)
@@ -940,7 +942,8 @@
try
{
md.add(MessageDigest.getInstance
- (key.substring(0, key.length() -
DIGEST_KEY_SUFFIX.length())));
+ (key.substring(0, key.length() -
DIGEST_KEY_SUFFIX.length()),
+ new Gnu ()));
}
catch (NoSuchAlgorithmException nsae)
{
