diff --git a/.hgtags b/.hgtags index 09950e13f16685539b0e640c1989e70bef04e5fc..04432f993f005706d890b9ee470d0dc2661ba910 100644 --- a/.hgtags +++ b/.hgtags @@ -640,6 +640,7 @@ d689f7b806c89e535f784ba94bea1ae129ee0f19 jdk8u111-b05 c959cff8f7accc5dc2a334a977a95fe1dcb9e812 jdk8u111-b09 1f15a299d2bf9a8bed33a2bdf36745c8238aafbb jdk8u111-b10 28e488c17b7a276e9ce00a0488bbc53094294e14 jdk8u111-b11 +b1304d71a2ec04ae6fa0a46120a5beba40a6f5ba jdk8u111-b12 47e20a90bdbb2327289e330606b73a9fe4dc857e jdk8u112-b00 96393e490afd4acba5b92c5ede68dc9bbb60a38e jdk8u112-b01 b44d695f738baba091370828b84ae2c4cd715c1b jdk8u112-b02 diff --git a/src/share/classes/sun/security/pkcs/SignerInfo.java b/src/share/classes/sun/security/pkcs/SignerInfo.java index 5f131fcac6d03c49a665f0e7e04b23f1db8c4d97..d93a09fa4e748c2cb8a4e82d6f4e7b5a5cc95305 100644 --- a/src/share/classes/sun/security/pkcs/SignerInfo.java +++ b/src/share/classes/sun/security/pkcs/SignerInfo.java @@ -55,6 +55,7 @@ import sun.security.util.DerInputStream; import sun.security.util.DerOutputStream; import sun.security.util.DerValue; import sun.security.util.DisabledAlgorithmConstraints; +import sun.security.util.KeyUtil; import sun.security.util.ObjectIdentifier; import sun.security.x509.AlgorithmId; import sun.security.x509.X500Name; @@ -399,7 +400,9 @@ public class SignerInfo implements DerEncoder { // check if the public key is restricted if (!JAR_DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) { throw new SignatureException("Public key check failed. " + - "Disabled algorithm used: " + key.getAlgorithm()); + "Disabled key used: " + + KeyUtil.getKeySize(key) + " bit " + + key.getAlgorithm()); } if (cert.hasUnsupportedCriticalExtension()) { diff --git a/src/share/classes/sun/security/tools/jarsigner/Main.java b/src/share/classes/sun/security/tools/jarsigner/Main.java index 37b04c9bf8d6b470b1fef206a15dec9270ef042d..961921c1d9f9e1b6397f11c4f3026f4df509c1db 100644 --- a/src/share/classes/sun/security/tools/jarsigner/Main.java +++ b/src/share/classes/sun/security/tools/jarsigner/Main.java @@ -603,6 +603,7 @@ public class Main { } Manifest man = jf.getManifest(); + boolean hasSignature = false; // The map to record display info, only used when -verbose provided // key: signer info string @@ -618,6 +619,10 @@ public class Main { while (e.hasMoreElements()) { JarEntry je = e.nextElement(); String name = je.getName(); + + hasSignature = hasSignature + || SignatureFileVerifier.isBlockOrSF(name); + CodeSigner[] signers = je.getCodeSigners(); boolean isSigned = (signers != null); anySigned |= isSigned; @@ -757,8 +762,11 @@ public class Main { System.out.println(rb.getString("no.manifest.")); if (!anySigned) { - System.out.println(rb.getString( - "jar.is.unsigned.signatures.missing.or.not.parsable.")); + if (hasSignature) { + System.out.println(rb.getString("jar.treated.unsigned")); + } else { + System.out.println(rb.getString("jar.is.unsigned")); + } } else { boolean warningAppeared = false; boolean errorAppeared = false; diff --git a/src/share/classes/sun/security/tools/jarsigner/Resources.java b/src/share/classes/sun/security/tools/jarsigner/Resources.java index db35b1e58553a8658d3d060c55751edbb387abb5..909d573d483b88ad78c3d4e4bbea8aa7288c78f1 100644 --- a/src/share/classes/sun/security/tools/jarsigner/Resources.java +++ b/src/share/classes/sun/security/tools/jarsigner/Resources.java @@ -135,8 +135,10 @@ public class Resources extends java.util.ListResourceBundle { {"no.manifest.", "no manifest."}, {".Signature.related.entries.","(Signature related entries)"}, {".Unsigned.entries.", "(Unsigned entries)"}, - {"jar.is.unsigned.signatures.missing.or.not.parsable.", - "jar is unsigned. (signatures missing or not parsable)"}, + {"jar.is.unsigned", + "jar is unsigned."}, + {"jar.treated.unsigned", + "Signature not parsable or verifiable. The jar will be treated as unsigned. The jar may have been signed with a weak algorithm that is now disabled. For more information, rerun jarsigner with debug enabled (-J-Djava.security.debug=jar)."}, {"jar.signed.", "jar signed."}, {"jar.signed.with.signer.errors.", "jar signed, with signer errors."}, {"jar.verified.", "jar verified."}, diff --git a/test/lib/testlibrary/jdk/testlibrary/OutputAnalyzer.java b/test/lib/testlibrary/jdk/testlibrary/OutputAnalyzer.java index 7c0d36400ba2b13d6e0fb74c3403a4b4c8a57923..b760b9bb7416d3b9d64f5b9babb550ec2d6a10f9 100644 --- a/test/lib/testlibrary/jdk/testlibrary/OutputAnalyzer.java +++ b/test/lib/testlibrary/jdk/testlibrary/OutputAnalyzer.java @@ -90,13 +90,14 @@ public final class OutputAnalyzer { * @throws RuntimeException * If the string was not found */ - public void shouldContain(String expectedString) { + public OutputAnalyzer shouldContain(String expectedString) { if (!stdout.contains(expectedString) && !stderr.contains(expectedString)) { reportDiagnosticSummary(); throw new RuntimeException("'" + expectedString + "' missing from stdout/stderr \n"); } + return this; } /** @@ -107,12 +108,13 @@ public final class OutputAnalyzer { * @throws RuntimeException * If the string was not found */ - public void stdoutShouldContain(String expectedString) { + public OutputAnalyzer stdoutShouldContain(String expectedString) { if (!stdout.contains(expectedString)) { reportDiagnosticSummary(); throw new RuntimeException("'" + expectedString + "' missing from stdout \n"); } + return this; } /** @@ -123,24 +125,25 @@ public final class OutputAnalyzer { * @throws RuntimeException * If the string was not found */ - public void stderrShouldContain(String expectedString) { + public OutputAnalyzer stderrShouldContain(String expectedString) { if (!stderr.contains(expectedString)) { reportDiagnosticSummary(); throw new RuntimeException("'" + expectedString + "' missing from stderr \n"); } + return this; } /** * Verify that the stdout and stderr contents of output buffer does not * contain the string * - * @param expectedString + * @param notExpectedString * String that the buffer should not contain * @throws RuntimeException * If the string was found */ - public void shouldNotContain(String notExpectedString) { + public OutputAnalyzer shouldNotContain(String notExpectedString) { if (stdout.contains(notExpectedString)) { reportDiagnosticSummary(); throw new RuntimeException("'" + notExpectedString @@ -151,23 +154,25 @@ public final class OutputAnalyzer { throw new RuntimeException("'" + notExpectedString + "' found in stderr \n"); } + return this; } /** * Verify that the stdout contents of output buffer does not contain the * string * - * @param expectedString + * @param notExpectedString * String that the buffer should not contain * @throws RuntimeException * If the string was found */ - public void stdoutShouldNotContain(String notExpectedString) { + public OutputAnalyzer stdoutShouldNotContain(String notExpectedString) { if (stdout.contains(notExpectedString)) { reportDiagnosticSummary(); throw new RuntimeException("'" + notExpectedString + "' found in stdout \n"); } + return this; } /** @@ -195,7 +200,7 @@ public final class OutputAnalyzer { * @throws RuntimeException * If the pattern was not found */ - public void shouldMatch(String pattern) { + public OutputAnalyzer shouldMatch(String pattern) { Matcher stdoutMatcher = Pattern.compile(pattern, Pattern.MULTILINE) .matcher(stdout); Matcher stderrMatcher = Pattern.compile(pattern, Pattern.MULTILINE) @@ -205,6 +210,7 @@ public final class OutputAnalyzer { throw new RuntimeException("'" + pattern + "' missing from stdout/stderr \n"); } + return this; } /** @@ -214,7 +220,7 @@ public final class OutputAnalyzer { * @throws RuntimeException * If the pattern was not found */ - public void stdoutShouldMatch(String pattern) { + public OutputAnalyzer stdoutShouldMatch(String pattern) { Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher( stdout); if (!matcher.find()) { @@ -222,6 +228,7 @@ public final class OutputAnalyzer { throw new RuntimeException("'" + pattern + "' missing from stdout \n"); } + return this; } /** @@ -231,7 +238,7 @@ public final class OutputAnalyzer { * @throws RuntimeException * If the pattern was not found */ - public void stderrShouldMatch(String pattern) { + public OutputAnalyzer stderrShouldMatch(String pattern) { Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher( stderr); if (!matcher.find()) { @@ -239,6 +246,7 @@ public final class OutputAnalyzer { throw new RuntimeException("'" + pattern + "' missing from stderr \n"); } + return this; } /** @@ -249,7 +257,7 @@ public final class OutputAnalyzer { * @throws RuntimeException * If the pattern was found */ - public void shouldNotMatch(String pattern) { + public OutputAnalyzer shouldNotMatch(String pattern) { Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher( stdout); if (matcher.find()) { @@ -263,6 +271,7 @@ public final class OutputAnalyzer { throw new RuntimeException("'" + pattern + "' found in stderr: '" + matcher.group() + "' \n"); } + return this; } /** @@ -273,13 +282,14 @@ public final class OutputAnalyzer { * @throws RuntimeException * If the pattern was found */ - public void stdoutShouldNotMatch(String pattern) { + public OutputAnalyzer stdoutShouldNotMatch(String pattern) { Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher( stdout); if (matcher.find()) { reportDiagnosticSummary(); throw new RuntimeException("'" + pattern + "' found in stdout \n"); } + return this; } /** @@ -290,13 +300,14 @@ public final class OutputAnalyzer { * @throws RuntimeException * If the pattern was found */ - public void stderrShouldNotMatch(String pattern) { + public OutputAnalyzer stderrShouldNotMatch(String pattern) { Matcher matcher = Pattern.compile(pattern, Pattern.MULTILINE).matcher( stderr); if (matcher.find()) { reportDiagnosticSummary(); throw new RuntimeException("'" + pattern + "' found in stderr \n"); } + return this; } /** @@ -344,12 +355,13 @@ public final class OutputAnalyzer { * If the exit value from the process did not match the expected * value */ - public void shouldHaveExitValue(int expectedExitValue) { + public OutputAnalyzer shouldHaveExitValue(int expectedExitValue) { if (getExitValue() != expectedExitValue) { reportDiagnosticSummary(); throw new RuntimeException("Expected to get exit value of [" + expectedExitValue + "]\n"); } + return this; } /** @@ -357,11 +369,12 @@ public final class OutputAnalyzer { * - standard input produced by the process under test - standard output - * exit code Note: the command line is printed by the ProcessTools */ - private void reportDiagnosticSummary() { + private OutputAnalyzer reportDiagnosticSummary() { String msg = " stdout: [" + stdout + "];\n" + " stderr: [" + stderr + "]\n" + " exitValue = " + getExitValue() + "\n"; System.err.println(msg); + return this; } /**