From 4494118d91ab1195516766666d2cfe64937ac123 Mon Sep 17 00:00:00 2001
From: weijun <unknown>
Date: Mon, 5 Sep 2011 11:22:27 +0800
Subject: [PATCH] 7081783: jarsigner error when no $HOME/.keystore Reviewed-by:
 xuelei

---
 .../classes/sun/security/tools/JarSigner.java | 95 ++++++++++---------
 1 file changed, 52 insertions(+), 43 deletions(-)

diff --git a/src/share/classes/sun/security/tools/JarSigner.java b/src/share/classes/sun/security/tools/JarSigner.java
index 7707fa658..ac2ffde9e 100644
--- a/src/share/classes/sun/security/tools/JarSigner.java
+++ b/src/share/classes/sun/security/tools/JarSigner.java
@@ -1506,6 +1506,9 @@ public class JarSigner {
             CertPath cp = certificateFactory.generateCertPath(certs);
             validator.validate(cp, pkixParameters);
         } catch (Exception e) {
+            if (debug) {
+                e.printStackTrace();
+            }
             chainNotValidated = true;
             s.append(tab + rb.getString(".CertPath.not.validated.") +
                     e.getLocalizedMessage() + "]\n");   // TODO
@@ -1562,6 +1565,27 @@ public class JarSigner {
         }
 
         try {
+
+            certificateFactory = CertificateFactory.getInstance("X.509");
+            validator = CertPathValidator.getInstance("PKIX");
+            Set<TrustAnchor> tas = new HashSet<>();
+            try {
+                KeyStore caks = KeyTool.getCacertsKeyStore();
+                if (caks != null) {
+                    Enumeration<String> aliases = caks.aliases();
+                    while (aliases.hasMoreElements()) {
+                        String a = aliases.nextElement();
+                        try {
+                            tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null));
+                        } catch (Exception e2) {
+                            // ignore, when a SecretkeyEntry does not include a cert
+                        }
+                    }
+                }
+            } catch (Exception e) {
+                // Ignore, if cacerts cannot be loaded
+            }
+
             if (providerName == null) {
                 store = KeyStore.getInstance(storetype);
             } else {
@@ -1580,45 +1604,28 @@ public class JarSigner {
                         (rb.getString("Enter.Passphrase.for.keystore."));
             }
 
-            if (nullStream) {
-                store.load(null, storepass);
-            } else {
-                keyStoreName = keyStoreName.replace(File.separatorChar, '/');
-                URL url = null;
-                try {
-                    url = new URL(keyStoreName);
-                } catch (java.net.MalformedURLException e) {
-                    // try as file
-                    url = new File(keyStoreName).toURI().toURL();
-                }
-                InputStream is = null;
-                try {
-                    is = url.openStream();
-                    store.load(is, storepass);
-                } finally {
-                    if (is != null) {
-                        is.close();
-                    }
-                }
-            }
-            Set<TrustAnchor> tas = new HashSet<>();
             try {
-                KeyStore caks = KeyTool.getCacertsKeyStore();
-                if (caks != null) {
-                    Enumeration<String> aliases = caks.aliases();
-                    while (aliases.hasMoreElements()) {
-                        String a = aliases.nextElement();
-                        try {
-                            tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null));
-                        } catch (Exception e2) {
-                            // ignore, when a SecretkeyEntry does not include a cert
+                if (nullStream) {
+                    store.load(null, storepass);
+                } else {
+                    keyStoreName = keyStoreName.replace(File.separatorChar, '/');
+                    URL url = null;
+                    try {
+                        url = new URL(keyStoreName);
+                    } catch (java.net.MalformedURLException e) {
+                        // try as file
+                        url = new File(keyStoreName).toURI().toURL();
+                    }
+                    InputStream is = null;
+                    try {
+                        is = url.openStream();
+                        store.load(is, storepass);
+                    } finally {
+                        if (is != null) {
+                            is.close();
                         }
                     }
                 }
-            } catch (Exception e) {
-                // Ignore, if cacerts cannot be loaded
-            }
-            if (store != null) {
                 Enumeration<String> aliases = store.aliases();
                 while (aliases.hasMoreElements()) {
                     String a = aliases.nextElement();
@@ -1634,14 +1641,13 @@ public class JarSigner {
                         // ignore, when a SecretkeyEntry does not include a cert
                     }
                 }
-            }
-            certificateFactory = CertificateFactory.getInstance("X.509");
-            validator = CertPathValidator.getInstance("PKIX");
-            try {
-                pkixParameters = new PKIXParameters(tas);
-                pkixParameters.setRevocationEnabled(false);
-            } catch (InvalidAlgorithmParameterException ex) {
-                // Only if tas is empty
+            } finally {
+                try {
+                    pkixParameters = new PKIXParameters(tas);
+                    pkixParameters.setRevocationEnabled(false);
+                } catch (InvalidAlgorithmParameterException ex) {
+                    // Only if tas is empty
+                }
             }
         } catch (IOException ioe) {
             throw new RuntimeException(rb.getString("keystore.load.") +
@@ -1805,6 +1811,9 @@ public class JarSigner {
                 CertPath cp = certificateFactory.generateCertPath(Arrays.asList(certChain));
                 validator.validate(cp, pkixParameters);
             } catch (Exception e) {
+                if (debug) {
+                    e.printStackTrace();
+                }
                 chainNotValidated = true;
             }
 
-- 
GitLab