提交 b51dd8fc 编写于 作者: W weijun

6890876: jarsigner can add CRL info into signed jar

Reviewed-by: mullan
上级 726b88f9
master 8.0-preview v8.2.2-GA v8.1.1-GA v8.0.0_GA v8.0.0-GA jdk8u252-b06 jdk8u252-b05 jdk8u252-b04 jdk8u252-b03 jdk8u252-b02 jdk8u252-b01 jdk8u252-b00 jdk8u242-ga jdk8u242-b08 jdk8u242-b07 jdk8u242-b06 jdk8u242-b05 jdk8u242-b04 jdk8u242-b03 jdk8u242-b02 jdk8u242-b01 jdk8u242-b00 jdk8u232-ga jdk8u232-b09 jdk8u232-b08 jdk8u232-b07 jdk8u232-b06 jdk8u232-b05 jdk8u232-b04 jdk8u232-b03 jdk8u232-b02 jdk8u232-b01 jdk8u232-b00 jdk8u222-ga jdk8u222-b10 jdk8u222-b09 jdk8u222-b08 jdk8u222-b07 jdk8u222-b06 jdk8u222-b05 jdk8u222-b04 jdk8u222-b03 jdk8u222-b02 jdk8u222-b01 jdk8u222-b00 jdk8u212-ga jdk8u212-b04 jdk8u212-b03 jdk8u212-b02 jdk8u212-b01 jdk8u212-b00 jdk8u202-ga jdk8u202-b26 jdk8u202-b25 jdk8u202-b08 jdk8u202-b07 jdk8u202-b06 jdk8u202-b05 jdk8u202-b04 jdk8u202-b03 jdk8u202-b02 jdk8u202-b01 jdk8u202-b00 jdk8u201-ga jdk8u201-b79 jdk8u201-b77 jdk8u201-b76 jdk8u201-b75 jdk8u201-b74 jdk8u201-b26 jdk8u201-b25 jdk8u201-b09 jdk8u201-b08 jdk8u201-b07 jdk8u201-b06 jdk8u201-b05 jdk8u201-b04 jdk8u201-b03 jdk8u201-b02 jdk8u201-b01 jdk8u201-b00 jdk8u192-b26 jdk8u192-b25 jdk8u192-b12 jdk8u192-b11 jdk8u192-b10 jdk8u192-b09 jdk8u192-b08 jdk8u192-b07 jdk8u192-b06 jdk8u192-b05 jdk8u192-b04 jdk8u192-b03 jdk8u192-b02 jdk8u192-b01 jdk8u192-b00 jdk8u191-b26 jdk8u191-b25 jdk8u191-b12 jdk8u191-b11 jdk8u191-b10 jdk8u191-b09 jdk8u191-b08 jdk8u191-b07 jdk8u191-b06 jdk8u191-b05 jdk8u191-b04 jdk8u191-b03 jdk8u191-b02 jdk8u191-b01 jdk8u191-b00 jdk8u182-b00 jdk8u181-b37 jdk8u181-b36 jdk8u181-b35 jdk8u181-b34 jdk8u181-b33 jdk8u181-b32 jdk8u181-b31 jdk8u181-b13 jdk8u181-b12 jdk8u181-b11 jdk8u181-b10 jdk8u181-b09 jdk8u181-b08 jdk8u181-b07 jdk8u181-b06 jdk8u181-b05 jdk8u181-b04 jdk8u181-b03 jdk8u181-b02 jdk8u181-b01 jdk8u181-b00 jdk8u172-b37 jdk8u172-b36 jdk8u172-b35 jdk8u172-b34 jdk8u172-b33 jdk8u172-b32 jdk8u172-b31 jdk8u172-b11 jdk8u172-b10 jdk8u172-b09 jdk8u172-b08 jdk8u172-b07 jdk8u172-b06 jdk8u172-b05 jdk8u172-b04 jdk8u172-b03 jdk8u172-b02 jdk8u172-b01 jdk8u172-b00 jdk8u171-b11 jdk8u171-b10 jdk8u171-b09 jdk8u171-b08 jdk8u171-b07 jdk8u171-b06 jdk8u171-b05 jdk8u171-b04 jdk8u171-b03 jdk8u171-b02 jdk8u171-b01 jdk8u171-b00 jdk8u162-b38 jdk8u162-b37 jdk8u162-b36 jdk8u162-b35 jdk8u162-b34 jdk8u162-b33 jdk8u162-b32 jdk8u162-b31 jdk8u162-b12 jdk8u162-b11 jdk8u162-b10 jdk8u162-b09 jdk8u162-b08 jdk8u162-b07 jdk8u162-b06 jdk8u162-b05 jdk8u162-b04 jdk8u162-b03 jdk8u162-b02 jdk8u162-b01 jdk8u162-b00 jdk8u161-b12 jdk8u161-b11 jdk8u161-b10 jdk8u161-b09 jdk8u161-b08 jdk8u161-b07 jdk8u161-b06 jdk8u161-b05 jdk8u161-b04 jdk8u161-b03 jdk8u161-b02 jdk8u161-b01 jdk8u161-b00 jdk8u152-b35 jdk8u152-b34 jdk8u152-b33 jdk8u152-b32 jdk8u152-b31 jdk8u152-b16 jdk8u152-b15 jdk8u152-b14 jdk8u152-b13 jdk8u152-b12 jdk8u152-b11 jdk8u152-b10 jdk8u152-b09 jdk8u152-b08 jdk8u152-b07 jdk8u152-b06 jdk8u152-b05 jdk8u152-b04 jdk8u152-b03 jdk8u152-b02 jdk8u152-b01 jdk8u152-b00 jdk8u151-b12 jdk8u151-b11 jdk8u151-b10 jdk8u151-b09 jdk8u151-b08 jdk8u151-b07 jdk8u151-b06 jdk8u151-b05 jdk8u151-b04 jdk8u151-b03 jdk8u151-b02 jdk8u151-b01 jdk8u151-b00 jdk8u144-b34 jdk8u144-b33 jdk8u144-b32 jdk8u144-b31 jdk8u144-b01 jdk8u144-b00 jdk8u141-b32 jdk8u141-b31 jdk8u141-b15 jdk8u141-b14 jdk8u141-b13 jdk8u141-b12 jdk8u141-b11 jdk8u141-b10 jdk8u141-b09 jdk8u141-b08 jdk8u141-b07 jdk8u141-b06 jdk8u141-b05 jdk8u141-b04 jdk8u141-b03 jdk8u141-b02 jdk8u141-b01 jdk8u141-b00 jdk8u132-b00 jdk8u131-b34 jdk8u131-b33 jdk8u131-b32 jdk8u131-b31 jdk8u131-b11 jdk8u131-b10 jdk8u131-b09 jdk8u131-b08 jdk8u131-b07 jdk8u131-b06 jdk8u131-b05 jdk8u131-b04 jdk8u131-b03 jdk8u131-b02 jdk8u131-b01 jdk8u131-b00 jdk8u122-b04 jdk8u122-b03 jdk8u122-b02 jdk8u122-b01 jdk8u122-b00 jdk8u121-b36 jdk8u121-b35 jdk8u121-b34 jdk8u121-b33 jdk8u121-b32 jdk8u121-b31 jdk8u121-b13 jdk8u121-b12 jdk8u121-b11 jdk8u121-b10 jdk8u121-b09 jdk8u121-b08 jdk8u121-b07 jdk8u121-b06 jdk8u121-b05 jdk8u121-b04 jdk8u121-b03 jdk8u121-b02 jdk8u121-b01 jdk8u121-b00 jdk8u112-b33 jdk8u112-b32 jdk8u112-b31 jdk8u112-b16 jdk8u112-b15 jdk8u112-b14 jdk8u112-b13 jdk8u112-b12 jdk8u112-b11 jdk8u112-b10 jdk8u112-b09 jdk8u112-b08 jdk8u112-b07 jdk8u112-b06 jdk8u112-b04 jdk8u112-b03 jdk8u112-b02 jdk8u112-b01 jdk8u112-b00 jdk8u111-b14 jdk8u111-b13 jdk8u111-b12 jdk8u111-b11 jdk8u111-b10 jdk8u111-b09 jdk8u111-b08 jdk8u111-b07 jdk8u111-b06 jdk8u111-b05 jdk8u111-b04 jdk8u111-b03 jdk8u111-b02 jdk8u111-b01 jdk8u111-b00 jdk8u102-b35 jdk8u102-b34 jdk8u102-b33 jdk8u102-b32 jdk8u102-b31 jdk8u102-b14 jdk8u102-b13 jdk8u102-b12 jdk8u102-b11 jdk8u102-b10 jdk8u102-b09 jdk8u102-b08 jdk8u102-b07 jdk8u102-b06 jdk8u102-b05 jdk8u102-b04 jdk8u102-b03 jdk8u102-b02 jdk8u102-b01 jdk8u102-b00 jdk8u101-b13 jdk8u101-b12 jdk8u101-b11 jdk8u101-b10 jdk8u101-b09 jdk8u101-b08 jdk8u101-b07 jdk8u101-b06 jdk8u101-b05 jdk8u101-b04 jdk8u101-b03 jdk8u101-b02 jdk8u101-b01 jdk8u101-b00 jdk8u92-b34 jdk8u92-b33 jdk8u92-b32 jdk8u92-b31 jdk8u92-b14 jdk8u92-b13 jdk8u92-b00 jdk8u91-b15 jdk8u91-b14 jdk8u91-b13 jdk8u91-b00 jdk8u82-b00 jdk8u81-b00 jdk8u77-b31 jdk8u77-b03 jdk8u77-b02 jdk8u77-b01 jdk8u77-b00 jdk8u76-b12 jdk8u76-b11 jdk8u76-b10 jdk8u76-b09 jdk8u76-b08 jdk8u76-b07 jdk8u76-b06 jdk8u76-b05 jdk8u76-b04 jdk8u76-b03 jdk8u76-b02 jdk8u76-b01 jdk8u76-b00 jdk8u75-b12 jdk8u75-b10 jdk8u75-b09 jdk8u75-b08 jdk8u75-b07 jdk8u75-b06 jdk8u75-b05 jdk8u75-b04 jdk8u75-b03 jdk8u75-b02 jdk8u75-b01 jdk8u75-b00 jdk8u74-b32 jdk8u74-b31 jdk8u74-b02 jdk8u74-b01 jdk8u74-b00 jdk8u73-b02 jdk8u73-b01 jdk8u73-b00 jdk8u72-b31 jdk8u72-b15 jdk8u72-b14 jdk8u72-b13 jdk8u72-b12 jdk8u72-b11 jdk8u72-b10 jdk8u72-b09 jdk8u72-b08 jdk8u72-b07 jdk8u72-b06 jdk8u72-b05 jdk8u72-b04 jdk8u72-b03 jdk8u72-b02 jdk8u72-b01 jdk8u72-b00 jdk8u71-b15 jdk8u71-b14 jdk8u71-b13 jdk8u71-b12 jdk8u71-b11 jdk8u71-b10 jdk8u71-b09 jdk8u71-b08 jdk8u71-b07 jdk8u71-b06 jdk8u71-b05 jdk8u71-b04 jdk8u71-b03 jdk8u71-b02 jdk8u71-b01 jdk8u71-b00 jdk8u66-b36 jdk8u66-b35 jdk8u66-b34 jdk8u66-b33 jdk8u66-b32 jdk8u66-b31 jdk8u66-b18 jdk8u66-b17 jdk8u66-b16 jdk8u66-b15 jdk8u66-b14 jdk8u66-b13 jdk8u66-b12 jdk8u66-b11 jdk8u66-b10 jdk8u66-b09 jdk8u66-b08 jdk8u66-b07 jdk8u66-b02 jdk8u66-b01 jdk8u66-b00 jdk8u65-b17 jdk8u65-b16 jdk8u65-b15 jdk8u65-b14 jdk8u65-b13 jdk8u65-b12 jdk8u65-b11 jdk8u65-b10 jdk8u65-b09 jdk8u65-b08 jdk8u65-b07 jdk8u65-b06 jdk8u65-b05 jdk8u65-b04 jdk8u65-b03 jdk8u65-b02 jdk8u65-b01 jdk8u65-b00 jdk8u60-b32 jdk8u60-b31 jdk8u60-b27 jdk8u60-b26 jdk8u60-b25 jdk8u60-b24 jdk8u60-b23 jdk8u60-b22 jdk8u60-b21 jdk8u60-b20 jdk8u60-b19 jdk8u60-b18 jdk8u60-b17 jdk8u60-b16 jdk8u60-b15 jdk8u60-b14 jdk8u60-b13 jdk8u60-b12 jdk8u60-b11 jdk8u60-b10 jdk8u60-b09 jdk8u60-b08 jdk8u60-b07 jdk8u60-b06 jdk8u60-b05 jdk8u60-b04 jdk8u60-b03 jdk8u60-b02 jdk8u60-b01 jdk8u60-b00 jdk8u51-b34 jdk8u51-b33 jdk8u51-b32 jdk8u51-b31 jdk8u51-b16 jdk8u51-b15 jdk8u51-b14 jdk8u51-b13 jdk8u51-b12 jdk8u51-b11 jdk8u51-b10 jdk8u51-b09 jdk8u51-b08 jdk8u51-b07 jdk8u51-b06 jdk8u51-b05 jdk8u51-b04 jdk8u51-b03 jdk8u51-b02 jdk8u51-b01 jdk8u51-b00 jdk8u45-b37 jdk8u45-b36 jdk8u45-b35 jdk8u45-b34 jdk8u45-b33 jdk8u45-b32 jdk8u45-b31 jdk8u45-b15 jdk8u45-b14 jdk8u45-b13 jdk8u45-b12 jdk8u45-b11 jdk8u45-b10 jdk8u45-b09 jdk8u45-b08 jdk8u45-b07 jdk8u45-b06 jdk8u45-b05 jdk8u45-b04 jdk8u45-b03 jdk8u45-b02 jdk8u45-b01 jdk8u45-b00 jdk8u40-b33 jdk8u40-b32 jdk8u40-b31 jdk8u40-b27 jdk8u40-b26 jdk8u40-b25 jdk8u40-b24 jdk8u40-b23 jdk8u40-b22 jdk8u40-b21 jdk8u40-b20 jdk8u40-b19 jdk8u40-b18 jdk8u40-b17 jdk8u40-b16 jdk8u40-b15 jdk8u40-b14 jdk8u40-b13 jdk8u40-b12 jdk8u40-b11 jdk8u40-b10 jdk8u40-b09 jdk8u40-b08 jdk8u40-b07 jdk8u40-b06 jdk8u40-b05 jdk8u40-b04 jdk8u40-b03 jdk8u40-b02 jdk8u40-b01 jdk8u40-b00 jdk8u31-b34 jdk8u31-b33 jdk8u31-b32 jdk8u31-b31 jdk8u31-b15 jdk8u31-b14 jdk8u31-b13 jdk8u31-b12 jdk8u31-b11 jdk8u31-b10 jdk8u31-b09 jdk8u31-b08 jdk8u31-b07 jdk8u31-b06 jdk8u31-b05 jdk8u31-b04 jdk8u31-b03 jdk8u31-b02 jdk8u31-b01 jdk8u31-b00 jdk8u25-b33 jdk8u25-b32 jdk8u25-b31 jdk8u25-b18 jdk8u25-b17 jdk8u25-b16 jdk8u25-b15 jdk8u25-b14 jdk8u25-b13 jdk8u25-b12 jdk8u25-b11 jdk8u25-b10 jdk8u25-b09 jdk8u25-b08 jdk8u25-b07 jdk8u25-b06 jdk8u25-b05 jdk8u25-b04 jdk8u25-b03 jdk8u25-b02 jdk8u25-b01 jdk8u25-b00 jdk8u20-b32 jdk8u20-b31 jdk8u20-b26 jdk8u20-b25 jdk8u20-b24 jdk8u20-b23 jdk8u20-b22 jdk8u20-b21 jdk8u20-b20 jdk8u20-b19 jdk8u20-b18 jdk8u20-b17 jdk8u20-b16 jdk8u20-b15 jdk8u20-b14 jdk8u20-b13 jdk8u20-b12 jdk8u20-b11 jdk8u20-b10 jdk8u20-b09 jdk8u20-b08 jdk8u20-b07 jdk8u20-b06 jdk8u20-b05 jdk8u20-b04 jdk8u20-b03 jdk8u20-b02 jdk8u20-b01 jdk8u20-b00 jdk8u11-b31 jdk8u11-b12 jdk8u11-b11 jdk8u11-b10 jdk8u11-b09 jdk8u11-b08 jdk8u11-b07 jdk8u11-b06 jdk8u11-b05 jdk8u11-b04 jdk8u11-b03 jdk8u11-b02 jdk8u11-b01 jdk8u11-b00 jdk8u5-b31 jdk8u5-b13 jdk8u5-b12 jdk8u5-b11 jdk8u5-b10 jdk8u5-b09 jdk8u5-b08 jdk8u5-b07 jdk8u5-b06 jdk8u5-b05 jdk8u5-b04 jdk8u5-b03 jdk8u5-b02 jdk8u5-b01 jdk8-b132 jdk8-b131 jdk8-b130 jdk8-b129 jdk8-b128 jdk8-b127 jdk8-b126 jdk8-b125 jdk8-b124 jdk8-b123 jdk8-b122 jdk8-b121 jdk8-b120 jdk8-b119 jdk8-b118 jdk8-b117 jdk8-b116 jdk8-b115 jdk8-b114 jdk8-b113 jdk8-b112 jdk8-b111 jdk8-b110 jdk8-b109 jdk8-b108 jdk8-b107 jdk8-b106 jdk8-b105 jdk8-b104 jdk8-b103 jdk8-b102 jdk8-b101 jdk8-b100 jdk8-b99 jdk8-b98 jdk8-b97 jdk8-b96 jdk8-b95 jdk8-b94 jdk8-b93 jdk8-b92 jdk8-b91 jdk8-b90 jdk8-b89 jdk8-b88 jdk8-b87 jdk8-b86 jdk8-b85 jdk8-b84 jdk8-b83 jdk8-b82 jdk8-b81 jdk8-b80 jdk8-b79 jdk8-b78 jdk8-b77 jdk8-b76 jdk8-b75 jdk8-b74 jdk8-b73 jdk8-b72 jdk8-b71 jdk8-b70 jdk8-b69 jdk8-b68 jdk8-b67 jdk8-b66 jdk8-b65 jdk8-b64 jdk8-b63 jdk8-b62 jdk8-b61 jdk8-b60 jdk8-b59 jdk8-b58 jdk8-b57 jdk8-b56 jdk8-b55 jdk8-b54 jdk8-b53 jdk8-b52 jdk8-b51 jdk8-b50 jdk8-b49 jdk8-b48 jdk8-b47 jdk8-b46 jdk8-b45 jdk8-b44 jdk8-b43 jdk8-b42 jdk8-b41 jdk8-b40 jdk8-b39 jdk8-b38 jdk8-b37 jdk8-b36 jdk8-b35 jdk8-b34 jdk8-b33 jdk8-b32 jdk8-b31 jdk8-b30 jdk8-b29 jdk8-b28 jdk8-b27 jdk8-b26 jdk8-b25 jdk8-b24 jdk8-b23 jdk8-b22 jdk8-b21 jdk8-b20 jdk8-b19 jdk8-b18 jdk8-b17 jdk8-b16 jdk8-b15 jdk8-b14 jdk8-b13 jdk8-b12 jdk8-b11 jdk8-b10 jdk8-b09 jdk8-b08 jdk8-b07 jdk8-b06 jdk8-b05 jdk8-b04 jdk8-b03 jdk8-b02 jdk8-b01 jdk7-b147 jdk7-b146 jdk7-b145 jdk7-b144 jdk7-b143 jdk7-b142 jdk7-b141 jdk7-b140 jdk7-b139 jdk7-b138 jdk7-b137 jdk7-b136 jdk7-b135 jdk7-b134 jdk7-b133 jdk7-b132 jdk7-b131 jdk7-b130 jdk7-b129 jdk7-b128 jdk7-b127 jdk7-b126 jdk7-b125 jdk7-b124 jdk7-b123 jdk7-b122 jdk7-b121 jdk7-b120 jdk7-b119 jdk7-b118 jdk7-b117 jdk7-b116 jdk7-b115 jdk7-b114 jdk7-b113 jdk7-b112 jdk7-b111 jdk7-b110 jdk7-b109 jdk7-b108 jdk7-b107 jdk7-b106 jdk7-b105 jdk7-b104 jdk7-b103 jdk7-b102 jdk7-b101 jdk7-b100 jdk7-b99 jdk7-b98 jdk7-b97 jdk7-b96 jdk7-b95 jdk7-b94 dragonwell-8.4.4_jdk8u262-ga dragonwell-8.4.4_jdk8u262-b10 dragonwell-8.3.3-GA
无相关合并请求
/*
* Copyright 2003 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2003-2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -26,7 +26,9 @@
package com.sun.jarsigner;
import java.net.URI;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Set;
import java.util.zip.ZipFile;
/**
......@@ -80,6 +82,13 @@ public interface ContentSignerParameters {
*/
public X509Certificate[] getSignerCertificateChain();
/**
* Retrieves the signer's X.509 CRLs.
*
* @return An unmodifiable set of X.509 CRLs (never <code>null</code>)
*/
public Set<X509CRL> getCRLs();
/**
* Retrieves the content that was signed.
* The content is the JAR file's signature file.
......
/*
* Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2003-2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -26,7 +26,10 @@
package java.security;
import java.io.Serializable;
import java.security.cert.CRL;
import java.security.cert.CertPath;
import sun.misc.JavaSecurityCodeSignerAccess;
import sun.misc.SharedSecrets;
/**
* This class encapsulates information about a code signer.
......@@ -163,4 +166,43 @@ public final class CodeSigner implements Serializable {
sb.append(")");
return sb.toString();
}
// A private attribute attached to this CodeSigner object. Can be accessed
// through SharedSecrets.getJavaSecurityCodeSignerAccess().[g|s]etCRLs
//
// Currently called in SignatureFileVerifier.getSigners
private transient CRL[] crls;
/**
* Sets the CRLs attached
* @param crls, null to clear
*/
void setCRLs(CRL[] crls) {
this.crls = crls;
}
/**
* Returns the CRLs attached
* @return the crls, initially null
*/
CRL[] getCRLs() {
return crls;
}
// Set up JavaSecurityCodeSignerAccess in SharedSecrets
static {
SharedSecrets.setJavaSecurityCodeSignerAccess(
new JavaSecurityCodeSignerAccess() {
@Override
public void setCRLs(CodeSigner signer, CRL[] crls) {
signer.setCRLs(crls);
}
@Override
public CRL[] getCRLs(CodeSigner signer) {
return signer.getCRLs();
}
});
}
}
/*
* Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 1997-2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -27,7 +27,6 @@ package java.util.jar;
import java.io.*;
import java.util.*;
import java.util.zip.*;
import java.security.*;
import java.security.cert.CertificateException;
......
/*
* Copyright 2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package sun.misc;
import java.security.CodeSigner;
import java.security.cert.CRL;
public interface JavaSecurityCodeSignerAccess {
void setCRLs(CodeSigner signer, CRL[] crls);
CRL[] getCRLs(CodeSigner signer);
}
......@@ -27,8 +27,8 @@ package sun.misc;
import java.util.jar.JarFile;
import java.io.Console;
import java.io.File;
import java.io.FileDescriptor;
import java.security.CodeSigner;
import java.security.ProtectionDomain;
/** A repository of "shared secrets", which are a mechanism for
......@@ -49,6 +49,7 @@ public class SharedSecrets {
private static JavaNioAccess javaNioAccess;
private static JavaIOFileDescriptorAccess javaIOFileDescriptorAccess;
private static JavaSecurityProtectionDomainAccess javaSecurityProtectionDomainAccess;
private static JavaSecurityCodeSignerAccess javaSecurityCodeSignerAccess;
public static JavaUtilJarAccess javaUtilJarAccess() {
if (javaUtilJarAccess == null) {
......@@ -126,4 +127,16 @@ public class SharedSecrets {
unsafe.ensureClassInitialized(ProtectionDomain.class);
return javaSecurityProtectionDomainAccess;
}
public static void setJavaSecurityCodeSignerAccess
(JavaSecurityCodeSignerAccess jscsa) {
javaSecurityCodeSignerAccess = jscsa;
}
public static JavaSecurityCodeSignerAccess
getJavaSecurityCodeSignerAccess() {
if (javaSecurityCodeSignerAccess == null)
unsafe.ensureClassInitialized(CodeSigner.class);
return javaSecurityCodeSignerAccess;
}
}
/*
* Copyright 1996-2006 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 1996-2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -28,7 +28,6 @@ package sun.security.pkcs;
import java.io.*;
import java.math.BigInteger;
import java.util.*;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
......@@ -173,20 +172,30 @@ public class PKCS7 {
* @param digestAlgorithmIds the message digest algorithm identifiers.
* @param contentInfo the content information.
* @param certificates an array of X.509 certificates.
* @param crls an array of CRLs
* @param signerInfos an array of signer information.
*/
public PKCS7(AlgorithmId[] digestAlgorithmIds,
ContentInfo contentInfo,
X509Certificate[] certificates,
X509CRL[] crls,
SignerInfo[] signerInfos) {
version = BigInteger.ONE;
this.digestAlgorithmIds = digestAlgorithmIds;
this.contentInfo = contentInfo;
this.certificates = certificates;
this.crls = crls;
this.signerInfos = signerInfos;
}
public PKCS7(AlgorithmId[] digestAlgorithmIds,
ContentInfo contentInfo,
X509Certificate[] certificates,
SignerInfo[] signerInfos) {
this(digestAlgorithmIds, contentInfo, certificates, null, signerInfos);
}
private void parseNetscapeCertChain(DerValue val)
throws ParsingException, IOException {
DerInputStream dis = new DerInputStream(val.toByteArray());
......@@ -312,7 +321,7 @@ public class PKCS7 {
ByteArrayInputStream bais = null;
try {
if (certfac == null)
crls[i] = (X509CRL) new X509CRLImpl(crlVals[i]);
crls[i] = new X509CRLImpl(crlVals[i]);
else {
byte[] encoded = crlVals[i].toByteArray();
bais = new ByteArrayInputStream(encoded);
......@@ -480,7 +489,30 @@ public class PKCS7 {
signedData.putOrderedSetOf((byte)0xA0, implCerts);
}
// no crls (OPTIONAL field)
// CRLs (optional)
if (crls != null && crls.length != 0) {
// cast to X509CRLImpl[] since X509CRLImpl implements DerEncoder
Set<X509CRLImpl> implCRLs = new HashSet<X509CRLImpl>(crls.length);
for (X509CRL crl: crls) {
if (crl instanceof X509CRLImpl)
implCRLs.add((X509CRLImpl) crl);
else {
try {
byte[] encoded = crl.getEncoded();
implCRLs.add(new X509CRLImpl(encoded));
} catch (CRLException ce) {
IOException ie = new IOException(ce.getMessage());
ie.initCause(ce);
throw ie;
}
}
}
// Add the CRL set (tagged with [1] IMPLICIT)
// to the signed data
signedData.putOrderedSetOf((byte)0xA1,
implCRLs.toArray(new X509CRLImpl[implCRLs.size()]));
}
// signerInfos
signedData.putOrderedSetOf(DerValue.tag_Set, signerInfos);
......
......@@ -26,6 +26,7 @@
package sun.security.tools;
import java.io.*;
import java.security.cert.X509CRL;
import java.util.*;
import java.util.zip.*;
import java.util.jar.*;
......@@ -35,6 +36,7 @@ import java.net.URISyntaxException;
import java.text.Collator;
import java.text.MessageFormat;
import java.security.cert.Certificate;
import java.security.cert.CRL;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
import java.security.*;
......@@ -56,6 +58,7 @@ import java.util.Map.Entry;
import sun.security.x509.*;
import sun.security.util.*;
import sun.misc.BASE64Encoder;
import sun.misc.SharedSecrets;
/**
......@@ -114,14 +117,16 @@ public class JarSigner {
static final int SIGNED_BY_ALIAS = 0x08; // signer is in alias list
X509Certificate[] certChain; // signer's cert chain (when composing)
Set<X509CRL> crls; // signer provided CRLs
PrivateKey privateKey; // private key
KeyStore store; // the keystore specified by -keystore
// or the default keystore, never null
String keystore; // key store file
List<String> crlfiles = new ArrayList<String>(); // CRL files to add
boolean nullStream = false; // null keystore input stream (NONE)
boolean token = false; // token-based keystore
String jarfile; // jar file to sign or verify
String jarfile; // jar files to sign or verify
String alias; // alias to sign jar with
List<String> ckaliases = new ArrayList<String>(); // aliases in -verify
char[] storepass; // keystore password
......@@ -146,6 +151,7 @@ public class JarSigner {
boolean signManifest = true; // "sign" the whole manifest
boolean externalSF = true; // leave the .SF out of the PKCS7 block
boolean strict = false; // treat warnings as error
boolean autoCRL = false; // Automatcially add CRL defined in cert
// read zip entry raw bytes
private ByteArrayOutputStream baos = new ByteArrayOutputStream(2048);
......@@ -226,6 +232,29 @@ public class JarSigner {
} else {
loadKeyStore(keystore, true);
getAliasInfo(alias);
crls = new HashSet<X509CRL>();
if (crlfiles.size() > 0 || autoCRL) {
CertificateFactory fac =
CertificateFactory.getInstance("X509");
List<CRL> list = new ArrayList<CRL>();
for (String file: crlfiles) {
Collection<? extends CRL> tmp = KeyTool.loadCRLs(file);
for (CRL crl: tmp) {
if (crl instanceof X509CRL) {
crls.add((X509CRL)crl);
}
}
}
if (autoCRL) {
List<CRL> crlsFromCert =
KeyTool.readCRLsFromCert(certChain[0]);
for (CRL crl: crlsFromCert) {
if (crl instanceof X509CRL) {
crls.add((X509CRL)crl);
}
}
}
}
// load the alternative signing mechanism
if (altSignerClass != null) {
......@@ -367,6 +396,13 @@ public class JarSigner {
} else if (collator.compare(flags, "-digestalg") ==0) {
if (++n == args.length) usageNoArg();
digestalg = args[n];
} else if (collator.compare(flags, "-crl") ==0) {
if ("auto".equals(modifier)) {
autoCRL = true;
} else {
if (++n == args.length) usageNoArg();
crlfiles.add(args[n]);
}
} else if (collator.compare(flags, "-certs") ==0) {
showcerts = true;
} else if (collator.compare(flags, "-strict") ==0) {
......@@ -515,6 +551,9 @@ public class JarSigner {
System.out.println(rb.getString
("[-sigalg <algorithm>] name of signature algorithm"));
System.out.println();
System.out.println(rb.getString
("[-crl[:auto| <file>] include CRL in signed jar"));
System.out.println();
System.out.println(rb.getString
("[-verify] verify a signed JAR file"));
System.out.println();
......@@ -654,6 +693,20 @@ public class JarSigner {
if (showcerts) {
sb.append(si);
sb.append('\n');
CRL[] crls = SharedSecrets
.getJavaSecurityCodeSignerAccess()
.getCRLs(signer);
if (crls != null) {
for (CRL crl: crls) {
if (crl instanceof X509CRLImpl) {
sb.append(tab).append("[");
sb.append(String.format(
rb.getString("with a CRL including %d entries"),
((X509CRLImpl)crl).getRevokedCertificates().size()))
.append("]\n");
}
}
}
}
}
} else if (showcerts && !verbose.equals("all")) {
......@@ -1233,7 +1286,7 @@ public class JarSigner {
try {
block =
sf.generateBlock(privateKey, sigalg, certChain,
sf.generateBlock(privateKey, sigalg, certChain, crls,
externalSF, tsaUrl, tsaCert, signingMechanism, args,
zipFile);
} catch (SocketTimeoutException e) {
......@@ -2197,6 +2250,7 @@ class SignatureFile {
public Block generateBlock(PrivateKey privateKey,
String sigalg,
X509Certificate[] certChain,
Set<X509CRL> crls,
boolean externalSF, String tsaUrl,
X509Certificate tsaCert,
ContentSigner signingMechanism,
......@@ -2204,7 +2258,7 @@ class SignatureFile {
throws NoSuchAlgorithmException, InvalidKeyException, IOException,
SignatureException, CertificateException
{
return new Block(this, privateKey, sigalg, certChain, externalSF,
return new Block(this, privateKey, sigalg, certChain, crls, externalSF,
tsaUrl, tsaCert, signingMechanism, args, zipFile);
}
......@@ -2218,7 +2272,8 @@ class SignatureFile {
* Construct a new signature block.
*/
Block(SignatureFile sfg, PrivateKey privateKey, String sigalg,
X509Certificate[] certChain, boolean externalSF, String tsaUrl,
X509Certificate[] certChain, Set<X509CRL> crls,
boolean externalSF, String tsaUrl,
X509Certificate tsaCert, ContentSigner signingMechanism,
String[] args, ZipFile zipFile)
throws NoSuchAlgorithmException, InvalidKeyException, IOException,
......@@ -2305,7 +2360,7 @@ class SignatureFile {
// Assemble parameters for the signing mechanism
ContentSignerParameters params =
new JarSignerParameters(args, tsaUri, tsaCert, signature,
signatureAlgorithm, certChain, content, zipFile);
signatureAlgorithm, certChain, crls, content, zipFile);
// Generate the signature block
block = signingMechanism.generateSignedData(
......@@ -2346,6 +2401,7 @@ class JarSignerParameters implements ContentSignerParameters {
private byte[] signature;
private String signatureAlgorithm;
private X509Certificate[] signerCertificateChain;
private Set<X509CRL> crls;
private byte[] content;
private ZipFile source;
......@@ -2354,7 +2410,8 @@ class JarSignerParameters implements ContentSignerParameters {
*/
JarSignerParameters(String[] args, URI tsa, X509Certificate tsaCertificate,
byte[] signature, String signatureAlgorithm,
X509Certificate[] signerCertificateChain, byte[] content,
X509Certificate[] signerCertificateChain, Set<X509CRL> crls,
byte[] content,
ZipFile source) {
if (signature == null || signatureAlgorithm == null ||
......@@ -2367,6 +2424,7 @@ class JarSignerParameters implements ContentSignerParameters {
this.signature = signature;
this.signatureAlgorithm = signatureAlgorithm;
this.signerCertificateChain = signerCertificateChain;
this.crls = crls;
this.content = content;
this.source = source;
}
......@@ -2442,4 +2500,13 @@ class JarSignerParameters implements ContentSignerParameters {
public ZipFile getSource() {
return source;
}
@Override
public Set<X509CRL> getCRLs() {
if (crls == null) {
return Collections.emptySet();
} else {
return Collections.unmodifiableSet(crls);
}
}
}
/*
* Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -74,6 +74,8 @@ public class JarSignerResources extends java.util.ListResourceBundle {
"[-digestalg <algorithm>] name of digest algorithm"},
{"[-sigalg <algorithm>] name of signature algorithm",
"[-sigalg <algorithm>] name of signature algorithm"},
{"[-crl[:auto| <file>] include CRL in signed jar",
"[-crl[:auto| <file>] include CRL in signed jar"},
{"[-verify] verify a signed JAR file",
"[-verify] verify a signed JAR file"},
{"[-verbose[:suboptions]] verbose output when signing/verifying.",
......@@ -191,6 +193,7 @@ public class JarSignerResources extends java.util.ListResourceBundle {
{"using an alternative signing mechanism",
"using an alternative signing mechanism"},
{"entry was signed on", "entry was signed on {0}"},
{"with a CRL including %d entries", "with a CRL including %d entries"},
{"Warning: ", "Warning: "},
{"This jar contains unsigned entries which have not been integrity-checked. ",
"This jar contains unsigned entries which have not been integrity-checked. "},
......
......@@ -38,6 +38,7 @@ import java.security.cert.X509Certificate;
import java.util.List;
import com.sun.jarsigner.*;
import java.security.cert.X509CRL;
import java.util.Arrays;
import sun.security.pkcs.*;
import sun.security.timestamp.*;
......@@ -239,7 +240,7 @@ public final class TimestampedSigner extends ContentSigner {
// Create the PKCS #7 signed data message
PKCS7 p7 =
new PKCS7(algorithms, contentInfo, signerCertificateChain,
signerInfos);
parameters.getCRLs().toArray(new X509CRL[parameters.getCRLs().size()]), signerInfos);
ByteArrayOutputStream p7out = new ByteArrayOutputStream();
p7.encodeSignedData(p7out);
......
/*
* Copyright 2000-2009 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 2000-2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -71,6 +71,7 @@ public class Resources extends java.util.ListResourceBundle {
"Generates a secret key"}, //-genseckey
{"Generates certificate from a certificate request",
"Generates certificate from a certificate request"}, //-gencert
{"Generates CRL", "Generates CRL"}, //-gencrl
{"Imports entries from a JDK 1.1.x-style identity database",
"Imports entries from a JDK 1.1.x-style identity database"}, //-identitydb
{"Imports a certificate or a certificate chain",
......@@ -87,6 +88,8 @@ public class Resources extends java.util.ListResourceBundle {
"Prints the content of a certificate"}, //-printcert
{"Prints the content of a certificate request",
"Prints the content of a certificate request"}, //-printcertreq
{"Prints the content of a CRL file",
"Prints the content of a CRL file"}, //-printcrl
{"Generates a self-signed certificate",
"Generates a self-signed certificate"}, //-selfcert
{"Changes the store password of a keystore",
......@@ -176,6 +179,8 @@ public class Resources extends java.util.ListResourceBundle {
"verbose output"}, //-v
{"validity number of days",
"validity number of days"}, //-validity
{"Serial ID of cert to revoke",
"Serial ID of cert to revoke"}, //-id
// keytool: Running part
{"keytool error: ", "keytool error: "},
{"Illegal option: ", "Illegal option: "},
......@@ -375,6 +380,7 @@ public class Resources extends java.util.ListResourceBundle {
{"Signer #%d:", "Signer #%d:"},
{"Timestamp:", "Timestamp:"},
{"Signature:", "Signature:"},
{"CRLs:", "CRLs:"},
{"Certificate owner: ", "Certificate owner: "},
{"Not a signed jar file", "Not a signed jar file"},
{"No certificate from the SSL server",
......@@ -433,6 +439,7 @@ public class Resources extends java.util.ListResourceBundle {
{"This extension cannot be marked as critical. ",
"This extension cannot be marked as critical. "},
{"Odd number of hex digits found: ", "Odd number of hex digits found: "},
{"Unknown extension type: ", "Unknown extension type: "},
{"command {0} is ambiguous:", "command {0} is ambiguous:"},
// policytool
......
/*
* Copyright 1997-2009 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 1997-2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -25,7 +25,6 @@
package sun.security.util;
import java.security.CodeSigner;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.security.cert.CertificateException;
......@@ -34,11 +33,11 @@ import java.security.*;
import java.io.*;
import java.util.*;
import java.util.jar.*;
import java.io.ByteArrayOutputStream;
import sun.security.pkcs.*;
import sun.security.timestamp.TimestampToken;
import sun.misc.BASE64Decoder;
import sun.misc.SharedSecrets;
import sun.security.jca.Providers;
......@@ -479,7 +478,12 @@ public class SignatureFileVerifier {
signers = new ArrayList<CodeSigner>();
}
// Append the new code signer
signers.add(new CodeSigner(certChain, getTimestamp(info)));
CodeSigner signer = new CodeSigner(certChain, getTimestamp(info));
if (block.getCRLs() != null) {
SharedSecrets.getJavaSecurityCodeSignerAccess().setCRLs(
signer, block.getCRLs());
}
signers.add(signer);
if (debug != null) {
debug.println("Signature Block Certificate: " +
......
/*
* Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved.
* Copyright 1997-2010 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
......@@ -89,7 +89,7 @@ import sun.misc.HexDumpEncoder;
* @author Hemma Prafullchandra
* @see X509CRL
*/
public class X509CRLImpl extends X509CRL {
public class X509CRLImpl extends X509CRL implements DerEncoder {
// CRL data, and its envelope
private byte[] signedCRL = null; // DER encoded crl
......@@ -1189,6 +1189,13 @@ public class X509CRLImpl extends X509CRL {
}
}
@Override
public void derEncode(OutputStream out) throws IOException {
if (signedCRL == null)
throw new IOException("Null CRL to encode");
out.write(signedCRL.clone());
}
/**
* Immutable X.509 Certificate Issuer DN and serial number pair
*/
......
#
# Copyright 2010 Sun Microsystems, Inc. All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
# CA 95054 USA or visit www.sun.com if you need additional information or
# have any questions.
#
# @test
# @bug 6890876
# @summary jarsigner can add CRL info into signed jar
#
if [ "${TESTJAVA}" = "" ] ; then
JAVAC_CMD=`which javac`
TESTJAVA=`dirname $JAVAC_CMD`/..
fi
# set platform-dependent variables
# PF: platform name, say, solaris-sparc
PF=""
OS=`uname -s`
case "$OS" in
Windows* )
FS="\\"
;;
* )
FS="/"
;;
esac
KS=crl.jks
JFILE=crl.jar
KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit -keystore $KS"
JAR=$TESTJAVA${FS}bin${FS}jar
JARSIGNER=$TESTJAVA${FS}bin${FS}jarsigner
rm $KS $JFILE
# Generates some crl files, each containing two entries
$KT -alias a -dname CN=a -keyalg rsa -genkey -validity 300
$KT -alias a -gencrl -id 1:1 -id 2:2 -file crl1
$KT -alias a -gencrl -id 3:3 -id 4:4 -file crl2
$KT -alias b -dname CN=b -keyalg rsa -genkey -validity 300
$KT -alias b -gencrl -id 5:1 -id 6:2 -file crl3
$KT -alias c -dname CN=c -keyalg rsa -genkey -validity 300 \
-ext crl=uri:file://`pwd`/crl1
echo A > A
# Test -crl:auto, cRLDistributionPoints is a local file
$JAR cvf $JFILE A
$JARSIGNER -keystore $KS -storepass changeit $JFILE c \
-crl:auto || exit 1
$JARSIGNER -keystore $KS -verify -debug -strict $JFILE || exit 6
$KT -printcert -jarfile $JFILE | grep CRLs || exit 7
# Test -crl <file>
$JAR cvf $JFILE A
$JARSIGNER -keystore $KS -storepass changeit $JFILE a \
-crl crl1 -crl crl2 || exit 1
$JARSIGNER -keystore $KS -storepass changeit $JFILE b \
-crl crl3 -crl crl2 || exit 1
$JARSIGNER -keystore $KS -verify -debug -strict $JFILE || exit 3
$KT -printcert -jarfile $JFILE | grep CRLs || exit 4
CRLCOUNT=`$KT -printcert -jarfile $JFILE | grep SerialNumber | wc -l`
if [ $CRLCOUNT != 8 ]; then exit 5; fi
exit 0
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册