# HG changeset patch # User weijun # Date 1518061461 -28800 # Node ID 25725c11c2962b96f7229cfe75700e5bbfbdd2b1 # Parent ffa68af7da87e01cf5584e7a393a9194cf76a87e 8196823: jarsigner should not create a signed jar if the signing fails Reviewed-by: mullan, alanb diff -r ffa68af7da87 -r 25725c11c296 src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java --- a/src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java Wed Feb 07 11:28:23 2018 -0800 +++ b/src/jdk.jartool/share/classes/jdk/security/jarsigner/JarSigner.java Thu Feb 08 11:44:21 2018 +0800 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015, 2017, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2015, 2018, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -547,6 +547,11 @@ /** * Signs a file into an {@link OutputStream}. This method will not close * {@code file} or {@code os}. + *
+ * If an I/O error or signing error occurs during the signing, then it may
+ * do so after some bytes have been written. Consequently, the output
+ * stream may be in an inconsistent state. It is strongly recommended that
+ * it be promptly closed in this case.
*
* @param file the file to sign.
* @param os the output stream.
diff -r ffa68af7da87 -r 25725c11c296 src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
--- a/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java Wed Feb 07 11:28:23 2018 -0800
+++ b/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java Thu Feb 08 11:44:21 2018 +0800
@@ -26,6 +26,7 @@
package sun.security.tools.jarsigner;
import java.io.*;
+import java.net.UnknownHostException;
import java.security.cert.CertPathValidatorException;
import java.security.cert.PKIXBuilderParameters;
import java.util.*;
@@ -1400,13 +1401,6 @@
error(rb.getString("unable.to.open.jar.file.")+jarName, ioe);
}
- FileOutputStream fos = null;
- try {
- fos = new FileOutputStream(signedJarFile);
- } catch (IOException ioe) {
- error(rb.getString("unable.to.create.")+tmpJarName, ioe);
- }
-
CertPath cp = CertificateFactory.getInstance("X.509")
.generateCertPath(Arrays.asList(certChain));
JarSigner.Builder builder = new JarSigner.Builder(privateKey, cp);
@@ -1473,24 +1467,42 @@
builder.setProperty("sectionsOnly", Boolean.toString(!signManifest));
builder.setProperty("internalSF", Boolean.toString(!externalSF));
+ FileOutputStream fos = null;
+ try {
+ fos = new FileOutputStream(signedJarFile);
+ } catch (IOException ioe) {
+ error(rb.getString("unable.to.create.")+tmpJarName, ioe);
+ }
+
+ Throwable failedCause = null;
+ String failedMessage = null;
+
try {
builder.build().sign(zipFile, fos);
} catch (JarSignerException e) {
- Throwable cause = e.getCause();
- if (cause != null && cause instanceof SocketTimeoutException) {
+ failedCause = e.getCause();
+ if (failedCause instanceof SocketTimeoutException
+ || failedCause instanceof UnknownHostException) {
// Provide a helpful message when TSA is beyond a firewall
- error(rb.getString("unable.to.sign.jar.") +
+ failedMessage = rb.getString("unable.to.sign.jar.") +
rb.getString("no.response.from.the.Timestamping.Authority.") +
"\n -J-Dhttp.proxyHost=