jdk-sandbox: comparison src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java

equal deleted inserted replaced

-:ffa68af7da87
+:25725c11c296
 */
 package sun.security.tools.jarsigner;
 import java.io.*;
+import java.net.UnknownHostException;
 import java.security.cert.CertPathValidatorException;
 import java.security.cert.PKIXBuilderParameters;
 import java.util.*;
 import java.util.zip.*;
 import java.util.jar.*;
 zipFile = new ZipFile(jarName);
 } catch (IOException ioe) {
 error(rb.getString("unable.to.open.jar.file.")+jarName, ioe);
 }
-FileOutputStream fos = null;
-try {
-fos = new FileOutputStream(signedJarFile);
-} catch (IOException ioe) {
-error(rb.getString("unable.to.create.")+tmpJarName, ioe);
-}
 CertPath cp = CertificateFactory.getInstance("X.509")
 .generateCertPath(Arrays.asList(certChain));
 JarSigner.Builder builder = new JarSigner.Builder(privateKey, cp);
 if (verbose != null) {
 builder.signerName(sigfile);
 builder.setProperty("sectionsOnly", Boolean.toString(!signManifest));
 builder.setProperty("internalSF", Boolean.toString(!externalSF));
+FileOutputStream fos = null;
+try {
+fos = new FileOutputStream(signedJarFile);
+} catch (IOException ioe) {
+error(rb.getString("unable.to.create.")+tmpJarName, ioe);
+}
+Throwable failedCause = null;
+String failedMessage = null;
 try {
 builder.build().sign(zipFile, fos);
 } catch (JarSignerException e) {
-Throwable cause = e.getCause();
+failedCause = e.getCause();
-if (cause != null && cause instanceof SocketTimeoutException) {
+if (failedCause instanceof SocketTimeoutException
+|| failedCause instanceof UnknownHostException) {
 // Provide a helpful message when TSA is beyond a firewall
-error(rb.getString("unable.to.sign.jar.") +
+failedMessage = rb.getString("unable.to.sign.jar.") +
 rb.getString("no.response.from.the.Timestamping.Authority.") +
 "\n  -J-Dhttp.proxyHost=<hostname>" +
 "\n  -J-Dhttp.proxyPort=<portnumber>\n" +
 rb.getString("or") +
 "\n  -J-Dhttps.proxyHost=<hostname> " +
-"\n  -J-Dhttps.proxyPort=<portnumber> ", e);
+"\n  -J-Dhttps.proxyPort=<portnumber> ";
 } else {
-error(rb.getString("unable.to.sign.jar.")+e.getCause(), e.getCause());
+// JarSignerException might have a null cause
-}
+if (failedCause == null) {
+failedCause = e;
+}
+failedMessage = rb.getString("unable.to.sign.jar.") + failedCause;
+}
+} catch (Exception e) {
+failedCause = e;
+failedMessage = rb.getString("unable.to.sign.jar.") + failedCause;
 } finally {
-// close the resouces
+// close the resources
 if (zipFile != null) {
 zipFile.close();
 zipFile = null;
 }
 if (fos != null) {
 fos.close();
 }
+}
+if (failedCause != null) {
+signedJarFile.delete();
+error(failedMessage, failedCause);
 }
 // The JarSigner API always accepts the timestamp received.
 // We need to extract the certs from the signed jar to
 // validate it.

changeset 48760	25725c11c296
parent 48543	7067fe4e054e
child 48893	454518b338b0