Mercurial Mercurial > jdk-sandbox / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jdk/src/linux/doc/man/jarsigner.1
changeset 31876 91b22707521a
parent 21743 3d979da7bdf0 
--- a/jdk/src/linux/doc/man/jarsigner.1	Mon Jul 27 19:50:14 2015 +0200
+++ b/jdk/src/linux/doc/man/jarsigner.1	Mon Jul 27 16:49:10 2015 -0700
@@ -1,26 +1,25 @@
 '\" t
-.\"  Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
-.\"
-.\" DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
-.\"
-.\" This code is free software; you can redistribute it and/or modify it
-.\" under the terms of the GNU General Public License version 2 only, as
-.\" published by the Free Software Foundation.
-.\"
-.\" This code is distributed in the hope that it will be useful, but WITHOUT
-.\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-.\" FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-.\" version 2 for more details (a copy is included in the LICENSE file that
-.\" accompanied this code).
-.\"
-.\" You should have received a copy of the GNU General Public License version
-.\" 2 along with this work; if not, write to the Free Software Foundation,
-.\" Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
-.\"
-.\" Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
-.\" or visit www.oracle.com if you need additional information or have any
-.\" questions.
-.\"
+.\" Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
+.\" DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+.\"
+.\" This code is free software; you can redistribute it and/or modify it
+.\" under the terms of the GNU General Public License version 2 only, as
+.\" published by the Free Software Foundation.
+.\"
+.\" This code is distributed in the hope that it will be useful, but WITHOUT
+.\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+.\" FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+.\" version 2 for more details (a copy is included in the LICENSE file that
+.\" accompanied this code).
+.\"
+.\" You should have received a copy of the GNU General Public License version
+.\" 2 along with this work; if not, write to the Free Software Foundation,
+.\" Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+.\"
+.\" Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+.\" or visit www.oracle.com if you need additional information or have any
+.\" questions.
+.\"
 .\"     Arch: generic
 .\"     Software: JDK 8
 .\"     Date: 21 November 2013
@@ -29,25 +28,25 @@
 .\"
 .if n .pl 99999
 .TH jarsigner 1 "21 November 2013" "JDK 8" "Security Tools"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el       .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
 
 .SH NAME    
 jarsigner \- Signs and verifies Java Archive (JAR) files\&.
@@ -308,11 +307,7 @@
 .nf     
 \f3KEVIN\&.DSA\fP
 .fi     
-.nf     
-\f3\fR
-.fi     
 .sp     
-\fINote:\fR It is also possible for a JAR file to have mixed signatures, some generated by the JDK 1\&.1 by the \f3javakey\fR command and others by \f3jarsigner\fR\&. The \f3jarsigner\fR command can be used to sign JAR files that are already signed with the \f3javakey\fR command\&.
 .SH OPTIONS    
 The following sections describe the various \f3jarsigner\fR options\&. Be aware of the following standards:
 .TP 0.2i    
@@ -443,7 +438,7 @@
 .br
 If the \f3-certs\fR option appears on the command line with the \f3-verify\fR and \f3-verbose\fR options, then the output includes certificate information for each signer of the JAR file\&. This information includes the name of the type of certificate (stored in the \f3\&.DSA\fR file) that certifies the signer\&'s public key, and if the certificate is an X\&.509 certificate (an instance of the \f3java\&.security\&.cert\&.X509Certificate\fR), then the distinguished name of the signer\&.
 
-The keystore is also examined\&. If no keystore value is specified on the command line, then the default keystore file (if any) is checked\&. If the public key certificate for a signer matches an entry in the keystore, then the alias name for the keystore entry for that signer is displayed in parentheses\&. If the signer comes from a JDK 1\&.1 identity database instead of from a keystore, then the alias name displays in brackets instead of parentheses\&.
+The keystore is also examined\&. If no keystore value is specified on the command line, then the default keystore file (if any) is checked\&. If the public key certificate for a signer matches an entry in the keystore, then the alias name for the keystore entry for that signer is displayed in parentheses\&.
 .TP
 -certchain \fIfile\fR
 .br
@@ -797,178 +792,6 @@
 .fi     
 .sp     
 If the certificate for a signer is not an X\&.509 certificate, then there is no distinguished name information\&. In that case, just the certificate type and the alias are shown\&. For example, if the certificate is a PGP certificate, and the alias is \f3bob\fR, then you would get: \f3PGP, (bob)\fR\&.
-.SS VERIFICATION\ THAT\ INCLUDES\ IDENTITY\ DATABASE\ SIGNERS    
-If a JAR file was signed with the JDK 1\&.1 \f3javakey\fR tool, and the signer is an alias in an identity database, then the verification output includes an \f3i\fR\&. If the JAR file was signed by both an alias in an identity database and an alias in a keystore, then both \f3k\fR and \f3i\fR appear\&.
-.PP
-When the \f3-certs\fR option is used, any identity database aliases are shown in brackets rather than the parentheses used for keystore aliases, for example:
-.sp     
-.nf     
-\f3    jarsigner \-keystore /working/mystore \-verify \-verbose \-certs writeFile\&.jar\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.nf     
-\f3           198 Fri Sep 26 16:14:06 PDT 1997 META\-INF/MANIFEST\&.MF\fP
-.fi     
-.nf     
-\f3           199 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE\&.SF\fP
-.fi     
-.nf     
-\f3          1013 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE\&.DSA\fP
-.fi     
-.nf     
-\f3           199 Fri Sep 27 12:22:30 PDT 1997 META\-INF/DUKE\&.SF\fP
-.fi     
-.nf     
-\f3          1013 Fri Sep 27 12:22:30 PDT 1997 META\-INF/DUKE\&.DSA\fP
-.fi     
-.nf     
-\f3   smki   2752 Fri Sep 26 16:12:30 PDT 1997 writeFile\&.html\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.nf     
-\f3      X\&.509, CN=Jane Smith, OU=Java Software, O=Oracle, L=cup, S=ca, C=us (jane)\fP
-.fi     
-.nf     
-\f3      X\&.509, CN=Duke, OU=Java Software, O=Oracle, L=cup, S=ca, C=us [duke]\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.nf     
-\f3      s = signature was verified\fP
-.fi     
-.nf     
-\f3      m = entry is listed in manifest\fP
-.fi     
-.nf     
-\f3      k = at least one certificate was found in keystore\fP
-.fi     
-.nf     
-\f3      i = at least one certificate was found in identity scope\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.nf     
-\f3    jar verified\&.\fP
-.fi     
-.nf     
-\f3\fR
-.fi     
-.sp     
-\fINote:\fR The alias \f3duke\fR is in brackets to denote that it is an identity database alias, and not a keystore alias\&.
-.SH JDK\ 1\&.1\ COMPATIBILITY    
-The \f3keytool\fR and \f3jarsigner\fR tools replace the \f3javakey\fR tool in JDK 1\&.1\&. These new tools provide more features than \f3javakey\fR, including the ability to protect the keystore and private keys with passwords, and the ability to verify signatures in addition to generating them\&.
-.PP
-The new keystore architecture replaces the identity database that \f3javakey\fR created and managed\&. There is no backward compatibility between the keystore format and the database format used by \f3javakey\fR in JDK 1\&.1\&. However, be aware of the following:
-.TP 0.2i    
-\(bu
-It is possible to import the information from an identity database into a keystore through the \f3keytool -identitydb\fR command\&.
-.TP 0.2i    
-\(bu
-The \f3jarsigner\fR command can sign JAR files that were signed with the \f3javakey\fR command\&.
-.TP 0.2i    
-\(bu
-The \f3jarsigner\fR command can verify JAR files signed with \f3javakey\fR\&. The \f3jarsigner\fR command recognizes and can work with signer aliases that are from a JDK 1\&.1 identity database rather than a JDK keystore\&.
-.SS UNSIGNED\ JARS    
-Unsigned JARs have the default privileges that are granted to all code\&.
-.SS SIGNED\ JARS    
-Signed JARs have the privilege configurations based on their JDK 1\&.1\&.\fIn\fR identity and policy file status as described\&. Only trusted identities can be imported into the JDK keystore\&.
-.PP
-Default Privileges Granted to All Code
-
-Identity in 1\&.1 database: \fINo\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.PP
-
-.PP
-Identity in 1\&.1 database: \fINo\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.PP
-
-.PP
-Identity in 1\&.1 database: Yes/Untrusted
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.br     
-See 3 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-
-.PP
-Identity in 1\&.1 database: Yes/Untrusted
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fIYes\fR
-.br     
-See 1 and 3 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-Default Privileges and Policy File Privileges Granted
-
-Identity in 1\&.1 database: \fINo\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
-.br     
-Policy file grants privileges to identity/alias: \fIYes\fR
-.PP
-
-.PP
-Identity in 1\&.1 database: \fIYes/Trusted\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
-.br     
-Policy file grants privileges to identity/alias: \fIYes\fR
-.br     
-See 2 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-All Privileges Granted
-
-Identity in 1\&.1 database: \fIYes/Trusted\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.PP
-
-.PP
-Identity in 1\&.1 database: \fIYes/Trusted\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fIYes\fR
-.br     
-Policy file grants privileges to identity/alias: \fINo\fR
-.br     
-See 1 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-Identity in 1\&.1 database: \fIYes/Trusted\fR
-.br     
-Trusted identity imported into Java keystore from 1\&.1\&. database: \fINo\fR
-.br     
-Policy file grants privileges to identity/alias: \fIYes\fR
-.br     
-See 1 in Notes Regarding Privileges of Signed JARs\&.
-.PP
-Notes Regarding Privileges of Signed JARs
-.TP 0.4i    
-1\&.
-If an identity or alias is mentioned in the policy file, then it must be imported into the keystore for the policy file to have any effect on privileges granted\&.
-.TP 0.4i    
-2\&.
-The policy file/keystore combination has precedence over a trusted identity in the identity database\&.
-.TP 0.4i    
-3\&.
-Untrusted identities are ignored in the Java platform\&.
 .SH SEE\ ALSO    
 .TP 0.2i    
 \(bu
@@ -979,7 +802,7 @@
 .TP 0.2i    
 \(bu
 Trail: Security Features in Java SE at http://docs\&.oracle\&.com/javase/tutorial/security/index\&.html
-.RE
-.br
-'pl 8.5i
-'bp
+.RE
+.br
+'pl 8.5i
+'bp
jdk-sandbox