121 PrivateKey privateKey; // private key |
121 PrivateKey privateKey; // private key |
122 KeyStore store; // the keystore specified by -keystore |
122 KeyStore store; // the keystore specified by -keystore |
123 // or the default keystore, never null |
123 // or the default keystore, never null |
124 |
124 |
125 String keystore; // key store file |
125 String keystore; // key store file |
126 List<String> crlfiles = new ArrayList<String>(); // CRL files to add |
126 List<String> crlfiles = new ArrayList<>(); // CRL files to add |
127 boolean nullStream = false; // null keystore input stream (NONE) |
127 boolean nullStream = false; // null keystore input stream (NONE) |
128 boolean token = false; // token-based keystore |
128 boolean token = false; // token-based keystore |
129 String jarfile; // jar files to sign or verify |
129 String jarfile; // jar files to sign or verify |
130 String alias; // alias to sign jar with |
130 String alias; // alias to sign jar with |
131 List<String> ckaliases = new ArrayList<String>(); // aliases in -verify |
131 List<String> ckaliases = new ArrayList<>(); // aliases in -verify |
132 char[] storepass; // keystore password |
132 char[] storepass; // keystore password |
133 boolean protectedPath; // protected authentication path |
133 boolean protectedPath; // protected authentication path |
134 String storetype; // keystore type |
134 String storetype; // keystore type |
135 String providerName; // provider name |
135 String providerName; // provider name |
136 Vector<String> providers = null; // list of providers |
136 Vector<String> providers = null; // list of providers |
137 // arguments for provider constructors |
137 // arguments for provider constructors |
138 HashMap<String,String> providerArgs = new HashMap<String, String>(); |
138 HashMap<String,String> providerArgs = new HashMap<>(); |
139 char[] keypass; // private key password |
139 char[] keypass; // private key password |
140 String sigfile; // name of .SF file |
140 String sigfile; // name of .SF file |
141 String sigalg; // name of signature algorithm |
141 String sigalg; // name of signature algorithm |
142 String digestalg = "SHA-256"; // name of digest algorithm |
142 String digestalg = "SHA-256"; // name of digest algorithm |
143 String signedjar; // output filename |
143 String signedjar; // output filename |
234 getAliasInfo(alias); |
234 getAliasInfo(alias); |
235 crls = new HashSet<X509CRL>(); |
235 crls = new HashSet<X509CRL>(); |
236 if (crlfiles.size() > 0 || autoCRL) { |
236 if (crlfiles.size() > 0 || autoCRL) { |
237 CertificateFactory fac = |
237 CertificateFactory fac = |
238 CertificateFactory.getInstance("X509"); |
238 CertificateFactory.getInstance("X509"); |
239 List<CRL> list = new ArrayList<CRL>(); |
239 List<CRL> list = new ArrayList<>(); |
240 for (String file: crlfiles) { |
240 for (String file: crlfiles) { |
241 Collection<? extends CRL> tmp = KeyTool.loadCRLs(file); |
241 Collection<? extends CRL> tmp = KeyTool.loadCRLs(file); |
242 for (CRL crl: tmp) { |
242 for (CRL crl: tmp) { |
243 if (crl instanceof X509CRL) { |
243 if (crl instanceof X509CRL) { |
244 crls.add((X509CRL)crl); |
244 crls.add((X509CRL)crl); |
604 boolean anySigned = false; // if there exists entry inside jar signed |
604 boolean anySigned = false; // if there exists entry inside jar signed |
605 JarFile jf = null; |
605 JarFile jf = null; |
606 |
606 |
607 try { |
607 try { |
608 jf = new JarFile(jarName, true); |
608 jf = new JarFile(jarName, true); |
609 Vector<JarEntry> entriesVec = new Vector<JarEntry>(); |
609 Vector<JarEntry> entriesVec = new Vector<>(); |
610 byte[] buffer = new byte[8192]; |
610 byte[] buffer = new byte[8192]; |
611 |
611 |
612 Enumeration<JarEntry> entries = jf.entries(); |
612 Enumeration<JarEntry> entries = jf.entries(); |
613 while (entries.hasMoreElements()) { |
613 while (entries.hasMoreElements()) { |
614 JarEntry je = entries.nextElement(); |
614 JarEntry je = entries.nextElement(); |
631 Manifest man = jf.getManifest(); |
631 Manifest man = jf.getManifest(); |
632 |
632 |
633 // The map to record display info, only used when -verbose provided |
633 // The map to record display info, only used when -verbose provided |
634 // key: signer info string |
634 // key: signer info string |
635 // value: the list of files with common key |
635 // value: the list of files with common key |
636 Map<String,List<String>> output = |
636 Map<String,List<String>> output = new LinkedHashMap<>(); |
637 new LinkedHashMap<String,List<String>>(); |
|
638 |
637 |
639 if (man != null) { |
638 if (man != null) { |
640 if (verbose != null) System.out.println(); |
639 if (verbose != null) System.out.println(); |
641 Enumeration<JarEntry> e = entriesVec.elements(); |
640 Enumeration<JarEntry> e = entriesVec.elements(); |
642 |
641 |
998 |
997 |
999 return new StringBuilder().append(tab).append("[") |
998 return new StringBuilder().append(tab).append("[") |
1000 .append(signTimeForm.format(source)).append("]").toString(); |
999 .append(signTimeForm.format(source)).append("]").toString(); |
1001 } |
1000 } |
1002 |
1001 |
1003 private Map<CodeSigner,Integer> cacheForInKS = |
1002 private Map<CodeSigner,Integer> cacheForInKS = new IdentityHashMap<>(); |
1004 new IdentityHashMap<CodeSigner,Integer>(); |
|
1005 |
1003 |
1006 private int inKeyStoreForOneSigner(CodeSigner signer) { |
1004 private int inKeyStoreForOneSigner(CodeSigner signer) { |
1007 if (cacheForInKS.containsKey(signer)) { |
1005 if (cacheForInKS.containsKey(signer)) { |
1008 return cacheForInKS.get(signer); |
1006 return cacheForInKS.get(signer); |
1009 } |
1007 } |
1042 } |
1040 } |
1043 cacheForInKS.put(signer, result); |
1041 cacheForInKS.put(signer, result); |
1044 return result; |
1042 return result; |
1045 } |
1043 } |
1046 |
1044 |
1047 Hashtable<Certificate, String> storeHash = |
1045 Hashtable<Certificate, String> storeHash = new Hashtable<>(); |
1048 new Hashtable<Certificate, String>(); |
|
1049 |
1046 |
1050 int inKeyStore(CodeSigner[] signers) { |
1047 int inKeyStore(CodeSigner[] signers) { |
1051 |
1048 |
1052 if (signers == null) |
1049 if (signers == null) |
1053 return 0; |
1050 return 0; |
1173 * compare it with the one in the manifest; if they are |
1170 * compare it with the one in the manifest; if they are |
1174 * different, replace the hash in the manifest with the newly |
1171 * different, replace the hash in the manifest with the newly |
1175 * generated one. (This may invalidate existing signatures!) |
1172 * generated one. (This may invalidate existing signatures!) |
1176 */ |
1173 */ |
1177 BASE64Encoder encoder = new JarBASE64Encoder(); |
1174 BASE64Encoder encoder = new JarBASE64Encoder(); |
1178 Vector<ZipEntry> mfFiles = new Vector<ZipEntry>(); |
1175 Vector<ZipEntry> mfFiles = new Vector<>(); |
1179 |
1176 |
1180 boolean wasSigned = false; |
1177 boolean wasSigned = false; |
1181 |
1178 |
1182 for (Enumeration<? extends ZipEntry> enum_=zipFile.entries(); |
1179 for (Enumeration<? extends ZipEntry> enum_=zipFile.entries(); |
1183 enum_.hasMoreElements();) { |
1180 enum_.hasMoreElements();) { |