Permalink
Commits on Jul 23, 2018
Commits on Apr 29, 2018
  1. Replaced expired certificates

    KonstantinShemyak committed Apr 29, 2018
    Certificates used for tests were made with too short lifetime and already
    expired. Replaced with lifetime 100 years.
Commits on Mar 24, 2018
  1. Code cleanup, no logic changes

    KonstantinShemyak committed Aug 6, 2017
    - Catch specific exceptions
    - Remove non-existing names from __all__
    - Shorten some >79 character long lines
    - Whitespace cleanup
Commits on Mar 23, 2018
  1. Digest for signature in 'jarutil s' can be specified

    KonstantinShemyak committed Nov 24, 2016
    Option '-d' for 'jarutil s' is handled, i.e. digest algorithm in the
    JAR signature block file can be specified. Example:
    jarutil s -d SHA-512 data.jar cert.pem key.pem ALIAS
    You'd probably also need the manifest to use the same algorithm,
    with python-javatools this can be done by 'manifest -c -d <algorithm> ...'
    
    NOTE: this requires m2crypto commit dc507654. It can be picked at
    https://gitlab.com/KonstantinShemyak/m2crypto/tree/nondefault-digest-for-pkcs7
Commits on Mar 22, 2018
  1. Corrected failing signature verification

    KonstantinShemyak committed Mar 20, 2018
    For JAR signature verification, jarutil uses OpenSSL's PKCS7_verify() function.
    The latter has a particular requriement, relevant only for S/MIME:
      If 'extendedKeyUsage' X509v3 extension is present,
      Then it must contain 'emailProtection' OID.
    This requirement is not relevant for JARs.
    
    The signature verification algorithm is updated to ignore the error, if it is
    caused by absense of 'emailProtection' in the 'extendedKeyUsage'.
Commits on Aug 7, 2017
Commits on Aug 5, 2017
  1. Language clean-up

    KonstantinShemyak committed Aug 5, 2017
Commits on Apr 30, 2017
  1. Added tests for {dist,class,jar}{diff,info}.py

    KonstantinShemyak committed Apr 30, 2017
    The tests only check that options from applicable option groups are accepted.
  2. manifest.py and jarutil.py upgraded to argparse.

    KonstantinShemyak committed Apr 30, 2017
    Command-line interface of "manifest" changed: a single subcommand is the
    first and mandatory argument.
Commits on Apr 6, 2017
Commits on Apr 5, 2017
Commits on Apr 4, 2017
Commits on Apr 1, 2017
  1. Added tests for execution paths in verify().

    KonstantinShemyak committed Apr 1, 2017
    - some "x-Digest-Manifest" entries in .SF file have mismatching checksum, but
      there exist one with matching
    - "x-Digest-Manifest" does not have a valid checksum; but
      "x-Digest-Manifest-Main-Attributes" does, and all file-specific entries do.
  2. Fixed error in verification logic.

    KonstantinShemyak committed Apr 1, 2017
    Commit f88f390 (refactoring javatools/jarutil.py:verify()) introduced an error
    in the logic of signature manifest verification:
    
        if not signature_manifest.verify_manifest_main_checksum(jar_manifest):
            # The above is allowed to fail. If so, second attempt below:
            errors = signature_manifest.verify_manifest_entry_checksums(jar_manifest)
            if len(errors) > 0:
                return ("error message")
    
    The newly introduced verify_manifest_main_checksum() is not the function which
    is allowed to fail. It has misleading name: it checks first the main checksum,
    and then the checksum of the "main attributes". If the first fails, the second
    is not allowed to fail.
    
    Fixed by splitting the function into two and correctly using the parts.
    
    Closes #26.
  3. Key alias is not asked by verify().

    KonstantinShemyak committed Apr 1, 2017
    Instead, META-INF/*.SF file is searched. Only exactly one such is allowed.
    Its basename tells the key alias.
    
    Closes #9.
Commits on Mar 31, 2017
Commits on Mar 30, 2017