Skip to content

D
dragonwell8_jdk

openanolis / dragonwell8_jdk

通知 3
Star 2
Fork 0
D
dragonwell8_jdk

体验新版 GitCode,发现更多精彩内容 >>

提交 dc2beb85 编写于 作者: A alanb
浏览文件
操作

Merge

上级 037fa367 7387429c
展开全部 隐藏空白更改
内联 并排
Showing with 28 addition and 2191 deletion
src/share/classes/com/sun/security/auth/PolicyFile.java
浏览文件 @ dc2beb85
...@@ -34,8 +34,6 @@ import java.util.*; ...@@ -34,8 +34,6 @@ import java.util.*;
import java.security.AccessController; import java.security.AccessController;
import java.security.CodeSource; import java.security.CodeSource;
import java.security.Identity;
import java.security.IdentityScope;
import java.security.KeyStore; import java.security.KeyStore;
import java.security.KeyStoreException; import java.security.KeyStoreException;
import java.security.Permission; import java.security.Permission;
...@@ -267,7 +265,7 @@ public class PolicyFile extends javax.security.auth.Policy { ...@@ -267,7 +265,7 @@ public class PolicyFile extends javax.security.auth.Policy {
private boolean initialized = false; private boolean initialized = false;
private boolean expandProperties = true; private boolean expandProperties = true;
private boolean ignoreIdentityScope = false; private boolean ignoreIdentityScope = true;
// for use with the reflection API // for use with the reflection API
...@@ -459,9 +457,6 @@ public class PolicyFile extends javax.security.auth.Policy { ...@@ -459,9 +457,6 @@ public class PolicyFile extends javax.security.auth.Policy {
} }
} }
/** the scope to check */
private static IdentityScope scope = null;
/** /**
* Checks public key. If it is marked as trusted in * Checks public key. If it is marked as trusted in
* the identity database, add it to the policy * the identity database, add it to the policy
......
src/share/classes/sun/security/pkcs/PKCS10.java
浏览文件 @ dc2beb85
...@@ -44,7 +44,6 @@ import sun.security.util.*; ...@@ -44,7 +44,6 @@ import sun.security.util.*;
import sun.security.x509.AlgorithmId; import sun.security.x509.AlgorithmId;
import sun.security.x509.X509Key; import sun.security.x509.X509Key;
import sun.security.x509.X500Name; import sun.security.x509.X500Name;
import sun.security.x509.X500Signer;
/** /**
* A PKCS #10 certificate request is created and sent to a Certificate * A PKCS #10 certificate request is created and sent to a Certificate
...@@ -183,13 +182,13 @@ public class PKCS10 { ...@@ -183,13 +182,13 @@ public class PKCS10 {
* Create the signed certificate request. This will later be * Create the signed certificate request. This will later be
* retrieved in either string or binary format. * retrieved in either string or binary format.
* *
* @param requester identifies the signer (by X.500 name) * @param subject identifies the signer (by X.500 name).
* and provides the private key used to sign. * @param signature private key and signing algorithm to use.
* @exception IOException on errors. * @exception IOException on errors.
* @exception CertificateException on certificate handling errors. * @exception CertificateException on certificate handling errors.
* @exception SignatureException on signature handling errors. * @exception SignatureException on signature handling errors.
*/ */
public void encodeAndSign(X500Signer requester) public void encodeAndSign(X500Name subject, Signature signature)
throws CertificateException, IOException, SignatureException { throws CertificateException, IOException, SignatureException {
DerOutputStream out, scratch; DerOutputStream out, scratch;
byte[] certificateRequestInfo; byte[] certificateRequestInfo;
...@@ -198,7 +197,7 @@ public class PKCS10 { ...@@ -198,7 +197,7 @@ public class PKCS10 {
if (encoded != null) if (encoded != null)
throw new SignatureException("request is already signed"); throw new SignatureException("request is already signed");
subject = requester.getSigner(); this.subject = subject;
/* /*
* Encode cert request info, wrap in a sequence for signing * Encode cert request info, wrap in a sequence for signing
...@@ -217,14 +216,20 @@ public class PKCS10 { ...@@ -217,14 +216,20 @@ public class PKCS10 {
/* /*
* Sign it ... * Sign it ...
*/ */
requester.update(certificateRequestInfo, 0, signature.update(certificateRequestInfo, 0,
certificateRequestInfo.length); certificateRequestInfo.length);
sig = requester.sign(); sig = signature.sign();
/* /*
* Build guts of SIGNED macro * Build guts of SIGNED macro
*/ */
requester.getAlgorithmId().encode(scratch); // sig algorithm AlgorithmId algId = null;
try {
algId = AlgorithmId.getAlgorithmId(signature.getAlgorithm());
} catch (NoSuchAlgorithmException nsae) {
throw new SignatureException(nsae);
}
algId.encode(scratch); // sig algorithm
scratch.putBitString(sig); // sig scratch.putBitString(sig); // sig
/* /*
......
src/share/classes/sun/security/provider/IdentityDatabase.java 已删除 100644 → 0
浏览文件 @ 037fa367
/*
* Copyright 1996-2006 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package sun.security.provider;
import java.io.*;
import java.util.*;
import java.security.*;
/**
* An implementation of IdentityScope as a persistent identity
* database.
*
* @see Identity
* @see Key
*
* @author Benjamin Renaud
*/
public
class IdentityDatabase extends IdentityScope implements Serializable {
/** use serialVersionUID from JDK 1.1. for interoperability */
private static final long serialVersionUID = 4923799573357658384L;
/* Are we debugging? */
private static final boolean debug = false;
/* Are we printing out error messages? */
private static final boolean error = true;
/* The source file, if any, for this database.*/
File sourceFile;
/* The private representation of the database.*/
Hashtable<String, Identity> identities;
IdentityDatabase() throws InvalidParameterException {
this("restoring...");
}
/**
* Construct a new, empty database with a specified source file.
*
* @param file the source file.
*/
public IdentityDatabase(File file) throws InvalidParameterException {
this(file.getName());
sourceFile = file;
}
/**
* Construct a new, empty database.
*/
public IdentityDatabase(String name) throws InvalidParameterException {
super(name);
identities = new Hashtable<String, Identity>();
}
/**
* Initialize an identity database from a stream. The stream should
* contain data to initialized a serialized IdentityDatabase
* object.
*
* @param is the input stream from which to restore the database.
*
* @exception IOException if a stream IO exception occurs
*/
public static IdentityDatabase fromStream(InputStream is)
throws IOException {
IdentityDatabase db = null;
try {
ObjectInputStream ois = new ObjectInputStream(is);
db = (IdentityDatabase)ois.readObject();
} catch (ClassNotFoundException e) {
// this can't happen.
debug("This should not be happening.", e);
error(
"The version of the database is obsolete. Cannot initialize.");
} catch (InvalidClassException e) {
// this may happen in developers workspaces happen.
debug("This should not be happening.", e);
error("Unable to initialize system identity scope: " +
" InvalidClassException. \nThis is most likely due to " +
"a serialization versioning problem: a class used in " +
"key management was obsoleted");
} catch (StreamCorruptedException e) {
debug("The serialization stream is corrupted. Unable to load.", e);
error("Unable to initialize system identity scope." +
" StreamCorruptedException.");
}
if (db == null) {
db = new IdentityDatabase("uninitialized");
}
return db;
}
/**
* Initialize an IdentityDatabase from file.
*
* @param f the filename where the identity database is stored.
*
* @exception IOException a file-related exception occurs (e.g.
* the directory of the file passed does not exists, etc.
*
* @IOException if a file IO exception occurs.
*/
public static IdentityDatabase fromFile(File f) throws IOException {
FileInputStream fis = new FileInputStream(f);
IdentityDatabase edb = fromStream(fis);
edb.sourceFile = f;
return edb;
}
/**
* @return the number of identities in the database.
*/
public int size() {
return identities.size();
}
/**
* @param name the name of the identity to be retrieved.
*
* @return the identity named name, or null if there are
* no identities named name in the database.
*/
public Identity getIdentity(String name) {
Identity id = identities.get(name);
if (id instanceof Signer) {
localCheck("get.signer");
}
return id;
}
/**
* Get an identity by key.
*
* @param name the key of the identity to be retrieved.
*
* @return the identity with a given key, or null if there are no
* identities with that key in the database.
*/
public Identity getIdentity(PublicKey key) {
if (key == null) {
return null;
}
Enumeration<Identity> e = identities();
while (e.hasMoreElements()) {
Identity i = e.nextElement();
PublicKey k = i.getPublicKey();
if (k != null && keyEqual(k, key)) {
if (i instanceof Signer) {
localCheck("get.signer");
}
return i;
}
}
return null;
}
private boolean keyEqual(Key key1, Key key2) {
if (key1 == key2) {
return true;
} else {
return MessageDigest.isEqual(key1.getEncoded(), key2.getEncoded());
}
}
/**
* Adds an identity to the database.
*
* @param identity the identity to be added.
*
* @exception KeyManagementException if a name or key clash
* occurs, or if another exception occurs.
*/
public void addIdentity(Identity identity)
throws KeyManagementException {
localCheck("add.identity");
Identity byName = getIdentity(identity.getName());
Identity byKey = getIdentity(identity.getPublicKey());
String msg = null;
if (byName != null) {
msg = "name conflict";
}
if (byKey != null) {
msg = "key conflict";
}
if (msg != null) {
throw new KeyManagementException(msg);
}
identities.put(identity.getName(), identity);
}
/**
* Removes an identity to the database.
*/
public void removeIdentity(Identity identity)
throws KeyManagementException {
localCheck("remove.identity");
String name = identity.getName();
if (identities.get(name) == null) {
throw new KeyManagementException("there is no identity named " +
name + " in " + this);
}
identities.remove(name);
}
/**
* @return an enumeration of all identities in the database.
*/
public Enumeration<Identity> identities() {
return identities.elements();
}
/**
* Set the source file for this database.
*/
void setSourceFile(File f) {
sourceFile = f;
}
/**
* @return the source file for this database.
*/
File getSourceFile() {
return sourceFile;
}
/**
* Save the database in its current state to an output stream.
*
* @param os the output stream to which the database should be serialized.
*
* @exception IOException if an IO exception is raised by stream
* operations.
*/
public void save(OutputStream os) throws IOException {
try {
ObjectOutputStream oos = new ObjectOutputStream(os);
oos.writeObject(this);
oos.flush();
} catch (InvalidClassException e) {
debug("This should not be happening.", e);
return;
}
}
/**
* Save the database to a file.
*
* @exception IOException if an IO exception is raised by stream
* operations.
*/
void save(File f) throws IOException {
setSourceFile(f);
FileOutputStream fos = new FileOutputStream(f);
save(fos);
}
/**
* Saves the database to the default source file.
*
* @exception KeyManagementException when there is no default source
* file specified for this database.
*/
public void save() throws IOException {
if (sourceFile == null) {
throw new IOException("this database has no source file");
}
save(sourceFile);
}
/**
* This method returns the file from which to initialize the
* system database.
*/
private static File systemDatabaseFile() {
// First figure out where the identity database is hiding, if anywhere.
String dbPath = Security.getProperty("identity.database");
// if nowhere, it's the canonical place.
if (dbPath == null) {
dbPath = System.getProperty("user.home") + File.separatorChar +
"identitydb.obj";
}
return new File(dbPath);
}
/* This block initializes the system database, if there is one. */
static {
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<Void>() {
public Void run() {
initializeSystem();
return null;
}
});
}
/**
* This method initializes the system's identity database. The
* canonical location is
* <user.home>/identitydatabase.obj. This is settable through
* the identity.database property. */
private static void initializeSystem() {
IdentityDatabase systemDatabase;
File dbFile = systemDatabaseFile();
// Second figure out if it's there, and if it isn't, create one.
try {
if (dbFile.exists()) {
debug("loading system database from file: " + dbFile);
systemDatabase = fromFile(dbFile);
} else {
systemDatabase = new IdentityDatabase(dbFile);
}
IdentityScope.setSystemScope(systemDatabase);
debug("System database initialized: " + systemDatabase);
} catch (IOException e) {
debug("Error initializing identity database: " + dbFile, e);
return;
} catch (InvalidParameterException e) {
debug("Error trying to instantiate a system identities db in " +
dbFile, e);
return;
}
}
/*
private static File securityPropFile(String filename) {
// maybe check for a system property which will specify where to
// look.
String sep = File.separator;
return new File(System.getProperty("java.home") +
sep + "lib" + sep + "security" +
sep + filename);
}
*/
public String toString() {
return "sun.security.provider.IdentityDatabase, source file: " +
sourceFile;
}
private static void debug(String s) {
if (debug) {
System.err.println(s);
}
}
private static void debug(String s, Throwable t) {
if (debug) {
t.printStackTrace();
System.err.println(s);
}
}
private static void error(String s) {
if (error) {
System.err.println(s);
}
}
void localCheck(String directive) {
SecurityManager security = System.getSecurityManager();
if (security != null) {
directive = this.getClass().getName() + "." +
directive + "." + localFullName();
security.checkSecurityAccess(directive);
}
}
/**
* Returns a parsable name for identity: identityName.scopeName
*/
String localFullName() {
String parsable = getName();
if (getScope() != null) {
parsable += "." +getScope().getName();
}
return parsable;
}
/**
* Serialization write.
*/
private synchronized void writeObject (java.io.ObjectOutputStream stream)
throws IOException {
localCheck("serialize.identity.database");
stream.writeObject(identities);
stream.writeObject(sourceFile);
}
}
src/share/classes/sun/security/provider/PolicyFile.java
浏览文件 @ dc2beb85
...@@ -295,16 +295,13 @@ public class PolicyFile extends java.security.Policy { ...@@ -295,16 +295,13 @@ public class PolicyFile extends java.security.Policy {
private static final int DEFAULT_CACHE_SIZE = 1; private static final int DEFAULT_CACHE_SIZE = 1;
/** the scope to check */
private static IdentityScope scope = null;
// contains the policy grant entries, PD cache, and alias mapping // contains the policy grant entries, PD cache, and alias mapping
private AtomicReference<PolicyInfo> policyInfo = private AtomicReference<PolicyInfo> policyInfo =
new AtomicReference<PolicyInfo>(); new AtomicReference<PolicyInfo>();
private boolean constructed = false; private boolean constructed = false;
private boolean expandProperties = true; private boolean expandProperties = true;
private boolean ignoreIdentityScope = false; private boolean ignoreIdentityScope = true;
private boolean allowSystemProperties = true; private boolean allowSystemProperties = true;
private boolean notUtf8 = false; private boolean notUtf8 = false;
private URL url; private URL url;
...@@ -2024,85 +2021,9 @@ public class PolicyFile extends java.security.Policy { ...@@ -2024,85 +2021,9 @@ public class PolicyFile extends java.security.Policy {
private boolean checkForTrustedIdentity(final Certificate cert, private boolean checkForTrustedIdentity(final Certificate cert,
PolicyInfo myInfo) PolicyInfo myInfo)
{ {
if (cert == null)
return false;
// see if we are ignoring the identity scope or not
if (ignoreIdentityScope)
return false;
// try to initialize scope
synchronized(PolicyFile.class) {
if (scope == null) {
IdentityScope is = IdentityScope.getSystemScope();
if (is instanceof sun.security.provider.IdentityDatabase) {
scope = is;
} else {
// leave scope null
}
}
}
if (scope == null) {
ignoreIdentityScope = true;
return false;
}
// need privileged block for getIdentity in case we are trying
// to get a signer
final Identity id = AccessController.doPrivileged(
new java.security.PrivilegedAction<Identity>() {
public Identity run() {
return scope.getIdentity(cert.getPublicKey());
}
});
if (isTrusted(id)) {
if (debug != null) {
debug.println("Adding policy entry for trusted Identity: ");
//needed for identity toString!
AccessController.doPrivileged(
new java.security.PrivilegedAction<Void>() {
public Void run() {
debug.println(" identity = " + id);
return null;
}
});
debug.println("");
}
// add it to the policy for future reference
Certificate certs[] = new Certificate[] {cert};
PolicyEntry pe = new PolicyEntry(new CodeSource(null, certs));
pe.add(SecurityConstants.ALL_PERMISSION);
myInfo.identityPolicyEntries.add(pe);
// add it to the mapping as well so
// we don't have to go through this again
myInfo.aliasMapping.put(cert, id.getName());
return true;
}
return false; return false;
} }
private static boolean isTrusted(Identity id) {
if (id instanceof SystemIdentity) {
SystemIdentity sysid = (SystemIdentity)id;
if (sysid.isTrusted()) {
return true;
}
} else if (id instanceof SystemSigner) {
SystemSigner sysid = (SystemSigner)id;
if (sysid.isTrusted()) {
return true;
}
}
return false;
}
/** /**
* Each entry in the policy configuration file is represented by a * Each entry in the policy configuration file is represented by a
* PolicyEntry object. <p> * PolicyEntry object. <p>
......
src/share/classes/sun/security/provider/SystemIdentity.java 已删除 100644 → 0
浏览文件 @ 037fa367
/*
* Copyright 1996-2000 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package sun.security.provider;
import java.io.Serializable;
import java.util.Enumeration;
import java.security.*;
/**
* An identity with a very simple trust mechanism.
*
* @author Benjamin Renaud
*/
public class SystemIdentity extends Identity implements Serializable {
/** use serialVersionUID from JDK 1.1. for interoperability */
private static final long serialVersionUID = 9060648952088498478L;
/* This should be changed to ACL */
boolean trusted = false;
/* Free form additional information about this identity. */
private String info;
public SystemIdentity(String name, IdentityScope scope)
throws InvalidParameterException, KeyManagementException {
super(name, scope);
}
/**
* Is this identity trusted by sun.* facilities?
*/
public boolean isTrusted() {
return trusted;
}
/**
* Set the trust status of this identity.
*/
protected void setTrusted(boolean trusted) {
this.trusted = trusted;
}
void setIdentityInfo(String info) {
super.setInfo(info);
}
String getIndentityInfo() {
return super.getInfo();
}
/**
* Call back method into a protected method for package friends.
*/
void setIdentityPublicKey(PublicKey key) throws KeyManagementException {
setPublicKey(key);
}
/**
* Call back method into a protected method for package friends.
*/
void addIdentityCertificate(Certificate cert)
throws KeyManagementException {
addCertificate(cert);
}
void clearCertificates() throws KeyManagementException {
Certificate[] certs = certificates();
for (int i = 0; i < certs.length; i++) {
removeCertificate(certs[i]);
}
}
public String toString() {
String trustedString = "not trusted";
if (trusted) {
trustedString = "trusted";
}
return super.toString() + "[" + trustedString + "]";
}
}
src/share/classes/sun/security/provider/SystemSigner.java 已删除 100644 → 0
浏览文件 @ 037fa367
/*
* Copyright 1996-2000 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package sun.security.provider;
import java.util.*;
import java.security.*;
/**
* SunSecurity signer. Like SystemIdentity, it has a trust bit, which
* can be set by SunSecurity classes, and a set of accessors for other
* classes in sun.security.*.
*
* @author Benjamin Renaud
*/
public class SystemSigner extends Signer {
/** use serialVersionUID from JDK 1.1. for interoperability */
private static final long serialVersionUID = -2127743304301557711L;
/* Is this signer trusted */
private boolean trusted = false;
/**
* Construct a signer with a given name.
*/
public SystemSigner(String name) {
super(name);
}
/**
* Construct a signer with a name and a scope.
*
* @param name the signer's name.
*
* @param scope the scope for this signer.
*/
public SystemSigner(String name, IdentityScope scope)
throws KeyManagementException {
super(name, scope);
}
/* Set the trust status of this signer */
void setTrusted(boolean trusted) {
this.trusted = trusted;
}
/**
* Returns true if this signer is trusted.
*/
public boolean isTrusted() {
return trusted;
}
/* friendly callback for set keys */
void setSignerKeyPair(KeyPair pair)
throws InvalidParameterException, KeyException {
setKeyPair(pair);
}
/* friendly callback for getting private keys */
PrivateKey getSignerPrivateKey() {
return getPrivateKey();
}
void setSignerInfo(String s) {
setInfo(s);
}
/**
* Call back method into a protected method for package friends.
*/
void addSignerCertificate(Certificate cert) throws KeyManagementException {
addCertificate(cert);
}
void clearCertificates() throws KeyManagementException {
Certificate[] certs = certificates();
for (int i = 0; i < certs.length; i++) {
removeCertificate(certs[i]);
}
}
public String toString() {
String trustedString = "not trusted";
if (trusted) {
trustedString = "trusted";
}
return super.toString() + "[" + trustedString + "]";
}
}
src/share/classes/sun/security/tools/JarSigner.java
浏览文件 @ dc2beb85
...@@ -118,8 +118,6 @@ public class JarSigner { ...@@ -118,8 +118,6 @@ public class JarSigner {
KeyStore store; // the keystore specified by -keystore KeyStore store; // the keystore specified by -keystore
// or the default keystore, never null // or the default keystore, never null
IdentityScope scope;
String keystore; // key store file String keystore; // key store file
boolean nullStream = false; // null keystore input stream (NONE) boolean nullStream = false; // null keystore input stream (NONE)
boolean token = false; // token-based keystore boolean token = false; // token-based keystore
...@@ -212,7 +210,6 @@ public class JarSigner { ...@@ -212,7 +210,6 @@ public class JarSigner {
if (verify) { if (verify) {
try { try {
loadKeyStore(keystore, false); loadKeyStore(keystore, false);
scope = IdentityScope.getSystemScope();
} catch (Exception e) { } catch (Exception e) {
if ((keystore != null) || (storepass != null)) { if ((keystore != null) || (storepass != null)) {
System.out.println(rb.getString("jarsigner error: ") + System.out.println(rb.getString("jarsigner error: ") +
...@@ -984,13 +981,6 @@ public class JarSigner { ...@@ -984,13 +981,6 @@ public class JarSigner {
result |= IN_KEYSTORE; result |= IN_KEYSTORE;
} }
} }
if (!found && (scope != null)) {
Identity id = scope.getIdentity(c.getPublicKey());
if (id != null) {
result |= IN_SCOPE;
storeHash.put(c, "[" + id.getName() + "]");
}
}
if (ckaliases.contains(alias)) { if (ckaliases.contains(alias)) {
result |= SIGNED_BY_ALIAS; result |= SIGNED_BY_ALIAS;
} }
......
src/share/classes/sun/security/tools/KeyTool.java
浏览文件 @ dc2beb85
...@@ -40,7 +40,6 @@ import java.security.UnrecoverableEntryException; ...@@ -40,7 +40,6 @@ import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException; import java.security.UnrecoverableKeyException;
import java.security.Principal; import java.security.Principal;
import java.security.Provider; import java.security.Provider;
import java.security.Identity;
import java.security.cert.Certificate; import java.security.cert.Certificate;
import java.security.cert.CertificateFactory; import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
...@@ -57,9 +56,6 @@ import java.net.URLClassLoader; ...@@ -57,9 +56,6 @@ import java.net.URLClassLoader;
import sun.misc.BASE64Encoder; import sun.misc.BASE64Encoder;
import sun.security.util.ObjectIdentifier; import sun.security.util.ObjectIdentifier;
import sun.security.pkcs.PKCS10; import sun.security.pkcs.PKCS10;
import sun.security.provider.IdentityDatabase;
import sun.security.provider.SystemSigner;
import sun.security.provider.SystemIdentity;
import sun.security.provider.X509Factory; import sun.security.provider.X509Factory;
import sun.security.util.DerOutputStream; import sun.security.util.DerOutputStream;
import sun.security.util.Password; import sun.security.util.Password;
...@@ -1163,18 +1159,16 @@ public final class KeyTool { ...@@ -1163,18 +1159,16 @@ public final class KeyTool {
Signature signature = Signature.getInstance(sigAlgName); Signature signature = Signature.getInstance(sigAlgName);
signature.initSign(privateKey); signature.initSign(privateKey);
X500Signer signer = new X500Signer(signature, issuer);
X509CertInfo info = new X509CertInfo(); X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VALIDITY, interval); info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
new java.util.Random().nextInt() & 0x7fffffff)); new java.util.Random().nextInt() & 0x7fffffff));
info.set(X509CertInfo.VERSION, info.set(X509CertInfo.VERSION,
new CertificateVersion(CertificateVersion.V3)); new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.ALGORITHM_ID, info.set(X509CertInfo.ALGORITHM_ID,
new CertificateAlgorithmId(signer.getAlgorithmId())); new CertificateAlgorithmId(
info.set(X509CertInfo.ISSUER, AlgorithmId.getAlgorithmId(sigAlgName)));
new CertificateIssuerName(signer.getSigner())); info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuer));
BufferedReader reader = new BufferedReader(new InputStreamReader(in)); BufferedReader reader = new BufferedReader(new InputStreamReader(in));
boolean canRead = false; boolean canRead = false;
...@@ -1249,7 +1243,7 @@ public final class KeyTool { ...@@ -1249,7 +1243,7 @@ public final class KeyTool {
request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS, request.getAttributes().setAttribute(X509CertInfo.EXTENSIONS,
new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext)); new PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID, ext));
// Construct an X500Signer object, so that we can sign the request // Construct a Signature object, so that we can sign the request
if (sigAlgName == null) { if (sigAlgName == null) {
sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm()); sigAlgName = getCompatibleSigAlgName(privKey.getAlgorithm());
} }
...@@ -1259,10 +1253,9 @@ public final class KeyTool { ...@@ -1259,10 +1253,9 @@ public final class KeyTool {
X500Name subject = dname == null? X500Name subject = dname == null?
new X500Name(((X509Certificate)cert).getSubjectDN().toString()): new X500Name(((X509Certificate)cert).getSubjectDN().toString()):
new X500Name(dname); new X500Name(dname);
X500Signer signer = new X500Signer(signature, subject);
// Sign the request and base-64 encode it // Sign the request and base-64 encode it
request.encodeAndSign(signer); request.encodeAndSign(subject, signature);
request.print(out); request.print(out);
} }
...@@ -1564,75 +1557,8 @@ public final class KeyTool { ...@@ -1564,75 +1557,8 @@ public final class KeyTool {
private void doImportIdentityDatabase(InputStream in) private void doImportIdentityDatabase(InputStream in)
throws Exception throws Exception
{ {
byte[] encoded; System.err.println(rb.getString
ByteArrayInputStream bais; ("No entries from identity database added"));
java.security.cert.X509Certificate newCert;
java.security.cert.Certificate[] chain = null;
PrivateKey privKey;
boolean modified = false;
IdentityDatabase idb = IdentityDatabase.fromStream(in);
for (Enumeration<Identity> enum_ = idb.identities();
enum_.hasMoreElements();) {
Identity id = enum_.nextElement();
newCert = null;
// only store trusted identities in keystore
if ((id instanceof SystemSigner && ((SystemSigner)id).isTrusted())
|| (id instanceof SystemIdentity
&& ((SystemIdentity)id).isTrusted())) {
// ignore if keystore entry with same alias name already exists
if (keyStore.containsAlias(id.getName())) {
MessageFormat form = new MessageFormat
(rb.getString("Keystore entry for <id.getName()> already exists"));
Object[] source = {id.getName()};
System.err.println(form.format(source));
continue;
}
java.security.Certificate[] certs = id.certificates();
if (certs!=null && certs.length>0) {
// we can only store one user cert per identity.
// convert old-style to new-style cert via the encoding
DerOutputStream dos = new DerOutputStream();
certs[0].encode(dos);
encoded = dos.toByteArray();
bais = new ByteArrayInputStream(encoded);
newCert = (X509Certificate)cf.generateCertificate(bais);
bais.close();
// if certificate is self-signed, make sure it verifies
if (isSelfSigned(newCert)) {
PublicKey pubKey = newCert.getPublicKey();
try {
newCert.verify(pubKey);
} catch (Exception e) {
// ignore this cert
continue;
}
}
if (id instanceof SystemSigner) {
MessageFormat form = new MessageFormat(rb.getString
("Creating keystore entry for <id.getName()> ..."));
Object[] source = {id.getName()};
System.err.println(form.format(source));
if (chain==null) {
chain = new java.security.cert.Certificate[1];
}
chain[0] = newCert;
privKey = ((SystemSigner)id).getPrivateKey();
keyStore.setKeyEntry(id.getName(), privKey, storePass,
chain);
} else {
keyStore.setCertificateEntry(id.getName(), newCert);
}
kssave = true;
}
}
}
if (!kssave) {
System.err.println(rb.getString
("No entries from identity database added"));
}
} }
/** /**
......
src/share/classes/sun/security/x509/CertAndKeyGen.java
浏览文件 @ dc2beb85
...@@ -189,41 +189,6 @@ public final class CertAndKeyGen { ...@@ -189,41 +189,6 @@ public final class CertAndKeyGen {
} }
/**
* Returns a self-signed X.509v1 certificate for the public key.
* The certificate is immediately valid.
*
* <P>Such certificates normally are used to identify a "Certificate
* Authority" (CA). Accordingly, they will not always be accepted by
* other parties. However, such certificates are also useful when
* you are bootstrapping your security infrastructure, or deploying
* system prototypes.
*
* @deprecated Use the new <a href =
* "#getSelfCertificate(sun.security.x509.X500Name, long)">
*
* @param myname X.500 name of the subject (who is also the issuer)
* @param validity how long the certificate should be valid, in seconds
*/
@Deprecated
public X509Cert getSelfCert (X500Name myname, long validity)
throws InvalidKeyException, SignatureException, NoSuchAlgorithmException
{
X509Certificate cert;
try {
cert = getSelfCertificate(myname, validity);
return new X509Cert(cert.getEncoded());
} catch (CertificateException e) {
throw new SignatureException(e.getMessage());
} catch (NoSuchProviderException e) {
throw new NoSuchAlgorithmException(e.getMessage());
} catch (IOException e) {
throw new SignatureException(e.getMessage());
}
}
/** /**
* Returns a self-signed X.509v3 certificate for the public key. * Returns a self-signed X.509v3 certificate for the public key.
* The certificate is immediately valid. No extensions. * The certificate is immediately valid. No extensions.
...@@ -248,13 +213,10 @@ public final class CertAndKeyGen { ...@@ -248,13 +213,10 @@ public final class CertAndKeyGen {
throws CertificateException, InvalidKeyException, SignatureException, throws CertificateException, InvalidKeyException, SignatureException,
NoSuchAlgorithmException, NoSuchProviderException NoSuchAlgorithmException, NoSuchProviderException
{ {
X500Signer issuer;
X509CertImpl cert; X509CertImpl cert;
Date lastDate; Date lastDate;
try { try {
issuer = getSigner (myname);
lastDate = new Date (); lastDate = new Date ();
lastDate.setTime (firstDate.getTime () + validity * 1000); lastDate.setTime (firstDate.getTime () + validity * 1000);
...@@ -267,14 +229,13 @@ public final class CertAndKeyGen { ...@@ -267,14 +229,13 @@ public final class CertAndKeyGen {
new CertificateVersion(CertificateVersion.V3)); new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber( info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
new java.util.Random().nextInt() & 0x7fffffff)); new java.util.Random().nextInt() & 0x7fffffff));
AlgorithmId algID = issuer.getAlgorithmId(); AlgorithmId algID = AlgorithmId.getAlgorithmId(sigAlg);
info.set(X509CertInfo.ALGORITHM_ID, info.set(X509CertInfo.ALGORITHM_ID,
new CertificateAlgorithmId(algID)); new CertificateAlgorithmId(algID));
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname)); info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(myname));
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey)); info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
info.set(X509CertInfo.VALIDITY, interval); info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.ISSUER, info.set(X509CertInfo.ISSUER, new CertificateIssuerName(myname));
new CertificateIssuerName(issuer.getSigner()));
cert = new X509CertImpl(info); cert = new X509CertImpl(info);
cert.sign(privateKey, this.sigAlg); cert.sign(privateKey, this.sigAlg);
...@@ -315,7 +276,9 @@ public final class CertAndKeyGen { ...@@ -315,7 +276,9 @@ public final class CertAndKeyGen {
PKCS10 req = new PKCS10 (publicKey); PKCS10 req = new PKCS10 (publicKey);
try { try {
req.encodeAndSign (getSigner (myname)); Signature signature = Signature.getInstance(sigAlg);
signature.initSign (privateKey);
req.encodeAndSign(myname, signature);
} catch (CertificateException e) { } catch (CertificateException e) {
throw new SignatureException (sigAlg + " CertificateException"); throw new SignatureException (sigAlg + " CertificateException");
...@@ -330,18 +293,6 @@ public final class CertAndKeyGen { ...@@ -330,18 +293,6 @@ public final class CertAndKeyGen {
return req; return req;
} }
private X500Signer getSigner (X500Name me)
throws InvalidKeyException, NoSuchAlgorithmException
{
Signature signature = Signature.getInstance(sigAlg);
// XXX should have a way to pass prng to the signature
// algorithm ... appropriate for DSS/DSA, not RSA
signature.initSign (privateKey);
return new X500Signer (signature, me);
}
private SecureRandom prng; private SecureRandom prng;
private String sigAlg; private String sigAlg;
private KeyPairGenerator keyGen; private KeyPairGenerator keyGen;
......
src/share/classes/sun/security/x509/X500Signer.java 已删除 100644 → 0
浏览文件 @ 037fa367
/*
* Copyright 1996-2003 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package sun.security.x509;
import java.security.Signature;
import java.security.SignatureException;
import java.security.Signer;
import java.security.NoSuchAlgorithmException;
/**
* This class provides a binding between a Signature object and an
* authenticated X.500 name (from an X.509 certificate chain), which
* is needed in many public key signing applications.
*
* <P>The name of the signer is important, both because knowing it is the
* whole point of the signature, and because the associated X.509 certificate
* is always used to verify the signature.
*
* <P><em>The X.509 certificate chain is temporarily not associated with
* the signer, but this omission will be resolved.</em>
*
*
* @author David Brownell
* @author Amit Kapoor
* @author Hemma Prafullchandra
*/
public final class X500Signer extends Signer
{
private static final long serialVersionUID = -8609982645394364834L;
/**
* Called for each chunk of the data being signed. That
* is, you can present the data in many chunks, so that
* it doesn't need to be in a single sequential buffer.
*
* @param buf buffer holding the next chunk of the data to be signed
* @param offset starting point of to-be-signed data
* @param len how many bytes of data are to be signed
* @exception SignatureException on errors.
*/
public void update(byte buf[], int offset, int len)
throws SignatureException {
sig.update (buf, offset, len);
}
/**
* Produces the signature for the data processed by update().
*
* @exception SignatureException on errors.
*/
public byte[] sign() throws SignatureException {
return sig.sign();
}
/**
* Returns the algorithm used to sign.
*/
public AlgorithmId getAlgorithmId() {
return algid;
}
/**
* Returns the name of the signing agent.
*/
public X500Name getSigner() {
return agent;
}
/*
* Constructs a binding between a signature and an X500 name
* from an X.509 certificate.
*/
// package private ----hmmmmm ?????
public X500Signer(Signature sig, X500Name agent) {
if (sig == null || agent == null)
throw new IllegalArgumentException ("null parameter");
this.sig = sig;
this.agent = agent;
try {
this.algid = AlgorithmId.getAlgorithmId(sig.getAlgorithm());
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("internal error! " + e.getMessage());
}
}
private Signature sig;
private X500Name agent; // XXX should be X509CertChain
private AlgorithmId algid;
}
src/share/classes/sun/tools/jar/JarVerifierStream.java 已删除 100644 → 0
浏览文件 @ 037fa367
/*
* Copyright 1996-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package sun.tools.jar;
import java.io.*;
import java.util.*;
import java.util.zip.*;
import java.util.jar.*;
import java.security.cert.Certificate;
import java.security.AccessController;
import java.security.cert.X509Certificate;
import java.security.PublicKey;
import java.security.Principal;
import sun.security.provider.SystemIdentity;
/**
* This is OBSOLETE. DO NOT USE THIS. Use
* java.util.jar.JarEntry.getCertificates instead. It has to stay here
* because some apps (namely HJ and HJV) call directly into it.
*
* This class is stripped down greatly from JDK 1.1.x.
*
* @author Roland Schemers
*/
public class JarVerifierStream extends ZipInputStream {
private JarEntry current;
private Hashtable<String, Vector<SystemIdentity>> verified
= new Hashtable<String, Vector<SystemIdentity>>();
private JarInputStream jis;
private sun.tools.jar.Manifest man = null;
/**
* construct a JarVerfierStream from an input stream.
*/
public JarVerifierStream(InputStream is)
throws IOException
{
super(is);
jis = new JarInputStream(is);
}
public void close()
throws IOException
{
jis.close();
}
public void closeEntry() throws IOException {
jis.closeEntry();
}
/**
* This method scans to see which entry we're parsing and
* keeps various state information depending on what type of
* file is being parsed. Files it treats specially are: <ul>
*
* <li>Manifest files. At any point, this stream can be queried
* for a manifest. If it is present, a Manifest object will be
* returned.
*
* <li>Block Signature file. Like with the manifest, the stream
* can be queried at any time for all blocks parsed thus far.
*
* </ul>
*/
public synchronized ZipEntry getNextEntry() throws IOException {
current = (JarEntry) jis.getNextEntry();
return current;
}
/**
* read a single byte.
*/
public int read() throws IOException {
int n = jis.read();
if (n == -1) {
addIds();
}
return n;
}
/**
* read an array of bytes.
*/
public int read(byte[] b, int off, int len) throws IOException {
int n = jis.read(b, off, len);
if (n == -1) {
addIds();
}
return n;
}
private void addIds()
{
if (current != null) {
Certificate[] certs = current.getCertificates();
if (certs != null) {
Vector<SystemIdentity> ids = getIds(certs);
if (ids != null) {
verified.put(current.getName(), ids);
}
}
}
}
/**
* Returns a Hashtable mapping filenames to vectors of identities.
*/
public Hashtable getVerifiedSignatures() {
/* we may want to return a copy of this at some point.
For now we simply trust the caller */
if (verified.isEmpty())
return null;
else
return verified;
}
/**
* Returns an enumeration of PKCS7 blocks. This looks bogus,
* but Hotjava just checks to see if enumeration is not null
* to see if anything was signed!
*/
public Enumeration getBlocks() {
if (verified.isEmpty()) {
return null;
} else {
return new Enumeration() {
public boolean hasMoreElements() { return false; }
public Object nextElement() { return null; }
};
}
}
/**
* This method used to be called by various versions of
* AppletResourceLoader, even though they didn't do anything with
* the result. We leave them and return null for backwards compatability.
*/
public Hashtable getNameToHash() {
return null;
}
/**
* Convert java.util.jar.Manifest object to a sun.tools.jar.Manifest
* object.
*/
public sun.tools.jar.Manifest getManifest() {
if (man == null) {
try {
java.util.jar.Manifest jman = jis.getManifest();
if (jman == null)
return null;
ByteArrayOutputStream baos = new ByteArrayOutputStream();
jman.write(baos);
byte[] data = baos.toByteArray();
man = new sun.tools.jar.Manifest(data);
} catch (IOException ioe) {
// return null
}
}
return man;
}
static class CertCache {
Certificate [] certs;
Vector<SystemIdentity> ids;
boolean equals(Certificate[] certs) {
if (this.certs == null) {
if (certs!= null)
return false;
else
return true;
}
if (certs == null)
return false;
boolean match;
for (int i = 0; i < certs.length; i++) {
match = false;
for (int j = 0; j < this.certs.length; j++) {
if (certs[i].equals(this.certs[j])) {
match = true;
break;
}
}
if (!match) return false;
}
for (int i = 0; i < this.certs.length; i++) {
match = false;
for (int j = 0; j < certs.length; j++) {
if (this.certs[i].equals(certs[j])) {
match = true;
break;
}
}
if (!match) return false;
}
return true;
}
}
private ArrayList<CertCache> certCache = null;
/**
* Returns the Identity vector for the given array of Certificates
*/
protected Vector<SystemIdentity> getIds(Certificate[] certs) {
if (certs == null)
return null;
if (certCache == null)
certCache = new ArrayList<CertCache>();
CertCache cc;
for (int i = 0; i < certCache.size(); i++) {
cc = certCache.get(i);
if (cc.equals(certs)) {
return cc.ids;
}
}
cc = new CertCache();
cc.certs = certs;
if (certs.length > 0) {
for (int i=0; i<certs.length; i++) {
try {
X509Certificate cert = (X509Certificate) certs[i];
Principal tmpName = cert.getSubjectDN();
final SystemIdentity id = new SystemIdentity(
tmpName.getName(),
null);
byte[] encoded = cert.getEncoded();
final java.security.Certificate oldC =
new sun.security.x509.X509Cert(encoded);
try {
AccessController.doPrivileged(
new java.security.PrivilegedExceptionAction<Void>() {
public Void run()
throws java.security.KeyManagementException
{
id.addCertificate(oldC);
return null;
}
});
} catch (java.security.PrivilegedActionException pae) {
throw (java.security.KeyManagementException)
pae.getException();
}
if (cc.ids == null)
cc.ids = new Vector<SystemIdentity>();
cc.ids.addElement(id);
} catch (java.security.KeyManagementException kme) {
// ignore if we can't create Identity
} catch (IOException ioe) {
// ignore if we can't parse
} catch (java.security.cert.CertificateEncodingException cee) {
// ignore if we can't encode
}
}
}
certCache.add(cc);
return cc.ids;
}
}
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册