jdk/src/bsd/doc/man/jarsigner.1
author mduigou
Tue, 05 Nov 2013 19:44:41 -0800
changeset 21615 0231a565a5b7
parent 12047 320a714614e9
child 21743 3d979da7bdf0
permissions -rw-r--r--
8021309: replace test/Makefile jdk_* targets with jtreg groups 8015068: Use jtreg -exclude for handling problemList.txt exclusions Reviewed-by: jjg, smarks, chegar, alanb, dholmes
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
12047
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
     1
." Copyright (c) 1998, 2011, Oracle and/or its affiliates. All rights reserved.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
     2
." DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
     3
."
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
     4
." This code is free software; you can redistribute it and/or modify it
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
     5
." under the terms of the GNU General Public License version 2 only, as
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
     6
." published by the Free Software Foundation.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
     7
."
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
     8
." This code is distributed in the hope that it will be useful, but WITHOUT
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
     9
." ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    10
." FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    11
." version 2 for more details (a copy is included in the LICENSE file that
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    12
." accompanied this code).
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    13
."
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    14
." You should have received a copy of the GNU General Public License version
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    15
." 2 along with this work; if not, write to the Free Software Foundation,
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    16
." Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    17
."
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    18
." Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    19
." or visit www.oracle.com if you need additional information or have any
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    20
." questions.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    21
."
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    22
.TH jarsigner 1 "10 May 2011"
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    23
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    24
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    25
.SH "Name"
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    26
jarsigner \- JAR Signing and Verification Tool
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    27
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    28
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    29
Generates signatures for Java ARchive (JAR) files, and verifies the signatures of signed JAR files.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    30
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    31
.SH "SYNOPSIS"
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    32
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    33
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    34
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    35
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    36
\fP\f3jarsigner\fP [ options ] jar\-file alias
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    37
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    38
\f3jarsigner\fP \-verify [ options ] jar\-file [alias...]
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    39
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    40
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    41
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    42
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    43
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    44
The jarsigner \-verify command can take zero or more keystore alias names after the jar filename. When specified, jarsigner will check that the certificate used to verify each signed entry in the jar file matches one of the keystore aliases. The aliases are defined in the keystore specified by \-keystore, or the default keystore.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    45
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    46
.SH "DESCRIPTION"
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    47
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    48
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    49
The \f3jarsigner\fP tool is used for two purposes:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    50
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    51
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    52
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    53
1.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    54
to sign Java ARchive (JAR) files, and
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    55
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    56
2.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    57
to verify the signatures and integrity of signed JAR files.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    58
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    59
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    60
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    61
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    62
The JAR feature enables the packaging of class files, images, sounds, and other digital data in a single file for faster and easier distribution. A tool named jar(1) enables developers to produce JAR files. (Technically, any zip file can also be considered a JAR file, although when created by \f3jar\fP or processed by \f3jarsigner\fP, JAR files also contain a META\-INF/MANIFEST.MF file.)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    63
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    64
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    65
A \f2digital signature\fP is a string of bits that is computed from some data (the data being "signed") and the private key of an entity (a person, company, etc.). Like a handwritten signature, a digital signature has many useful characteristics:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    66
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    67
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    68
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    69
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    70
Its authenticity can be verified, via a computation that uses the public key corresponding to the private key used to generate the signature.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    71
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    72
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    73
It cannot be forged, assuming the private key is kept secret.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    74
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    75
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    76
It is a function of the data signed and thus can't be claimed to be the signature for other data as well.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    77
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    78
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    79
The signed data cannot be changed; if it is, the signature will no longer verify as being authentic.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    80
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    81
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    82
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    83
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    84
In order for an entity's signature to be generated for a file, the entity must first have a public/private key pair associated with it, and also one or more certificates authenticating its public key. A \f2certificate\fP is a digitally signed statement from one entity, saying that the public key of some other entity has a particular value.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    85
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    86
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    87
\f3jarsigner\fP uses key and certificate information from a \f2keystore\fP to generate digital signatures for JAR files. A keystore is a database of private keys and their associated X.509 certificate chains authenticating the corresponding public keys. The keytool(1) utility is used to create and administer keystores.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    88
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    89
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    90
\f3jarsigner\fP uses an entity's private key to generate a signature. The signed JAR file contains, among other things, a copy of the certificate from the keystore for the public key corresponding to the private key used to sign the file. \f3jarsigner\fP can verify the digital signature of the signed JAR file using the certificate inside it (in its signature block file).
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    91
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    92
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    93
\f3jarsigner\fP can generate signatures that include a timestamp, thus enabling systems/deployer (including Java Plug\-in) to check whether the JAR file was signed while the signing certificate was still valid. In addition, APIs will allow applications to obtain the timestamp information.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    94
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    95
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    96
At this time, \f3jarsigner\fP can only sign JAR files created by the SDK jar(1) tool or zip files. (JAR files are the same as zip files, except they also have a META\-INF/MANIFEST.MF file. Such a file will automatically be created when \f3jarsigner\fP signs a zip file.)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    97
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    98
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
    99
The default \f3jarsigner\fP behavior is to \f2sign\fP a JAR (or zip) file. Use the \f2\-verify\fP option to instead have it \f2verify\fP a signed JAR file.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   100
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   101
.SS
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   102
Keystore Aliases
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   103
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   104
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   105
All keystore entities are accessed via unique \f2aliases\fP.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   106
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   107
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   108
When using \f3jarsigner\fP to sign a JAR file, you must specify the alias for the keystore entry containing the private key needed to generate the signature. For example, the following will sign the JAR file named "MyJARFile.jar", using the private key associated with the alias "duke" in the keystore named "mystore" in the "working" directory. Since no output file is specified, it overwrites MyJARFile.jar with the signed JAR file.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   109
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   110
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   111
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   112
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   113
    jarsigner \-keystore /working/mystore \-storepass \fP\f4<keystore password>\fP\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   114
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   115
      \-keypass \fP\f4<private key password>\fP\f3 MyJARFile.jar duke
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   116
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   117
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   118
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   119
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   120
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   121
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   122
Keystores are protected with a password, so the store password must be specified. You will be prompted for it if you don't specify it on the command line. Similarly, private keys are protected in a keystore with a password, so the private key's password must be specified, and you will be prompted for it if you don't specify it on the command line and it isn't the same as the store password.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   123
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   124
.SS
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   125
Keystore Location
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   126
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   127
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   128
\f3jarsigner\fP has a \f2\-keystore\fP option for specifying the URL of the keystore to be used. The keystore is by default stored in a file named \f2.keystore\fP in the user's home directory, as determined by the \f2user.home\fP system property. On Solaris systems \f2user.home\fP defaults to the user's home directory.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   129
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   130
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   131
Note that the input stream from the \f2\-keystore\fP option is passed to the \f2KeyStore.load\fP method. If \f2NONE\fP is specified as the URL, then a null stream is passed to the \f2KeyStore.load\fP method. \f2NONE\fP should be specified if the \f2KeyStore\fP is not file\-based, for example, if it resides on a hardware token device.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   132
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   133
.SS
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   134
Keystore Implementation
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   135
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   136
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   137
The \f2KeyStore\fP class provided in the \f2java.security\fP package supplies well\-defined interfaces to access and modify the information in a keystore. It is possible for there to be multiple different concrete implementations, where each implementation is that for a particular \f2type\fP of keystore.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   138
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   139
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   140
Currently, there are two command\-line tools that make use of keystore implementations (\f3keytool\fP and \f3jarsigner\fP), and also a GUI\-based tool named \f3Policy Tool\fP. Since \f2KeyStore\fP is publicly available, Java 2 SDK users can write additional security applications that use it.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   141
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   142
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   143
There is a built\-in default implementation, provided by Sun Microsystems. It implements the keystore as a file, utilizing a proprietary keystore type (format) named "JKS". It protects each private key with its individual password, and also protects the integrity of the entire keystore with a (possibly different) password.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   144
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   145
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   146
Keystore implementations are provider\-based. More specifically, the application interfaces supplied by \f2KeyStore\fP are implemented in terms of a "Service Provider Interface" (SPI). That is, there is a corresponding abstract \f2KeystoreSpi\fP class, also in the \f2java.security\fP package, which defines the Service Provider Interface methods that "providers" must implement. (The term "provider" refers to a package or a set of packages that supply a concrete implementation of a subset of services that can be accessed by the Java Security API.) Thus, to provide a keystore implementation, clients must implement a provider and supply a KeystoreSpi subclass implementation, as described in
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   147
.na
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   148
\f2How to Implement a Provider for the Java Cryptography Architecture\fP @
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   149
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   150
http://download.oracle.com/javase/7/docs/technotes/guides/security/crypto/HowToImplAProvider.html.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   151
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   152
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   153
Applications can choose different \f2types\fP of keystore implementations from different providers, using the "getInstance" factory method supplied in the \f2KeyStore\fP class. A keystore type defines the storage and data format of the keystore information, and the algorithms used to protect private keys in the keystore and the integrity of the keystore itself. Keystore implementations of different types are not compatible.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   154
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   155
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   156
\f3keytool\fP works on any file\-based keystore implementation. (It treats the keystore location that is passed to it at the command line as a filename and converts it to a FileInputStream, from which it loads the keystore information.) The \f3jarsigner\fP and \f3policytool\fP tools, on the other hand, can read a keystore from any location that can be specified using a URL.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   157
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   158
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   159
For \f3jarsigner\fP and \f3keytool\fP, you can specify a keystore type at the command line, via the \f2\-storetype\fP option. For \f3Policy Tool\fP, you can specify a keystore type via the "Change Keystore" command in the Edit menu.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   160
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   161
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   162
If you don't explicitly specify a keystore type, the tools choose a keystore implementation based simply on the value of the \f2keystore.type\fP property specified in the security properties file. The security properties file is called \f2java.security\fP, and it resides in the SDK security properties directory, \f2java.home\fP/lib/security, where \f2java.home\fP is the runtime environment's directory (the \f2jre\fP directory in the SDK or the top\-level directory of the Java 2 Runtime Environment).
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   163
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   164
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   165
Each tool gets the \f2keystore.type\fP value and then examines all the currently\-installed providers until it finds one that implements keystores of that type. It then uses the keystore implementation from that provider.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   166
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   167
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   168
The \f2KeyStore\fP class defines a static method named \f2getDefaultType\fP that lets applications and applets retrieve the value of the \f2keystore.type\fP property. The following line of code creates an instance of the default keystore type (as specified in the \f2keystore.type\fP property):
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   169
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   170
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   171
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   172
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   173
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   174
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   175
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   176
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   177
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   178
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   179
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   180
The default keystore type is "jks" (the proprietary type of the keystore implementation provided by Sun). This is specified by the following line in the security properties file:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   181
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   182
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   183
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   184
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   185
    keystore.type=jks
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   186
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   187
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   188
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   189
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   190
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   191
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   192
Note: Case doesn't matter in keystore type designations. For example, "JKS" would be considered the same as "jks".
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   193
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   194
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   195
To have the tools utilize a keystore implementation other than the default, change that line to specify a different keystore type. For example, if you have a provider package that supplies a keystore implementation for a keystore type called "pkcs12", change the line to
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   196
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   197
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   198
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   199
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   200
    keystore.type=pkcs12
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   201
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   202
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   203
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   204
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   205
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   206
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   207
Note that if you us the PKCS#11 provider package, you should refer to the
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   208
.na
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   209
\f2KeyTool and JarSigner\fP @
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   210
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   211
http://download.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html#KeyToolJarSigner section of the Java PKCS#11 Reference Guide for details.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   212
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   213
.SS
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   214
Supported Algorithms
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   215
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   216
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   217
By default, \f3jarsigner\fP signs a JAR file using one of the following:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   218
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   219
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   220
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   221
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   222
DSA (Digital Signature Algorithm) with the SHA1 digest algorithm
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   223
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   224
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   225
RSA algorithm with the SHA256 digest algorithm.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   226
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   227
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   228
EC (Elliptic Curve) cryptography algorithm with the SHA256 with ECDSA (Elliptic Curve Digital Signature Algorithm).
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   229
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   230
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   231
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   232
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   233
That is, if the signer's public and private keys are DSA keys, \f3jarsigner\fP will sign the JAR file using the "SHA1withDSA" algorithm. If the signer's keys are RSA keys, \f3jarsigner\fP will attempt to sign the JAR file using the "SHA256withRSA" algorithm. If the signer's keys are EC keys, \f3jarsigner\fP will sign the JAR file using the "SHA256withECDSA" algorithm.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   234
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   235
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   236
These default signature algorithms can be overridden using the \f2\-sigalg\fP option.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   237
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   238
.SS
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   239
The Signed JAR File
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   240
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   241
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   242
When \f3jarsigner\fP is used to sign a JAR file, the output signed JAR file is exactly the same as the input JAR file, except that it has two additional files placed in the META\-INF directory:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   243
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   244
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   245
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   246
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   247
a signature file, with a .SF extension, and
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   248
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   249
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   250
a signature block file, with a .DSA, .RSA, or .EC extension.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   251
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   252
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   253
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   254
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   255
The base file names for these two files come from the value of the \f2\-sigFile\fP option. For example, if the option appears as
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   256
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   257
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   258
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   259
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   260
\-sigFile MKSIGN
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   261
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   262
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   263
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   264
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   265
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   266
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   267
The files are named "MKSIGN.SF" and "MKSIGN.DSA".
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   268
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   269
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   270
If no \f2\-sigfile\fP option appears on the command line, the base file name for the .SF and .DSA files will be the first 8 characters of the alias name specified on the command line, all converted to upper case. If the alias name has fewer than 8 characters, the full alias name is used. If the alias name contains any characters that are not allowed in a signature file name, each such character is converted to an underscore ("_") character in forming the file name. Legal characters include letters, digits, underscores, and hyphens.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   271
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   272
\f3The Signature (.SF) File\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   273
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   274
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   275
A signature file (the .SF file) looks similar to the manifest file that is always included in a JAR file when \f3jarsigner\fP is used to sign the file. That is, for each source file included in the JAR file, the .SF file has three lines, just as in the manifest file, listing the following:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   276
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   277
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   278
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   279
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   280
the file name,
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   281
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   282
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   283
the name of the digest algorithm used (SHA), and
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   284
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   285
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   286
a SHA digest value.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   287
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   288
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   289
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   290
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   291
In the manifest file, the SHA digest value for each source file is the digest (hash) of the binary data in the source file. In the .SF file, on the other hand, the digest value for a given source file is the hash of the three lines in the manifest file for the source file.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   292
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   293
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   294
The signature file also, by default, includes a header containing a hash of the whole manifest file. The presence of the header enables verification optimization, as described in JAR File Verification.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   295
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   296
\f3The Signature Block File\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   297
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   298
The .SF file is signed and the signature is placed in the signature block file. This file also contains, encoded inside it, the certificate or certificate chain from the keystore which authenticates the public key corresponding to the private key used for signing. The file has the extension .DSA, .RSA, or .EC depending on the digest algorithm used.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   299
.SS
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   300
Signature Timestamp
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   301
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   302
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   303
\f2jarsigner\fP tool can generate and store a signature timestamp when signing a JAR file. In addition, \f2jarsigner\fP supports alternative signing mechanisms. This behavior is optional and is controlled by the user at the time of signing through these options:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   304
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   305
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   306
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   307
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   308
\f2\-tsa url\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   309
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   310
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   311
\f2\-tsacert alias\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   312
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   313
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   314
\f2\-altsigner class\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   315
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   316
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   317
\f2\-altsignerpath classpathlist\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   318
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   319
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   320
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   321
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   322
Each of these options is detailed in the Options section below.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   323
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   324
.SS
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   325
JAR File Verification
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   326
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   327
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   328
A successful JAR file verification occurs if the signature(s) are valid, and none of the files that were in the JAR file when the signatures were generated have been changed since then. JAR file verification involves the following steps:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   329
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   330
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   331
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   332
1.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   333
Verify the signature of the .SF file itself.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   334
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   335
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   336
That is, the verification ensures that the signature stored in each signature block (.DSA) file was in fact generated using the private key corresponding to the public key whose certificate (or certificate chain) also appears in the .DSA file. It also ensures that the signature is a valid signature of the corresponding signature (.SF) file, and thus the .SF file has not been tampered with.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   337
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   338
2.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   339
Verify the digest listed in each entry in the .SF file with each corresponding section in the manifest.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   340
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   341
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   342
The .SF file by default includes a header containing a hash of the entire manifest file. When the header is present, then the verification can check to see whether or not the hash in the header indeed matches the hash of the manifest file. If that is the case, verification proceeds to the next step.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   343
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   344
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   345
If that is not the case, a less optimized verification is required to ensure that the hash in each source file information section in the .SF file equals the hash of its corresponding section in the manifest file (see The Signature (.SF) File).
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   346
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   347
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   348
One reason the hash of the manifest file that is stored in the .SF file header may not equal the hash of the current manifest file would be because one or more files were added to the JAR file (using the \f2jar\fP tool) after the signature (and thus the .SF file) was generated. When the \f2jar\fP tool is used to add files, the manifest file is changed (sections are added to it for the new files), but the .SF file is not. A verification is still considered successful if none of the files that were in the JAR file when the signature was generated have been changed since then, which is the case if the hashes in the non\-header sections of the .SF file equal the hashes of the corresponding sections in the manifest file.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   349
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   350
3.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   351
Read each file in the JAR file that has an entry in the .SF file. While reading, compute the file's digest, and then compare the result with the digest for this file in the manifest section. The digests should be the same, or verification fails.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   352
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   353
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   354
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   355
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   356
If any serious verification failures occur during the verification process, the process is stopped and a security exception is thrown. It is caught and displayed by \f3jarsigner\fP.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   357
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   358
.SS
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   359
Multiple Signatures for a JAR File
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   360
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   361
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   362
A JAR file can be signed by multiple people simply by running the \f3jarsigner\fP tool on the file multiple times, specifying the alias for a different person each time, as in:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   363
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   364
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   365
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   366
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   367
  jarsigner myBundle.jar susan
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   368
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   369
  jarsigner myBundle.jar kevin
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   370
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   371
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   372
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   373
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   374
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   375
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   376
When a JAR file is signed multiple times, there are multiple .SF and .DSA files in the resulting JAR file, one pair for each signature. Thus, in the example above, the output JAR file includes files with the following names:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   377
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   378
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   379
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   380
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   381
  SUSAN.SF
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   382
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   383
  SUSAN.DSA
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   384
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   385
  KEVIN.SF
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   386
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   387
  KEVIN.DSA
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   388
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   389
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   390
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   391
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   392
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   393
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   394
Note: It is also possible for a JAR file to have mixed signatures, some generated by the JDK 1.1 \f3javakey\fP tool and others by \f3jarsigner\fP. That is, \f3jarsigner\fP can be used to sign JAR files already previously signed using \f3javakey\fP.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   395
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   396
.SH "OPTIONS"
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   397
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   398
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   399
The various \f3jarsigner\fP options are listed and described below. Note:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   400
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   401
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   402
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   403
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   404
All option names are preceded by a minus sign (\-).
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   405
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   406
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   407
The options may be provided in any order.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   408
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   409
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   410
Items in italics (option values) represent the actual values that must be supplied.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   411
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   412
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   413
The \f2\-keystore\fP, \f2\-storepass\fP, \f2\-keypass\fP, \f2\-sigfile\fP, \f2\-sigalg\fP, \f2\-digestalg\fP, and \f2\-signedjar\fP options are only relevant when signing a JAR file, not when verifying a signed JAR file. Similarly, an alias is only specified on the command line when signing a JAR file.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   414
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   415
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   416
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   417
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   418
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   419
\-keystore url
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   420
Specifies the URL that tells the keystore location. This defaults to the file \f2.keystore\fP in the user's home directory, as determined by the "user.home" system property.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   421
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   422
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   423
A keystore is required when signing, so you must explicitly specify one if the default keystore does not exist (or you want to use one other than the default).
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   424
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   425
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   426
A keystore is \f2not\fP required when verifying, but if one is specified, or the default exists, and the \f2\-verbose\fP option was also specified, additional information is output regarding whether or not any of the certificates used to verify the JAR file are contained in that keystore.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   427
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   428
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   429
Note: the \f2\-keystore\fP argument can actually be a file name (and path) specification rather than a URL, in which case it will be treated the same as a "file:" URL. That is,
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   430
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   431
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   432
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   433
  \-keystore \fP\f4filePathAndName\fP\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   434
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   435
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   436
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   437
is treated as equivalent to
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   438
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   439
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   440
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   441
  \-keystore file:\fP\f4filePathAndName\fP\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   442
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   443
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   444
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   445
If the Sun PKCS#11 provider has been configured in the \f2java.security\fP security properties file (located in the JRE's \f2$JAVA_HOME/lib/security\fP directory), then keytool and jarsigner can operate on the PKCS#11 token by specifying these options:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   446
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   447
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   448
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   449
\f2\-keystore NONE\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   450
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   451
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   452
\f2\-storetype PKCS11\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   453
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   454
For example, this command lists the contents of the configured PKCS#11 token:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   455
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   456
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   457
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   458
   jarsigner \-keystore NONE \-storetype PKCS11 \-list
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   459
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   460
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   461
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   462
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   463
\-storetype storetype
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   464
Specifies the type of keystore to be instantiated. The default keystore type is the one that is specified as the value of the "keystore.type" property in the security properties file, which is returned by the static \f2getDefaultType\fP method in \f2java.security.KeyStore\fP.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   465
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   466
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   467
The PIN for a PCKS#11 token can also be specified using the \f2\-storepass\fP option. If none has been specified, keytool and jarsigner will prompt for the token PIN. If the token has a protected authentication path (such as a dedicated PIN\-pad or a biometric reader), then the \f2\-protected\fP option must be specified and no password options can be specified.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   468
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   469
\-storepass[:env | :file] argument
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   470
Specifies the password which is required to access the keystore. This is only needed when signing (not verifying) a JAR file. In that case, if a \f2\-storepass\fP option is not provided at the command line, the user is prompted for the password.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   471
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   472
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   473
If the modifier \f2env\fP or \f2file\fP is not specified, then the password has the value \f2argument\fP. Otherwise, the password is retrieved as follows:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   474
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   475
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   476
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   477
\f2env\fP: Retrieve the password from the environment variable named \f2argument\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   478
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   479
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   480
\f2file\fP: Retrieve the password from the file named \f2argument\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   481
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   482
Note: The password shouldn't be specified on the command line or in a script unless it is for testing purposes, or you are on a secure system.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   483
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   484
\-keypass[:env | :file] argument
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   485
Specifies the password used to protect the private key of the keystore entry addressed by the alias specified on the command line. The password is required when using \f3jarsigner\fP to sign a JAR file. If no password is provided on the command line, and the required password is different from the store password, the user is prompted for it.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   486
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   487
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   488
If the modifier \f2env\fP or \f2file\fP is not specified, then the password has the value \f2argument\fP. Otherwise, the password is retrieved as follows:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   489
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   490
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   491
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   492
\f2env\fP: Retrieve the password from the environment variable named \f2argument\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   493
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   494
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   495
\f2file\fP: Retrieve the password from the file named \f2argument\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   496
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   497
Note: The password shouldn't be specified on the command line or in a script unless it is for testing purposes, or you are on a secure system.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   498
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   499
\-sigfile file
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   500
Specifies the base file name to be used for the generated .SF and .DSA files. For example, if \f2file\fP is "DUKESIGN", the generated .SF and .DSA files will be named "DUKESIGN.SF" and "DUKESIGN.DSA", and will be placed in the "META\-INF" directory of the signed JAR file.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   501
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   502
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   503
The characters in \f2file\fP must come from the set "a\-zA\-Z0\-9_\-". That is, only letters, numbers, underscore, and hyphen characters are allowed. Note: All lowercase characters will be converted to uppercase for the .SF and .DSA file names.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   504
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   505
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   506
If no \f2\-sigfile\fP option appears on the command line, the base file name for the .SF and .DSA files will be the first 8 characters of the alias name specified on the command line, all converted to upper case. If the alias name has fewer than 8 characters, the full alias name is used. If the alias name contains any characters that are not legal in a signature file name, each such character is converted to an underscore ("_") character in forming the file name.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   507
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   508
\-sigalg algorithm
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   509
Specifies the name of the signature algorithm to use to sign the JAR file.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   510
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   511
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   512
See
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   513
.na
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   514
\f2Appendix A\fP @
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   515
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   516
http://download.oracle.com/javase/7/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA of the Java Cryptography Architecture for a list of standard signature algorithm names. This algorithm must be compatible with the private key used to sign the JAR file. If this option is not specified, SHA1withDSA, SHA256withRSA, or SHA256withECDSA will be used depending on the type of private key. There must either be a statically installed provider supplying an implementation of the specified algorithm or the user must specify one with the \f2\-providerClass\fP option, otherwise the command will not succeed.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   517
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   518
\-digestalg algorithm
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   519
Specifies the name of the message digest algorithm to use when digesting the entries of a jar file.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   520
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   521
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   522
See
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   523
.na
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   524
\f2Appendix A\fP @
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   525
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   526
http://download.oracle.com/javase/7/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA of the Java Cryptography Architecture for a list of standard message digest algorithm names. If this option is not specified, SHA256 will be used. There must either be a statically installed provider supplying an implementation of the specified algorithm or the user must specify one with the \f2\-providerClass\fP option, otherwise the command will not succeed.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   527
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   528
\-signedjar file
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   529
Specifies the name to be used for the signed JAR file.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   530
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   531
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   532
If no name is specified on the command line, the name used is the same as the input JAR file name (the name of the JAR file to be signed); in other words, that file is overwritten with the signed JAR file.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   533
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   534
\-verify
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   535
If this appears on the command line, the specified JAR file will be verified, not signed. If the verification is successful, "jar verified" will be displayed. If you try to verify an unsigned JAR file, or a JAR file signed with an unsupported algorithm (e.g., RSA when you don't have an RSA provider installed), the following is displayed: "jar is unsigned. (signatures missing or not parsable)"
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   536
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   537
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   538
It is possible to verify JAR files signed using either \f3jarsigner\fP or the JDK 1.1 \f3javakey\fP tool, or both.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   539
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   540
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   541
For further information on verification, see JAR File Verification.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   542
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   543
\-certs
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   544
If this appears on the command line, along with the \f2\-verify\fP and \f2\-verbose\fP options, the output includes certificate information for each signer of the JAR file. This information includes
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   545
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   546
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   547
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   548
the name of the type of certificate (stored in the .DSA file) that certifies the signer's public key
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   549
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   550
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   551
if the certificate is an X.509 certificate (more specifically, an instance of \f2java.security.cert.X509Certificate\fP): the distinguished name of the signer
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   552
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   553
The keystore is also examined. If no keystore value is specified on the command line, the default keystore file (if any) will be checked. If the public key certificate for a signer matches an entry in the keystore, then the following information will also be displayed:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   554
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   555
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   556
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   557
in parentheses, the alias name for the keystore entry for that signer. If the signer actually comes from a JDK 1.1 identity database instead of from a keystore, the alias name will appear in brackets instead of parentheses.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   558
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   559
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   560
\-certchain file
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   561
Specifies the certificate chain to be used, if the certificate chain associated with the private key of the keystore entry, addressed by the alias specified on the command line, is not complete. This may happen if the keystore is located on a hardware token where there is not enough capacity to hold a complete certificate chain. The file can be a sequence of X.509 certificates concatenated together, or a single PKCS#7 formatted data block, either in binary encoding format or in printable encoding format (also known as BASE64 encoding) as defined by the Internet RFC 1421 standard.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   562
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   563
\-verbose
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   564
If this appears on the command line, it indicates "verbose" mode, which causes \f3jarsigner\fP to output extra information as to the progress of the JAR signing or verification.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   565
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   566
\-internalsf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   567
In the past, the .DSA (signature block) file generated when a JAR file was signed used to include a complete encoded copy of the .SF file (signature file) also generated. This behavior has been changed. To reduce the overall size of the output JAR file, the .DSA file by default doesn't contain a copy of the .SF file anymore. But if \f2\-internalsf\fP appears on the command line, the old behavior is utilized. \f3This option is mainly useful for testing; in practice, it should not be used, since doing so eliminates a useful optimization.\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   568
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   569
\-sectionsonly
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   570
If this appears on the command line, the .SF file (signature file) generated when a JAR file is signed does \f2not\fP include a header containing a hash of the whole manifest file. It just contains information and hashes related to each individual source file included in the JAR file, as described in The Signature (.SF) File .
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   571
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   572
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   573
By default, this header is added, as an optimization. When the header is present, then whenever the JAR file is verified, the verification can first check to see whether or not the hash in the header indeed matches the hash of the whole manifest file. If so, verification proceeds to the next step. If not, it is necessary to do a less optimized verification that the hash in each source file information section in the .SF file equals the hash of its corresponding section in the manifest file.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   574
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   575
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   576
For further information, see JAR File Verification.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   577
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   578
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   579
\f3This option is mainly useful for testing; in practice, it should not be used, since doing so eliminates a useful optimization.\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   580
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   581
\-protected
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   582
Either \f2true\fP or \f2false\fP. This value should be specified as \f2true\fP if a password must be given via a protected authentication path such as a dedicated PIN reader.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   583
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   584
\-providerClass provider\-class\-name
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   585
Used to specify the name of cryptographic service provider's master class file when the service provider is not listed in the security properties file, \f2java.security\fP.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   586
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   587
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   588
Used in conjunction with the \f2\-providerArg\fP \f2ConfigFilePath\fP option, keytool and jarsigner will install the provider dynamically (where \f2ConfigFilePath\fP is the path to the token configuration file). Here's an example of a command to list a PKCS#11 keystore when the Sun PKCS#11 provider has not been configured in the security properties file.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   589
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   590
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   591
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   592
jarsigner \-keystore NONE \-storetype PKCS11 \\
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   593
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   594
          \-providerClass sun.security.pkcs11.SunPKCS11 \\
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   595
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   596
          \-providerArg /foo/bar/token.config \\
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   597
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   598
          \-list
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   599
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   600
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   601
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   602
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   603
\-providerName providerName
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   604
If more than one provider has been configured in the \f2java.security\fP security properties file, you can use the \f2\-providerName\fP option to target a specific provider instance. The argument to this option is the name of the provider.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   605
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   606
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   607
For the Sun PKCS#11 provider, \f2providerName\fP is of the form \f2SunPKCS11\-\fP\f2TokenName\fP, where \f2TokenName\fP is the name suffix that the provider instance has been configured with, as detailed in the
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   608
.na
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   609
\f2configuration attributes table\fP @
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   610
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   611
http://download.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html#ATTRS. For example, the following command lists the contents of the PKCS#11 keystore provider instance with name suffix \f2SmartCard\fP:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   612
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   613
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   614
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   615
jarsigner \-keystore NONE \-storetype PKCS11 \\
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   616
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   617
        \-providerName SunPKCS11\-SmartCard \\
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   618
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   619
        \-list
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   620
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   621
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   622
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   623
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   624
\-Jjavaoption
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   625
Passes through the specified \f2javaoption\fP string directly to the Java interpreter. (\f3jarsigner\fP is actually a "wrapper" around the interpreter.) This option should not contain any spaces. It is useful for adjusting the execution environment or memory usage. For a list of possible interpreter options, type \f2java \-h\fP or \f2java \-X\fP at the command line.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   626
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   627
\-tsa url
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   628
If \f2"\-tsa http://example.tsa.url"\fP appears on the command line when signing a JAR file then a timestamp is generated for the signature. The URL, \f2http://example.tsa.url\fP, identifies the location of the Time Stamping Authority (TSA). It overrides any URL found via the \f2\-tsacert\fP option. The \f2\-tsa\fP option does not require the TSA's public key certificate to be present in the keystore.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   629
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   630
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   631
To generate the timestamp, \f2jarsigner\fP communicates with the TSA using the Time\-Stamp Protocol (TSP) defined in
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   632
.na
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   633
\f2RFC 3161\fP @
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   634
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   635
http://www.ietf.org/rfc/rfc3161.txt. If successful, the timestamp token returned by the TSA is stored along with the signature in the signature block file.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   636
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   637
\-tsacert alias
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   638
If \f2"\-tsacert alias"\fP appears on the command line when signing a JAR file then a timestamp is generated for the signature. The \f2alias\fP identifies the TSA's public key certificate in the keystore that is currently in effect. The entry's certificate is examined for a Subject Information Access extension that contains a URL identifying the location of the TSA.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   639
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   640
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   641
The TSA's public key certificate must be present in the keystore when using \f2\-tsacert\fP.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   642
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   643
\-altsigner class
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   644
Specifies that an alternative signing mechanism be used. The fully\-qualified class name identifies a class file that extends the \f2com.sun.jarsigner.ContentSigner abstract class\fP. The path to this class file is defined by the \f2\-altsignerpath\fP option. If the \f2\-altsigner\fP option is used, \f2jarsigner\fP uses the signing mechanism provided by the specified class. Otherwise, \f2jarsigner\fP uses its default signing mechanism.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   645
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   646
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   647
For example, to use the signing mechanism provided by a class named \f2com.sun.sun.jarsigner.AuthSigner\fP, use the \f2jarsigner\fP option \f2"\-altsigner com.sun.jarsigner.AuthSigner"\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   648
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   649
\-altsignerpath classpathlist
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   650
Specifies the path to the class file (the class file name is specified with the \f2\-altsigner\fP option described above) and any JAR files it depends on. If the class file is in a JAR file, then this specifies the path to that JAR file, as shown in the example below.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   651
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   652
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   653
An absolute path or a path relative to the current directory may be specified. If \f2classpathlist\fP contains multiple paths or JAR files, they should be separated with a colon (\f2:\fP) on Solaris and a semi\-colon (\f2;\fP) on Windows. This option is not necessary if the class is already in the search path.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   654
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   655
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   656
Example of specifying the path to a jar file that contains the class file:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   657
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   658
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   659
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   660
\-altsignerpath /home/user/lib/authsigner.jar
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   661
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   662
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   663
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   664
Note that the JAR file name is included.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   665
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   666
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   667
Example of specifying the path to the jar file that contains the class file:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   668
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   669
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   670
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   671
\-altsignerpath /home/user/classes/com/sun/tools/jarsigner/
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   672
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   673
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   674
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   675
Note that the JAR file name is omitted.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   676
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   677
\-strict
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   678
During the signing or verifying process, some warning messages may be shown. If this option appears on the command line, the exit code of the tool will reflect the warning messages that are found. Read the "WARNINGS" section for details.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   679
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   680
\-verbose:sub\-options
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   681
For the verifying process, the \f2\-verbose\fP option takes sub\-options to determine how much information will be shown. If \f2\-certs\fP is also specified, the default mode (or sub\-option all) displays each entry as it is being processed and following that, the certificate information for each signer of the JAR file. If \f2\-certs\fP and the \f2\-verbose:grouped\fP sub\-option are specified, entries with the same signer info are grouped and displayed together along with their certificate information. If \f2\-certs\fP and the \f2\-verbose:summary\fP sub\-option are specified, then entries with the same signer info are grouped and displayed together along with their certificate information but details about each entry are summarized and displayed as "one entry (and more)". See the examples section for more information.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   682
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   683
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   684
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   685
.SH "EXAMPLES"
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   686
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   687
.SS
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   688
Signing a JAR File
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   689
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   690
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   691
Suppose you have a JAR file named "bundle.jar" and you'd like to sign it using the private key of the user whose keystore alias is "jane" in the keystore named "mystore" in the "working" directory. You can use the following to sign the JAR file and name the signed JAR file "sbundle.jar":
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   692
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   693
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   694
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   695
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   696
    jarsigner \-keystore /working/mystore \-storepass \fP\f4<keystore password>\fP\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   697
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   698
      \-keypass \fP\f4<private key password>\fP\f3 \-signedjar sbundle.jar bundle.jar jane
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   699
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   700
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   701
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   702
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   703
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   704
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   705
Note that there is no \f2\-sigfile\fP specified in the command above, so the generated .SF and .DSA files to be placed in the signed JAR file will have default names based on the alias name. That is, they will be named \f2JANE.SF\fP and \f2JANE.DSA\fP.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   706
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   707
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   708
If you want to be prompted for the store password and the private key password, you could shorten the above command to
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   709
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   710
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   711
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   712
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   713
    jarsigner \-keystore /working/mystore
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   714
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   715
      \-signedjar sbundle.jar bundle.jar jane
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   716
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   717
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   718
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   719
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   720
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   721
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   722
If the keystore to be used is the default keystore (the one named ".keystore" in your home directory), you don't need to specify a keystore, as in:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   723
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   724
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   725
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   726
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   727
    jarsigner \-signedjar sbundle.jar bundle.jar jane
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   728
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   729
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   730
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   731
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   732
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   733
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   734
Finally, if you want the signed JAR file to simply overwrite the input JAR file (\f2bundle.jar\fP), you don't need to specify a \f2\-signedjar\fP option:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   735
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   736
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   737
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   738
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   739
    jarsigner bundle.jar jane
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   740
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   741
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   742
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   743
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   744
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   745
.SS
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   746
Verifying a Signed JAR File
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   747
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   748
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   749
To verify a signed JAR file, that is, to verify that the signature is valid and the JAR file has not been tampered with, use a command such as the following:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   750
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   751
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   752
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   753
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   754
    jarsigner \-verify sbundle.jar
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   755
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   756
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   757
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   758
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   759
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   760
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   761
If the verification is successful,
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   762
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   763
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   764
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   765
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   766
    jar verified.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   767
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   768
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   769
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   770
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   771
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   772
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   773
is displayed. Otherwise, an error message appears.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   774
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   775
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   776
You can get more information if you use the \f2\-verbose\fP option. A sample use of \f3jarsigner\fP with the \f2\-verbose\fP option is shown below, along with sample output:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   777
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   778
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   779
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   780
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   781
    jarsigner \-verify \-verbose sbundle.jar
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   782
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   783
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   784
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   785
           198 Fri Sep 26 16:14:06 PDT 1997 META\-INF/MANIFEST.MF
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   786
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   787
           199 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.SF
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   788
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   789
          1013 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.DSA
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   790
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   791
    smk   2752 Fri Sep 26 16:12:30 PDT 1997 AclEx.class
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   792
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   793
    smk    849 Fri Sep 26 16:12:46 PDT 1997 test.class
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   794
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   795
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   796
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   797
      s = signature was verified
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   798
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   799
      m = entry is listed in manifest
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   800
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   801
      k = at least one certificate was found in keystore
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   802
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   803
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   804
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   805
    jar verified.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   806
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   807
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   808
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   809
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   810
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   811
.SS
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   812
Verification with Certificate Information
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   813
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   814
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   815
If you specify the \f2\-certs\fP option when verifying, along with the \f2\-verify\fP and \f2\-verbose\fP options, the output includes certificate information for each signer of the JAR file, including the certificate type, the signer distinguished name information (if and only if it's an X.509 certificate), and, in parentheses, the keystore alias for the signer if the public key certificate in the JAR file matches that in a keystore entry. For example,
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   816
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   817
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   818
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   819
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   820
    jarsigner \-keystore /working/mystore \-verify \-verbose \-certs myTest.jar
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   821
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   822
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   823
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   824
           198 Fri Sep 26 16:14:06 PDT 1997 META\-INF/MANIFEST.MF
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   825
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   826
           199 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.SF
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   827
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   828
          1013 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.DSA
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   829
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   830
           208 Fri Sep 26 16:23:30 PDT 1997 META\-INF/JAVATEST.SF
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   831
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   832
          1087 Fri Sep 26 16:23:30 PDT 1997 META\-INF/JAVATEST.DSA
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   833
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   834
    smk   2752 Fri Sep 26 16:12:30 PDT 1997 Tst.class
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   835
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   836
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   837
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   838
      X.509, CN=Test Group, OU=Java Software, O=Sun Microsystems, L=CUP, S=CA, C=US (javatest)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   839
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   840
      X.509, CN=Jane Smith, OU=Java Software, O=Sun, L=cup, S=ca, C=us (jane)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   841
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   842
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   843
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   844
      s = signature was verified
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   845
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   846
      m = entry is listed in manifest
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   847
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   848
      k = at least one certificate was found in keystore
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   849
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   850
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   851
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   852
    jar verified.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   853
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   854
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   855
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   856
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   857
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   858
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   859
If the certificate for a signer is not an X.509 certificate, there is no distinguished name information. In that case, just the certificate type and the alias are shown. For example, if the certificate is a PGP certificate, and the alias is "bob", you'd get
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   860
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   861
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   862
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   863
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   864
      PGP, (bob)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   865
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   866
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   867
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   868
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   869
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   870
.SS
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   871
Verification of a JAR File that Includes Identity Database Signers
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   872
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   873
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   874
If a JAR file has been signed using the JDK 1.1 \f3javakey\fP tool, and thus the signer is an alias in an identity database, the verification output includes an "i" symbol. If the JAR file has been signed by both an alias in an identity database and an alias in a keystore, both "k" and "i" appear.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   875
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   876
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   877
When the \f2\-certs\fP option is used, any identity database aliases are shown in square brackets rather than the parentheses used for keystore aliases. For example:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   878
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   879
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   880
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   881
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   882
    jarsigner \-keystore /working/mystore \-verify \-verbose \-certs writeFile.jar
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   883
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   884
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   885
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   886
           198 Fri Sep 26 16:14:06 PDT 1997 META\-INF/MANIFEST.MF
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   887
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   888
           199 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.SF
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   889
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   890
          1013 Fri Sep 26 16:22:10 PDT 1997 META\-INF/JANE.DSA
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   891
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   892
           199 Fri Sep 27 12:22:30 PDT 1997 META\-INF/DUKE.SF
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   893
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   894
          1013 Fri Sep 27 12:22:30 PDT 1997 META\-INF/DUKE.DSA
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   895
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   896
   smki   2752 Fri Sep 26 16:12:30 PDT 1997 writeFile.html
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   897
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   898
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   899
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   900
      X.509, CN=Jane Smith, OU=Java Software, O=Sun, L=cup, S=ca, C=us (jane)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   901
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   902
      X.509, CN=Duke, OU=Java Software, O=Sun, L=cup, S=ca, C=us [duke]
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   903
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   904
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   905
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   906
      s = signature was verified
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   907
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   908
      m = entry is listed in manifest
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   909
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   910
      k = at least one certificate was found in keystore
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   911
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   912
      i = at least one certificate was found in identity scope
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   913
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   914
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   915
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   916
    jar verified.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   917
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   918
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   919
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   920
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   921
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   922
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   923
Note that the alias "duke" is in brackets to denote that it is an identity database alias, not a keystore alias.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   924
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   925
.SH "WARNINGS"
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   926
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   927
During the signing/verifying process, jarsigner may display various warnings. These warning codes are defined as follows:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   928
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   929
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   930
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   931
         hasExpiringCert         2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   932
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   933
             This jar contains entries whose signer certificate will expire within six months
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   934
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   935
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   936
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   937
         hasExpiredCert          4
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   938
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   939
             This jar contains entries whose signer certificate has expired.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   940
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   941
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   942
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   943
         notYetValidCert         4
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   944
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   945
             This jar contains entries whose signer certificate is not yet valid.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   946
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   947
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   948
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   949
         chainNotValidated       4
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   950
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   951
             This jar contains entries whose certificate chain cannot be correctly validated.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   952
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   953
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   954
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   955
         badKeyUsage             8
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   956
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   957
             This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   958
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   959
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   960
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   961
         badExtendedKeyUsage     8
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   962
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   963
             This jar contains entries whose signer certificate's ExtendedKeyUsage extension
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   964
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   965
             doesn't allow code signing.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   966
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   967
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   968
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   969
         badNetscapeCertType     8
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   970
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   971
             This jar contains entries whose signer certificate's NetscapeCertType extension
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   972
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   973
             doesn't allow code signing.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   974
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   975
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   976
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   977
         hasUnsignedEntry        16
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   978
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   979
             This jar contains unsigned entries which have not been integrity\-checked.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   980
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   981
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   982
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   983
         notSignedByAlias        32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   984
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   985
             This jar contains signed entries which are not signed by the specified alias(es)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   986
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   987
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   988
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   989
         aliasNotInStore         32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   990
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   991
             This jar contains signed entries that are not signed by alias in this keystore
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   992
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   993
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   994
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   995
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   996
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   997
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   998
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
   999
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1000
When the \f2\-strict\fP option is provided, an OR\-value of warnings detected will be returned as the exit code of the tool. For example, if a certificate used to sign an entry is expired and has a keyUsage extension that does not allow it to sign a file, an exit code 12 (=4+8) will be returned.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1001
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1002
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1003
\f3Note\fP: Exit codes are reused because only 0\-255 is legal for Unix. In any case, if the signing/verifying process fails, the following exit code will be returned:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1004
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1005
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1006
\f3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1007
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1008
failure                 1
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1009
.fl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1010
\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1011
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1012
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1013
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1014
.SS
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1015
Compatibility with JDK 1.1
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1016
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1017
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1018
The \f3keytool\fP and \f3jarsigner\fP tools completely replace the \f3javakey\fP tool provided in JDK 1.1. These new tools provide more features than \f3javakey\fP, including the ability to protect the keystore and private keys with passwords, and the ability to verify signatures in addition to generating them.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1019
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1020
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1021
The new keystore architecture replaces the identity database that \f3javakey\fP created and managed. There is no backwards compatibility between the keystore format and the database format used by \f3javakey\fP in 1.1. However,
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1022
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1023
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1024
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1025
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1026
It is possible to import the information from an identity database into a keystore, via the \f3keytool\fP \f2\-identitydb\fP command.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1027
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1028
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1029
\f3jarsigner\fP can sign JAR files also previously signed using \f3javakey\fP.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1030
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1031
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1032
\f3jarsigner\fP can verify JAR files signed using \f3javakey\fP. Thus, it recognizes and can work with signer aliases that are from a JDK 1.1 identity database rather than a Java 2 SDK keystore.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1033
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1034
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1035
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1036
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1037
The following table explains how JAR files that were signed in JDK 1.1.x are treated in the Java 2 platform.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1038
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1039
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1040
.if \n+(b.=1 .nr d. \n(.c-\n(c.-1
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1041
.de 35
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1042
.ps \n(.s
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1043
.vs \n(.vu
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1044
.in \n(.iu
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1045
.if \n(.u .fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1046
.if \n(.j .ad
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1047
.if \n(.j=0 .na
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1048
..
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1049
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1050
.nr #~ 0
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1051
.if n .nr #~ 0.6n
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1052
.ds #d .d
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1053
.if \(ts\n(.z\(ts\(ts .ds #d nl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1054
.fc
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1055
.nr 33 \n(.s
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1056
.rm 80 81 82 83 84
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1057
.nr 34 \n(.lu
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1058
.eo
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1059
.am 82
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1060
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1061
.di a+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1062
.35
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1063
.ft \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1064
.ll \n(34u*1u/6u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1065
.if \n(.l<\n(82 .ll \n(82u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1066
.in 0
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1067
\f3Trusted Identity imported into Java 2 Platform keystore from 1.1 database (4)\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1068
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1069
.di
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1070
.nr a| \n(dn
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1071
.nr a- \n(dl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1072
..
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1073
.ec \
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1074
.eo
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1075
.am 83
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1076
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1077
.di b+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1078
.35
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1079
.ft \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1080
.ll \n(34u*1u/6u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1081
.if \n(.l<\n(83 .ll \n(83u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1082
.in 0
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1083
\f3Policy File grants privileges to Identity/Alias\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1084
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1085
.di
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1086
.nr b| \n(dn
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1087
.nr b- \n(dl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1088
..
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1089
.ec \
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1090
.eo
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1091
.am 84
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1092
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1093
.di c+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1094
.35
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1095
.ft \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1096
.ll \n(34u*1u/6u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1097
.if \n(.l<\n(84 .ll \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1098
.in 0
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1099
Default privileges granted to all code.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1100
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1101
.di
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1102
.nr c| \n(dn
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1103
.nr c- \n(dl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1104
..
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1105
.ec \
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1106
.eo
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1107
.am 84
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1108
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1109
.di d+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1110
.35
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1111
.ft \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1112
.ll \n(34u*1u/6u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1113
.if \n(.l<\n(84 .ll \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1114
.in 0
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1115
Default privileges granted to all code.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1116
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1117
.di
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1118
.nr d| \n(dn
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1119
.nr d- \n(dl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1120
..
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1121
.ec \
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1122
.eo
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1123
.am 84
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1124
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1125
.di e+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1126
.35
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1127
.ft \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1128
.ll \n(34u*1u/6u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1129
.if \n(.l<\n(84 .ll \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1130
.in 0
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1131
Default privileges granted to all code.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1132
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1133
.di
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1134
.nr e| \n(dn
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1135
.nr e- \n(dl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1136
..
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1137
.ec \
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1138
.eo
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1139
.am 84
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1140
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1141
.di f+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1142
.35
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1143
.ft \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1144
.ll \n(34u*1u/6u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1145
.if \n(.l<\n(84 .ll \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1146
.in 0
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1147
Default privileges granted to all code. (3)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1148
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1149
.di
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1150
.nr f| \n(dn
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1151
.nr f- \n(dl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1152
..
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1153
.ec \
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1154
.eo
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1155
.am 84
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1156
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1157
.di g+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1158
.35
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1159
.ft \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1160
.ll \n(34u*1u/6u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1161
.if \n(.l<\n(84 .ll \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1162
.in 0
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1163
Default privileges granted to all code. (1,3)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1164
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1165
.di
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1166
.nr g| \n(dn
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1167
.nr g- \n(dl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1168
..
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1169
.ec \
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1170
.eo
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1171
.am 84
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1172
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1173
.di h+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1174
.35
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1175
.ft \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1176
.ll \n(34u*1u/6u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1177
.if \n(.l<\n(84 .ll \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1178
.in 0
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1179
Default privileges granted to all code plus privileges granted in policy file.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1180
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1181
.di
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1182
.nr h| \n(dn
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1183
.nr h- \n(dl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1184
..
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1185
.ec \
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1186
.eo
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1187
.am 84
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1188
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1189
.di i+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1190
.35
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1191
.ft \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1192
.ll \n(34u*1u/6u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1193
.if \n(.l<\n(84 .ll \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1194
.in 0
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1195
Default privileges granted to all code plus privileges granted in policy file. (2)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1196
.br
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1197
.di
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1198
.nr i| \n(dn
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1199
.nr i- \n(dl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1200
..
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1201
.ec \
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1202
.35
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1203
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1204
.ll \n(34u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1205
.nr 80 0
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1206
.nr 38 \w\f3JAR File Type\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1207
.if \n(80<\n(38 .nr 80 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1208
.nr 38 \wSigned JAR
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1209
.if \n(80<\n(38 .nr 80 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1210
.nr 38 \wUnsigned JAR
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1211
.if \n(80<\n(38 .nr 80 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1212
.nr 38 \wSigned JAR
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1213
.if \n(80<\n(38 .nr 80 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1214
.nr 38 \wSigned JAR
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1215
.if \n(80<\n(38 .nr 80 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1216
.nr 38 \wSigned JAR
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1217
.if \n(80<\n(38 .nr 80 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1218
.nr 38 \wSigned JAR
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1219
.if \n(80<\n(38 .nr 80 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1220
.nr 38 \wSigned JAR
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1221
.if \n(80<\n(38 .nr 80 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1222
.nr 38 \wSigned JAR
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1223
.if \n(80<\n(38 .nr 80 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1224
.nr 38 \wSigned JAR
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1225
.if \n(80<\n(38 .nr 80 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1226
.nr 38 \wSigned JAR
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1227
.if \n(80<\n(38 .nr 80 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1228
.80
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1229
.rm 80
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1230
.nr 81 0
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1231
.nr 38 \w\f3Identity in 1.1 database\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1232
.if \n(81<\n(38 .nr 81 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1233
.nr 38 \wNO
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1234
.if \n(81<\n(38 .nr 81 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1235
.nr 38 \wNO
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1236
.if \n(81<\n(38 .nr 81 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1237
.nr 38 \wNO
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1238
.if \n(81<\n(38 .nr 81 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1239
.nr 38 \wYES/Untrusted
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1240
.if \n(81<\n(38 .nr 81 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1241
.nr 38 \wYES/Untrusted
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1242
.if \n(81<\n(38 .nr 81 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1243
.nr 38 \wNO
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1244
.if \n(81<\n(38 .nr 81 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1245
.nr 38 \wYES/Trusted
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1246
.if \n(81<\n(38 .nr 81 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1247
.nr 38 \wYES/Trusted
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1248
.if \n(81<\n(38 .nr 81 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1249
.nr 38 \wYES/Trusted
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1250
.if \n(81<\n(38 .nr 81 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1251
.nr 38 \wYES/Trusted
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1252
.if \n(81<\n(38 .nr 81 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1253
.81
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1254
.rm 81
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1255
.nr 82 0
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1256
.nr 38 \wNO
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1257
.if \n(82<\n(38 .nr 82 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1258
.nr 38 \wNO
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1259
.if \n(82<\n(38 .nr 82 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1260
.nr 38 \wYES
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1261
.if \n(82<\n(38 .nr 82 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1262
.nr 38 \wNO
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1263
.if \n(82<\n(38 .nr 82 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1264
.nr 38 \wNO
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1265
.if \n(82<\n(38 .nr 82 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1266
.nr 38 \wYES
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1267
.if \n(82<\n(38 .nr 82 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1268
.nr 38 \wYES
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1269
.if \n(82<\n(38 .nr 82 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1270
.nr 38 \wNO
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1271
.if \n(82<\n(38 .nr 82 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1272
.nr 38 \wYES
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1273
.if \n(82<\n(38 .nr 82 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1274
.nr 38 \wNO
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1275
.if \n(82<\n(38 .nr 82 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1276
.82
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1277
.rm 82
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1278
.nr 38 \n(a-
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1279
.if \n(82<\n(38 .nr 82 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1280
.nr 83 0
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1281
.nr 38 \wNO
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1282
.if \n(83<\n(38 .nr 83 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1283
.nr 38 \wNO
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1284
.if \n(83<\n(38 .nr 83 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1285
.nr 38 \wNO
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1286
.if \n(83<\n(38 .nr 83 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1287
.nr 38 \wNO
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1288
.if \n(83<\n(38 .nr 83 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1289
.nr 38 \wYES
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1290
.if \n(83<\n(38 .nr 83 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1291
.nr 38 \wYES
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1292
.if \n(83<\n(38 .nr 83 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1293
.nr 38 \wYES
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1294
.if \n(83<\n(38 .nr 83 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1295
.nr 38 \wNO
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1296
.if \n(83<\n(38 .nr 83 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1297
.nr 38 \wNO
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1298
.if \n(83<\n(38 .nr 83 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1299
.nr 38 \wYES
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1300
.if \n(83<\n(38 .nr 83 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1301
.83
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1302
.rm 83
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1303
.nr 38 \n(b-
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1304
.if \n(83<\n(38 .nr 83 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1305
.nr 84 0
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1306
.nr 38 \w\f3Privileges Granted\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1307
.if \n(84<\n(38 .nr 84 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1308
.nr 38 \wAll privileges
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1309
.if \n(84<\n(38 .nr 84 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1310
.nr 38 \wAll privileges (1)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1311
.if \n(84<\n(38 .nr 84 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1312
.nr 38 \wAll privileges (1)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1313
.if \n(84<\n(38 .nr 84 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1314
.84
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1315
.rm 84
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1316
.nr 38 \n(c-
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1317
.if \n(84<\n(38 .nr 84 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1318
.nr 38 \n(d-
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1319
.if \n(84<\n(38 .nr 84 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1320
.nr 38 \n(e-
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1321
.if \n(84<\n(38 .nr 84 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1322
.nr 38 \n(f-
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1323
.if \n(84<\n(38 .nr 84 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1324
.nr 38 \n(g-
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1325
.if \n(84<\n(38 .nr 84 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1326
.nr 38 \n(h-
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1327
.if \n(84<\n(38 .nr 84 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1328
.nr 38 \n(i-
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1329
.if \n(84<\n(38 .nr 84 \n(38
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1330
.35
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1331
.nf
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1332
.ll \n(34u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1333
.nr 38 1n
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1334
.nr 79 0
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1335
.nr 40 \n(79+(0*\n(38)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1336
.nr 80 +\n(40
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1337
.nr 41 \n(80+(3*\n(38)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1338
.nr 81 +\n(41
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1339
.nr 42 \n(81+(3*\n(38)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1340
.nr 82 +\n(42
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1341
.nr 43 \n(82+(3*\n(38)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1342
.nr 83 +\n(43
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1343
.nr 44 \n(83+(3*\n(38)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1344
.nr 84 +\n(44
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1345
.nr TW \n(84
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1346
.if t .if \n(TW>\n(.li .tm Table at line 1082 file Input is too wide - \n(TW units
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1347
.fc  
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1348
.nr #T 0-1
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1349
.nr #a 0-1
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1350
.eo
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1351
.de T#
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1352
.ds #d .d
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1353
.if \(ts\n(.z\(ts\(ts .ds #d nl
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1354
.mk ##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1355
.nr ## -1v
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1356
.ls 1
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1357
.ls
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1358
..
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1359
.ec
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1360
.ne \n(a|u+\n(.Vu
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1361
.ne \n(b|u+\n(.Vu
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1362
.if (\n(a|+\n(#^-1v)>\n(#- .nr #- +(\n(a|+\n(#^-\n(#--1v)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1363
.if (\n(b|+\n(#^-1v)>\n(#- .nr #- +(\n(b|+\n(#^-\n(#--1v)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1364
.ta \n(80u \n(81u \n(82u \n(83u \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1365
.nr 31 \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1366
.nr 35 1m
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1367
\&\h'|\n(40u'\f3JAR File Type\fP\h'|\n(41u'\f3Identity in 1.1 database\fP\h'|\n(42u'\h'|\n(43u'\h'|\n(44u'\f3Privileges Granted\fP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1368
.mk ##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1369
.nr 31 \n(##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1370
.sp |\n(##u-1v
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1371
.nr 37 \n(42u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1372
.in +\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1373
.a+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1374
.in -\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1375
.mk 32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1376
.if \n(32>\n(31 .nr 31 \n(32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1377
.sp |\n(##u-1v
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1378
.nr 37 \n(43u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1379
.in +\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1380
.b+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1381
.in -\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1382
.mk 32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1383
.if \n(32>\n(31 .nr 31 \n(32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1384
.sp |\n(31u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1385
.ne \n(c|u+\n(.Vu
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1386
.if (\n(c|+\n(#^-1v)>\n(#- .nr #- +(\n(c|+\n(#^-\n(#--1v)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1387
.ta \n(80u \n(81u \n(82u \n(83u \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1388
.nr 31 \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1389
.nr 35 1m
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1390
\&\h'|\n(40u'Signed JAR\h'|\n(41u'NO\h'|\n(42u'NO\h'|\n(43u'NO\h'|\n(44u'
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1391
.mk ##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1392
.nr 31 \n(##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1393
.sp |\n(##u-1v
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1394
.nr 37 \n(44u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1395
.in +\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1396
.c+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1397
.in -\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1398
.mk 32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1399
.if \n(32>\n(31 .nr 31 \n(32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1400
.sp |\n(31u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1401
.ne \n(d|u+\n(.Vu
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1402
.if (\n(d|+\n(#^-1v)>\n(#- .nr #- +(\n(d|+\n(#^-\n(#--1v)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1403
.ta \n(80u \n(81u \n(82u \n(83u \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1404
.nr 31 \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1405
.nr 35 1m
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1406
\&\h'|\n(40u'Unsigned JAR\h'|\n(41u'NO\h'|\n(42u'NO\h'|\n(43u'NO\h'|\n(44u'
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1407
.mk ##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1408
.nr 31 \n(##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1409
.sp |\n(##u-1v
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1410
.nr 37 \n(44u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1411
.in +\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1412
.d+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1413
.in -\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1414
.mk 32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1415
.if \n(32>\n(31 .nr 31 \n(32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1416
.sp |\n(31u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1417
.ne \n(e|u+\n(.Vu
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1418
.if (\n(e|+\n(#^-1v)>\n(#- .nr #- +(\n(e|+\n(#^-\n(#--1v)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1419
.ta \n(80u \n(81u \n(82u \n(83u \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1420
.nr 31 \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1421
.nr 35 1m
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1422
\&\h'|\n(40u'Signed JAR\h'|\n(41u'NO\h'|\n(42u'YES\h'|\n(43u'NO\h'|\n(44u'
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1423
.mk ##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1424
.nr 31 \n(##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1425
.sp |\n(##u-1v
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1426
.nr 37 \n(44u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1427
.in +\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1428
.e+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1429
.in -\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1430
.mk 32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1431
.if \n(32>\n(31 .nr 31 \n(32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1432
.sp |\n(31u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1433
.ne \n(f|u+\n(.Vu
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1434
.if (\n(f|+\n(#^-1v)>\n(#- .nr #- +(\n(f|+\n(#^-\n(#--1v)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1435
.ta \n(80u \n(81u \n(82u \n(83u \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1436
.nr 31 \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1437
.nr 35 1m
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1438
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Untrusted\h'|\n(42u'NO\h'|\n(43u'NO\h'|\n(44u'
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1439
.mk ##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1440
.nr 31 \n(##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1441
.sp |\n(##u-1v
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1442
.nr 37 \n(44u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1443
.in +\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1444
.f+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1445
.in -\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1446
.mk 32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1447
.if \n(32>\n(31 .nr 31 \n(32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1448
.sp |\n(31u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1449
.ne \n(g|u+\n(.Vu
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1450
.if (\n(g|+\n(#^-1v)>\n(#- .nr #- +(\n(g|+\n(#^-\n(#--1v)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1451
.ta \n(80u \n(81u \n(82u \n(83u \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1452
.nr 31 \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1453
.nr 35 1m
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1454
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Untrusted\h'|\n(42u'NO\h'|\n(43u'YES\h'|\n(44u'
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1455
.mk ##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1456
.nr 31 \n(##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1457
.sp |\n(##u-1v
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1458
.nr 37 \n(44u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1459
.in +\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1460
.g+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1461
.in -\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1462
.mk 32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1463
.if \n(32>\n(31 .nr 31 \n(32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1464
.sp |\n(31u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1465
.ne \n(h|u+\n(.Vu
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1466
.if (\n(h|+\n(#^-1v)>\n(#- .nr #- +(\n(h|+\n(#^-\n(#--1v)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1467
.ta \n(80u \n(81u \n(82u \n(83u \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1468
.nr 31 \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1469
.nr 35 1m
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1470
\&\h'|\n(40u'Signed JAR\h'|\n(41u'NO\h'|\n(42u'YES\h'|\n(43u'YES\h'|\n(44u'
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1471
.mk ##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1472
.nr 31 \n(##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1473
.sp |\n(##u-1v
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1474
.nr 37 \n(44u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1475
.in +\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1476
.h+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1477
.in -\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1478
.mk 32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1479
.if \n(32>\n(31 .nr 31 \n(32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1480
.sp |\n(31u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1481
.ne \n(i|u+\n(.Vu
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1482
.if (\n(i|+\n(#^-1v)>\n(#- .nr #- +(\n(i|+\n(#^-\n(#--1v)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1483
.ta \n(80u \n(81u \n(82u \n(83u \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1484
.nr 31 \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1485
.nr 35 1m
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1486
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Trusted\h'|\n(42u'YES\h'|\n(43u'YES\h'|\n(44u'
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1487
.mk ##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1488
.nr 31 \n(##
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1489
.sp |\n(##u-1v
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1490
.nr 37 \n(44u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1491
.in +\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1492
.i+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1493
.in -\n(37u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1494
.mk 32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1495
.if \n(32>\n(31 .nr 31 \n(32
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1496
.sp |\n(31u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1497
.ta \n(80u \n(81u \n(82u \n(83u \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1498
.nr 31 \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1499
.nr 35 1m
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1500
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Trusted\h'|\n(42u'NO\h'|\n(43u'NO\h'|\n(44u'All privileges
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1501
.ta \n(80u \n(81u \n(82u \n(83u \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1502
.nr 31 \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1503
.nr 35 1m
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1504
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Trusted\h'|\n(42u'YES\h'|\n(43u'NO\h'|\n(44u'All privileges (1)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1505
.ta \n(80u \n(81u \n(82u \n(83u \n(84u
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1506
.nr 31 \n(.f
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1507
.nr 35 1m
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1508
\&\h'|\n(40u'Signed JAR\h'|\n(41u'YES/Trusted\h'|\n(42u'NO\h'|\n(43u'YES\h'|\n(44u'All privileges (1)
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1509
.fc
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1510
.nr T. 1
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1511
.T# 1
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1512
.35
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1513
.rm a+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1514
.rm b+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1515
.rm c+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1516
.rm d+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1517
.rm e+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1518
.rm f+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1519
.rm g+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1520
.rm h+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1521
.rm i+
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1522
.if \n-(b.=0 .nr c. \n(.c-\n(d.-42
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1523
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1524
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1525
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1526
Notes:
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1527
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1528
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1529
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1530
1.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1531
If an identity/alias is mentioned in the policy file, it must be imported into the keystore for the policy file to have any effect on privileges granted.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1532
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1533
2.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1534
The policy file/keystore combination has precedence over a trusted identity in the identity database.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1535
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1536
3.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1537
Untrusted identities are ignored in the Java 2 platform.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1538
.TP 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1539
4.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1540
Only trusted identities can be imported into Java 2 SDK keystores.
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1541
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1542
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1543
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1544
.SH "SEE ALSO"
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1545
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1546
.RS 3
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1547
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1548
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1549
jar(1) tool documentation
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1550
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1551
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1552
keytool(1) tool documentation
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1553
.TP 2
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1554
o
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1555
the
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1556
.na
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1557
\f4Security\fP @
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1558
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1559
http://download.oracle.com/javase/tutorial/security/index.html trail of the
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1560
.na
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1561
\f4Java Tutorial\fP @
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1562
.fi
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1563
http://download.oracle.com/javase/tutorial/index.html for examples of the use of the \f3jarsigner\fP tool
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1564
.RE
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1565
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1566
.LP
320a714614e9 7113349: Initial changeset for Macosx port to jdk
michaelm
parents:
diff changeset
  1567