/hg/icedtea-web: Rename JarSigner to JarCertVerifier.
ddadacha at icedtea.classpath.org
ddadacha at icedtea.classpath.org
Thu Apr 5 07:58:24 PDT 2012
changeset cde6d59a2901 in /hg/icedtea-web
details: http://icedtea.classpath.org/hg/icedtea-web?cmd=changeset;node=cde6d59a2901
author: Danesh Dadachanji <ddadacha at redhat.com>
date: Thu Apr 05 10:57:16 2012 -0400
Rename JarSigner to JarCertVerifier.
diffstat:
ChangeLog | 20 +
netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java | 52 +-
netx/net/sourceforge/jnlp/security/CertWarningPane.java | 8 +-
netx/net/sourceforge/jnlp/security/CertsInfoPane.java | 2 +-
netx/net/sourceforge/jnlp/security/MoreInfoPane.java | 2 +-
netx/net/sourceforge/jnlp/security/SecurityDialog.java | 22 +-
netx/net/sourceforge/jnlp/security/SecurityDialogs.java | 6 +-
netx/net/sourceforge/jnlp/tools/JarCertVerifier.java | 555 ++++++++++++++++
netx/net/sourceforge/jnlp/tools/JarSigner.java | 555 ----------------
netx/net/sourceforge/jnlp/tools/KeyStoreUtil.java | 2 +-
10 files changed, 622 insertions(+), 602 deletions(-)
diffs (truncated from 1471 to 500 lines):
diff -r 16a8b7bfee7d -r cde6d59a2901 ChangeLog
--- a/ChangeLog Thu Apr 05 12:52:22 2012 +0200
+++ b/ChangeLog Thu Apr 05 10:57:16 2012 -0400
@@ -1,3 +1,23 @@
+2012-04-04 Danesh Dadachanji <ddadacha at redhat.com>
+ Change the name of JarSigner to JarCertVerifier to make it more
+ relevant to the purpose of the file.
+ * netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
+ * netx/net/sourceforge/jnlp/tools/KeyStoreUtil.java:
+ Replace all instances, paramaters and references of JarSigner
+ by JarCertVerifier.
+ * netx/net/sourceforge/jnlp/security/CertWarningPane.java
+ * netx/net/sourceforge/jnlp/security/CertsInfoPane.java
+ * netx/net/sourceforge/jnlp/security/MoreInfoPane.java
+ * netx/net/sourceforge/jnlp/security/SecurityDialogs.java:
+ Replaced all paramaters, references and variable names of JarSigner
+ to CertVerifier to match the variable object type.
+ * netx/net/sourceforge/jnlp/security/SecurityDialog.java (getJarSigner):
+ Renamed to getCertVerifier as it returns the certVerfier instance.
+ * netx/net/sourceforge/jnlp/tools/JarSigner.java:
+ Renamed to JarCertVerifier.
+ * netx/net/sourceforge/jnlp/tools/JarCertVerifier.java:
+ The rename of JarSigner.
+
2012-04-05 Jiri Vanek <jvanek at redhat.com>
Fixing issue when process was not launched at all and when was killed but
diff -r 16a8b7bfee7d -r cde6d59a2901 netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java
--- a/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Thu Apr 05 12:52:22 2012 +0200
+++ b/netx/net/sourceforge/jnlp/runtime/JNLPClassLoader.java Thu Apr 05 10:57:16 2012 -0400
@@ -72,7 +72,7 @@
import net.sourceforge.jnlp.cache.UpdatePolicy;
import net.sourceforge.jnlp.security.SecurityDialogs;
import net.sourceforge.jnlp.security.SecurityDialogs.AccessType;
-import net.sourceforge.jnlp.tools.JarSigner;
+import net.sourceforge.jnlp.tools.JarCertVerifier;
import net.sourceforge.jnlp.util.FileUtils;
import sun.misc.JarIndex;
@@ -150,8 +150,8 @@
/** all of the jar files that were not verified */
private ArrayList<String> unverifiedJars = null;
- /** the jarsigner tool to verify our jars */
- private JarSigner js = null;
+ /** the jar cert verifier tool to verify our jars */
+ private JarCertVerifier jcv = null;
private boolean signing = false;
@@ -469,13 +469,13 @@
if (JNLPRuntime.isVerifying()) {
- JarSigner js;
+ JarCertVerifier jcv;
waitForJars(initialJars); //download the jars first.
try {
- js = verifyJars(initialJars);
+ jcv = verifyJars(initialJars);
} catch (Exception e) {
- //we caught an Exception from the JarSigner class.
+ //we caught an Exception from the JarCertVerifier class.
//Note: one of these exceptions could be from not being able
//to read the cacerts or trusted.certs files.
e.printStackTrace();
@@ -484,10 +484,10 @@
}
//Case when at least one jar has some signing
- if (js.anyJarsSigned() && js.isFullySignedByASingleCert()) {
+ if (jcv.anyJarsSigned() && jcv.isFullySignedByASingleCert()) {
signing = true;
- if (!js.allJarsSigned() &&
+ if (!jcv.allJarsSigned() &&
!SecurityDialogs.showNotAllSignedWarningDialog(file))
throw new LaunchException(file, null, R("LSFatal"), R("LCClient"), R("LSignedAppJarUsingUnsignedJar"), R("LSignedAppJarUsingUnsignedJarInfo"));
@@ -515,8 +515,8 @@
file.setSignedJNLPAsMissing();
//user does not trust this publisher
- if (!js.getAlreadyTrustPublisher()) {
- checkTrustWithUser(js);
+ if (!jcv.getAlreadyTrustPublisher()) {
+ checkTrustWithUser(jcv);
} else {
/**
* If the user trusts this publisher (i.e. the publisher's certificate
@@ -700,7 +700,7 @@
private void verifySignedJNLP(JARDesc jarDesc, JarFile jarFile)
throws LaunchException {
- JarSigner signer = new JarSigner();
+ JarCertVerifier signer = new JarCertVerifier();
List<JARDesc> desc = new ArrayList<JARDesc>();
desc.add(jarDesc);
@@ -797,7 +797,7 @@
/*
* After this exception is caught, it is escaped. If an exception is
* thrown while handling the jar file, (mainly for
- * JarSigner.verifyJars) it assumes the jar file is unsigned and
+ * JarCertVerifier.verifyJars) it assumes the jar file is unsigned and
* skip the check for a signed JNLP file
*/
@@ -828,24 +828,24 @@
}
}
- private void checkTrustWithUser(JarSigner js) throws LaunchException {
+ private void checkTrustWithUser(JarCertVerifier jcv) throws LaunchException {
if (JNLPRuntime.isTrustAll()){
return;
}
- if (!js.getRootInCacerts()) { //root cert is not in cacerts
+ if (!jcv.getRootInCacerts()) { //root cert is not in cacerts
boolean b = SecurityDialogs.showCertWarningDialog(
- AccessType.UNVERIFIED, file, js);
+ AccessType.UNVERIFIED, file, jcv);
if (!b)
throw new LaunchException(null, null, R("LSFatal"),
R("LCLaunching"), R("LNotVerified"), "");
- } else if (js.getRootInCacerts()) { //root cert is in cacerts
+ } else if (jcv.getRootInCacerts()) { //root cert is in cacerts
boolean b = false;
- if (js.noSigningIssues())
+ if (jcv.noSigningIssues())
b = SecurityDialogs.showCertWarningDialog(
- AccessType.VERIFIED, file, js);
- else if (!js.noSigningIssues())
+ AccessType.VERIFIED, file, jcv);
+ else if (!jcv.noSigningIssues())
b = SecurityDialogs.showCertWarningDialog(
- AccessType.SIGNING_ERROR, file, js);
+ AccessType.SIGNING_ERROR, file, jcv);
if (!b)
throw new LaunchException(null, null, R("LSFatal"),
R("LCLaunching"), R("LCancelOnUserRequest"), "");
@@ -1031,7 +1031,7 @@
continue;
}
- JarSigner signer = new JarSigner();
+ JarCertVerifier signer = new JarCertVerifier();
List<JARDesc> jars = new ArrayList<JARDesc>();
JARDesc jarDesc = new JARDesc(new File(extractedJarLocation).toURL(), null, null, false, false, false, false);
jars.add(jarDesc);
@@ -1280,11 +1280,11 @@
*
* @param jars the jars to be verified.
*/
- private JarSigner verifyJars(List<JARDesc> jars) throws Exception {
+ private JarCertVerifier verifyJars(List<JARDesc> jars) throws Exception {
- js = new JarSigner();
- js.verifyJars(jars, tracker);
- return js;
+ jcv = new JarCertVerifier();
+ jcv.verifyJars(jars, tracker);
+ return jcv;
}
/**
@@ -1442,7 +1442,7 @@
// Verify if needed
- final JarSigner signer = new JarSigner();
+ final JarCertVerifier signer = new JarCertVerifier();
final List<JARDesc> jars = new ArrayList<JARDesc>();
jars.add(desc);
diff -r 16a8b7bfee7d -r cde6d59a2901 netx/net/sourceforge/jnlp/security/CertWarningPane.java
--- a/netx/net/sourceforge/jnlp/security/CertWarningPane.java Thu Apr 05 12:52:22 2012 +0200
+++ b/netx/net/sourceforge/jnlp/security/CertWarningPane.java Thu Apr 05 10:57:16 2012 -0400
@@ -96,7 +96,7 @@
private void addComponents() {
AccessType type = parent.getAccessType();
JNLPFile file = parent.getFile();
- Certificate c = parent.getJarSigner().getPublisher();
+ Certificate c = parent.getCertVerifier().getPublisher();
String name = "";
String publisher = "";
@@ -222,7 +222,7 @@
JButton moreInfo = new JButton(R("ButMoreInformation"));
moreInfo.addActionListener(new MoreInfoButtonListener());
- if (parent.getJarSigner().getRootInCacerts())
+ if (parent.getCertVerifier().getRootInCacerts())
bottomLabel = new JLabel(htmlWrap(R("STrustedSource")));
else
bottomLabel = new JLabel(htmlWrap(R("SUntrustedSource")));
@@ -239,7 +239,7 @@
private class MoreInfoButtonListener implements ActionListener {
public void actionPerformed(ActionEvent e) {
- SecurityDialog.showMoreInfoDialog(parent.getJarSigner(),
+ SecurityDialog.showMoreInfoDialog(parent.getCertVerifier(),
parent);
}
}
@@ -252,7 +252,7 @@
if (alwaysTrust != null && alwaysTrust.isSelected()) {
try {
KeyStore ks = KeyStores.getKeyStore(Level.USER, Type.CERTS);
- X509Certificate c = (X509Certificate) parent.getJarSigner().getPublisher();
+ X509Certificate c = (X509Certificate) parent.getCertVerifier().getPublisher();
CertificateUtils.addToKeyStore(c, ks);
File keyStoreFile = new File(KeyStores.getKeyStoreLocation(Level.USER, Type.CERTS));
if (!keyStoreFile.isFile()) {
diff -r 16a8b7bfee7d -r cde6d59a2901 netx/net/sourceforge/jnlp/security/CertsInfoPane.java
--- a/netx/net/sourceforge/jnlp/security/CertsInfoPane.java Thu Apr 05 12:52:22 2012 +0200
+++ b/netx/net/sourceforge/jnlp/security/CertsInfoPane.java Thu Apr 05 10:57:16 2012 -0400
@@ -84,7 +84,7 @@
* Builds the JTree out of CertPaths.
*/
void buildTree() {
- certPath = parent.getJarSigner().getCertPath();
+ certPath = parent.getCertVerifier().getCertPath();
X509Certificate firstCert =
((X509Certificate) certPath.getCertificates().get(0));
String subjectString =
diff -r 16a8b7bfee7d -r cde6d59a2901 netx/net/sourceforge/jnlp/security/MoreInfoPane.java
--- a/netx/net/sourceforge/jnlp/security/MoreInfoPane.java Thu Apr 05 12:52:22 2012 +0200
+++ b/netx/net/sourceforge/jnlp/security/MoreInfoPane.java Thu Apr 05 10:57:16 2012 -0400
@@ -118,7 +118,7 @@
private class CertInfoButtonListener implements ActionListener {
public void actionPerformed(ActionEvent e) {
- SecurityDialog.showCertInfoDialog(parent.getJarSigner(),
+ SecurityDialog.showCertInfoDialog(parent.getCertVerifier(),
parent);
}
}
diff -r 16a8b7bfee7d -r cde6d59a2901 netx/net/sourceforge/jnlp/security/SecurityDialog.java
--- a/netx/net/sourceforge/jnlp/security/SecurityDialog.java Thu Apr 05 12:52:22 2012 +0200
+++ b/netx/net/sourceforge/jnlp/security/SecurityDialog.java Thu Apr 05 10:57:16 2012 -0400
@@ -96,12 +96,12 @@
private boolean requiresSignedJNLPWarning;
SecurityDialog(DialogType dialogType, AccessType accessType,
- JNLPFile file, CertVerifier jarSigner, X509Certificate cert, Object[] extras) {
+ JNLPFile file, CertVerifier JarCertVerifier, X509Certificate cert, Object[] extras) {
super();
this.dialogType = dialogType;
this.accessType = accessType;
this.file = file;
- this.certVerifier = jarSigner;
+ this.certVerifier = JarCertVerifier;
this.cert = cert;
this.extras = extras;
initialized = true;
@@ -124,8 +124,8 @@
* Create a SecurityDialog to display a certificate-related warning
*/
SecurityDialog(DialogType dialogType, AccessType accessType,
- JNLPFile file, CertVerifier jarSigner) {
- this(dialogType, accessType, file, jarSigner, null, null);
+ JNLPFile file, CertVerifier certVerifier) {
+ this(dialogType, accessType, file, certVerifier, null, null);
}
/**
@@ -164,16 +164,16 @@
/**
* Shows more information regarding jar code signing
*
- * @param jarSigner the JarSigner used to verify this application
+ * @param certVerifier the JarCertVerifier used to verify this application
* @param parent the parent option pane
*/
public static void showMoreInfoDialog(
- CertVerifier jarSigner, SecurityDialog parent) {
+ CertVerifier certVerifier, SecurityDialog parent) {
JNLPFile file= parent.getFile();
SecurityDialog dialog =
new SecurityDialog(DialogType.MORE_INFO, null, file,
- jarSigner);
+ certVerifier);
dialog.setModalityType(ModalityType.APPLICATION_MODAL);
dialog.setVisible(true);
dialog.dispose();
@@ -182,13 +182,13 @@
/**
* Displays CertPath information in a readable table format.
*
- * @param jarSigner the JarSigner used to verify this application
+ * @param certVerifier the JarCertVerifier used to verify this application
* @param parent the parent option pane
*/
- public static void showCertInfoDialog(CertVerifier jarSigner,
+ public static void showCertInfoDialog(CertVerifier certVerifier,
SecurityDialog parent) {
SecurityDialog dialog = new SecurityDialog(DialogType.CERT_INFO,
- null, null, jarSigner);
+ null, null, certVerifier);
dialog.setLocationRelativeTo(parent);
dialog.setModalityType(ModalityType.APPLICATION_MODAL);
dialog.setVisible(true);
@@ -276,7 +276,7 @@
return file;
}
- public CertVerifier getJarSigner() {
+ public CertVerifier getCertVerifier() {
return certVerifier;
}
diff -r 16a8b7bfee7d -r cde6d59a2901 netx/net/sourceforge/jnlp/security/SecurityDialogs.java
--- a/netx/net/sourceforge/jnlp/security/SecurityDialogs.java Thu Apr 05 12:52:22 2012 +0200
+++ b/netx/net/sourceforge/jnlp/security/SecurityDialogs.java Thu Apr 05 10:57:16 2012 -0400
@@ -180,12 +180,12 @@
*
* @param accessType the type of warning dialog to show
* @param file the JNLPFile associated with this warning
- * @param jarSigner the JarSigner used to verify this application
+ * @param certVerifier the JarCertVerifier used to verify this application
*
* @return true if the user accepted the certificate
*/
public static boolean showCertWarningDialog(AccessType accessType,
- JNLPFile file, CertVerifier jarSigner) {
+ JNLPFile file, CertVerifier certVerifier) {
if (!shouldPromptUser()) {
return false;
@@ -195,7 +195,7 @@
message.dialogType = DialogType.CERT_WARNING;
message.accessType = accessType;
message.file = file;
- message.certVerifier = jarSigner;
+ message.certVerifier = certVerifier;
Object selectedValue = getUserResponse(message);
diff -r 16a8b7bfee7d -r cde6d59a2901 netx/net/sourceforge/jnlp/tools/JarCertVerifier.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java Thu Apr 05 10:57:16 2012 -0400
@@ -0,0 +1,555 @@
+/*
+ * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation. Sun designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Sun in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ */
+
+package net.sourceforge.jnlp.tools;
+
+import static net.sourceforge.jnlp.runtime.Translator.R;
+
+import java.io.*;
+import java.util.*;
+import java.util.jar.*;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.security.cert.CertPath;
+import java.security.*;
+import sun.security.x509.*;
+import sun.security.util.*;
+
+import net.sourceforge.jnlp.*;
+import net.sourceforge.jnlp.cache.*;
+import net.sourceforge.jnlp.security.*;
+
+/**
+ * <p>The jar certificate verifier utility.
+ *
+ * @author Roland Schemers
+ * @author Jan Luehe
+ */
+
+public class JarCertVerifier implements CertVerifier {
+
+ private static final String META_INF = "META-INF/";
+
+ // prefix for new signature-related files in META-INF directory
+ private static final String SIG_PREFIX = META_INF + "SIG-";
+
+ private static final long SIX_MONTHS = 180 * 24 * 60 * 60 * 1000L; //milliseconds
+
+ static enum verifyResult {
+ UNSIGNED, SIGNED_OK, SIGNED_NOT_OK
+ }
+
+ // signer's certificate chain (when composing)
+ X509Certificate[] certChain;
+
+ boolean verbose = false; // verbose output when signing/verifying
+ boolean showcerts = false; // show certs when verifying
+
+ private boolean hasExpiredCert = false;
+ private boolean hasExpiringCert = false;
+ private boolean notYetValidCert = false;
+
+ private boolean badKeyUsage = false;
+ private boolean badExtendedKeyUsage = false;
+ private boolean badNetscapeCertType = false;
+
+ private boolean alreadyTrustPublisher = false;
+ private boolean rootInCacerts = false;
+
+ /**
+ * The single certPath used in this JarSiging. We're only keeping
+ * track of one here, since in practice there's only one signer
+ * for a JNLP Application.
+ */
+ private CertPath certPath = null;
+
+ private boolean noSigningIssues = true;
+
+ private boolean anyJarsSigned = false;
+
+ /** all of the jar files that were verified */
+ private ArrayList<String> verifiedJars = null;
+
+ /** all of the jar files that were not verified */
+ private ArrayList<String> unverifiedJars = null;
+
+ /** the certificates used for jar verification */
+ private HashMap<CertPath, Integer> certs = new HashMap<CertPath, Integer>();
+
+ /** details of this signing */
+ private ArrayList<String> details = new ArrayList<String>();
+
+ private int totalSignableEntries = 0;
+
+ /* (non-Javadoc)
+ * @see net.sourceforge.jnlp.tools.CertVerifier2#getAlreadyTrustPublisher()
+ */
+ public boolean getAlreadyTrustPublisher() {
+ return alreadyTrustPublisher;
+ }
+
+ /* (non-Javadoc)
+ * @see net.sourceforge.jnlp.tools.CertVerifier2#getRootInCacerts()
+ */
+ public boolean getRootInCacerts() {
+ return rootInCacerts;
+ }
+
+ public CertPath getCertPath() {
+ return certPath;
+ }
+
+ /* (non-Javadoc)
+ * @see net.sourceforge.jnlp.tools.CertVerifier2#hasSigningIssues()
+ */
+ public boolean hasSigningIssues() {
+ return hasExpiredCert || notYetValidCert || badKeyUsage
+ || badExtendedKeyUsage || badNetscapeCertType;
+ }
+
+ /* (non-Javadoc)
+ * @see net.sourceforge.jnlp.tools.CertVerifier2#noSigningIssues()
+ */
+ public boolean noSigningIssues() {
+ return noSigningIssues;
+ }
+
+ public boolean anyJarsSigned() {
+ return anyJarsSigned;
+ }
+
+ /* (non-Javadoc)
+ * @see net.sourceforge.jnlp.tools.CertVerifier2#getDetails()
+ */
+ public ArrayList<String> getDetails() {
+ return details;
+ }
+
+ /* (non-Javadoc)
+ * @see net.sourceforge.jnlp.tools.CertVerifier2#getCerts()
+ */
+ public ArrayList<CertPath> getCerts() {
+ return new ArrayList<CertPath>(certs.keySet());
+ }
More information about the distro-pkg-dev
mailing list