--- a/jdk/src/share/classes/sun/security/tools/JarSigner.java Wed Oct 28 15:32:30 2009 +0800
+++ b/jdk/src/share/classes/sun/security/tools/JarSigner.java Wed Oct 28 15:32:49 2009 +0800
@@ -1483,6 +1483,7 @@
Timestamp timestamp = signer.getTimestamp();
if (timestamp != null) {
s.append(printTimestamp(tab, timestamp));
+ s.append('\n');
}
// display the certificate(s)
for (Certificate c : certs) {
--- a/jdk/src/share/classes/sun/security/tools/KeyTool.java Wed Oct 28 15:32:30 2009 +0800
+++ b/jdk/src/share/classes/sun/security/tools/KeyTool.java Wed Oct 28 15:32:49 2009 +0800
@@ -26,6 +26,7 @@
package sun.security.tools;
import java.io.*;
+import java.security.CodeSigner;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
@@ -34,6 +35,7 @@
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
+import java.security.Timestamp;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.Principal;
@@ -46,6 +48,8 @@
import java.text.Collator;
import java.text.MessageFormat;
import java.util.*;
+import java.util.jar.JarEntry;
+import java.util.jar.JarFile;
import java.lang.reflect.Constructor;
import java.net.URL;
import java.net.URLClassLoader;
@@ -130,6 +134,7 @@
private File ksfile = null;
private InputStream ksStream = null; // keystore stream
private String sslserver = null;
+ private String jarfile = null;
private KeyStore keyStore = null;
private boolean token = false;
private boolean nullStream = false;
@@ -206,7 +211,7 @@
"-providername", "-providerclass", "-providerarg",
"-providerpath", "-v", "-protected"),
PRINTCERT("Prints the content of a certificate",
- "-rfc", "-file", "-sslserver", "-v"),
+ "-rfc", "-file", "-sslserver", "-jarfile", "-v"),
PRINTCERTREQ("Prints the content of a certificate request",
"-file", "-v"),
SELFCERT("Generates a self-signed certificate",
@@ -266,6 +271,7 @@
{"-srcstorepass", "<arg>", "source keystore password"},
{"-srcstoretype", "<srcstoretype>", "source keystore type"},
{"-sslserver", "<server[:port]>", "SSL server host and port"},
+ {"-jarfile", "<filename>", "signed jar file"},
{"-startdate", "<startdate>", "certificate validity start date/time"},
{"-storepass", "<arg>", "keystore password"},
{"-storetype", "<storetype>", "keystore type"},
@@ -453,6 +459,8 @@
outfilename = args[++i];
} else if (collator.compare(flags, "-sslserver") == 0) {
sslserver = args[++i];
+ } else if (collator.compare(flags, "-jarfile") == 0) {
+ jarfile = args[++i];
} else if (collator.compare(flags, "-srckeystore") == 0) {
srcksfname = args[++i];
} else if ((collator.compare(flags, "-provider") == 0) ||
@@ -2065,7 +2073,71 @@
}
private void doPrintCert(final PrintStream out) throws Exception {
- if (sslserver != null) {
+ if (jarfile != null) {
+ JarFile jf = new JarFile(jarfile, true);
+ Enumeration<JarEntry> entries = jf.entries();
+ Set<CodeSigner> ss = new HashSet<CodeSigner>();
+ byte[] buffer = new byte[8192];
+ int pos = 0;
+ while (entries.hasMoreElements()) {
+ JarEntry je = entries.nextElement();
+ InputStream is = null;
+ try {
+ is = jf.getInputStream(je);
+ while (is.read(buffer) != -1) {
+ // we just read. this will throw a SecurityException
+ // if a signature/digest check fails. This also
+ // populate the signers
+ }
+ } finally {
+ if (is != null) {
+ is.close();
+ }
+ }
+ CodeSigner[] signers = je.getCodeSigners();
+ if (signers != null) {
+ for (CodeSigner signer: signers) {
+ if (!ss.contains(signer)) {
+ ss.add(signer);
+ out.printf(rb.getString("Signer #%d:"), ++pos);
+ out.println();
+ out.println();
+ out.println(rb.getString("Signature:"));
+ out.println();
+ for (Certificate cert: signer.getSignerCertPath().getCertificates()) {
+ X509Certificate x = (X509Certificate)cert;
+ if (rfc) {
+ out.println(rb.getString("Certificate owner: ") + x.getSubjectDN() + "\n");
+ dumpCert(x, out);
+ } else {
+ printX509Cert(x, out);
+ }
+ out.println();
+ }
+ Timestamp ts = signer.getTimestamp();
+ if (ts != null) {
+ out.println(rb.getString("Timestamp:"));
+ out.println();
+ for (Certificate cert: ts.getSignerCertPath().getCertificates()) {
+ X509Certificate x = (X509Certificate)cert;
+ if (rfc) {
+ out.println(rb.getString("Certificate owner: ") + x.getSubjectDN() + "\n");
+ dumpCert(x, out);
+ } else {
+ printX509Cert(x, out);
+ }
+ out.println();
+ }
+ }
+ }
+ }
+ }
+ }
+ jf.close();
+ if (ss.size() == 0) {
+ out.println(rb.getString("Not a signed jar file"));
+ }
+ } else if (sslserver != null) {
SSLContext sc = SSLContext.getInstance("SSL");
final boolean[] certPrinted = new boolean[1];
sc.init(null, new TrustManager[] {
--- a/jdk/src/share/classes/sun/security/util/Resources.java Wed Oct 28 15:32:30 2009 +0800
+++ b/jdk/src/share/classes/sun/security/util/Resources.java Wed Oct 28 15:32:49 2009 +0800
@@ -162,6 +162,8 @@
"source keystore type"}, //-srcstoretype
{"SSL server host and port",
"SSL server host and port"}, //-sslserver
+ {"signed jar file",
+ "signed jar file"}, //=jarfile
{"certificate validity start date/time",
"certificate validity start date/time"}, //-startdate
{"keystore password",
@@ -370,6 +372,13 @@
{"***************** WARNING WARNING WARNING *****************",
"***************** WARNING WARNING WARNING *****************"},
+ {"Signer #%d:", "Signer #%d:"},
+ {"Timestamp:", "Timestamp:"},
+ {"Signature:", "Signature:"},
+ {"Certificate owner: ", "Certificate owner: "},
+ {"Not a signed jar file", "Not a signed jar file"},
+ {"No certificate from the SSL server",
+ "No certificate from the SSL server"},
// Translators of the following 5 pairs, ATTENTION:
// the next 5 string pairs are meant to be combined into 2 paragraphs,
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/tools/keytool/readjar.sh Wed Oct 28 15:32:49 2009 +0800
@@ -0,0 +1,56 @@
+#
+# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+# CA 95054 USA or visit www.sun.com if you need additional information or
+# have any questions.
+#
+
+# @test
+# @bug 6890872
+# @summary keytool -printcert to recognize signed jar files
+#
+
+if [ "${TESTJAVA}" = "" ] ; then
+ JAVAC_CMD=`which javac`
+ TESTJAVA=`dirname $JAVAC_CMD`/..
+fi
+
+# set platform-dependent variables
+OS=`uname -s`
+case "$OS" in
+ Windows_* )
+ FS="\\"
+ ;;
+ * )
+ FS="/"
+ ;;
+esac
+
+KS=readjar.jks
+rm $KS
+$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit -keystore $KS \
+ -alias x -dname CN=X -genkeypair
+$TESTJAVA${FS}bin${FS}jar cvf readjar.jar $KS
+$TESTJAVA${FS}bin${FS}jarsigner -storepass changeit -keystore $KS readjar.jar x
+
+$TESTJAVA${FS}bin${FS}keytool -printcert -jarfile readjar.jar || exit 1
+$TESTJAVA${FS}bin${FS}keytool -printcert -jarfile readjar.jar -rfc || exit 1
+
+exit 0
+