Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 4494118d 编写于 作者: W weijun
浏览文件
操作

7081783: jarsigner error when no $HOME/.keystore 

Reviewed-by: xuelei
上级 7b401c4c
隐藏空白更改
内联 并排
Showing with 52 addition and 43 deletion
src/share/classes/sun/security/tools/JarSigner.java
浏览文件 @ 4494118d
...@@ -1506,6 +1506,9 @@ public class JarSigner { ...@@ -1506,6 +1506,9 @@ public class JarSigner {
CertPath cp = certificateFactory.generateCertPath(certs); CertPath cp = certificateFactory.generateCertPath(certs);
validator.validate(cp, pkixParameters); validator.validate(cp, pkixParameters);
} catch (Exception e) { } catch (Exception e) {
if (debug) {
e.printStackTrace();
}
chainNotValidated = true; chainNotValidated = true;
s.append(tab + rb.getString(".CertPath.not.validated.") + s.append(tab + rb.getString(".CertPath.not.validated.") +
e.getLocalizedMessage() + "]\n"); // TODO e.getLocalizedMessage() + "]\n"); // TODO
...@@ -1562,6 +1565,27 @@ public class JarSigner { ...@@ -1562,6 +1565,27 @@ public class JarSigner {
} }
try { try {
certificateFactory = CertificateFactory.getInstance("X.509");
validator = CertPathValidator.getInstance("PKIX");
Set<TrustAnchor> tas = new HashSet<>();
try {
KeyStore caks = KeyTool.getCacertsKeyStore();
if (caks != null) {
Enumeration<String> aliases = caks.aliases();
while (aliases.hasMoreElements()) {
String a = aliases.nextElement();
try {
tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null));
} catch (Exception e2) {
// ignore, when a SecretkeyEntry does not include a cert
}
}
}
} catch (Exception e) {
// Ignore, if cacerts cannot be loaded
}
if (providerName == null) { if (providerName == null) {
store = KeyStore.getInstance(storetype); store = KeyStore.getInstance(storetype);
} else { } else {
...@@ -1580,45 +1604,28 @@ public class JarSigner { ...@@ -1580,45 +1604,28 @@ public class JarSigner {
(rb.getString("Enter.Passphrase.for.keystore.")); (rb.getString("Enter.Passphrase.for.keystore."));
} }
if (nullStream) {
store.load(null, storepass);
} else {
keyStoreName = keyStoreName.replace(File.separatorChar, '/');
URL url = null;
try {
url = new URL(keyStoreName);
} catch (java.net.MalformedURLException e) {
// try as file
url = new File(keyStoreName).toURI().toURL();
}
InputStream is = null;
try {
is = url.openStream();
store.load(is, storepass);
} finally {
if (is != null) {
is.close();
}
}
}
Set<TrustAnchor> tas = new HashSet<>();
try { try {
KeyStore caks = KeyTool.getCacertsKeyStore(); if (nullStream) {
if (caks != null) { store.load(null, storepass);
Enumeration<String> aliases = caks.aliases(); } else {
while (aliases.hasMoreElements()) { keyStoreName = keyStoreName.replace(File.separatorChar, '/');
String a = aliases.nextElement(); URL url = null;
try { try {
tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null)); url = new URL(keyStoreName);
} catch (Exception e2) { } catch (java.net.MalformedURLException e) {
// ignore, when a SecretkeyEntry does not include a cert // try as file
url = new File(keyStoreName).toURI().toURL();
}
InputStream is = null;
try {
is = url.openStream();
store.load(is, storepass);
} finally {
if (is != null) {
is.close();
} }
} }
} }
} catch (Exception e) {
// Ignore, if cacerts cannot be loaded
}
if (store != null) {
Enumeration<String> aliases = store.aliases(); Enumeration<String> aliases = store.aliases();
while (aliases.hasMoreElements()) { while (aliases.hasMoreElements()) {
String a = aliases.nextElement(); String a = aliases.nextElement();
...@@ -1634,14 +1641,13 @@ public class JarSigner { ...@@ -1634,14 +1641,13 @@ public class JarSigner {
// ignore, when a SecretkeyEntry does not include a cert // ignore, when a SecretkeyEntry does not include a cert
} }
} }
} } finally {
certificateFactory = CertificateFactory.getInstance("X.509"); try {
validator = CertPathValidator.getInstance("PKIX"); pkixParameters = new PKIXParameters(tas);
try { pkixParameters.setRevocationEnabled(false);
pkixParameters = new PKIXParameters(tas); } catch (InvalidAlgorithmParameterException ex) {
pkixParameters.setRevocationEnabled(false); // Only if tas is empty
} catch (InvalidAlgorithmParameterException ex) { }
// Only if tas is empty
} }
} catch (IOException ioe) { } catch (IOException ioe) {
throw new RuntimeException(rb.getString("keystore.load.") + throw new RuntimeException(rb.getString("keystore.load.") +
...@@ -1805,6 +1811,9 @@ public class JarSigner { ...@@ -1805,6 +1811,9 @@ public class JarSigner {
CertPath cp = certificateFactory.generateCertPath(Arrays.asList(certChain)); CertPath cp = certificateFactory.generateCertPath(Arrays.asList(certChain));
validator.validate(cp, pkixParameters); validator.validate(cp, pkixParameters);
} catch (Exception e) { } catch (Exception e) {
if (debug) {
e.printStackTrace();
}
chainNotValidated = true; chainNotValidated = true;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册