Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openanolis
dragonwell8_jdk
提交
dc2beb85
D
dragonwell8_jdk
项目概览
openanolis
/
dragonwell8_jdk
通知
3
Star
2
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
D
dragonwell8_jdk
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
dc2beb85
编写于
12月 07, 2009
作者:
A
alanb
浏览文件
操作
浏览文件
下载
差异文件
Merge
上级
037fa367
7387429c
变更
12
展开全部
隐藏空白更改
内联
并排
Showing
12 changed file
with
28 addition
and
2191 deletion
+28
-2191
src/share/classes/com/sun/security/auth/PolicyFile.java
src/share/classes/com/sun/security/auth/PolicyFile.java
+1
-6
src/share/classes/sun/security/pkcs/PKCS10.java
src/share/classes/sun/security/pkcs/PKCS10.java
+13
-8
src/share/classes/sun/security/provider/IdentityDatabase.java
...share/classes/sun/security/provider/IdentityDatabase.java
+0
-427
src/share/classes/sun/security/provider/PolicyFile.java
src/share/classes/sun/security/provider/PolicyFile.java
+1
-80
src/share/classes/sun/security/provider/SystemIdentity.java
src/share/classes/sun/security/provider/SystemIdentity.java
+0
-107
src/share/classes/sun/security/provider/SystemSigner.java
src/share/classes/sun/security/provider/SystemSigner.java
+0
-115
src/share/classes/sun/security/tools/JarSigner.java
src/share/classes/sun/security/tools/JarSigner.java
+0
-10
src/share/classes/sun/security/tools/KeyTool.java
src/share/classes/sun/security/tools/KeyTool.java
+8
-82
src/share/classes/sun/security/x509/CertAndKeyGen.java
src/share/classes/sun/security/x509/CertAndKeyGen.java
+5
-54
src/share/classes/sun/security/x509/X500Signer.java
src/share/classes/sun/security/x509/X500Signer.java
+0
-115
src/share/classes/sun/security/x509/X509Cert.java
src/share/classes/sun/security/x509/X509Cert.java
+0
-892
src/share/classes/sun/tools/jar/JarVerifierStream.java
src/share/classes/sun/tools/jar/JarVerifierStream.java
+0
-295
未找到文件。
src/share/classes/com/sun/security/auth/PolicyFile.java
浏览文件 @
dc2beb85
...
@@ -34,8 +34,6 @@ import java.util.*;
...
@@ -34,8 +34,6 @@ import java.util.*;
import
java.security.AccessController
;
import
java.security.AccessController
;
import
java.security.CodeSource
;
import
java.security.CodeSource
;
import
java.security.Identity
;
import
java.security.IdentityScope
;
import
java.security.KeyStore
;
import
java.security.KeyStore
;
import
java.security.KeyStoreException
;
import
java.security.KeyStoreException
;
import
java.security.Permission
;
import
java.security.Permission
;
...
@@ -267,7 +265,7 @@ public class PolicyFile extends javax.security.auth.Policy {
...
@@ -267,7 +265,7 @@ public class PolicyFile extends javax.security.auth.Policy {
private
boolean
initialized
=
false
;
private
boolean
initialized
=
false
;
private
boolean
expandProperties
=
true
;
private
boolean
expandProperties
=
true
;
private
boolean
ignoreIdentityScope
=
fals
e
;
private
boolean
ignoreIdentityScope
=
tru
e
;
// for use with the reflection API
// for use with the reflection API
...
@@ -459,9 +457,6 @@ public class PolicyFile extends javax.security.auth.Policy {
...
@@ -459,9 +457,6 @@ public class PolicyFile extends javax.security.auth.Policy {
}
}
}
}
/** the scope to check */
private
static
IdentityScope
scope
=
null
;
/**
/**
* Checks public key. If it is marked as trusted in
* Checks public key. If it is marked as trusted in
* the identity database, add it to the policy
* the identity database, add it to the policy
...
...
src/share/classes/sun/security/pkcs/PKCS10.java
浏览文件 @
dc2beb85
...
@@ -44,7 +44,6 @@ import sun.security.util.*;
...
@@ -44,7 +44,6 @@ import sun.security.util.*;
import
sun.security.x509.AlgorithmId
;
import
sun.security.x509.AlgorithmId
;
import
sun.security.x509.X509Key
;
import
sun.security.x509.X509Key
;
import
sun.security.x509.X500Name
;
import
sun.security.x509.X500Name
;
import
sun.security.x509.X500Signer
;
/**
/**
* A PKCS #10 certificate request is created and sent to a Certificate
* A PKCS #10 certificate request is created and sent to a Certificate
...
@@ -183,13 +182,13 @@ public class PKCS10 {
...
@@ -183,13 +182,13 @@ public class PKCS10 {
* Create the signed certificate request. This will later be
* Create the signed certificate request. This will later be
* retrieved in either string or binary format.
* retrieved in either string or binary format.
*
*
* @param
requester identifies the signer (by X.500 name)
* @param
subject identifies the signer (by X.500 name).
*
and provides the private key used to sign
.
*
@param signature private key and signing algorithm to use
.
* @exception IOException on errors.
* @exception IOException on errors.
* @exception CertificateException on certificate handling errors.
* @exception CertificateException on certificate handling errors.
* @exception SignatureException on signature handling errors.
* @exception SignatureException on signature handling errors.
*/
*/
public
void
encodeAndSign
(
X500
Signer
requester
)
public
void
encodeAndSign
(
X500
Name
subject
,
Signature
signature
)
throws
CertificateException
,
IOException
,
SignatureException
{
throws
CertificateException
,
IOException
,
SignatureException
{
DerOutputStream
out
,
scratch
;
DerOutputStream
out
,
scratch
;
byte
[]
certificateRequestInfo
;
byte
[]
certificateRequestInfo
;
...
@@ -198,7 +197,7 @@ public class PKCS10 {
...
@@ -198,7 +197,7 @@ public class PKCS10 {
if
(
encoded
!=
null
)
if
(
encoded
!=
null
)
throw
new
SignatureException
(
"request is already signed"
);
throw
new
SignatureException
(
"request is already signed"
);
subject
=
requester
.
getSigner
()
;
this
.
subject
=
subject
;
/*
/*
* Encode cert request info, wrap in a sequence for signing
* Encode cert request info, wrap in a sequence for signing
...
@@ -217,14 +216,20 @@ public class PKCS10 {
...
@@ -217,14 +216,20 @@ public class PKCS10 {
/*
/*
* Sign it ...
* Sign it ...
*/
*/
requester
.
update
(
certificateRequestInfo
,
0
,
signature
.
update
(
certificateRequestInfo
,
0
,
certificateRequestInfo
.
length
);
certificateRequestInfo
.
length
);
sig
=
requester
.
sign
();
sig
=
signature
.
sign
();
/*
/*
* Build guts of SIGNED macro
* Build guts of SIGNED macro
*/
*/
requester
.
getAlgorithmId
().
encode
(
scratch
);
// sig algorithm
AlgorithmId
algId
=
null
;
try
{
algId
=
AlgorithmId
.
getAlgorithmId
(
signature
.
getAlgorithm
());
}
catch
(
NoSuchAlgorithmException
nsae
)
{
throw
new
SignatureException
(
nsae
);
}
algId
.
encode
(
scratch
);
// sig algorithm
scratch
.
putBitString
(
sig
);
// sig
scratch
.
putBitString
(
sig
);
// sig
/*
/*
...
...
src/share/classes/sun/security/provider/IdentityDatabase.java
已删除
100644 → 0
浏览文件 @
037fa367
/*
* Copyright 1996-2006 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package
sun.security.provider
;
import
java.io.*
;
import
java.util.*
;
import
java.security.*
;
/**
* An implementation of IdentityScope as a persistent identity
* database.
*
* @see Identity
* @see Key
*
* @author Benjamin Renaud
*/
public
class
IdentityDatabase
extends
IdentityScope
implements
Serializable
{
/** use serialVersionUID from JDK 1.1. for interoperability */
private
static
final
long
serialVersionUID
=
4923799573357658384L
;
/* Are we debugging? */
private
static
final
boolean
debug
=
false
;
/* Are we printing out error messages? */
private
static
final
boolean
error
=
true
;
/* The source file, if any, for this database.*/
File
sourceFile
;
/* The private representation of the database.*/
Hashtable
<
String
,
Identity
>
identities
;
IdentityDatabase
()
throws
InvalidParameterException
{
this
(
"restoring..."
);
}
/**
* Construct a new, empty database with a specified source file.
*
* @param file the source file.
*/
public
IdentityDatabase
(
File
file
)
throws
InvalidParameterException
{
this
(
file
.
getName
());
sourceFile
=
file
;
}
/**
* Construct a new, empty database.
*/
public
IdentityDatabase
(
String
name
)
throws
InvalidParameterException
{
super
(
name
);
identities
=
new
Hashtable
<
String
,
Identity
>();
}
/**
* Initialize an identity database from a stream. The stream should
* contain data to initialized a serialized IdentityDatabase
* object.
*
* @param is the input stream from which to restore the database.
*
* @exception IOException if a stream IO exception occurs
*/
public
static
IdentityDatabase
fromStream
(
InputStream
is
)
throws
IOException
{
IdentityDatabase
db
=
null
;
try
{
ObjectInputStream
ois
=
new
ObjectInputStream
(
is
);
db
=
(
IdentityDatabase
)
ois
.
readObject
();
}
catch
(
ClassNotFoundException
e
)
{
// this can't happen.
debug
(
"This should not be happening."
,
e
);
error
(
"The version of the database is obsolete. Cannot initialize."
);
}
catch
(
InvalidClassException
e
)
{
// this may happen in developers workspaces happen.
debug
(
"This should not be happening."
,
e
);
error
(
"Unable to initialize system identity scope: "
+
" InvalidClassException. \nThis is most likely due to "
+
"a serialization versioning problem: a class used in "
+
"key management was obsoleted"
);
}
catch
(
StreamCorruptedException
e
)
{
debug
(
"The serialization stream is corrupted. Unable to load."
,
e
);
error
(
"Unable to initialize system identity scope."
+
" StreamCorruptedException."
);
}
if
(
db
==
null
)
{
db
=
new
IdentityDatabase
(
"uninitialized"
);
}
return
db
;
}
/**
* Initialize an IdentityDatabase from file.
*
* @param f the filename where the identity database is stored.
*
* @exception IOException a file-related exception occurs (e.g.
* the directory of the file passed does not exists, etc.
*
* @IOException if a file IO exception occurs.
*/
public
static
IdentityDatabase
fromFile
(
File
f
)
throws
IOException
{
FileInputStream
fis
=
new
FileInputStream
(
f
);
IdentityDatabase
edb
=
fromStream
(
fis
);
edb
.
sourceFile
=
f
;
return
edb
;
}
/**
* @return the number of identities in the database.
*/
public
int
size
()
{
return
identities
.
size
();
}
/**
* @param name the name of the identity to be retrieved.
*
* @return the identity named name, or null if there are
* no identities named name in the database.
*/
public
Identity
getIdentity
(
String
name
)
{
Identity
id
=
identities
.
get
(
name
);
if
(
id
instanceof
Signer
)
{
localCheck
(
"get.signer"
);
}
return
id
;
}
/**
* Get an identity by key.
*
* @param name the key of the identity to be retrieved.
*
* @return the identity with a given key, or null if there are no
* identities with that key in the database.
*/
public
Identity
getIdentity
(
PublicKey
key
)
{
if
(
key
==
null
)
{
return
null
;
}
Enumeration
<
Identity
>
e
=
identities
();
while
(
e
.
hasMoreElements
())
{
Identity
i
=
e
.
nextElement
();
PublicKey
k
=
i
.
getPublicKey
();
if
(
k
!=
null
&&
keyEqual
(
k
,
key
))
{
if
(
i
instanceof
Signer
)
{
localCheck
(
"get.signer"
);
}
return
i
;
}
}
return
null
;
}
private
boolean
keyEqual
(
Key
key1
,
Key
key2
)
{
if
(
key1
==
key2
)
{
return
true
;
}
else
{
return
MessageDigest
.
isEqual
(
key1
.
getEncoded
(),
key2
.
getEncoded
());
}
}
/**
* Adds an identity to the database.
*
* @param identity the identity to be added.
*
* @exception KeyManagementException if a name or key clash
* occurs, or if another exception occurs.
*/
public
void
addIdentity
(
Identity
identity
)
throws
KeyManagementException
{
localCheck
(
"add.identity"
);
Identity
byName
=
getIdentity
(
identity
.
getName
());
Identity
byKey
=
getIdentity
(
identity
.
getPublicKey
());
String
msg
=
null
;
if
(
byName
!=
null
)
{
msg
=
"name conflict"
;
}
if
(
byKey
!=
null
)
{
msg
=
"key conflict"
;
}
if
(
msg
!=
null
)
{
throw
new
KeyManagementException
(
msg
);
}
identities
.
put
(
identity
.
getName
(),
identity
);
}
/**
* Removes an identity to the database.
*/
public
void
removeIdentity
(
Identity
identity
)
throws
KeyManagementException
{
localCheck
(
"remove.identity"
);
String
name
=
identity
.
getName
();
if
(
identities
.
get
(
name
)
==
null
)
{
throw
new
KeyManagementException
(
"there is no identity named "
+
name
+
" in "
+
this
);
}
identities
.
remove
(
name
);
}
/**
* @return an enumeration of all identities in the database.
*/
public
Enumeration
<
Identity
>
identities
()
{
return
identities
.
elements
();
}
/**
* Set the source file for this database.
*/
void
setSourceFile
(
File
f
)
{
sourceFile
=
f
;
}
/**
* @return the source file for this database.
*/
File
getSourceFile
()
{
return
sourceFile
;
}
/**
* Save the database in its current state to an output stream.
*
* @param os the output stream to which the database should be serialized.
*
* @exception IOException if an IO exception is raised by stream
* operations.
*/
public
void
save
(
OutputStream
os
)
throws
IOException
{
try
{
ObjectOutputStream
oos
=
new
ObjectOutputStream
(
os
);
oos
.
writeObject
(
this
);
oos
.
flush
();
}
catch
(
InvalidClassException
e
)
{
debug
(
"This should not be happening."
,
e
);
return
;
}
}
/**
* Save the database to a file.
*
* @exception IOException if an IO exception is raised by stream
* operations.
*/
void
save
(
File
f
)
throws
IOException
{
setSourceFile
(
f
);
FileOutputStream
fos
=
new
FileOutputStream
(
f
);
save
(
fos
);
}
/**
* Saves the database to the default source file.
*
* @exception KeyManagementException when there is no default source
* file specified for this database.
*/
public
void
save
()
throws
IOException
{
if
(
sourceFile
==
null
)
{
throw
new
IOException
(
"this database has no source file"
);
}
save
(
sourceFile
);
}
/**
* This method returns the file from which to initialize the
* system database.
*/
private
static
File
systemDatabaseFile
()
{
// First figure out where the identity database is hiding, if anywhere.
String
dbPath
=
Security
.
getProperty
(
"identity.database"
);
// if nowhere, it's the canonical place.
if
(
dbPath
==
null
)
{
dbPath
=
System
.
getProperty
(
"user.home"
)
+
File
.
separatorChar
+
"identitydb.obj"
;
}
return
new
File
(
dbPath
);
}
/* This block initializes the system database, if there is one. */
static
{
java
.
security
.
AccessController
.
doPrivileged
(
new
java
.
security
.
PrivilegedAction
<
Void
>()
{
public
Void
run
()
{
initializeSystem
();
return
null
;
}
});
}
/**
* This method initializes the system's identity database. The
* canonical location is
* <user.home>/identitydatabase.obj. This is settable through
* the identity.database property. */
private
static
void
initializeSystem
()
{
IdentityDatabase
systemDatabase
;
File
dbFile
=
systemDatabaseFile
();
// Second figure out if it's there, and if it isn't, create one.
try
{
if
(
dbFile
.
exists
())
{
debug
(
"loading system database from file: "
+
dbFile
);
systemDatabase
=
fromFile
(
dbFile
);
}
else
{
systemDatabase
=
new
IdentityDatabase
(
dbFile
);
}
IdentityScope
.
setSystemScope
(
systemDatabase
);
debug
(
"System database initialized: "
+
systemDatabase
);
}
catch
(
IOException
e
)
{
debug
(
"Error initializing identity database: "
+
dbFile
,
e
);
return
;
}
catch
(
InvalidParameterException
e
)
{
debug
(
"Error trying to instantiate a system identities db in "
+
dbFile
,
e
);
return
;
}
}
/*
private static File securityPropFile(String filename) {
// maybe check for a system property which will specify where to
// look.
String sep = File.separator;
return new File(System.getProperty("java.home") +
sep + "lib" + sep + "security" +
sep + filename);
}
*/
public
String
toString
()
{
return
"sun.security.provider.IdentityDatabase, source file: "
+
sourceFile
;
}
private
static
void
debug
(
String
s
)
{
if
(
debug
)
{
System
.
err
.
println
(
s
);
}
}
private
static
void
debug
(
String
s
,
Throwable
t
)
{
if
(
debug
)
{
t
.
printStackTrace
();
System
.
err
.
println
(
s
);
}
}
private
static
void
error
(
String
s
)
{
if
(
error
)
{
System
.
err
.
println
(
s
);
}
}
void
localCheck
(
String
directive
)
{
SecurityManager
security
=
System
.
getSecurityManager
();
if
(
security
!=
null
)
{
directive
=
this
.
getClass
().
getName
()
+
"."
+
directive
+
"."
+
localFullName
();
security
.
checkSecurityAccess
(
directive
);
}
}
/**
* Returns a parsable name for identity: identityName.scopeName
*/
String
localFullName
()
{
String
parsable
=
getName
();
if
(
getScope
()
!=
null
)
{
parsable
+=
"."
+
getScope
().
getName
();
}
return
parsable
;
}
/**
* Serialization write.
*/
private
synchronized
void
writeObject
(
java
.
io
.
ObjectOutputStream
stream
)
throws
IOException
{
localCheck
(
"serialize.identity.database"
);
stream
.
writeObject
(
identities
);
stream
.
writeObject
(
sourceFile
);
}
}
src/share/classes/sun/security/provider/PolicyFile.java
浏览文件 @
dc2beb85
...
@@ -295,16 +295,13 @@ public class PolicyFile extends java.security.Policy {
...
@@ -295,16 +295,13 @@ public class PolicyFile extends java.security.Policy {
private
static
final
int
DEFAULT_CACHE_SIZE
=
1
;
private
static
final
int
DEFAULT_CACHE_SIZE
=
1
;
/** the scope to check */
private
static
IdentityScope
scope
=
null
;
// contains the policy grant entries, PD cache, and alias mapping
// contains the policy grant entries, PD cache, and alias mapping
private
AtomicReference
<
PolicyInfo
>
policyInfo
=
private
AtomicReference
<
PolicyInfo
>
policyInfo
=
new
AtomicReference
<
PolicyInfo
>();
new
AtomicReference
<
PolicyInfo
>();
private
boolean
constructed
=
false
;
private
boolean
constructed
=
false
;
private
boolean
expandProperties
=
true
;
private
boolean
expandProperties
=
true
;
private
boolean
ignoreIdentityScope
=
fals
e
;
private
boolean
ignoreIdentityScope
=
tru
e
;
private
boolean
allowSystemProperties
=
true
;
private
boolean
allowSystemProperties
=
true
;
private
boolean
notUtf8
=
false
;
private
boolean
notUtf8
=
false
;
private
URL
url
;
private
URL
url
;
...
@@ -2024,85 +2021,9 @@ public class PolicyFile extends java.security.Policy {
...
@@ -2024,85 +2021,9 @@ public class PolicyFile extends java.security.Policy {
private
boolean
checkForTrustedIdentity
(
final
Certificate
cert
,
private
boolean
checkForTrustedIdentity
(
final
Certificate
cert
,
PolicyInfo
myInfo
)
PolicyInfo
myInfo
)
{
{
if
(
cert
==
null
)
return
false
;
// see if we are ignoring the identity scope or not
if
(
ignoreIdentityScope
)
return
false
;
// try to initialize scope
synchronized
(
PolicyFile
.
class
)
{
if
(
scope
==
null
)
{
IdentityScope
is
=
IdentityScope
.
getSystemScope
();
if
(
is
instanceof
sun
.
security
.
provider
.
IdentityDatabase
)
{
scope
=
is
;
}
else
{
// leave scope null
}
}
}
if
(
scope
==
null
)
{
ignoreIdentityScope
=
true
;
return
false
;
}
// need privileged block for getIdentity in case we are trying
// to get a signer
final
Identity
id
=
AccessController
.
doPrivileged
(
new
java
.
security
.
PrivilegedAction
<
Identity
>()
{
public
Identity
run
()
{
return
scope
.
getIdentity
(
cert
.
getPublicKey
());
}
});
if
(
isTrusted
(
id
))
{
if
(
debug
!=
null
)
{
debug
.
println
(
"Adding policy entry for trusted Identity: "
);
//needed for identity toString!
AccessController
.
doPrivileged
(
new
java
.
security
.
PrivilegedAction
<
Void
>()
{
public
Void
run
()
{
debug
.
println
(
" identity = "
+
id
);
return
null
;
}
});
debug
.
println
(
""
);
}
// add it to the policy for future reference
Certificate
certs
[]
=
new
Certificate
[]
{
cert
};
PolicyEntry
pe
=
new
PolicyEntry
(
new
CodeSource
(
null
,
certs
));
pe
.
add
(
SecurityConstants
.
ALL_PERMISSION
);
myInfo
.
identityPolicyEntries
.
add
(
pe
);
// add it to the mapping as well so
// we don't have to go through this again
myInfo
.
aliasMapping
.
put
(
cert
,
id
.
getName
());
return
true
;
}
return
false
;
return
false
;
}
}
private
static
boolean
isTrusted
(
Identity
id
)
{
if
(
id
instanceof
SystemIdentity
)
{
SystemIdentity
sysid
=
(
SystemIdentity
)
id
;
if
(
sysid
.
isTrusted
())
{
return
true
;
}
}
else
if
(
id
instanceof
SystemSigner
)
{
SystemSigner
sysid
=
(
SystemSigner
)
id
;
if
(
sysid
.
isTrusted
())
{
return
true
;
}
}
return
false
;
}
/**
/**
* Each entry in the policy configuration file is represented by a
* Each entry in the policy configuration file is represented by a
* PolicyEntry object. <p>
* PolicyEntry object. <p>
...
...
src/share/classes/sun/security/provider/SystemIdentity.java
已删除
100644 → 0
浏览文件 @
037fa367
/*
* Copyright 1996-2000 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package
sun.security.provider
;
import
java.io.Serializable
;
import
java.util.Enumeration
;
import
java.security.*
;
/**
* An identity with a very simple trust mechanism.
*
* @author Benjamin Renaud
*/
public
class
SystemIdentity
extends
Identity
implements
Serializable
{
/** use serialVersionUID from JDK 1.1. for interoperability */
private
static
final
long
serialVersionUID
=
9060648952088498478L
;
/* This should be changed to ACL */
boolean
trusted
=
false
;
/* Free form additional information about this identity. */
private
String
info
;
public
SystemIdentity
(
String
name
,
IdentityScope
scope
)
throws
InvalidParameterException
,
KeyManagementException
{
super
(
name
,
scope
);
}
/**
* Is this identity trusted by sun.* facilities?
*/
public
boolean
isTrusted
()
{
return
trusted
;
}
/**
* Set the trust status of this identity.
*/
protected
void
setTrusted
(
boolean
trusted
)
{
this
.
trusted
=
trusted
;
}
void
setIdentityInfo
(
String
info
)
{
super
.
setInfo
(
info
);
}
String
getIndentityInfo
()
{
return
super
.
getInfo
();
}
/**
* Call back method into a protected method for package friends.
*/
void
setIdentityPublicKey
(
PublicKey
key
)
throws
KeyManagementException
{
setPublicKey
(
key
);
}
/**
* Call back method into a protected method for package friends.
*/
void
addIdentityCertificate
(
Certificate
cert
)
throws
KeyManagementException
{
addCertificate
(
cert
);
}
void
clearCertificates
()
throws
KeyManagementException
{
Certificate
[]
certs
=
certificates
();
for
(
int
i
=
0
;
i
<
certs
.
length
;
i
++)
{
removeCertificate
(
certs
[
i
]);
}
}
public
String
toString
()
{
String
trustedString
=
"not trusted"
;
if
(
trusted
)
{
trustedString
=
"trusted"
;
}
return
super
.
toString
()
+
"["
+
trustedString
+
"]"
;
}
}
src/share/classes/sun/security/provider/SystemSigner.java
已删除
100644 → 0
浏览文件 @
037fa367
/*
* Copyright 1996-2000 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package
sun.security.provider
;
import
java.util.*
;
import
java.security.*
;
/**
* SunSecurity signer. Like SystemIdentity, it has a trust bit, which
* can be set by SunSecurity classes, and a set of accessors for other
* classes in sun.security.*.
*
* @author Benjamin Renaud
*/
public
class
SystemSigner
extends
Signer
{
/** use serialVersionUID from JDK 1.1. for interoperability */
private
static
final
long
serialVersionUID
=
-
2127743304301557711L
;
/* Is this signer trusted */
private
boolean
trusted
=
false
;
/**
* Construct a signer with a given name.
*/
public
SystemSigner
(
String
name
)
{
super
(
name
);
}
/**
* Construct a signer with a name and a scope.
*
* @param name the signer's name.
*
* @param scope the scope for this signer.
*/
public
SystemSigner
(
String
name
,
IdentityScope
scope
)
throws
KeyManagementException
{
super
(
name
,
scope
);
}
/* Set the trust status of this signer */
void
setTrusted
(
boolean
trusted
)
{
this
.
trusted
=
trusted
;
}
/**
* Returns true if this signer is trusted.
*/
public
boolean
isTrusted
()
{
return
trusted
;
}
/* friendly callback for set keys */
void
setSignerKeyPair
(
KeyPair
pair
)
throws
InvalidParameterException
,
KeyException
{
setKeyPair
(
pair
);
}
/* friendly callback for getting private keys */
PrivateKey
getSignerPrivateKey
()
{
return
getPrivateKey
();
}
void
setSignerInfo
(
String
s
)
{
setInfo
(
s
);
}
/**
* Call back method into a protected method for package friends.
*/
void
addSignerCertificate
(
Certificate
cert
)
throws
KeyManagementException
{
addCertificate
(
cert
);
}
void
clearCertificates
()
throws
KeyManagementException
{
Certificate
[]
certs
=
certificates
();
for
(
int
i
=
0
;
i
<
certs
.
length
;
i
++)
{
removeCertificate
(
certs
[
i
]);
}
}
public
String
toString
()
{
String
trustedString
=
"not trusted"
;
if
(
trusted
)
{
trustedString
=
"trusted"
;
}
return
super
.
toString
()
+
"["
+
trustedString
+
"]"
;
}
}
src/share/classes/sun/security/tools/JarSigner.java
浏览文件 @
dc2beb85
...
@@ -118,8 +118,6 @@ public class JarSigner {
...
@@ -118,8 +118,6 @@ public class JarSigner {
KeyStore
store
;
// the keystore specified by -keystore
KeyStore
store
;
// the keystore specified by -keystore
// or the default keystore, never null
// or the default keystore, never null
IdentityScope
scope
;
String
keystore
;
// key store file
String
keystore
;
// key store file
boolean
nullStream
=
false
;
// null keystore input stream (NONE)
boolean
nullStream
=
false
;
// null keystore input stream (NONE)
boolean
token
=
false
;
// token-based keystore
boolean
token
=
false
;
// token-based keystore
...
@@ -212,7 +210,6 @@ public class JarSigner {
...
@@ -212,7 +210,6 @@ public class JarSigner {
if
(
verify
)
{
if
(
verify
)
{
try
{
try
{
loadKeyStore
(
keystore
,
false
);
loadKeyStore
(
keystore
,
false
);
scope
=
IdentityScope
.
getSystemScope
();
}
catch
(
Exception
e
)
{
}
catch
(
Exception
e
)
{
if
((
keystore
!=
null
)
||
(
storepass
!=
null
))
{
if
((
keystore
!=
null
)
||
(
storepass
!=
null
))
{
System
.
out
.
println
(
rb
.
getString
(
"jarsigner error: "
)
+
System
.
out
.
println
(
rb
.
getString
(
"jarsigner error: "
)
+
...
@@ -984,13 +981,6 @@ public class JarSigner {
...
@@ -984,13 +981,6 @@ public class JarSigner {
result
|=
IN_KEYSTORE
;
result
|=
IN_KEYSTORE
;
}
}
}
}
if
(!
found
&&
(
scope
!=
null
))
{
Identity
id
=
scope
.
getIdentity
(
c
.
getPublicKey
());
if
(
id
!=
null
)
{
result
|=
IN_SCOPE
;
storeHash
.
put
(
c
,
"["
+
id
.
getName
()
+
"]"
);
}
}
if
(
ckaliases
.
contains
(
alias
))
{
if
(
ckaliases
.
contains
(
alias
))
{
result
|=
SIGNED_BY_ALIAS
;
result
|=
SIGNED_BY_ALIAS
;
}
}
...
...
src/share/classes/sun/security/tools/KeyTool.java
浏览文件 @
dc2beb85
...
@@ -40,7 +40,6 @@ import java.security.UnrecoverableEntryException;
...
@@ -40,7 +40,6 @@ import java.security.UnrecoverableEntryException;
import
java.security.UnrecoverableKeyException
;
import
java.security.UnrecoverableKeyException
;
import
java.security.Principal
;
import
java.security.Principal
;
import
java.security.Provider
;
import
java.security.Provider
;
import
java.security.Identity
;
import
java.security.cert.Certificate
;
import
java.security.cert.Certificate
;
import
java.security.cert.CertificateFactory
;
import
java.security.cert.CertificateFactory
;
import
java.security.cert.X509Certificate
;
import
java.security.cert.X509Certificate
;
...
@@ -57,9 +56,6 @@ import java.net.URLClassLoader;
...
@@ -57,9 +56,6 @@ import java.net.URLClassLoader;
import
sun.misc.BASE64Encoder
;
import
sun.misc.BASE64Encoder
;
import
sun.security.util.ObjectIdentifier
;
import
sun.security.util.ObjectIdentifier
;
import
sun.security.pkcs.PKCS10
;
import
sun.security.pkcs.PKCS10
;
import
sun.security.provider.IdentityDatabase
;
import
sun.security.provider.SystemSigner
;
import
sun.security.provider.SystemIdentity
;
import
sun.security.provider.X509Factory
;
import
sun.security.provider.X509Factory
;
import
sun.security.util.DerOutputStream
;
import
sun.security.util.DerOutputStream
;
import
sun.security.util.Password
;
import
sun.security.util.Password
;
...
@@ -1163,18 +1159,16 @@ public final class KeyTool {
...
@@ -1163,18 +1159,16 @@ public final class KeyTool {
Signature
signature
=
Signature
.
getInstance
(
sigAlgName
);
Signature
signature
=
Signature
.
getInstance
(
sigAlgName
);
signature
.
initSign
(
privateKey
);
signature
.
initSign
(
privateKey
);
X500Signer
signer
=
new
X500Signer
(
signature
,
issuer
);
X509CertInfo
info
=
new
X509CertInfo
();
X509CertInfo
info
=
new
X509CertInfo
();
info
.
set
(
X509CertInfo
.
VALIDITY
,
interval
);
info
.
set
(
X509CertInfo
.
VALIDITY
,
interval
);
info
.
set
(
X509CertInfo
.
SERIAL_NUMBER
,
new
CertificateSerialNumber
(
info
.
set
(
X509CertInfo
.
SERIAL_NUMBER
,
new
CertificateSerialNumber
(
new
java
.
util
.
Random
().
nextInt
()
&
0x7fffffff
));
new
java
.
util
.
Random
().
nextInt
()
&
0x7fffffff
));
info
.
set
(
X509CertInfo
.
VERSION
,
info
.
set
(
X509CertInfo
.
VERSION
,
new
CertificateVersion
(
CertificateVersion
.
V3
));
new
CertificateVersion
(
CertificateVersion
.
V3
));
info
.
set
(
X509CertInfo
.
ALGORITHM_ID
,
info
.
set
(
X509CertInfo
.
ALGORITHM_ID
,
new
CertificateAlgorithmId
(
signer
.
getAlgorithmId
()));
new
CertificateAlgorithmId
(
info
.
set
(
X509CertInfo
.
ISSUER
,
AlgorithmId
.
getAlgorithmId
(
sigAlgName
)));
new
CertificateIssuerName
(
signer
.
getSigner
()
));
info
.
set
(
X509CertInfo
.
ISSUER
,
new
CertificateIssuerName
(
issuer
));
BufferedReader
reader
=
new
BufferedReader
(
new
InputStreamReader
(
in
));
BufferedReader
reader
=
new
BufferedReader
(
new
InputStreamReader
(
in
));
boolean
canRead
=
false
;
boolean
canRead
=
false
;
...
@@ -1249,7 +1243,7 @@ public final class KeyTool {
...
@@ -1249,7 +1243,7 @@ public final class KeyTool {
request
.
getAttributes
().
setAttribute
(
X509CertInfo
.
EXTENSIONS
,
request
.
getAttributes
().
setAttribute
(
X509CertInfo
.
EXTENSIONS
,
new
PKCS10Attribute
(
PKCS9Attribute
.
EXTENSION_REQUEST_OID
,
ext
));
new
PKCS10Attribute
(
PKCS9Attribute
.
EXTENSION_REQUEST_OID
,
ext
));
// Construct a
n X500Signer
object, so that we can sign the request
// Construct a
Signature
object, so that we can sign the request
if
(
sigAlgName
==
null
)
{
if
(
sigAlgName
==
null
)
{
sigAlgName
=
getCompatibleSigAlgName
(
privKey
.
getAlgorithm
());
sigAlgName
=
getCompatibleSigAlgName
(
privKey
.
getAlgorithm
());
}
}
...
@@ -1259,10 +1253,9 @@ public final class KeyTool {
...
@@ -1259,10 +1253,9 @@ public final class KeyTool {
X500Name
subject
=
dname
==
null
?
X500Name
subject
=
dname
==
null
?
new
X500Name
(((
X509Certificate
)
cert
).
getSubjectDN
().
toString
()):
new
X500Name
(((
X509Certificate
)
cert
).
getSubjectDN
().
toString
()):
new
X500Name
(
dname
);
new
X500Name
(
dname
);
X500Signer
signer
=
new
X500Signer
(
signature
,
subject
);
// Sign the request and base-64 encode it
// Sign the request and base-64 encode it
request
.
encodeAndSign
(
s
igner
);
request
.
encodeAndSign
(
s
ubject
,
signature
);
request
.
print
(
out
);
request
.
print
(
out
);
}
}
...
@@ -1564,75 +1557,8 @@ public final class KeyTool {
...
@@ -1564,75 +1557,8 @@ public final class KeyTool {
private
void
doImportIdentityDatabase
(
InputStream
in
)
private
void
doImportIdentityDatabase
(
InputStream
in
)
throws
Exception
throws
Exception
{
{
byte
[]
encoded
;
System
.
err
.
println
(
rb
.
getString
ByteArrayInputStream
bais
;
(
"No entries from identity database added"
));
java
.
security
.
cert
.
X509Certificate
newCert
;
java
.
security
.
cert
.
Certificate
[]
chain
=
null
;
PrivateKey
privKey
;
boolean
modified
=
false
;
IdentityDatabase
idb
=
IdentityDatabase
.
fromStream
(
in
);
for
(
Enumeration
<
Identity
>
enum_
=
idb
.
identities
();
enum_
.
hasMoreElements
();)
{
Identity
id
=
enum_
.
nextElement
();
newCert
=
null
;
// only store trusted identities in keystore
if
((
id
instanceof
SystemSigner
&&
((
SystemSigner
)
id
).
isTrusted
())
||
(
id
instanceof
SystemIdentity
&&
((
SystemIdentity
)
id
).
isTrusted
()))
{
// ignore if keystore entry with same alias name already exists
if
(
keyStore
.
containsAlias
(
id
.
getName
()))
{
MessageFormat
form
=
new
MessageFormat
(
rb
.
getString
(
"Keystore entry for <id.getName()> already exists"
));
Object
[]
source
=
{
id
.
getName
()};
System
.
err
.
println
(
form
.
format
(
source
));
continue
;
}
java
.
security
.
Certificate
[]
certs
=
id
.
certificates
();
if
(
certs
!=
null
&&
certs
.
length
>
0
)
{
// we can only store one user cert per identity.
// convert old-style to new-style cert via the encoding
DerOutputStream
dos
=
new
DerOutputStream
();
certs
[
0
].
encode
(
dos
);
encoded
=
dos
.
toByteArray
();
bais
=
new
ByteArrayInputStream
(
encoded
);
newCert
=
(
X509Certificate
)
cf
.
generateCertificate
(
bais
);
bais
.
close
();
// if certificate is self-signed, make sure it verifies
if
(
isSelfSigned
(
newCert
))
{
PublicKey
pubKey
=
newCert
.
getPublicKey
();
try
{
newCert
.
verify
(
pubKey
);
}
catch
(
Exception
e
)
{
// ignore this cert
continue
;
}
}
if
(
id
instanceof
SystemSigner
)
{
MessageFormat
form
=
new
MessageFormat
(
rb
.
getString
(
"Creating keystore entry for <id.getName()> ..."
));
Object
[]
source
=
{
id
.
getName
()};
System
.
err
.
println
(
form
.
format
(
source
));
if
(
chain
==
null
)
{
chain
=
new
java
.
security
.
cert
.
Certificate
[
1
];
}
chain
[
0
]
=
newCert
;
privKey
=
((
SystemSigner
)
id
).
getPrivateKey
();
keyStore
.
setKeyEntry
(
id
.
getName
(),
privKey
,
storePass
,
chain
);
}
else
{
keyStore
.
setCertificateEntry
(
id
.
getName
(),
newCert
);
}
kssave
=
true
;
}
}
}
if
(!
kssave
)
{
System
.
err
.
println
(
rb
.
getString
(
"No entries from identity database added"
));
}
}
}
/**
/**
...
...
src/share/classes/sun/security/x509/CertAndKeyGen.java
浏览文件 @
dc2beb85
...
@@ -189,41 +189,6 @@ public final class CertAndKeyGen {
...
@@ -189,41 +189,6 @@ public final class CertAndKeyGen {
}
}
/**
* Returns a self-signed X.509v1 certificate for the public key.
* The certificate is immediately valid.
*
* <P>Such certificates normally are used to identify a "Certificate
* Authority" (CA). Accordingly, they will not always be accepted by
* other parties. However, such certificates are also useful when
* you are bootstrapping your security infrastructure, or deploying
* system prototypes.
*
* @deprecated Use the new <a href =
* "#getSelfCertificate(sun.security.x509.X500Name, long)">
*
* @param myname X.500 name of the subject (who is also the issuer)
* @param validity how long the certificate should be valid, in seconds
*/
@Deprecated
public
X509Cert
getSelfCert
(
X500Name
myname
,
long
validity
)
throws
InvalidKeyException
,
SignatureException
,
NoSuchAlgorithmException
{
X509Certificate
cert
;
try
{
cert
=
getSelfCertificate
(
myname
,
validity
);
return
new
X509Cert
(
cert
.
getEncoded
());
}
catch
(
CertificateException
e
)
{
throw
new
SignatureException
(
e
.
getMessage
());
}
catch
(
NoSuchProviderException
e
)
{
throw
new
NoSuchAlgorithmException
(
e
.
getMessage
());
}
catch
(
IOException
e
)
{
throw
new
SignatureException
(
e
.
getMessage
());
}
}
/**
/**
* Returns a self-signed X.509v3 certificate for the public key.
* Returns a self-signed X.509v3 certificate for the public key.
* The certificate is immediately valid. No extensions.
* The certificate is immediately valid. No extensions.
...
@@ -248,13 +213,10 @@ public final class CertAndKeyGen {
...
@@ -248,13 +213,10 @@ public final class CertAndKeyGen {
throws
CertificateException
,
InvalidKeyException
,
SignatureException
,
throws
CertificateException
,
InvalidKeyException
,
SignatureException
,
NoSuchAlgorithmException
,
NoSuchProviderException
NoSuchAlgorithmException
,
NoSuchProviderException
{
{
X500Signer
issuer
;
X509CertImpl
cert
;
X509CertImpl
cert
;
Date
lastDate
;
Date
lastDate
;
try
{
try
{
issuer
=
getSigner
(
myname
);
lastDate
=
new
Date
();
lastDate
=
new
Date
();
lastDate
.
setTime
(
firstDate
.
getTime
()
+
validity
*
1000
);
lastDate
.
setTime
(
firstDate
.
getTime
()
+
validity
*
1000
);
...
@@ -267,14 +229,13 @@ public final class CertAndKeyGen {
...
@@ -267,14 +229,13 @@ public final class CertAndKeyGen {
new
CertificateVersion
(
CertificateVersion
.
V3
));
new
CertificateVersion
(
CertificateVersion
.
V3
));
info
.
set
(
X509CertInfo
.
SERIAL_NUMBER
,
new
CertificateSerialNumber
(
info
.
set
(
X509CertInfo
.
SERIAL_NUMBER
,
new
CertificateSerialNumber
(
new
java
.
util
.
Random
().
nextInt
()
&
0x7fffffff
));
new
java
.
util
.
Random
().
nextInt
()
&
0x7fffffff
));
AlgorithmId
algID
=
issuer
.
getAlgorithmId
(
);
AlgorithmId
algID
=
AlgorithmId
.
getAlgorithmId
(
sigAlg
);
info
.
set
(
X509CertInfo
.
ALGORITHM_ID
,
info
.
set
(
X509CertInfo
.
ALGORITHM_ID
,
new
CertificateAlgorithmId
(
algID
));
new
CertificateAlgorithmId
(
algID
));
info
.
set
(
X509CertInfo
.
SUBJECT
,
new
CertificateSubjectName
(
myname
));
info
.
set
(
X509CertInfo
.
SUBJECT
,
new
CertificateSubjectName
(
myname
));
info
.
set
(
X509CertInfo
.
KEY
,
new
CertificateX509Key
(
publicKey
));
info
.
set
(
X509CertInfo
.
KEY
,
new
CertificateX509Key
(
publicKey
));
info
.
set
(
X509CertInfo
.
VALIDITY
,
interval
);
info
.
set
(
X509CertInfo
.
VALIDITY
,
interval
);
info
.
set
(
X509CertInfo
.
ISSUER
,
info
.
set
(
X509CertInfo
.
ISSUER
,
new
CertificateIssuerName
(
myname
));
new
CertificateIssuerName
(
issuer
.
getSigner
()));
cert
=
new
X509CertImpl
(
info
);
cert
=
new
X509CertImpl
(
info
);
cert
.
sign
(
privateKey
,
this
.
sigAlg
);
cert
.
sign
(
privateKey
,
this
.
sigAlg
);
...
@@ -315,7 +276,9 @@ public final class CertAndKeyGen {
...
@@ -315,7 +276,9 @@ public final class CertAndKeyGen {
PKCS10
req
=
new
PKCS10
(
publicKey
);
PKCS10
req
=
new
PKCS10
(
publicKey
);
try
{
try
{
req
.
encodeAndSign
(
getSigner
(
myname
));
Signature
signature
=
Signature
.
getInstance
(
sigAlg
);
signature
.
initSign
(
privateKey
);
req
.
encodeAndSign
(
myname
,
signature
);
}
catch
(
CertificateException
e
)
{
}
catch
(
CertificateException
e
)
{
throw
new
SignatureException
(
sigAlg
+
" CertificateException"
);
throw
new
SignatureException
(
sigAlg
+
" CertificateException"
);
...
@@ -330,18 +293,6 @@ public final class CertAndKeyGen {
...
@@ -330,18 +293,6 @@ public final class CertAndKeyGen {
return
req
;
return
req
;
}
}
private
X500Signer
getSigner
(
X500Name
me
)
throws
InvalidKeyException
,
NoSuchAlgorithmException
{
Signature
signature
=
Signature
.
getInstance
(
sigAlg
);
// XXX should have a way to pass prng to the signature
// algorithm ... appropriate for DSS/DSA, not RSA
signature
.
initSign
(
privateKey
);
return
new
X500Signer
(
signature
,
me
);
}
private
SecureRandom
prng
;
private
SecureRandom
prng
;
private
String
sigAlg
;
private
String
sigAlg
;
private
KeyPairGenerator
keyGen
;
private
KeyPairGenerator
keyGen
;
...
...
src/share/classes/sun/security/x509/X500Signer.java
已删除
100644 → 0
浏览文件 @
037fa367
/*
* Copyright 1996-2003 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package
sun.security.x509
;
import
java.security.Signature
;
import
java.security.SignatureException
;
import
java.security.Signer
;
import
java.security.NoSuchAlgorithmException
;
/**
* This class provides a binding between a Signature object and an
* authenticated X.500 name (from an X.509 certificate chain), which
* is needed in many public key signing applications.
*
* <P>The name of the signer is important, both because knowing it is the
* whole point of the signature, and because the associated X.509 certificate
* is always used to verify the signature.
*
* <P><em>The X.509 certificate chain is temporarily not associated with
* the signer, but this omission will be resolved.</em>
*
*
* @author David Brownell
* @author Amit Kapoor
* @author Hemma Prafullchandra
*/
public
final
class
X500Signer
extends
Signer
{
private
static
final
long
serialVersionUID
=
-
8609982645394364834L
;
/**
* Called for each chunk of the data being signed. That
* is, you can present the data in many chunks, so that
* it doesn't need to be in a single sequential buffer.
*
* @param buf buffer holding the next chunk of the data to be signed
* @param offset starting point of to-be-signed data
* @param len how many bytes of data are to be signed
* @exception SignatureException on errors.
*/
public
void
update
(
byte
buf
[],
int
offset
,
int
len
)
throws
SignatureException
{
sig
.
update
(
buf
,
offset
,
len
);
}
/**
* Produces the signature for the data processed by update().
*
* @exception SignatureException on errors.
*/
public
byte
[]
sign
()
throws
SignatureException
{
return
sig
.
sign
();
}
/**
* Returns the algorithm used to sign.
*/
public
AlgorithmId
getAlgorithmId
()
{
return
algid
;
}
/**
* Returns the name of the signing agent.
*/
public
X500Name
getSigner
()
{
return
agent
;
}
/*
* Constructs a binding between a signature and an X500 name
* from an X.509 certificate.
*/
// package private ----hmmmmm ?????
public
X500Signer
(
Signature
sig
,
X500Name
agent
)
{
if
(
sig
==
null
||
agent
==
null
)
throw
new
IllegalArgumentException
(
"null parameter"
);
this
.
sig
=
sig
;
this
.
agent
=
agent
;
try
{
this
.
algid
=
AlgorithmId
.
getAlgorithmId
(
sig
.
getAlgorithm
());
}
catch
(
NoSuchAlgorithmException
e
)
{
throw
new
RuntimeException
(
"internal error! "
+
e
.
getMessage
());
}
}
private
Signature
sig
;
private
X500Name
agent
;
// XXX should be X509CertChain
private
AlgorithmId
algid
;
}
src/share/classes/sun/security/x509/X509Cert.java
已删除
100644 → 0
浏览文件 @
037fa367
此差异已折叠。
点击以展开。
src/share/classes/sun/tools/jar/JarVerifierStream.java
已删除
100644 → 0
浏览文件 @
037fa367
/*
* Copyright 1996-2008 Sun Microsystems, Inc. All Rights Reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Sun designates this
* particular file as subject to the "Classpath" exception as provided
* by Sun in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
* CA 95054 USA or visit www.sun.com if you need additional information or
* have any questions.
*/
package
sun.tools.jar
;
import
java.io.*
;
import
java.util.*
;
import
java.util.zip.*
;
import
java.util.jar.*
;
import
java.security.cert.Certificate
;
import
java.security.AccessController
;
import
java.security.cert.X509Certificate
;
import
java.security.PublicKey
;
import
java.security.Principal
;
import
sun.security.provider.SystemIdentity
;
/**
* This is OBSOLETE. DO NOT USE THIS. Use
* java.util.jar.JarEntry.getCertificates instead. It has to stay here
* because some apps (namely HJ and HJV) call directly into it.
*
* This class is stripped down greatly from JDK 1.1.x.
*
* @author Roland Schemers
*/
public
class
JarVerifierStream
extends
ZipInputStream
{
private
JarEntry
current
;
private
Hashtable
<
String
,
Vector
<
SystemIdentity
>>
verified
=
new
Hashtable
<
String
,
Vector
<
SystemIdentity
>>();
private
JarInputStream
jis
;
private
sun
.
tools
.
jar
.
Manifest
man
=
null
;
/**
* construct a JarVerfierStream from an input stream.
*/
public
JarVerifierStream
(
InputStream
is
)
throws
IOException
{
super
(
is
);
jis
=
new
JarInputStream
(
is
);
}
public
void
close
()
throws
IOException
{
jis
.
close
();
}
public
void
closeEntry
()
throws
IOException
{
jis
.
closeEntry
();
}
/**
* This method scans to see which entry we're parsing and
* keeps various state information depending on what type of
* file is being parsed. Files it treats specially are: <ul>
*
* <li>Manifest files. At any point, this stream can be queried
* for a manifest. If it is present, a Manifest object will be
* returned.
*
* <li>Block Signature file. Like with the manifest, the stream
* can be queried at any time for all blocks parsed thus far.
*
* </ul>
*/
public
synchronized
ZipEntry
getNextEntry
()
throws
IOException
{
current
=
(
JarEntry
)
jis
.
getNextEntry
();
return
current
;
}
/**
* read a single byte.
*/
public
int
read
()
throws
IOException
{
int
n
=
jis
.
read
();
if
(
n
==
-
1
)
{
addIds
();
}
return
n
;
}
/**
* read an array of bytes.
*/
public
int
read
(
byte
[]
b
,
int
off
,
int
len
)
throws
IOException
{
int
n
=
jis
.
read
(
b
,
off
,
len
);
if
(
n
==
-
1
)
{
addIds
();
}
return
n
;
}
private
void
addIds
()
{
if
(
current
!=
null
)
{
Certificate
[]
certs
=
current
.
getCertificates
();
if
(
certs
!=
null
)
{
Vector
<
SystemIdentity
>
ids
=
getIds
(
certs
);
if
(
ids
!=
null
)
{
verified
.
put
(
current
.
getName
(),
ids
);
}
}
}
}
/**
* Returns a Hashtable mapping filenames to vectors of identities.
*/
public
Hashtable
getVerifiedSignatures
()
{
/* we may want to return a copy of this at some point.
For now we simply trust the caller */
if
(
verified
.
isEmpty
())
return
null
;
else
return
verified
;
}
/**
* Returns an enumeration of PKCS7 blocks. This looks bogus,
* but Hotjava just checks to see if enumeration is not null
* to see if anything was signed!
*/
public
Enumeration
getBlocks
()
{
if
(
verified
.
isEmpty
())
{
return
null
;
}
else
{
return
new
Enumeration
()
{
public
boolean
hasMoreElements
()
{
return
false
;
}
public
Object
nextElement
()
{
return
null
;
}
};
}
}
/**
* This method used to be called by various versions of
* AppletResourceLoader, even though they didn't do anything with
* the result. We leave them and return null for backwards compatability.
*/
public
Hashtable
getNameToHash
()
{
return
null
;
}
/**
* Convert java.util.jar.Manifest object to a sun.tools.jar.Manifest
* object.
*/
public
sun
.
tools
.
jar
.
Manifest
getManifest
()
{
if
(
man
==
null
)
{
try
{
java
.
util
.
jar
.
Manifest
jman
=
jis
.
getManifest
();
if
(
jman
==
null
)
return
null
;
ByteArrayOutputStream
baos
=
new
ByteArrayOutputStream
();
jman
.
write
(
baos
);
byte
[]
data
=
baos
.
toByteArray
();
man
=
new
sun
.
tools
.
jar
.
Manifest
(
data
);
}
catch
(
IOException
ioe
)
{
// return null
}
}
return
man
;
}
static
class
CertCache
{
Certificate
[]
certs
;
Vector
<
SystemIdentity
>
ids
;
boolean
equals
(
Certificate
[]
certs
)
{
if
(
this
.
certs
==
null
)
{
if
(
certs
!=
null
)
return
false
;
else
return
true
;
}
if
(
certs
==
null
)
return
false
;
boolean
match
;
for
(
int
i
=
0
;
i
<
certs
.
length
;
i
++)
{
match
=
false
;
for
(
int
j
=
0
;
j
<
this
.
certs
.
length
;
j
++)
{
if
(
certs
[
i
].
equals
(
this
.
certs
[
j
]))
{
match
=
true
;
break
;
}
}
if
(!
match
)
return
false
;
}
for
(
int
i
=
0
;
i
<
this
.
certs
.
length
;
i
++)
{
match
=
false
;
for
(
int
j
=
0
;
j
<
certs
.
length
;
j
++)
{
if
(
this
.
certs
[
i
].
equals
(
certs
[
j
]))
{
match
=
true
;
break
;
}
}
if
(!
match
)
return
false
;
}
return
true
;
}
}
private
ArrayList
<
CertCache
>
certCache
=
null
;
/**
* Returns the Identity vector for the given array of Certificates
*/
protected
Vector
<
SystemIdentity
>
getIds
(
Certificate
[]
certs
)
{
if
(
certs
==
null
)
return
null
;
if
(
certCache
==
null
)
certCache
=
new
ArrayList
<
CertCache
>();
CertCache
cc
;
for
(
int
i
=
0
;
i
<
certCache
.
size
();
i
++)
{
cc
=
certCache
.
get
(
i
);
if
(
cc
.
equals
(
certs
))
{
return
cc
.
ids
;
}
}
cc
=
new
CertCache
();
cc
.
certs
=
certs
;
if
(
certs
.
length
>
0
)
{
for
(
int
i
=
0
;
i
<
certs
.
length
;
i
++)
{
try
{
X509Certificate
cert
=
(
X509Certificate
)
certs
[
i
];
Principal
tmpName
=
cert
.
getSubjectDN
();
final
SystemIdentity
id
=
new
SystemIdentity
(
tmpName
.
getName
(),
null
);
byte
[]
encoded
=
cert
.
getEncoded
();
final
java
.
security
.
Certificate
oldC
=
new
sun
.
security
.
x509
.
X509Cert
(
encoded
);
try
{
AccessController
.
doPrivileged
(
new
java
.
security
.
PrivilegedExceptionAction
<
Void
>()
{
public
Void
run
()
throws
java
.
security
.
KeyManagementException
{
id
.
addCertificate
(
oldC
);
return
null
;
}
});
}
catch
(
java
.
security
.
PrivilegedActionException
pae
)
{
throw
(
java
.
security
.
KeyManagementException
)
pae
.
getException
();
}
if
(
cc
.
ids
==
null
)
cc
.
ids
=
new
Vector
<
SystemIdentity
>();
cc
.
ids
.
addElement
(
id
);
}
catch
(
java
.
security
.
KeyManagementException
kme
)
{
// ignore if we can't create Identity
}
catch
(
IOException
ioe
)
{
// ignore if we can't parse
}
catch
(
java
.
security
.
cert
.
CertificateEncodingException
cee
)
{
// ignore if we can't encode
}
}
}
certCache
.
add
(
cc
);
return
cc
.
ids
;
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录