Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 4
Star 2
Fork 0
D
dragonwell8_jdk
提交 5881c952 编写于 作者: W weijun
浏览文件
操作

6890872: keytool -printcert to recognize signed jar files 

Reviewed-by: mullan
上级 cd1f3995
隐藏空白更改
内联 并排
Showing with 140 addition and 2 deletion
src/share/classes/sun/security/tools/JarSigner.java
浏览文件 @ 5881c952
......@@ -1483,6 +1483,7 @@ public class JarSigner {
Timestamp timestamp = signer.getTimestamp();
if (timestamp != null) {
s.append(printTimestamp(tab, timestamp));
s.append('\n');
}
// display the certificate(s)
for (Certificate c : certs) {
......
src/share/classes/sun/security/tools/KeyTool.java
浏览文件 @ 5881c952
......@@ -26,6 +26,7 @@
package sun.security.tools;
import java.io.*;
import java.security.CodeSigner;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
......@@ -34,6 +35,7 @@ import java.security.PublicKey;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.Timestamp;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.Principal;
......@@ -46,6 +48,8 @@ import java.security.cert.CertificateException;
import java.text.Collator;
import java.text.MessageFormat;
import java.util.*;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
import java.lang.reflect.Constructor;
import java.net.URL;
import java.net.URLClassLoader;
......@@ -130,6 +134,7 @@ public final class KeyTool {
private File ksfile = null;
private InputStream ksStream = null; // keystore stream
private String sslserver = null;
private String jarfile = null;
private KeyStore keyStore = null;
private boolean token = false;
private boolean nullStream = false;
......@@ -206,7 +211,7 @@ public final class KeyTool {
"-providername", "-providerclass", "-providerarg",
"-providerpath", "-v", "-protected"),
PRINTCERT("Prints the content of a certificate",
"-rfc", "-file", "-sslserver", "-v"),
"-rfc", "-file", "-sslserver", "-jarfile", "-v"),
PRINTCERTREQ("Prints the content of a certificate request",
"-file", "-v"),
SELFCERT("Generates a self-signed certificate",
......@@ -266,6 +271,7 @@ public final class KeyTool {
{"-srcstorepass", "<arg>", "source keystore password"},
{"-srcstoretype", "<srcstoretype>", "source keystore type"},
{"-sslserver", "<server[:port]>", "SSL server host and port"},
{"-jarfile", "<filename>", "signed jar file"},
{"-startdate", "<startdate>", "certificate validity start date/time"},
{"-storepass", "<arg>", "keystore password"},
{"-storetype", "<storetype>", "keystore type"},
......@@ -453,6 +459,8 @@ public final class KeyTool {
outfilename = args[++i];
} else if (collator.compare(flags, "-sslserver") == 0) {
sslserver = args[++i];
} else if (collator.compare(flags, "-jarfile") == 0) {
jarfile = args[++i];
} else if (collator.compare(flags, "-srckeystore") == 0) {
srcksfname = args[++i];
} else if ((collator.compare(flags, "-provider") == 0) ||
......@@ -2065,7 +2073,71 @@ public final class KeyTool {
}
private void doPrintCert(final PrintStream out) throws Exception {
if (sslserver != null) {
if (jarfile != null) {
JarFile jf = new JarFile(jarfile, true);
Enumeration<JarEntry> entries = jf.entries();
Set<CodeSigner> ss = new HashSet<CodeSigner>();
byte[] buffer = new byte[8192];
int pos = 0;
while (entries.hasMoreElements()) {
JarEntry je = entries.nextElement();
InputStream is = null;
try {
is = jf.getInputStream(je);
while (is.read(buffer) != -1) {
// we just read. this will throw a SecurityException
// if a signature/digest check fails. This also
// populate the signers
}
} finally {
if (is != null) {
is.close();
}
}
CodeSigner[] signers = je.getCodeSigners();
if (signers != null) {
for (CodeSigner signer: signers) {
if (!ss.contains(signer)) {
ss.add(signer);
out.printf(rb.getString("Signer #%d:"), ++pos);
out.println();
out.println();
out.println(rb.getString("Signature:"));
out.println();
for (Certificate cert: signer.getSignerCertPath().getCertificates()) {
X509Certificate x = (X509Certificate)cert;
if (rfc) {
out.println(rb.getString("Certificate owner: ") + x.getSubjectDN() + "\n");
dumpCert(x, out);
} else {
printX509Cert(x, out);
}
out.println();
}
Timestamp ts = signer.getTimestamp();
if (ts != null) {
out.println(rb.getString("Timestamp:"));
out.println();
for (Certificate cert: ts.getSignerCertPath().getCertificates()) {
X509Certificate x = (X509Certificate)cert;
if (rfc) {
out.println(rb.getString("Certificate owner: ") + x.getSubjectDN() + "\n");
dumpCert(x, out);
} else {
printX509Cert(x, out);
}
out.println();
}
}
}
}
}
}
jf.close();
if (ss.size() == 0) {
out.println(rb.getString("Not a signed jar file"));
}
} else if (sslserver != null) {
SSLContext sc = SSLContext.getInstance("SSL");
final boolean[] certPrinted = new boolean[1];
sc.init(null, new TrustManager[] {
......
src/share/classes/sun/security/util/Resources.java
浏览文件 @ 5881c952
......@@ -162,6 +162,8 @@ public class Resources extends java.util.ListResourceBundle {
"source keystore type"}, //-srcstoretype
{"SSL server host and port",
"SSL server host and port"}, //-sslserver
{"signed jar file",
"signed jar file"}, //=jarfile
{"certificate validity start date/time",
"certificate validity start date/time"}, //-startdate
{"keystore password",
......@@ -370,6 +372,13 @@ public class Resources extends java.util.ListResourceBundle {
{"***************** WARNING WARNING WARNING *****************",
"***************** WARNING WARNING WARNING *****************"},
{"Signer #%d:", "Signer #%d:"},
{"Timestamp:", "Timestamp:"},
{"Signature:", "Signature:"},
{"Certificate owner: ", "Certificate owner: "},
{"Not a signed jar file", "Not a signed jar file"},
{"No certificate from the SSL server",
"No certificate from the SSL server"},
// Translators of the following 5 pairs, ATTENTION:
// the next 5 string pairs are meant to be combined into 2 paragraphs,
......
test/sun/security/tools/keytool/readjar.sh 0 → 100644
浏览文件 @ 5881c952
#
# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
# CA 95054 USA or visit www.sun.com if you need additional information or
# have any questions.
#
# @test
# @bug 6890872
# @summary keytool -printcert to recognize signed jar files
#
if [ "${TESTJAVA}" = "" ] ; then
JAVAC_CMD=`which javac`
TESTJAVA=`dirname $JAVAC_CMD`/..
fi
# set platform-dependent variables
OS=`uname -s`
case "$OS" in
Windows_* )
FS="\\"
;;
* )
FS="/"
;;
esac
KS=readjar.jks
rm $KS
$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit -keystore $KS \
-alias x -dname CN=X -genkeypair
$TESTJAVA${FS}bin${FS}jar cvf readjar.jar $KS
$TESTJAVA${FS}bin${FS}jarsigner -storepass changeit -keystore $KS readjar.jar x
$TESTJAVA${FS}bin${FS}keytool -printcert -jarfile readjar.jar || exit 1
$TESTJAVA${FS}bin${FS}keytool -printcert -jarfile readjar.jar -rfc || exit 1
exit 0
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册