6890872: keytool -printcert to recognize signed jar files
Reviewed-by: mullan
This commit is contained in:
Weijun Wang
parent
9b3b87dab8
commit
692684aa31
@ -1483,6 +1483,7 @@ public class JarSigner {
|
|||||||
Timestamp timestamp = signer.getTimestamp();
|
Timestamp timestamp = signer.getTimestamp();
|
||||||
if (timestamp != null) {
|
if (timestamp != null) {
|
||||||
s.append(printTimestamp(tab, timestamp));
|
s.append(printTimestamp(tab, timestamp));
|
||||||
|
s.append('\n');
|
||||||
}
|
}
|
||||||
// display the certificate(s)
|
// display the certificate(s)
|
||||||
for (Certificate c : certs) {
|
for (Certificate c : certs) {
|
||||||
|
|||||||
@ -26,6 +26,7 @@
|
|||||||
package sun.security.tools;
|
package sun.security.tools;
|
||||||
|
|
||||||
import java.io.*;
|
import java.io.*;
|
||||||
|
import java.security.CodeSigner;
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
import java.security.KeyStoreException;
|
import java.security.KeyStoreException;
|
||||||
import java.security.MessageDigest;
|
import java.security.MessageDigest;
|
||||||
@ -34,6 +35,7 @@ import java.security.PublicKey;
|
|||||||
import java.security.PrivateKey;
|
import java.security.PrivateKey;
|
||||||
import java.security.Security;
|
import java.security.Security;
|
||||||
import java.security.Signature;
|
import java.security.Signature;
|
||||||
|
import java.security.Timestamp;
|
||||||
import java.security.UnrecoverableEntryException;
|
import java.security.UnrecoverableEntryException;
|
||||||
import java.security.UnrecoverableKeyException;
|
import java.security.UnrecoverableKeyException;
|
||||||
import java.security.Principal;
|
import java.security.Principal;
|
||||||
@ -46,6 +48,8 @@ import java.security.cert.CertificateException;
|
|||||||
import java.text.Collator;
|
import java.text.Collator;
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
|
import java.util.jar.JarEntry;
|
||||||
|
import java.util.jar.JarFile;
|
||||||
import java.lang.reflect.Constructor;
|
import java.lang.reflect.Constructor;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.net.URLClassLoader;
|
import java.net.URLClassLoader;
|
||||||
@ -130,6 +134,7 @@ public final class KeyTool {
|
|||||||
private File ksfile = null;
|
private File ksfile = null;
|
||||||
private InputStream ksStream = null; // keystore stream
|
private InputStream ksStream = null; // keystore stream
|
||||||
private String sslserver = null;
|
private String sslserver = null;
|
||||||
|
private String jarfile = null;
|
||||||
private KeyStore keyStore = null;
|
private KeyStore keyStore = null;
|
||||||
private boolean token = false;
|
private boolean token = false;
|
||||||
private boolean nullStream = false;
|
private boolean nullStream = false;
|
||||||
@ -206,7 +211,7 @@ public final class KeyTool {
|
|||||||
"-providername", "-providerclass", "-providerarg",
|
"-providername", "-providerclass", "-providerarg",
|
||||||
"-providerpath", "-v", "-protected"),
|
"-providerpath", "-v", "-protected"),
|
||||||
PRINTCERT("Prints the content of a certificate",
|
PRINTCERT("Prints the content of a certificate",
|
||||||
"-rfc", "-file", "-sslserver", "-v"),
|
"-rfc", "-file", "-sslserver", "-jarfile", "-v"),
|
||||||
PRINTCERTREQ("Prints the content of a certificate request",
|
PRINTCERTREQ("Prints the content of a certificate request",
|
||||||
"-file", "-v"),
|
"-file", "-v"),
|
||||||
SELFCERT("Generates a self-signed certificate",
|
SELFCERT("Generates a self-signed certificate",
|
||||||
@ -266,6 +271,7 @@ public final class KeyTool {
|
|||||||
{"-srcstorepass", "<arg>", "source keystore password"},
|
{"-srcstorepass", "<arg>", "source keystore password"},
|
||||||
{"-srcstoretype", "<srcstoretype>", "source keystore type"},
|
{"-srcstoretype", "<srcstoretype>", "source keystore type"},
|
||||||
{"-sslserver", "<server[:port]>", "SSL server host and port"},
|
{"-sslserver", "<server[:port]>", "SSL server host and port"},
|
||||||
|
{"-jarfile", "<filename>", "signed jar file"},
|
||||||
{"-startdate", "<startdate>", "certificate validity start date/time"},
|
{"-startdate", "<startdate>", "certificate validity start date/time"},
|
||||||
{"-storepass", "<arg>", "keystore password"},
|
{"-storepass", "<arg>", "keystore password"},
|
||||||
{"-storetype", "<storetype>", "keystore type"},
|
{"-storetype", "<storetype>", "keystore type"},
|
||||||
@ -453,6 +459,8 @@ public final class KeyTool {
|
|||||||
outfilename = args[++i];
|
outfilename = args[++i];
|
||||||
} else if (collator.compare(flags, "-sslserver") == 0) {
|
} else if (collator.compare(flags, "-sslserver") == 0) {
|
||||||
sslserver = args[++i];
|
sslserver = args[++i];
|
||||||
|
} else if (collator.compare(flags, "-jarfile") == 0) {
|
||||||
|
jarfile = args[++i];
|
||||||
} else if (collator.compare(flags, "-srckeystore") == 0) {
|
} else if (collator.compare(flags, "-srckeystore") == 0) {
|
||||||
srcksfname = args[++i];
|
srcksfname = args[++i];
|
||||||
} else if ((collator.compare(flags, "-provider") == 0) ||
|
} else if ((collator.compare(flags, "-provider") == 0) ||
|
||||||
@ -2065,7 +2073,71 @@ public final class KeyTool {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private void doPrintCert(final PrintStream out) throws Exception {
|
private void doPrintCert(final PrintStream out) throws Exception {
|
||||||
if (sslserver != null) {
|
if (jarfile != null) {
|
||||||
|
JarFile jf = new JarFile(jarfile, true);
|
||||||
|
Enumeration<JarEntry> entries = jf.entries();
|
||||||
|
Set<CodeSigner> ss = new HashSet<CodeSigner>();
|
||||||
|
byte[] buffer = new byte[8192];
|
||||||
|
int pos = 0;
|
||||||
|
while (entries.hasMoreElements()) {
|
||||||
|
JarEntry je = entries.nextElement();
|
||||||
|
InputStream is = null;
|
||||||
|
try {
|
||||||
|
is = jf.getInputStream(je);
|
||||||
|
while (is.read(buffer) != -1) {
|
||||||
|
// we just read. this will throw a SecurityException
|
||||||
|
// if a signature/digest check fails. This also
|
||||||
|
// populate the signers
|
||||||
|
}
|
||||||
|
} finally {
|
||||||
|
if (is != null) {
|
||||||
|
is.close();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
CodeSigner[] signers = je.getCodeSigners();
|
||||||
|
if (signers != null) {
|
||||||
|
for (CodeSigner signer: signers) {
|
||||||
|
if (!ss.contains(signer)) {
|
||||||
|
ss.add(signer);
|
||||||
|
out.printf(rb.getString("Signer #%d:"), ++pos);
|
||||||
|
out.println();
|
||||||
|
out.println();
|
||||||
|
out.println(rb.getString("Signature:"));
|
||||||
|
out.println();
|
||||||
|
for (Certificate cert: signer.getSignerCertPath().getCertificates()) {
|
||||||
|
X509Certificate x = (X509Certificate)cert;
|
||||||
|
if (rfc) {
|
||||||
|
out.println(rb.getString("Certificate owner: ") + x.getSubjectDN() + "\n");
|
||||||
|
dumpCert(x, out);
|
||||||
|
} else {
|
||||||
|
printX509Cert(x, out);
|
||||||
|
}
|
||||||
|
out.println();
|
||||||
|
}
|
||||||
|
Timestamp ts = signer.getTimestamp();
|
||||||
|
if (ts != null) {
|
||||||
|
out.println(rb.getString("Timestamp:"));
|
||||||
|
out.println();
|
||||||
|
for (Certificate cert: ts.getSignerCertPath().getCertificates()) {
|
||||||
|
X509Certificate x = (X509Certificate)cert;
|
||||||
|
if (rfc) {
|
||||||
|
out.println(rb.getString("Certificate owner: ") + x.getSubjectDN() + "\n");
|
||||||
|
dumpCert(x, out);
|
||||||
|
} else {
|
||||||
|
printX509Cert(x, out);
|
||||||
|
}
|
||||||
|
out.println();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
jf.close();
|
||||||
|
if (ss.size() == 0) {
|
||||||
|
out.println(rb.getString("Not a signed jar file"));
|
||||||
|
}
|
||||||
|
} else if (sslserver != null) {
|
||||||
SSLContext sc = SSLContext.getInstance("SSL");
|
SSLContext sc = SSLContext.getInstance("SSL");
|
||||||
final boolean[] certPrinted = new boolean[1];
|
final boolean[] certPrinted = new boolean[1];
|
||||||
sc.init(null, new TrustManager[] {
|
sc.init(null, new TrustManager[] {
|
||||||
|
|||||||
@ -162,6 +162,8 @@ public class Resources extends java.util.ListResourceBundle {
|
|||||||
"source keystore type"}, //-srcstoretype
|
"source keystore type"}, //-srcstoretype
|
||||||
{"SSL server host and port",
|
{"SSL server host and port",
|
||||||
"SSL server host and port"}, //-sslserver
|
"SSL server host and port"}, //-sslserver
|
||||||
|
{"signed jar file",
|
||||||
|
"signed jar file"}, //=jarfile
|
||||||
{"certificate validity start date/time",
|
{"certificate validity start date/time",
|
||||||
"certificate validity start date/time"}, //-startdate
|
"certificate validity start date/time"}, //-startdate
|
||||||
{"keystore password",
|
{"keystore password",
|
||||||
@ -370,6 +372,13 @@ public class Resources extends java.util.ListResourceBundle {
|
|||||||
|
|
||||||
{"***************** WARNING WARNING WARNING *****************",
|
{"***************** WARNING WARNING WARNING *****************",
|
||||||
"***************** WARNING WARNING WARNING *****************"},
|
"***************** WARNING WARNING WARNING *****************"},
|
||||||
|
{"Signer #%d:", "Signer #%d:"},
|
||||||
|
{"Timestamp:", "Timestamp:"},
|
||||||
|
{"Signature:", "Signature:"},
|
||||||
|
{"Certificate owner: ", "Certificate owner: "},
|
||||||
|
{"Not a signed jar file", "Not a signed jar file"},
|
||||||
|
{"No certificate from the SSL server",
|
||||||
|
"No certificate from the SSL server"},
|
||||||
|
|
||||||
// Translators of the following 5 pairs, ATTENTION:
|
// Translators of the following 5 pairs, ATTENTION:
|
||||||
// the next 5 string pairs are meant to be combined into 2 paragraphs,
|
// the next 5 string pairs are meant to be combined into 2 paragraphs,
|
||||||
|
|||||||
56
jdk/test/sun/security/tools/keytool/readjar.sh
Normal file
56
jdk/test/sun/security/tools/keytool/readjar.sh
Normal file
@ -0,0 +1,56 @@
|
|||||||
|
#
|
||||||
|
# Copyright 2009 Sun Microsystems, Inc. All Rights Reserved.
|
||||||
|
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
#
|
||||||
|
# This code is free software; you can redistribute it and/or modify it
|
||||||
|
# under the terms of the GNU General Public License version 2 only, as
|
||||||
|
# published by the Free Software Foundation.
|
||||||
|
#
|
||||||
|
# This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
# version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
# accompanied this code).
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License version
|
||||||
|
# 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
#
|
||||||
|
# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
|
||||||
|
# CA 95054 USA or visit www.sun.com if you need additional information or
|
||||||
|
# have any questions.
|
||||||
|
#
|
||||||
|
|
||||||
|
# @test
|
||||||
|
# @bug 6890872
|
||||||
|
# @summary keytool -printcert to recognize signed jar files
|
||||||
|
#
|
||||||
|
|
||||||
|
if [ "${TESTJAVA}" = "" ] ; then
|
||||||
|
JAVAC_CMD=`which javac`
|
||||||
|
TESTJAVA=`dirname $JAVAC_CMD`/..
|
||||||
|
fi
|
||||||
|
|
||||||
|
# set platform-dependent variables
|
||||||
|
OS=`uname -s`
|
||||||
|
case "$OS" in
|
||||||
|
Windows_* )
|
||||||
|
FS="\\"
|
||||||
|
;;
|
||||||
|
* )
|
||||||
|
FS="/"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
KS=readjar.jks
|
||||||
|
rm $KS
|
||||||
|
$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit -keystore $KS \
|
||||||
|
-alias x -dname CN=X -genkeypair
|
||||||
|
$TESTJAVA${FS}bin${FS}jar cvf readjar.jar $KS
|
||||||
|
$TESTJAVA${FS}bin${FS}jarsigner -storepass changeit -keystore $KS readjar.jar x
|
||||||
|
|
||||||
|
$TESTJAVA${FS}bin${FS}keytool -printcert -jarfile readjar.jar || exit 1
|
||||||
|
$TESTJAVA${FS}bin${FS}keytool -printcert -jarfile readjar.jar -rfc || exit 1
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
||||||
Loading…
x
Reference in New Issue
Block a user