Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
a1c7a361
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
a1c7a361
编写于
3月 06, 2012
作者:
W
weijun
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
7149012: jarsigner needs not warn about cert expiration if the jar has a TSA timestamp
Reviewed-by: xuelei
上级
bf14ebe9
变更
1
显示空白变更内容
内联
并排
Showing
1 changed file
with
48 addition
and
32 deletion
+48
-32
src/share/classes/sun/security/tools/JarSigner.java
src/share/classes/sun/security/tools/JarSigner.java
+48
-32
未找到文件。
src/share/classes/sun/security/tools/JarSigner.java
浏览文件 @
a1c7a361
...
...
@@ -66,7 +66,7 @@ import sun.misc.BASE64Encoder;
* 0: success
* 1: any error that the jar cannot be signed or verified, including:
* keystore loading error
* TSP commun
ci
ation error
* TSP commun
ic
ation error
* jarsigner command line error...
* otherwise: error codes from -strict
*
...
...
@@ -258,8 +258,7 @@ public class JarSigner {
if
(
hasExpiringCert
)
{
exitCode
|=
2
;
}
if
(
chainNotValidated
)
{
// hasExpiredCert and notYetValidCert included in this case
if
(
chainNotValidated
||
hasExpiredCert
||
notYetValidCert
)
{
exitCode
|=
4
;
}
if
(
badKeyUsage
||
badExtendedKeyUsage
||
badNetscapeCertType
)
{
...
...
@@ -600,7 +599,6 @@ public class JarSigner {
if
(
verbose
!=
null
)
System
.
out
.
println
();
Enumeration
<
JarEntry
>
e
=
entriesVec
.
elements
();
long
now
=
System
.
currentTimeMillis
();
String
tab
=
rb
.
getString
(
"6SPACE"
);
while
(
e
.
hasMoreElements
())
{
...
...
@@ -648,7 +646,7 @@ public class JarSigner {
// signerInfo() must be called even if -verbose
// not provided. The method updates various
// warning flags.
String
si
=
signerInfo
(
signer
,
tab
,
now
);
String
si
=
signerInfo
(
signer
,
tab
);
if
(
showcerts
)
{
sb
.
append
(
si
);
sb
.
append
(
'\n'
);
...
...
@@ -837,7 +835,7 @@ public class JarSigner {
* Note: no newline character at the end
*/
String
printCert
(
String
tab
,
Certificate
c
,
boolean
checkValidityPeriod
,
long
now
,
boolean
checkUsage
)
{
Date
timestamp
,
boolean
checkUsage
)
{
StringBuilder
certStr
=
new
StringBuilder
();
String
space
=
rb
.
getString
(
"SPACE"
);
...
...
@@ -862,22 +860,24 @@ public class JarSigner {
certStr
.
append
(
"\n"
).
append
(
tab
).
append
(
"["
);
Date
notAfter
=
x509Cert
.
getNotAfter
();
try
{
boolean
printValidity
=
true
;
if
(
timestamp
==
null
)
{
x509Cert
.
checkValidity
();
// test if cert will expire within six months
if
(
now
==
0
)
{
now
=
System
.
currentTimeMillis
();
}
if
(
notAfter
.
getTime
()
<
now
+
SIX_MONTHS
)
{
if
(
notAfter
.
getTime
()
<
System
.
currentTimeMillis
()
+
SIX_MONTHS
)
{
hasExpiringCert
=
true
;
if
(
expiringTimeForm
==
null
)
{
expiringTimeForm
=
new
MessageFormat
(
rb
.
getString
(
"certificate.will.expire.on"
));
}
Object
[]
source
=
{
notAfter
};
certStr
.
append
(
expiringTimeForm
.
format
(
source
));
printValidity
=
false
;
}
}
else
{
x509Cert
.
checkValidity
(
timestamp
);
}
if
(
printValidity
)
{
if
(
validityTimeForm
==
null
)
{
validityTimeForm
=
new
MessageFormat
(
rb
.
getString
(
"certificate.is.valid.from"
));
...
...
@@ -1283,7 +1283,7 @@ public class JarSigner {
tsaURI
);
}
System
.
out
.
println
(
rb
.
getString
(
"TSA.certificate."
)
+
printCert
(
""
,
tsaCert
,
false
,
0
,
false
));
printCert
(
""
,
tsaCert
,
false
,
null
,
false
));
}
if
(
signingMechanism
!=
null
)
{
System
.
out
.
println
(
...
...
@@ -1481,23 +1481,27 @@ public class JarSigner {
/**
* Returns a string of singer info, with a newline at the end
*/
private
String
signerInfo
(
CodeSigner
signer
,
String
tab
,
long
now
)
{
private
String
signerInfo
(
CodeSigner
signer
,
String
tab
)
{
if
(
cacheForSignerInfo
.
containsKey
(
signer
))
{
return
cacheForSignerInfo
.
get
(
signer
);
}
StringBuffer
s
=
new
StringBuffer
();
List
<?
extends
Certificate
>
certs
=
signer
.
getSignerCertPath
().
getCertificates
();
// display the signature timestamp, if present
Timestamp
timestamp
=
signer
.
getTimestamp
();
if
(
timestamp
!=
null
)
{
s
.
append
(
printTimestamp
(
tab
,
timestamp
));
Date
timestamp
;
Timestamp
ts
=
signer
.
getTimestamp
();
if
(
ts
!=
null
)
{
s
.
append
(
printTimestamp
(
tab
,
ts
));
s
.
append
(
'\n'
);
timestamp
=
ts
.
getTimestamp
();
}
else
{
timestamp
=
null
;
}
// display the certificate(s). The first one is end-enity cert and
// display the certificate(s). The first one is end-en
t
ity cert and
// its KeyUsage should be checked.
boolean
first
=
true
;
for
(
Certificate
c
:
certs
)
{
s
.
append
(
printCert
(
tab
,
c
,
true
,
now
,
first
));
s
.
append
(
printCert
(
tab
,
c
,
true
,
timestamp
,
first
));
s
.
append
(
'\n'
);
first
=
false
;
}
...
...
@@ -1508,10 +1512,16 @@ public class JarSigner {
if
(
debug
)
{
e
.
printStackTrace
();
}
if
(
e
.
getCause
()
!=
null
&&
(
e
.
getCause
()
instanceof
CertificateExpiredException
||
e
.
getCause
()
instanceof
CertificateNotYetValidException
))
{
// No more warning, we alreay have hasExpiredCert or notYetValidCert
}
else
{
chainNotValidated
=
true
;
s
.
append
(
tab
+
rb
.
getString
(
".CertPath.not.validated."
)
+
e
.
getLocalizedMessage
()
+
"]\n"
);
// TODO
}
}
String
result
=
s
.
toString
();
cacheForSignerInfo
.
put
(
signer
,
result
);
return
result
;
...
...
@@ -1804,7 +1814,7 @@ public class JarSigner {
// We don't meant to print anything, the next call
// checks validity and keyUsage etc
printCert
(
""
,
certChain
[
0
],
true
,
0
,
true
);
printCert
(
""
,
certChain
[
0
],
true
,
null
,
true
);
try
{
CertPath
cp
=
certificateFactory
.
generateCertPath
(
Arrays
.
asList
(
certChain
));
...
...
@@ -1813,8 +1823,14 @@ public class JarSigner {
if
(
debug
)
{
e
.
printStackTrace
();
}
if
(
e
.
getCause
()
!=
null
&&
(
e
.
getCause
()
instanceof
CertificateExpiredException
||
e
.
getCause
()
instanceof
CertificateNotYetValidException
))
{
// No more warning, we alreay have hasExpiredCert or notYetValidCert
}
else
{
chainNotValidated
=
true
;
}
}
try
{
if
(!
token
&&
keypass
==
null
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录