craigwblake · craigwblake · Aug 9, 2021 · Jul 21, 2021 · Jul 21, 2021 · Jul 27, 2021
diff --git a/src/main/java/org/redline_rpm/Builder.java b/src/main/java/org/redline_rpm/Builder.java
@@ -5,13 +5,15 @@
 import java.io.FileInputStream;
 import java.io.FileReader;
 import java.io.IOException;
+import java.io.OutputStream;
 import java.io.RandomAccessFile;
-import java.lang.reflect.Array;
 import java.net.URL;
 import java.nio.ByteBuffer;
 import java.nio.channels.Channels;
 import java.nio.channels.FileChannel;
 import java.nio.channels.ReadableByteChannel;
+import java.security.DigestOutputStream;
+import java.security.MessageDigest;
 import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.LinkedList;
@@ -57,6 +59,7 @@ public class Builder {
 	private static final int GPGSIZE = 65;
 	private static final int DSASIZE = 65;
 	private static final int SHASIZE = 41;
+	private static final int SHA256_SIZE = 65;
 	private static final int MD5SIZE = 32;
 
 	private static final String DEFAULTSCRIPTPROG = "/bin/sh";
@@ -84,7 +87,7 @@ public class Builder {
 
 	@SuppressWarnings( "unchecked")
 	protected final Entry< byte[]> signature = ( Entry< byte[]>) format.getSignature().addEntry( SIGNATURES, 16);
-	
+
 	@SuppressWarnings( "unchecked")
 	protected final Entry< byte[]> immutable = ( Entry< byte[]>) format.getHeader().addEntry( HEADERIMMUTABLE, 16);
 
@@ -983,7 +986,7 @@ public void addFile( final String path, final File source, final int mode, final
 	public void addFile( final String path, final File source, final int mode, final Directive directive, final String uname, final String gname) throws NoSuchAlgorithmException, IOException {
 		contents.addFile( path, source, mode, directive, uname, gname);
 	}
-	
+
 	/**
 	 * Add the specified file to the repository payload in order.
 	 * The required header entries will automatically be generated
@@ -1297,7 +1300,10 @@ public void build( final FileChannel original) throws NoSuchAlgorithmException,
 		}
 
 		if (0 < contents.size()) {
-			format.getHeader().createEntry(FILEMD5S, contents.getMD5s());
+			String[] checksums = contents.getFileChecksums();
+			format.getHeader().createEntry(FILEDIGESTALGO, 8);
+			format.getHeader().createEntry(PAYLOADDIGESTALGO, 8);
+			format.getHeader().createEntry(FILEDIGESTS, checksums);
 			format.getHeader().createEntry(FILESIZES, contents.getSizes());
 			format.getHeader().createEntry(FILEMODES, contents.getModes());
 			format.getHeader().createEntry(FILERDEVS, contents.getRdevs());
@@ -1314,12 +1320,18 @@ public void build( final FileChannel original) throws NoSuchAlgorithmException,
 		}
 
 		format.getHeader().createEntry( PAYLOADFLAGS, new String[] { "9"});
+		final Entry<String[]> payloadDigest = ( Entry< String[]>) format.getHeader().addEntry( PAYLOADDIGEST, 1);
+		final Entry<String[]> payloadDigestAlt = ( Entry< String[]>) format.getHeader().addEntry( PAYLOADDIGESTALT, 1);
 
 		final Entry< int[]> sigsize = ( Entry< int[]>) format.getSignature().addEntry( LEGACY_SIGSIZE, 1);
 		final Entry< int[]> payload = ( Entry< int[]>) format.getSignature().addEntry( PAYLOADSIZE, 1);
 		final Entry< byte[]> md5 = ( Entry< byte[]>) format.getSignature().addEntry( LEGACY_MD5, 16);
 		final Entry< String[]> sha = ( Entry< String[]>) format.getSignature().addEntry( SHA1HEADER, 1);
+		final Entry<String[]> sha256 = ( Entry< String[]>) format.getSignature().addEntry( SHA256HEADER, 1);
 		sha.setSize( SHASIZE);
+		sha256.setSize(SHA256_SIZE);
+		payloadDigest.setSize(SHA256_SIZE);
+		payloadDigestAlt.setSize(SHA256_SIZE);
 
         SignatureGenerator signatureGenerator = createSignatureGenerator();
         signatureGenerator.prepare( format.getSignature() );
@@ -1331,14 +1343,26 @@ public void build( final FileChannel original) throws NoSuchAlgorithmException,
 		final Key< Integer> sigsizekey = output.start();
 		final Key< byte[]> shakey = output.start( "SHA");
 		final Key< byte[]> md5key = output.start( "MD5");
+		final Key< byte[]> sha256key = output.start( "SHA-256");
         signatureGenerator.startBeforeHeader( output );
-
-		immutable.setValues( getImmutable( format.getHeader().count()));
+		immutable.setValues(getImmutable( format.getHeader().count()));
+		String[] payloadDigestValue =  new String[] { Util.hex(calcPayloadDigest()) };
+		payloadDigest.setValues( payloadDigestValue );
+		payloadDigestAlt.setValues( payloadDigestValue );
 		format.getHeader().write( output);
 		sha.setValues( new String[] { Util.hex( output.finish( shakey))});
-        signatureGenerator.finishAfterHeader( output );
+		sha256.setValues( new String[] { Util.hex( output.finish( sha256key) ) });
+		signatureGenerator.finishAfterHeader( output );
+		int payloadLength = processPayload(Channels.newOutputStream(output));
+		payload.setValues( new int[] { payloadLength });
+		md5.setValues( output.finish( md5key));
+		sigsize.setValues( new int[] { output.finish( sigsizekey)});
+        signatureGenerator.finishAfterPayload( output );
+        format.getSignature().writePending( original);
+	}
 
-		final GZIPOutputStream zip = new GZIPOutputStream( Channels.newOutputStream( output));
+	private int processPayload(OutputStream output) throws IOException {
+		final GZIPOutputStream zip = new GZIPOutputStream(output);
 		final WritableChannelWrapper compressor = new WritableChannelWrapper( Channels.newChannel( zip));
 		final Key< Integer> payloadkey = compressor.start();
 
@@ -1351,7 +1375,7 @@ public void build( final FileChannel original) throws NoSuchAlgorithmException,
 			final String path = header.getName();
 			if ( path.startsWith( "/")) header.setName( "." + path);
 			total = header.write( compressor, total);
-			
+
 			final Object object = contents.getSource( header);
 			if ( object instanceof File) {
 				FileInputStream fin = new FileInputStream(( File) object);
@@ -1376,7 +1400,7 @@ public void build( final FileChannel original) throws NoSuchAlgorithmException,
 				total += header.skip( compressor, target.length());
 			}
 		}
-		
+
 		final CpioHeader trailer = new CpioHeader();
 		trailer.setLast();
 		total = trailer.write( compressor, total);
@@ -1387,13 +1411,20 @@ public void build( final FileChannel original) throws NoSuchAlgorithmException,
 		Util.empty( compressor, ByteBuffer.allocate( pad));
 		length += pad;
 
-		payload.setValues( new int[] { length});
 		zip.finish();
-
-		md5.setValues( output.finish( md5key));
-		sigsize.setValues( new int[] { output.finish( sigsizekey)});
-        signatureGenerator.finishAfterPayload( output );
-		format.getSignature().writePending( original);
+		return length;
+	}
+
+	private byte[] calcPayloadDigest() throws IOException {
+		final MessageDigest digest;
+		try {
+			digest = MessageDigest.getInstance( "SHA-256");
+		} catch ( Exception e) {
+			throw new RuntimeException( e);
+		}
+		DigestOutputStream digestOutputStream = new DigestOutputStream(nullOutputStream(), digest);
+		processPayload(digestOutputStream);
+		return digest.digest();
 	}
 
     protected SignatureGenerator createSignatureGenerator() {
@@ -1439,4 +1470,31 @@ protected int[] convert( final Integer[] ints) {
 		for ( int i : ints) array[ count++] = i;
 		return array;
 	}
+
+	public static OutputStream nullOutputStream() {
+		return new OutputStream() {
+			private volatile boolean closed;
+
+			private void ensureOpen() throws IOException {
+				if (closed) {
+					throw new IOException("Stream closed");
+				}
+			}
+
+			@Override
+			public void write(int b) throws IOException {
+				ensureOpen();
+			}
+
+			@Override
+			public void write(byte b[], int off, int len) throws IOException {
+				ensureOpen();
+			}
+
+			@Override
+			public void close() {
+				closed = true;
+			}
+		};
+	}
 }
diff --git a/src/main/java/org/redline_rpm/header/Header.java b/src/main/java/org/redline_rpm/header/Header.java
@@ -79,7 +79,7 @@ public enum HeaderTag implements Tag {
 		FILEMODES( 1030, INT16_ENTRY, "filemodes"),
 		FILERDEVS( 1033, INT16_ENTRY, "filerdevs"),
 		FILEMTIMES( 1034, INT32_ENTRY, "filemtimes"),
-		FILEMD5S( 1035, STRING_ARRAY_ENTRY, "filemd5s"),
+		FILEDIGESTS( 1035, STRING_ARRAY_ENTRY, "filedigests"),
 		FILELINKTOS( 1036, STRING_ARRAY_ENTRY, "filelinktos"),
 		FILEFLAGS( 1037, INT32_ENTRY, "fileflags"),
 		FILEUSERNAME( 1039, STRING_ARRAY_ENTRY, "fileusername"),
@@ -103,7 +103,15 @@ public enum HeaderTag implements Tag {
 		PROVIDEFLAGS( 1112, INT32_ENTRY, "provideflags"),
 		PROVIDEVERSION( 1113, STRING_ARRAY_ENTRY, "provideversion"),
 		OBSOLETEFLAGS( 1114, INT32_ENTRY, "obsoleteflags"),
-		OBSOLETEVERSION( 1115, STRING_ARRAY_ENTRY, "obsoleteversion");
+		OBSOLETEVERSION( 1115, STRING_ARRAY_ENTRY, "obsoleteversion"),
+		DISTURL( 1123, STRING_ENTRY, "disturl"),
+		DISTTAG( 1155, STRING_ENTRY, "disttag"),
+
+		BUGURL( 5012, STRING_ENTRY, "bugurl"),
+		ENCODING( 5062, STRING_ENTRY, "encoding"),
+		PAYLOADDIGEST( 5092, STRING_ARRAY_ENTRY, "payloaddigest"),
+		PAYLOADDIGESTALGO( 5093, INT32_ENTRY, "payloaddigestalgo"),
+		PAYLOADDIGESTALT( 5097, STRING_ARRAY_ENTRY, "payloaddigestalt");
 
 		private int code;
 		private int type;

diff --git a/src/main/java/org/redline_rpm/header/Signature.java b/src/main/java/org/redline_rpm/header/Signature.java
@@ -21,15 +21,18 @@ public enum SignatureTag implements Tag {
 		GPG( 262, 7, "gpg"),
 		LEGACY_GPG( 1005, 7, "gpg"),
 		PAYLOADSIZE( 1007, 4, "payloadsize"),
+		RESERVEDSPACE( 1008, 4, "reservedspace"),
 		// SHA digest of just the header section
-		SHA1HEADER( 269, 6, "sha1header"),
-		LEGACY_SHA1HEADER( 1010, 6, "sha1header"),
+		SHA1HEADER( 269, STRING_ENTRY, "sha1header"),
+		LEGACY_SHA1HEADER( 1010, STRING_ENTRY, "sha1header"),
 		// DSA signature of just the header section, depends on GPG
 		DSAHEADER( 267, 7, "dsaheader"),
 		LEGACY_DSAHEADER( 1011, 7, "dsaheader"),
 		// RSA signature of just the header section, depends on PGP
 		RSAHEADER( 268, 7, "rsaheader"),
-		LEGACY_RSAHEADER( 1012, 7, "rsaheader");
+		SHA256HEADER( 273, STRING_ENTRY, "sha256header"),
+		LEGACY_RSAHEADER( 1012, 7, "rsaheader"),
+		FILEDIGESTALGO( 5011, INT32_ENTRY, "filedigestalgo");
 
 		private int code;
 		private int type;

diff --git a/src/main/java/org/redline_rpm/payload/Contents.java b/src/main/java/org/redline_rpm/payload/Contents.java
@@ -608,7 +608,7 @@ public int[] getMtimes() {
 	 * @throws NoSuchAlgorithmException if the algorithm isn't supported
 	 * @throws IOException there was an IO error
 	 */
-	public String[] getMD5s() throws NoSuchAlgorithmException, IOException {
+	public String[] getFileChecksums() throws NoSuchAlgorithmException, IOException {
 		/**
 		 * This could be more efficiently handled during the output phase using a filtering channel,
 		 * but would require placeholder values in the archive and some state. This is left for a
@@ -623,14 +623,14 @@ public String[] getMD5s() throws NoSuchAlgorithmException, IOException {
 			if ( object instanceof File) {
 				FileInputStream fileInput = new FileInputStream(( File) object);
 				final ReadableChannelWrapper input = new ReadableChannelWrapper( fileInput.getChannel());
-				final Key< byte[]> key = input.start( "MD5");
+				final Key< byte[]> key = input.start( "SHA-256");
 				while ( input.read( buffer) != -1) buffer.rewind();
 				value = Util.hex(input.finish(key));
 				input.close();
 				fileInput.close();
 			} else if ( object instanceof URL) {
 				final ReadableChannelWrapper input = new ReadableChannelWrapper( Channels.newChannel((( URL) object).openConnection().getInputStream()));
-				final Key< byte[]> key = input.start( "MD5");
+				final Key< byte[]> key = input.start( "SHA-256");
 				while ( input.read( buffer) != -1) buffer.rewind();
 				value = Util.hex(input.finish(key));
 				input.close();