1398 zipFile = new ZipFile(jarName); |
1399 zipFile = new ZipFile(jarName); |
1399 } catch (IOException ioe) { |
1400 } catch (IOException ioe) { |
1400 error(rb.getString("unable.to.open.jar.file.")+jarName, ioe); |
1401 error(rb.getString("unable.to.open.jar.file.")+jarName, ioe); |
1401 } |
1402 } |
1402 |
1403 |
1403 FileOutputStream fos = null; |
|
1404 try { |
|
1405 fos = new FileOutputStream(signedJarFile); |
|
1406 } catch (IOException ioe) { |
|
1407 error(rb.getString("unable.to.create.")+tmpJarName, ioe); |
|
1408 } |
|
1409 |
|
1410 CertPath cp = CertificateFactory.getInstance("X.509") |
1404 CertPath cp = CertificateFactory.getInstance("X.509") |
1411 .generateCertPath(Arrays.asList(certChain)); |
1405 .generateCertPath(Arrays.asList(certChain)); |
1412 JarSigner.Builder builder = new JarSigner.Builder(privateKey, cp); |
1406 JarSigner.Builder builder = new JarSigner.Builder(privateKey, cp); |
1413 |
1407 |
1414 if (verbose != null) { |
1408 if (verbose != null) { |
1471 builder.signerName(sigfile); |
1465 builder.signerName(sigfile); |
1472 |
1466 |
1473 builder.setProperty("sectionsOnly", Boolean.toString(!signManifest)); |
1467 builder.setProperty("sectionsOnly", Boolean.toString(!signManifest)); |
1474 builder.setProperty("internalSF", Boolean.toString(!externalSF)); |
1468 builder.setProperty("internalSF", Boolean.toString(!externalSF)); |
1475 |
1469 |
|
1470 FileOutputStream fos = null; |
|
1471 try { |
|
1472 fos = new FileOutputStream(signedJarFile); |
|
1473 } catch (IOException ioe) { |
|
1474 error(rb.getString("unable.to.create.")+tmpJarName, ioe); |
|
1475 } |
|
1476 |
|
1477 Throwable failedCause = null; |
|
1478 String failedMessage = null; |
|
1479 |
1476 try { |
1480 try { |
1477 builder.build().sign(zipFile, fos); |
1481 builder.build().sign(zipFile, fos); |
1478 } catch (JarSignerException e) { |
1482 } catch (JarSignerException e) { |
1479 Throwable cause = e.getCause(); |
1483 failedCause = e.getCause(); |
1480 if (cause != null && cause instanceof SocketTimeoutException) { |
1484 if (failedCause instanceof SocketTimeoutException |
|
1485 || failedCause instanceof UnknownHostException) { |
1481 // Provide a helpful message when TSA is beyond a firewall |
1486 // Provide a helpful message when TSA is beyond a firewall |
1482 error(rb.getString("unable.to.sign.jar.") + |
1487 failedMessage = rb.getString("unable.to.sign.jar.") + |
1483 rb.getString("no.response.from.the.Timestamping.Authority.") + |
1488 rb.getString("no.response.from.the.Timestamping.Authority.") + |
1484 "\n -J-Dhttp.proxyHost=<hostname>" + |
1489 "\n -J-Dhttp.proxyHost=<hostname>" + |
1485 "\n -J-Dhttp.proxyPort=<portnumber>\n" + |
1490 "\n -J-Dhttp.proxyPort=<portnumber>\n" + |
1486 rb.getString("or") + |
1491 rb.getString("or") + |
1487 "\n -J-Dhttps.proxyHost=<hostname> " + |
1492 "\n -J-Dhttps.proxyHost=<hostname> " + |
1488 "\n -J-Dhttps.proxyPort=<portnumber> ", e); |
1493 "\n -J-Dhttps.proxyPort=<portnumber> "; |
1489 } else { |
1494 } else { |
1490 error(rb.getString("unable.to.sign.jar.")+e.getCause(), e.getCause()); |
1495 // JarSignerException might have a null cause |
1491 } |
1496 if (failedCause == null) { |
|
1497 failedCause = e; |
|
1498 } |
|
1499 failedMessage = rb.getString("unable.to.sign.jar.") + failedCause; |
|
1500 } |
|
1501 } catch (Exception e) { |
|
1502 failedCause = e; |
|
1503 failedMessage = rb.getString("unable.to.sign.jar.") + failedCause; |
1492 } finally { |
1504 } finally { |
1493 // close the resouces |
1505 // close the resources |
1494 if (zipFile != null) { |
1506 if (zipFile != null) { |
1495 zipFile.close(); |
1507 zipFile.close(); |
1496 zipFile = null; |
1508 zipFile = null; |
1497 } |
1509 } |
1498 |
1510 |
1499 if (fos != null) { |
1511 if (fos != null) { |
1500 fos.close(); |
1512 fos.close(); |
1501 } |
1513 } |
|
1514 |
|
1515 } |
|
1516 |
|
1517 if (failedCause != null) { |
|
1518 signedJarFile.delete(); |
|
1519 error(failedMessage, failedCause); |
1502 } |
1520 } |
1503 |
1521 |
1504 // The JarSigner API always accepts the timestamp received. |
1522 // The JarSigner API always accepts the timestamp received. |
1505 // We need to extract the certs from the signed jar to |
1523 // We need to extract the certs from the signed jar to |
1506 // validate it. |
1524 // validate it. |