Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
d36537a3
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
4
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
d36537a3
编写于
3月 01, 2016
作者:
A
asaha
浏览文件
操作
浏览文件
下载
差异文件
Merge
上级
c269b8bb
d921c27e
变更
9
隐藏空白更改
内联
并排
Showing
9 changed file
with
255 addition
and
144 deletion
+255
-144
.hgtags
.hgtags
+1
-0
src/share/classes/javax/swing/TimerQueue.java
src/share/classes/javax/swing/TimerQueue.java
+10
-5
src/share/classes/sun/security/pkcs/PKCS7.java
src/share/classes/sun/security/pkcs/PKCS7.java
+14
-8
src/share/classes/sun/security/tools/jarsigner/JarSignerParameters.java
...ses/sun/security/tools/jarsigner/JarSignerParameters.java
+152
-0
src/share/classes/sun/security/tools/jarsigner/Main.java
src/share/classes/sun/security/tools/jarsigner/Main.java
+15
-123
src/share/classes/sun/security/tools/jarsigner/Resources.java
...share/classes/sun/security/tools/jarsigner/Resources.java
+2
-0
src/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java
...asses/sun/security/tools/jarsigner/TimestampedSigner.java
+6
-1
test/sun/security/tools/jarsigner/TimestampCheck.java
test/sun/security/tools/jarsigner/TimestampCheck.java
+54
-6
test/sun/security/tools/jarsigner/ts.sh
test/sun/security/tools/jarsigner/ts.sh
+1
-1
未找到文件。
.hgtags
浏览文件 @
d36537a3
...
...
@@ -542,6 +542,7 @@ f3e86cc607260bae368b52d88d7bc8883ee767e3 jdk8u72-b15
e829ab80dfd828803aa8837411900faeaa1254a5 jdk8u74-b01
32c49f4a16599e376e4e46bb33c7bcc486e52ff3 jdk8u74-b02
9c828e688240362b6f1b761b619cdaa070462c4e jdk8u74-b31
6968ca30f8fdc9429fcd56187e16f46b215b474b jdk8u74-b32
1d4b343084874b1afa1cdd504b9b1e50bab7f121 jdk8u72-b31
7cfd2c51c501df909833aa0fb6e40c50c61621ed jdk8u75-b00
9e00a43602f87930c2318b2567002871ad9c59dd jdk8u75-b01
...
...
src/share/classes/javax/swing/TimerQueue.java
浏览文件 @
d36537a3
...
...
@@ -93,6 +93,9 @@ class TimerQueue implements Runnable
void
startIfNeeded
()
{
if
(!
running
)
{
runningLock
.
lock
();
if
(
running
)
{
return
;
}
try
{
final
ThreadGroup
threadGroup
=
AppContext
.
getAppContext
().
getThreadGroup
();
...
...
@@ -168,15 +171,17 @@ class TimerQueue implements Runnable
try
{
while
(
running
)
{
try
{
Timer
timer
=
queue
.
take
().
getTimer
();
DelayedTimer
runningTimer
=
queue
.
take
();
Timer
timer
=
runningTimer
.
getTimer
();
timer
.
getLock
().
lock
();
try
{
DelayedTimer
delayedTimer
=
timer
.
delayedTimer
;
if
(
delayedTimer
!=
null
)
{
if
(
delayedTimer
==
runningTimer
)
{
/*
* Timer is not removed after we get it from
* the queue and before the lock on the timer is
* acquired
* Timer is not removed (delayedTimer != null)
* or not removed and added (runningTimer == delayedTimer)
* after we get it from the queue and before the
* lock on the timer is acquired
*/
timer
.
post
();
// have timer post an event
timer
.
delayedTimer
=
null
;
...
...
src/share/classes/sun/security/pkcs/PKCS7.java
浏览文件 @
d36537a3
...
...
@@ -802,7 +802,8 @@ public class PKCS7 {
byte
[]
content
,
String
signatureAlgorithm
,
URI
tsaURI
,
String
tSAPolicyID
)
String
tSAPolicyID
,
String
tSADigestAlg
)
throws
CertificateException
,
IOException
,
NoSuchAlgorithmException
{
...
...
@@ -811,7 +812,8 @@ public class PKCS7 {
if
(
tsaURI
!=
null
)
{
// Timestamp the signature
HttpTimestamper
tsa
=
new
HttpTimestamper
(
tsaURI
);
byte
[]
tsToken
=
generateTimestampToken
(
tsa
,
tSAPolicyID
,
signature
);
byte
[]
tsToken
=
generateTimestampToken
(
tsa
,
tSAPolicyID
,
tSADigestAlg
,
signature
);
// Insert the timestamp token into the PKCS #7 signer info element
// (as an unsigned attribute)
...
...
@@ -869,6 +871,7 @@ public class PKCS7 {
*/
private
static
byte
[]
generateTimestampToken
(
Timestamper
tsa
,
String
tSAPolicyID
,
String
tSADigestAlg
,
byte
[]
toBeTimestamped
)
throws
IOException
,
CertificateException
{
...
...
@@ -876,11 +879,10 @@ public class PKCS7 {
MessageDigest
messageDigest
=
null
;
TSRequest
tsQuery
=
null
;
try
{
// SHA-1 is always used.
messageDigest
=
MessageDigest
.
getInstance
(
"SHA-1"
);
messageDigest
=
MessageDigest
.
getInstance
(
tSADigestAlg
);
tsQuery
=
new
TSRequest
(
tSAPolicyID
,
toBeTimestamped
,
messageDigest
);
}
catch
(
NoSuchAlgorithmException
e
)
{
// ignore
throw
new
IllegalArgumentException
(
e
);
}
// Generate a nonce
...
...
@@ -908,9 +910,13 @@ public class PKCS7 {
PKCS7
tsToken
=
tsReply
.
getToken
();
TimestampToken
tst
=
tsReply
.
getTimestampToken
();
if
(!
tst
.
getHashAlgorithm
().
getName
().
equals
(
"SHA-1"
))
{
throw
new
IOException
(
"Digest algorithm not SHA-1 in "
+
"timestamp token"
);
try
{
if
(!
tst
.
getHashAlgorithm
().
equals
(
AlgorithmId
.
get
(
tSADigestAlg
)))
{
throw
new
IOException
(
"Digest algorithm not "
+
tSADigestAlg
+
" in "
+
"timestamp token"
);
}
}
catch
(
NoSuchAlgorithmException
nase
)
{
throw
new
IllegalArgumentException
();
// should have been caught before
}
if
(!
MessageDigest
.
isEqual
(
tst
.
getHashedMessage
(),
tsQuery
.
getHashedMessage
()))
{
...
...
src/share/classes/sun/security/tools/jarsigner/JarSignerParameters.java
0 → 100644
浏览文件 @
d36537a3
/*
* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package
sun.security.tools.jarsigner
;
import
java.security.cert.Certificate
;
import
java.security.cert.X509Certificate
;
import
java.net.URI
;
import
java.util.zip.*
;
import
com.sun.jarsigner.ContentSignerParameters
;
class
JarSignerParameters
implements
ContentSignerParameters
{
private
String
[]
args
;
private
URI
tsa
;
private
X509Certificate
tsaCertificate
;
private
byte
[]
signature
;
private
String
signatureAlgorithm
;
private
X509Certificate
[]
signerCertificateChain
;
private
byte
[]
content
;
private
ZipFile
source
;
private
String
tSAPolicyID
;
private
String
tSADigestAlg
;
/**
* Create a new object.
*/
JarSignerParameters
(
String
[]
args
,
URI
tsa
,
X509Certificate
tsaCertificate
,
String
tSAPolicyID
,
String
tSADigestAlg
,
byte
[]
signature
,
String
signatureAlgorithm
,
X509Certificate
[]
signerCertificateChain
,
byte
[]
content
,
ZipFile
source
)
{
if
(
signature
==
null
||
signatureAlgorithm
==
null
||
signerCertificateChain
==
null
||
tSADigestAlg
==
null
)
{
throw
new
NullPointerException
();
}
this
.
args
=
args
;
this
.
tsa
=
tsa
;
this
.
tsaCertificate
=
tsaCertificate
;
this
.
tSAPolicyID
=
tSAPolicyID
;
this
.
tSADigestAlg
=
tSADigestAlg
;
this
.
signature
=
signature
;
this
.
signatureAlgorithm
=
signatureAlgorithm
;
this
.
signerCertificateChain
=
signerCertificateChain
;
this
.
content
=
content
;
this
.
source
=
source
;
}
/**
* Retrieves the command-line arguments.
*
* @return The command-line arguments. May be null.
*/
public
String
[]
getCommandLine
()
{
return
args
;
}
/**
* Retrieves the identifier for a Timestamping Authority (TSA).
*
* @return The TSA identifier. May be null.
*/
public
URI
getTimestampingAuthority
()
{
return
tsa
;
}
/**
* Retrieves the certificate for a Timestamping Authority (TSA).
*
* @return The TSA certificate. May be null.
*/
public
X509Certificate
getTimestampingAuthorityCertificate
()
{
return
tsaCertificate
;
}
public
String
getTSAPolicyID
()
{
return
tSAPolicyID
;
}
public
String
getTSADigestAlg
()
{
return
tSADigestAlg
;
}
/**
* Retrieves the signature.
*
* @return The non-null signature bytes.
*/
public
byte
[]
getSignature
()
{
return
signature
;
}
/**
* Retrieves the name of the signature algorithm.
*
* @return The non-null string name of the signature algorithm.
*/
public
String
getSignatureAlgorithm
()
{
return
signatureAlgorithm
;
}
/**
* Retrieves the signer's X.509 certificate chain.
*
* @return The non-null array of X.509 public-key certificates.
*/
public
X509Certificate
[]
getSignerCertificateChain
()
{
return
signerCertificateChain
;
}
/**
* Retrieves the content that was signed.
*
* @return The content bytes. May be null.
*/
public
byte
[]
getContent
()
{
return
content
;
}
/**
* Retrieves the original source ZIP file before it was signed.
*
* @return The original ZIP file. May be null.
*/
public
ZipFile
getSource
()
{
return
source
;
}
}
src/share/classes/sun/security/tools/jarsigner/Main.java
浏览文件 @
d36537a3
...
...
@@ -139,6 +139,7 @@ public class Main {
String
tsaAlias
;
// alias for the Timestamping Authority's certificate
String
altCertChain
;
// file to read alternative cert chain from
String
tSAPolicyID
;
String
tSADigestAlg
=
"SHA-256"
;
boolean
verify
=
false
;
// verify the jar
String
verbose
=
null
;
// verbose output when signing/verifying
boolean
showcerts
=
false
;
// show certs when verifying
...
...
@@ -342,6 +343,9 @@ public class Main {
}
else
if
(
collator
.
compare
(
flags
,
"-tsapolicyid"
)
==
0
)
{
if
(++
n
==
args
.
length
)
usageNoArg
();
tSAPolicyID
=
args
[
n
];
}
else
if
(
collator
.
compare
(
flags
,
"-tsadigestalg"
)
==
0
)
{
if
(++
n
==
args
.
length
)
usageNoArg
();
tSADigestAlg
=
args
[
n
];
}
else
if
(
collator
.
compare
(
flags
,
"-debug"
)
==
0
)
{
debug
=
true
;
}
else
if
(
collator
.
compare
(
flags
,
"-keypass"
)
==
0
)
{
...
...
@@ -535,6 +539,9 @@ public class Main {
System
.
out
.
println
(
rb
.
getString
(
".tsapolicyid.tsapolicyid.for.Timestamping.Authority"
));
System
.
out
.
println
();
System
.
out
.
println
(
rb
.
getString
(
".tsadigestalg.algorithm.of.digest.data.in.timestamping.request"
));
System
.
out
.
println
();
System
.
out
.
println
(
rb
.
getString
(
".altsigner.class.class.name.of.an.alternative.signing.mechanism"
));
System
.
out
.
println
();
...
...
@@ -1270,8 +1277,8 @@ public class Main {
try
{
block
=
sf
.
generateBlock
(
privateKey
,
sigalg
,
certChain
,
externalSF
,
tsaUrl
,
tsaCert
,
tSAPolicyID
,
signingMechanism
,
args
,
zipFile
);
externalSF
,
tsaUrl
,
tsaCert
,
tSAPolicyID
,
tSADigestAlg
,
signingMechanism
,
args
,
zipFile
);
}
catch
(
SocketTimeoutException
e
)
{
// Provide a helpful message when TSA is beyond a firewall
error
(
rb
.
getString
(
"unable.to.sign.jar."
)
+
...
...
@@ -2268,13 +2275,14 @@ class SignatureFile {
boolean
externalSF
,
String
tsaUrl
,
X509Certificate
tsaCert
,
String
tSAPolicyID
,
String
tSADigestAlg
,
ContentSigner
signingMechanism
,
String
[]
args
,
ZipFile
zipFile
)
throws
NoSuchAlgorithmException
,
InvalidKeyException
,
IOException
,
SignatureException
,
CertificateException
{
return
new
Block
(
this
,
privateKey
,
sigalg
,
certChain
,
externalSF
,
tsaUrl
,
tsaCert
,
tSAPolicyID
,
signingMechanism
,
args
,
zipFile
);
tsaUrl
,
tsaCert
,
tSAPolicyID
,
tSADigestAlg
,
signingMechanism
,
args
,
zipFile
);
}
...
...
@@ -2288,8 +2296,8 @@ class SignatureFile {
*/
Block
(
SignatureFile
sfg
,
PrivateKey
privateKey
,
String
sigalg
,
X509Certificate
[]
certChain
,
boolean
externalSF
,
String
tsaUrl
,
X509Certificate
tsaCert
,
String
tSAPolicyID
,
ContentSigner
signingMechanism
,
String
[]
args
,
ZipFile
zipFile
)
X509Certificate
tsaCert
,
String
tSAPolicyID
,
String
tSADigestAlg
,
ContentSigner
signingMechanism
,
String
[]
args
,
ZipFile
zipFile
)
throws
NoSuchAlgorithmException
,
InvalidKeyException
,
IOException
,
SignatureException
,
CertificateException
{
...
...
@@ -2371,7 +2379,8 @@ class SignatureFile {
// Assemble parameters for the signing mechanism
ContentSignerParameters
params
=
new
JarSignerParameters
(
args
,
tsaUri
,
tsaCert
,
tSAPolicyID
,
signature
,
new
JarSignerParameters
(
args
,
tsaUri
,
tsaCert
,
tSAPolicyID
,
tSADigestAlg
,
signature
,
signatureAlgorithm
,
certChain
,
content
,
zipFile
);
// Generate the signature block
...
...
@@ -2400,120 +2409,3 @@ class SignatureFile {
}
}
}
/*
* This object encapsulates the parameters used to perform content signing.
*/
class
JarSignerParameters
implements
ContentSignerParameters
{
private
String
[]
args
;
private
URI
tsa
;
private
X509Certificate
tsaCertificate
;
private
byte
[]
signature
;
private
String
signatureAlgorithm
;
private
X509Certificate
[]
signerCertificateChain
;
private
byte
[]
content
;
private
ZipFile
source
;
private
String
tSAPolicyID
;
/**
* Create a new object.
*/
JarSignerParameters
(
String
[]
args
,
URI
tsa
,
X509Certificate
tsaCertificate
,
String
tSAPolicyID
,
byte
[]
signature
,
String
signatureAlgorithm
,
X509Certificate
[]
signerCertificateChain
,
byte
[]
content
,
ZipFile
source
)
{
if
(
signature
==
null
||
signatureAlgorithm
==
null
||
signerCertificateChain
==
null
)
{
throw
new
NullPointerException
();
}
this
.
args
=
args
;
this
.
tsa
=
tsa
;
this
.
tsaCertificate
=
tsaCertificate
;
this
.
tSAPolicyID
=
tSAPolicyID
;
this
.
signature
=
signature
;
this
.
signatureAlgorithm
=
signatureAlgorithm
;
this
.
signerCertificateChain
=
signerCertificateChain
;
this
.
content
=
content
;
this
.
source
=
source
;
}
/**
* Retrieves the command-line arguments.
*
* @return The command-line arguments. May be null.
*/
public
String
[]
getCommandLine
()
{
return
args
;
}
/**
* Retrieves the identifier for a Timestamping Authority (TSA).
*
* @return The TSA identifier. May be null.
*/
public
URI
getTimestampingAuthority
()
{
return
tsa
;
}
/**
* Retrieves the certificate for a Timestamping Authority (TSA).
*
* @return The TSA certificate. May be null.
*/
public
X509Certificate
getTimestampingAuthorityCertificate
()
{
return
tsaCertificate
;
}
public
String
getTSAPolicyID
()
{
return
tSAPolicyID
;
}
/**
* Retrieves the signature.
*
* @return The non-null signature bytes.
*/
public
byte
[]
getSignature
()
{
return
signature
;
}
/**
* Retrieves the name of the signature algorithm.
*
* @return The non-null string name of the signature algorithm.
*/
public
String
getSignatureAlgorithm
()
{
return
signatureAlgorithm
;
}
/**
* Retrieves the signer's X.509 certificate chain.
*
* @return The non-null array of X.509 public-key certificates.
*/
public
X509Certificate
[]
getSignerCertificateChain
()
{
return
signerCertificateChain
;
}
/**
* Retrieves the content that was signed.
*
* @return The content bytes. May be null.
*/
public
byte
[]
getContent
()
{
return
content
;
}
/**
* Retrieves the original source ZIP file before it was signed.
*
* @return The original ZIP file. May be null.
*/
public
ZipFile
getSource
()
{
return
source
;
}
}
src/share/classes/sun/security/tools/jarsigner/Resources.java
浏览文件 @
d36537a3
...
...
@@ -88,6 +88,8 @@ public class Resources extends java.util.ListResourceBundle {
"[-tsacert <alias>] public key certificate for Timestamping Authority"
},
{
".tsapolicyid.tsapolicyid.for.Timestamping.Authority"
,
"[-tsapolicyid <oid>] TSAPolicyID for Timestamping Authority"
},
{
".tsadigestalg.algorithm.of.digest.data.in.timestamping.request"
,
"[-tsadigestalg <algorithm>] algorithm of digest data in timestamping request"
},
{
".altsigner.class.class.name.of.an.alternative.signing.mechanism"
,
"[-altsigner <class>] class name of an alternative signing mechanism"
},
{
".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism"
,
...
...
src/share/classes/sun/security/tools/jarsigner/TimestampedSigner.java
浏览文件 @
d36537a3
...
...
@@ -132,9 +132,14 @@ public final class TimestampedSigner extends ContentSigner {
}
}
}
String
tSADigestAlg
=
"SHA-256"
;
if
(
params
instanceof
JarSignerParameters
)
{
tSADigestAlg
=
((
JarSignerParameters
)
params
).
getTSADigestAlg
();
}
return
PKCS7
.
generateSignedData
(
signature
,
signerChain
,
content
,
params
.
getSignatureAlgorithm
(),
tsaURI
,
params
.
getTSAPolicyID
());
params
.
getTSAPolicyID
(),
tSADigestAlg
);
}
/**
...
...
test/sun/security/tools/jarsigner/TimestampCheck.java
浏览文件 @
d36537a3
...
...
@@ -24,10 +24,9 @@
import
com.sun.net.httpserver.*
;
import
java.io.BufferedReader
;
import
java.io.ByteArrayOutputStream
;
import
java.io.File
;
import
java.io.FileInputStream
;
import
java.io.FileOutputStream
;
import
java.io.IOException
;
import
java.io.InputStream
;
import
java.io.InputStreamReader
;
import
java.io.OutputStream
;
import
java.math.BigInteger
;
...
...
@@ -38,9 +37,15 @@ import java.security.Signature;
import
java.security.cert.Certificate
;
import
java.security.cert.X509Certificate
;
import
java.util.Calendar
;
import
java.util.jar.JarEntry
;
import
java.util.jar.JarFile
;
import
sun.misc.IOUtils
;
import
sun.security.pkcs.ContentInfo
;
import
sun.security.pkcs.PKCS7
;
import
sun.security.pkcs.PKCS9Attribute
;
import
sun.security.pkcs.SignerInfo
;
import
sun.security.timestamp.TimestampToken
;
import
sun.security.util.DerOutputStream
;
import
sun.security.util.DerValue
;
import
sun.security.util.ObjectIdentifier
;
...
...
@@ -51,6 +56,8 @@ public class TimestampCheck {
static
final
String
TSKS
=
"tsks"
;
static
final
String
JAR
=
"old.jar"
;
static
final
String
defaultPolicyId
=
"2.3.4.5"
;
static
class
Handler
implements
HttpHandler
{
public
void
handle
(
HttpExchange
t
)
throws
IOException
{
int
len
=
0
;
...
...
@@ -94,6 +101,11 @@ public class TimestampCheck {
* 6: extension is missing
* 7: extension is non-critical
* 8: extension does not have timestamping
* 9: no cert in response
* 10: normal
* 11: always return default policy id
* 12: normal
* otherwise: normal
* @returns the signed
*/
byte
[]
sign
(
byte
[]
input
,
int
path
)
throws
Exception
{
...
...
@@ -106,6 +118,7 @@ public class TimestampCheck {
messageImprint
.
data
.
getDerValue
());
System
.
err
.
println
(
"AlgorithmId: "
+
aid
);
ObjectIdentifier
policyId
=
new
ObjectIdentifier
(
defaultPolicyId
);
BigInteger
nonce
=
null
;
while
(
value
.
data
.
available
()
>
0
)
{
DerValue
v
=
value
.
data
.
getDerValue
();
...
...
@@ -114,6 +127,9 @@ public class TimestampCheck {
System
.
err
.
println
(
"nonce: "
+
nonce
);
}
else
if
(
v
.
tag
==
DerValue
.
tag_Boolean
)
{
System
.
err
.
println
(
"certReq: "
+
v
.
getBoolean
());
}
else
if
(
v
.
tag
==
DerValue
.
tag_ObjectId
)
{
policyId
=
v
.
getOID
();
System
.
err
.
println
(
"PolicyID: "
+
policyId
);
}
}
...
...
@@ -127,6 +143,10 @@ public class TimestampCheck {
if
(
path
==
7
)
alias
=
"tsbad2"
;
if
(
path
==
8
)
alias
=
"tsbad3"
;
if
(
path
==
11
)
{
policyId
=
new
ObjectIdentifier
(
defaultPolicyId
);
}
DerOutputStream
statusInfo
=
new
DerOutputStream
();
statusInfo
.
putInteger
(
0
);
...
...
@@ -150,7 +170,7 @@ public class TimestampCheck {
DerOutputStream
tst
=
new
DerOutputStream
();
tst
.
putInteger
(
1
);
tst
.
putOID
(
new
ObjectIdentifier
(
"1.2.3.4"
));
// policy
tst
.
putOID
(
policyId
);
if
(
path
!=
3
&&
path
!=
4
)
{
tst
.
putDerValue
(
messageImprint
);
...
...
@@ -260,15 +280,43 @@ public class TimestampCheck {
jarsigner
(
cmd
,
7
,
false
);
// tsbad2
jarsigner
(
cmd
,
8
,
false
);
// tsbad3
jarsigner
(
cmd
,
9
,
false
);
// no cert in timestamp
jarsigner
(
cmd
+
" -tsapolicyid 1.2.3.4"
,
0
,
true
);
jarsigner
(
cmd
+
" -tsapolicyid 1.2.3.5"
,
0
,
false
);
jarsigner
(
cmd
+
" -tsapolicyid 1.2.3.4"
,
10
,
true
);
checkTimestamp
(
"new_10.jar"
,
"1.2.3.4"
,
"SHA-256"
);
jarsigner
(
cmd
+
" -tsapolicyid 1.2.3.5"
,
11
,
false
);
jarsigner
(
cmd
+
" -tsadigestalg SHA"
,
12
,
true
);
checkTimestamp
(
"new_12.jar"
,
defaultPolicyId
,
"SHA-1"
);
}
else
{
// Run as a standalone server
System
.
err
.
println
(
"Press Enter to quit server"
);
System
.
in
.
read
();
}
}
finally
{
server
.
stop
(
0
);
new
File
(
"x.jar"
).
delete
();
}
}
static
void
checkTimestamp
(
String
file
,
String
policyId
,
String
digestAlg
)
throws
Exception
{
try
(
JarFile
jf
=
new
JarFile
(
file
))
{
JarEntry
je
=
jf
.
getJarEntry
(
"META-INF/OLD.RSA"
);
try
(
InputStream
is
=
jf
.
getInputStream
(
je
))
{
byte
[]
content
=
IOUtils
.
readFully
(
is
,
-
1
,
true
);
PKCS7
p7
=
new
PKCS7
(
content
);
SignerInfo
[]
si
=
p7
.
getSignerInfos
();
if
(
si
==
null
||
si
.
length
==
0
)
{
throw
new
Exception
(
"Not signed"
);
}
PKCS9Attribute
p9
=
si
[
0
].
getUnauthenticatedAttributes
()
.
getAttribute
(
PKCS9Attribute
.
SIGNATURE_TIMESTAMP_TOKEN_OID
);
PKCS7
tsToken
=
new
PKCS7
((
byte
[])
p9
.
getValue
());
TimestampToken
tt
=
new
TimestampToken
(
tsToken
.
getContentInfo
().
getData
());
if
(!
tt
.
getHashAlgorithm
().
toString
().
equals
(
digestAlg
))
{
throw
new
Exception
(
"Digest alg different"
);
}
if
(!
tt
.
getPolicyID
().
equals
(
policyId
))
{
throw
new
Exception
(
"policyId different"
);
}
}
}
}
...
...
test/sun/security/tools/jarsigner/ts.sh
浏览文件 @
d36537a3
...
...
@@ -86,6 +86,6 @@ $KT -alias tsbad3 -certreq | \
$KT
-alias
ca
-gencert
-ext
eku:critical
=
cs |
\
$KT
-alias
tsbad3
-importcert
$JAVAC
-d
.
${
TESTSRC
}
/TimestampCheck.java
$JAVAC
-
XDignore
.symbol.file
-
d
.
${
TESTSRC
}
/TimestampCheck.java
$JAVA
${
TESTVMOPTS
}
TimestampCheck
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录