--- a/jdk/src/share/classes/sun/security/tools/JarSigner.java Sat Sep 03 07:46:35 2011 +0100
+++ b/jdk/src/share/classes/sun/security/tools/JarSigner.java Mon Sep 05 11:22:27 2011 +0800
@@ -1506,6 +1506,9 @@
CertPath cp = certificateFactory.generateCertPath(certs);
validator.validate(cp, pkixParameters);
} catch (Exception e) {
+ if (debug) {
+ e.printStackTrace();
+ }
chainNotValidated = true;
s.append(tab + rb.getString(".CertPath.not.validated.") +
e.getLocalizedMessage() + "]\n"); // TODO
@@ -1562,6 +1565,27 @@
}
try {
+
+ certificateFactory = CertificateFactory.getInstance("X.509");
+ validator = CertPathValidator.getInstance("PKIX");
+ Set<TrustAnchor> tas = new HashSet<>();
+ try {
+ KeyStore caks = KeyTool.getCacertsKeyStore();
+ if (caks != null) {
+ Enumeration<String> aliases = caks.aliases();
+ while (aliases.hasMoreElements()) {
+ String a = aliases.nextElement();
+ try {
+ tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null));
+ } catch (Exception e2) {
+ // ignore, when a SecretkeyEntry does not include a cert
+ }
+ }
+ }
+ } catch (Exception e) {
+ // Ignore, if cacerts cannot be loaded
+ }
+
if (providerName == null) {
store = KeyStore.getInstance(storetype);
} else {
@@ -1580,45 +1604,28 @@
(rb.getString("Enter.Passphrase.for.keystore."));
}
- if (nullStream) {
- store.load(null, storepass);
- } else {
- keyStoreName = keyStoreName.replace(File.separatorChar, '/');
- URL url = null;
- try {
- url = new URL(keyStoreName);
- } catch (java.net.MalformedURLException e) {
- // try as file
- url = new File(keyStoreName).toURI().toURL();
- }
- InputStream is = null;
- try {
- is = url.openStream();
- store.load(is, storepass);
- } finally {
- if (is != null) {
- is.close();
+ try {
+ if (nullStream) {
+ store.load(null, storepass);
+ } else {
+ keyStoreName = keyStoreName.replace(File.separatorChar, '/');
+ URL url = null;
+ try {
+ url = new URL(keyStoreName);
+ } catch (java.net.MalformedURLException e) {
+ // try as file
+ url = new File(keyStoreName).toURI().toURL();
}
- }
- }
- Set<TrustAnchor> tas = new HashSet<>();
- try {
- KeyStore caks = KeyTool.getCacertsKeyStore();
- if (caks != null) {
- Enumeration<String> aliases = caks.aliases();
- while (aliases.hasMoreElements()) {
- String a = aliases.nextElement();
- try {
- tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null));
- } catch (Exception e2) {
- // ignore, when a SecretkeyEntry does not include a cert
+ InputStream is = null;
+ try {
+ is = url.openStream();
+ store.load(is, storepass);
+ } finally {
+ if (is != null) {
+ is.close();
}
}
}
- } catch (Exception e) {
- // Ignore, if cacerts cannot be loaded
- }
- if (store != null) {
Enumeration<String> aliases = store.aliases();
while (aliases.hasMoreElements()) {
String a = aliases.nextElement();
@@ -1634,14 +1641,13 @@
// ignore, when a SecretkeyEntry does not include a cert
}
}
- }
- certificateFactory = CertificateFactory.getInstance("X.509");
- validator = CertPathValidator.getInstance("PKIX");
- try {
- pkixParameters = new PKIXParameters(tas);
- pkixParameters.setRevocationEnabled(false);
- } catch (InvalidAlgorithmParameterException ex) {
- // Only if tas is empty
+ } finally {
+ try {
+ pkixParameters = new PKIXParameters(tas);
+ pkixParameters.setRevocationEnabled(false);
+ } catch (InvalidAlgorithmParameterException ex) {
+ // Only if tas is empty
+ }
}
} catch (IOException ioe) {
throw new RuntimeException(rb.getString("keystore.load.") +
@@ -1805,6 +1811,9 @@
CertPath cp = certificateFactory.generateCertPath(Arrays.asList(certChain));
validator.validate(cp, pkixParameters);
} catch (Exception e) {
+ if (debug) {
+ e.printStackTrace();
+ }
chainNotValidated = true;
}