Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 4494118d 编写于 作者: W weijun
浏览文件
操作

7081783: jarsigner error when no $HOME/.keystore 

Reviewed-by: xuelei
上级 7b401c4c
显示空白变更内容
内联 并排
Showing with 52 addition and 43 deletion
src/share/classes/sun/security/tools/JarSigner.java
浏览文件 @ 4494118d
......@@ -1506,6 +1506,9 @@ public class JarSigner {
CertPath cp = certificateFactory.generateCertPath(certs);
validator.validate(cp, pkixParameters);
} catch (Exception e) {
if (debug) {
e.printStackTrace();
}
chainNotValidated = true;
s.append(tab + rb.getString(".CertPath.not.validated.") +
e.getLocalizedMessage() + "]\n"); // TODO
......@@ -1562,6 +1565,27 @@ public class JarSigner {
}
try {
certificateFactory = CertificateFactory.getInstance("X.509");
validator = CertPathValidator.getInstance("PKIX");
Set<TrustAnchor> tas = new HashSet<>();
try {
KeyStore caks = KeyTool.getCacertsKeyStore();
if (caks != null) {
Enumeration<String> aliases = caks.aliases();
while (aliases.hasMoreElements()) {
String a = aliases.nextElement();
try {
tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null));
} catch (Exception e2) {
// ignore, when a SecretkeyEntry does not include a cert
}
}
}
} catch (Exception e) {
// Ignore, if cacerts cannot be loaded
}
if (providerName == null) {
store = KeyStore.getInstance(storetype);
} else {
......@@ -1580,6 +1604,7 @@ public class JarSigner {
(rb.getString("Enter.Passphrase.for.keystore."));
}
try {
if (nullStream) {
store.load(null, storepass);
} else {
......@@ -1601,24 +1626,6 @@ public class JarSigner {
}
}
}
Set<TrustAnchor> tas = new HashSet<>();
try {
KeyStore caks = KeyTool.getCacertsKeyStore();
if (caks != null) {
Enumeration<String> aliases = caks.aliases();
while (aliases.hasMoreElements()) {
String a = aliases.nextElement();
try {
tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null));
} catch (Exception e2) {
// ignore, when a SecretkeyEntry does not include a cert
}
}
}
} catch (Exception e) {
// Ignore, if cacerts cannot be loaded
}
if (store != null) {
Enumeration<String> aliases = store.aliases();
while (aliases.hasMoreElements()) {
String a = aliases.nextElement();
......@@ -1634,15 +1641,14 @@ public class JarSigner {
// ignore, when a SecretkeyEntry does not include a cert
}
}
}
certificateFactory = CertificateFactory.getInstance("X.509");
validator = CertPathValidator.getInstance("PKIX");
} finally {
try {
pkixParameters = new PKIXParameters(tas);
pkixParameters.setRevocationEnabled(false);
} catch (InvalidAlgorithmParameterException ex) {
// Only if tas is empty
}
}
} catch (IOException ioe) {
throw new RuntimeException(rb.getString("keystore.load.") +
ioe.getMessage());
......@@ -1805,6 +1811,9 @@ public class JarSigner {
CertPath cp = certificateFactory.generateCertPath(Arrays.asList(certChain));
validator.validate(cp, pkixParameters);
} catch (Exception e) {
if (debug) {
e.printStackTrace();
}
chainNotValidated = true;
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册