changeset in /hg/icedtea: 2008-02-05 Joshua Sumali <jsumali at re...
Joshua Sumali
jsumali at redhat.com
Thu May 29 14:11:38 PDT 2008
changeset a2497d56461b in /hg/icedtea
details: http://icedtea.classpath.org/hg/icedtea?cmd=changeset;node=a2497d56461b
description:
2008-02-05 Joshua Sumali <jsumali at redhat.com>
* tools/netx/jnlp/Launcher.java: Removed unused line.
* tools/netx/jnlp/resources/Messages.properties: Added security messages
for security dialogs.
* tools/netx/jnlp/runtime/ApplicationInstance.java: Added signing field.
* tools/netx/jnlp/runtime/Boot.java: Use jar root default.jnlp
* tools/netx/jnlp/runtime/JNLPClassLoader.java: Added security warning
dialogs when running signed code.
* tools/netx/jnlp/runtime/JNLPRuntime.java: Enable code signing
verification by default.
* tools/netx/jnlp/services/ServiceUtil.java: Added enum for different
access types that may need permissions.
(checkAccess(AccessType)): New method.
* tools/netx/jnlp/services/XDownloadService.java: Fixed typo.
* tools/netx/jnlp/services/XExtensionInstallerService.java: Likewise.
* tools/netx/jnlp/services/XServiceManagerStub.java: Added support for new
services.
* tools/netx/jnlp/tools/JarSigner.java:
(verifyJars): New method.
(allVerified): Likewise.
(anyJarsSigned): Likewise.
(getDetails): Likewise.
(getCerts): Likewise.
(verifyJar): Keep track of CertPaths used for CertsInfoPane
* tools/netx/jnlp/security/CertsInfoPane.java: New file.
* tools/netx/jnlp/security/MoreInfoPane.java: Likewise.
* tools/netx/jnlp/security/SecurityDialogUI.java: Likewise.
* tools/netx/jnlp/security/SecurityWarningDialog.java: Likewise.
* tools/netx/jnlp/security/SecurityWarningOptionPane.java: Likewise.
* tools/netx/jnlp/services/XClipboardService.java: Likewise.
* tools/netx/jnlp/services/XFileOpenService.java: Likewise.
* tools/netx/jnlp/services/XFileSaveService.java: Likewise.
* tools/netx/jnlp/tools/CharacterEncoder.java: Likewise.
* tools/netx/jnlp/tools/HexDumpEncoder.java: Likewise.
* ChangeLog: Added fkung's 2 latest ChangeLog entries.
diffstat:
22 files changed, 2283 insertions(+), 96 deletions(-)
ChangeLog | 69 ++
tools/netx/jnlp/Launcher.java | 1
tools/netx/jnlp/resources/Messages.properties | 26 -
tools/netx/jnlp/runtime/ApplicationInstance.java | 9
tools/netx/jnlp/runtime/Boot.java | 2
tools/netx/jnlp/runtime/JNLPClassLoader.java | 104 +---
tools/netx/jnlp/runtime/JNLPRuntime.java | 2
tools/netx/jnlp/security/CertsInfoPane.java | 312 ++++++++++++
tools/netx/jnlp/security/MoreInfoPane.java | 106 ++++
tools/netx/jnlp/security/SecurityDialogUI.java | 196 +++++++
tools/netx/jnlp/security/SecurityWarningDialog.java | 286 +++++++++++
tools/netx/jnlp/security/SecurityWarningOptionPane.java | 237 +++++++++
tools/netx/jnlp/services/ServiceUtil.java | 55 +-
tools/netx/jnlp/services/XClipboardService.java | 80 +++
tools/netx/jnlp/services/XDownloadService.java | 2
tools/netx/jnlp/services/XExtensionInstallerService.java | 2
tools/netx/jnlp/services/XFileOpenService.java | 112 ++++
tools/netx/jnlp/services/XFileSaveService.java | 139 +++++
tools/netx/jnlp/services/XServiceManagerStub.java | 8
tools/netx/jnlp/tools/CharacterEncoder.java | 354 ++++++++++++++
tools/netx/jnlp/tools/HexDumpEncoder.java | 120 ++++
tools/netx/jnlp/tools/JarSigner.java | 157 +++++-
diffs (truncated from 2753 to 500 lines):
diff -r 217c9bffb37f -r a2497d56461b ChangeLog
--- a/ChangeLog Tue Feb 05 12:26:45 2008 -0500
+++ b/ChangeLog Tue Feb 05 15:58:12 2008 -0500
@@ -1,3 +1,40 @@ 2008-02-05 Lillian Angel <langel at redha
+2008-02-05 Joshua Sumali <jsumali at redhat.com>
+
+ * tools/netx/jnlp/Launcher.java: Removed unused line.
+ * tools/netx/jnlp/resources/Messages.properties: Added security messages
+ for security dialogs.
+ * tools/netx/jnlp/runtime/ApplicationInstance.java: Added signing field.
+ * tools/netx/jnlp/runtime/Boot.java: Use jar root default.jnlp
+ * tools/netx/jnlp/runtime/JNLPClassLoader.java: Added security warning
+ dialogs when running signed code.
+ * tools/netx/jnlp/runtime/JNLPRuntime.java: Enable code signing
+ verification by default.
+ * tools/netx/jnlp/services/ServiceUtil.java: Added enum for different
+ access types that may need permissions.
+ (checkAccess(AccessType)): New method.
+ * tools/netx/jnlp/services/XDownloadService.java: Fixed typo.
+ * tools/netx/jnlp/services/XExtensionInstallerService.java: Likewise.
+ * tools/netx/jnlp/services/XServiceManagerStub.java: Added support for new
+ services.
+ * tools/netx/jnlp/tools/JarSigner.java:
+ (verifyJars): New method.
+ (allVerified): Likewise.
+ (anyJarsSigned): Likewise.
+ (getDetails): Likewise.
+ (getCerts): Likewise.
+ (verifyJar): Keep track of CertPaths used for CertsInfoPane
+ * tools/netx/jnlp/security/CertsInfoPane.java: New file.
+ * tools/netx/jnlp/security/MoreInfoPane.java: Likewise.
+ * tools/netx/jnlp/security/SecurityDialogUI.java: Likewise.
+ * tools/netx/jnlp/security/SecurityWarningDialog.java: Likewise.
+ * tools/netx/jnlp/security/SecurityWarningOptionPane.java: Likewise.
+ * tools/netx/jnlp/services/XClipboardService.java: Likewise.
+ * tools/netx/jnlp/services/XFileOpenService.java: Likewise.
+ * tools/netx/jnlp/services/XFileSaveService.java: Likewise.
+ * tools/netx/jnlp/tools/CharacterEncoder.java: Likewise.
+ * tools/netx/jnlp/tools/HexDumpEncoder.java: Likewise.
+ * ChangeLog: Added fkung's 2 latest ChangeLog entries.
+
2008-02-05 Lillian Angel <langel at redhat.com>
* Makefile.am
@@ -37,6 +74,38 @@ 2008-02-05 Lillian Angel <langel at redha
* Makefile.in: Regenerate.
* acinclude.m4: Updated for libgcj-4.3.0.jar.
* AUTHORS: Added Bernhard Rosenkränzer.
+
+2008-02-02 Francis Kung <fkung at redhat.com>
+
+ * tools/netx/jnlp/Parser.java: Re-added Node class.
+ * tools/netx/jnlp/runtime/AppletEnvironment.java: Removed unused import.
+
+2008-02-02 Francis Kung <fkung at redhat.com>
+
+ * tools/netx/jnlp/JNLPFile.java: Added empty protected constructor.
+ * tools/netx/jnlp/Launcher.java
+ (launch(JNLPFile)): Delegate to new method.
+ (launch(JNLPFile, Container)): New method.
+ (launchApplet): Added Container parameter.
+ (createApplet): Likewise.
+ (TgThread): Added private Container field.
+ (TgThread.constructor(JNLPFile)): Delegate to new constructor.
+ (TgThread.constructor(JNLPFile, Container)): New method.
+ (TgThread.run): Launch applet with container argument.
+ * tools/netx/jnlp/runtime/AppletEnvironment.java
+ (Frame): Renamed field to...
+ (Container): New field.
+ (AppletEnvironment(JNLPFile, AppletInstance, Container)): New method.
+ (AppletEnvironment(JNLPFile, AppletInstance)): Delegate to new method.
+ (getAppletFrame): Return Container instead of Frame.
+ (startApplet): Replace Frame with Container.
+ (appletResize): Likewise.
+ (getParameter): Add lower-case check.
+ * tools/netx/jnlp/runtime/AppletInstance.java
+ (AppletInstance(JNLPFile, ThreadGroup, ClassLoader, Applet, Container)):
+ New method.
+ (setResizable): Only resize if the container is a Frame.
+ (isResizable): Return false if container is not a Frame.
2008-02-01 Gary Benson <gbenson at redhat.com>
diff -r 217c9bffb37f -r a2497d56461b tools/netx/jnlp/Launcher.java
--- a/tools/netx/jnlp/Launcher.java Tue Feb 05 12:26:45 2008 -0500
+++ b/tools/netx/jnlp/Launcher.java Tue Feb 05 15:58:12 2008 -0500
@@ -429,7 +429,6 @@ public class Launcher {
return app;
}
catch (Exception ex) {
- //throw launchError(new LaunchException(file, ex, R("LSFatal"), R("CLInit"), R("LInitApplet"), R("LInitAppletInfo")));
throw new LaunchException(file, ex, R("LSFatal"), R("CLInit"), R("LInitApplet"), R("LInitAppletInfo"));
}
}
diff -r 217c9bffb37f -r a2497d56461b tools/netx/jnlp/resources/Messages.properties
--- a/tools/netx/jnlp/resources/Messages.properties Tue Feb 05 12:26:45 2008 -0500
+++ b/tools/netx/jnlp/resources/Messages.properties Tue Feb 05 15:58:12 2008 -0500
@@ -1,5 +1,5 @@
# Default (English) UI messages for netx
-# L=Launcher, B=Boot, P=Parser, C=cache
+# L=Launcher, B=Boot, P=Parser, C=cache S=security
#
# General
NullParameter=Null parameter
@@ -56,7 +56,7 @@ JInvalidExtensionDescriptor=Extension do
JInvalidExtensionDescriptor=Extension does not refer to a component or installer (name={1}, location={2}).
LNotVerified=Jars not verified.
-
+LCancelOnUserRequest=Canceled on user request.
LFatalVerification=A fatal error occurred while trying to verify jars.
LFatalVerificationInfo=
@@ -130,3 +130,25 @@ CChooseCacheInfo=Netx needs a location f
CChooseCacheInfo=Netx needs a location for storing cache files.
CChooseCacheDir=Cache directory
+# Security
+SFileReadAccess=The application has requested read access to a file on the machine. Do you want to allow this action?
+SFileWriteAccess=The application has requested write access to a file on the machine. Do you want to allow this action?
+SSigUnverified=The application's digital signature cannot be verified. Do you want to run the application?
+SSigVerified=The application's digital signature has been verified. Do you want to run the application?
+SUntrustedSource=The digital signature could not be verified by a trusted source. Only run if you trust the origin of the application.
+STrustedSource=The digital signature has been validated by a trusted source.
+SClipboardReadAccess=The application has requested read-only access to the system clipboard. Do you want to allow this action?
+SClipboardWriteAccess=The application has requested write-only access to the system clipboard. Do you want to allow this action?
+SPrinterAccess=The application has requested printer access. Do you want to allow this action?
+
+# Security - used for the More Information dialog
+SBadKeyUsage=Resources contain entries whose signer certificate's KeyUsage extension doesn't allow code signing.
+SBadExtendedKeyUsage=Resources contain entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing.
+SBadNetscapeCertType=Resources contain entries whose signer certificate's NetscapeCertType extension doesn't allow code signing.
+SHasUnsignedEntry=Resources contain unsigned entries which have not been integrity-checked.
+SHasExpiredCert=The digital signature has expired.
+SHasExpiringCert=Resources contain entries whose signer certificate will expire within six months.
+SNotYetValidCert=Resources contain entries whose signer certificate is not yet valid.
+SRunWithoutRestrictions=This application will be run without the security restrictions normally provided by java.
+SRunWithUntrustedCertificate=The digital signature was generated with an untrusted certificate.
+
diff -r 217c9bffb37f -r a2497d56461b tools/netx/jnlp/runtime/ApplicationInstance.java
--- a/tools/netx/jnlp/runtime/ApplicationInstance.java Tue Feb 05 12:26:45 2008 -0500
+++ b/tools/netx/jnlp/runtime/ApplicationInstance.java Tue Feb 05 15:58:12 2008 -0500
@@ -59,6 +59,8 @@ public class ApplicationInstance {
/** list of application listeners */
private EventListenerList listeners = new EventListenerList();
+ /** whether or not this application is signed */
+ private boolean isSigned = false;
/**
* Create an application instance for the file.
@@ -67,6 +69,7 @@ public class ApplicationInstance {
this.file = file;
this.group = group;
this.loader = loader;
+ this.isSigned = ((JNLPClassLoader) loader).getSigning();
}
/**
@@ -235,5 +238,11 @@ public class ApplicationInstance {
weakWindows.trimToSize();
}
+ /**
+ * Returns whether or not this jar is signed.
+ */
+ public boolean isSigned() {
+ return isSigned;
+ }
}
diff -r 217c9bffb37f -r a2497d56461b tools/netx/jnlp/runtime/Boot.java
--- a/tools/netx/jnlp/runtime/Boot.java Tue Feb 05 12:26:45 2008 -0500
+++ b/tools/netx/jnlp/runtime/Boot.java Tue Feb 05 15:58:12 2008 -0500
@@ -64,7 +64,7 @@ public final class Boot implements Privi
/** the JNLP file to open if -jnlp not specified (null for no default) */
private static final String defaultFile = "jar:"
+ Boot.class.getProtectionDomain().getCodeSource().getLocation()
- + "!/netx/jnlp/resources/default.jnlp";
+ + "!/default.jnlp";
private static final String miniLicense = "\n"
+ " netx - an open-source JNLP client.\n"
diff -r 217c9bffb37f -r a2497d56461b tools/netx/jnlp/runtime/JNLPClassLoader.java
--- a/tools/netx/jnlp/runtime/JNLPClassLoader.java Tue Feb 05 12:26:45 2008 -0500
+++ b/tools/netx/jnlp/runtime/JNLPClassLoader.java Tue Feb 05 15:58:12 2008 -0500
@@ -29,6 +29,8 @@ import netx.jnlp.cache.*;
import netx.jnlp.cache.*;
import netx.jnlp.*;
import netx.jnlp.tools.JarSigner;
+import netx.jnlp.services.*;
+import netx.jnlp.security.*;
/**
* Classloader that takes it's resources from a JNLP file. If the
@@ -96,6 +98,11 @@ public class JNLPClassLoader extends URL
/** all of the jar files that were not verified */
private ArrayList<String> unverifiedJars = null;
+ /** the jarsigner tool to verify our jars */
+ private JarSigner js = null;
+
+ private boolean signing = false;
+
/**
* Create a new JNLPClassLoader from the specified file.
*
@@ -229,48 +236,48 @@ public class JNLPClassLoader extends URL
//Verify jars if the -verify option is passed.
if (JNLPRuntime.isVerifying()) {
- boolean allVerified;
-
+ JarSigner js;
waitForJars(initialJars); //download the jars first.
try {
- allVerified = verifyJars(initialJars);
+ js = verifyJars(initialJars);
} catch (Exception e) {
-
//we caught an Exception from the JarSigner class.
e.printStackTrace();
throw new LaunchException(null, null, R("LSFatal"),
R("LCInit"), R("LFatalVerification"), R("LFatalVerificationInfo"));
}
- if (!allVerified) {
-
- String listOfVerifiedJars = "The following jars were verified:\n";
- String listOfUnverifiedJars = "The following jars were unverified:\n";
-
- if (verifiedJars.size() != 0)
- for (int i = 0; i < verifiedJars.size(); i++)
- listOfVerifiedJars += verifiedJars.get(i) + "\n";
-
- if (unverifiedJars.size() != 0)
- for (int i = 0; i < unverifiedJars.size(); i++)
- listOfUnverifiedJars += unverifiedJars.get(i) + "\n";
-
- //Open dialog, ask user if they still want to run the applet.
- int i = JOptionPane.showConfirmDialog(null,
- R("LNotVerifiedDialog")+"\n\n"
- +listOfVerifiedJars+"\n"
- +listOfUnverifiedJars+"\n"
- +R("LAskToContinue"),
- "Warning", JOptionPane.YES_NO_OPTION);
-
- if (i == 1)
- throw new LaunchException(null, null, R("LSFatal"),
- R("LCLaunching"), R("LNotVerified"), "");
+ //Case when at least one jar has some signing
+ if (js.anyJarsSigned()){
+ signing = true;
+ //if there was some problem with the signing...
+ if (!js.allVerified()) {
+
+ boolean b = SecurityWarningDialog.showWarningDialog(
+ SecurityWarningDialog.AccessType.UNVERIFIED, file,
+ js.getCerts(), js.getDetails());
+ if (!b)
+ throw new LaunchException(null, null, R("LSFatal"),
+ R("LCLaunching"), R("LNotVerified"), "");
+ } else {
+ //jar is completely verified, but we still need to show
+ //a dialog
+
+ boolean b = SecurityWarningDialog.showWarningDialog(
+ SecurityWarningDialog.AccessType.VERIFIED, file,
+ js.getCerts(), js.getDetails());
+ if (!b)
+ throw new LaunchException(null, null, R("LSFatal"),
+ R("LCLaunching"), R("LCancelOnUserRequest"), "");
+ }
+ } else {
+
+ signing = false;
+ //otherwise this jar is simply unsigned -- make sure to ask
+ //for permission on certain actions
}
-
}
-
activateJars(initialJars);
}
@@ -518,36 +525,11 @@ public class JNLPClassLoader extends URL
*
* @param jars the jars to be verified.
*/
- private boolean verifyJars(List<JARDesc> jars) throws Exception {
+ private JarSigner verifyJars(List<JARDesc> jars) throws Exception {
- boolean allVerified = true;
-
- JarSigner js = new JarSigner();
- verifiedJars = new ArrayList<String>();
- unverifiedJars = new ArrayList<String>();
-
- for (int i = 0; i < jars.size(); i++) {
-
- JARDesc jar = (JARDesc) jars.get(i);
-
- try {
- String localFile = tracker.getCacheFile(jar.getLocation()).getAbsolutePath();
- boolean result = js.verifyJar(localFile);
-
- if (!result) {
- allVerified = false;
- unverifiedJars.add(localFile);
- } else {
- verifiedJars.add(localFile);
- }
- } catch (Exception e){
- //We may catch exceptions from using js.verifyJar(localFile).
- e.printStackTrace();
- throw e;
- }
- }
-
- return allVerified;
+ js = new JarSigner();
+ js.verifyJars(jars, tracker);
+ return js;
}
/**
@@ -751,6 +733,10 @@ public class JNLPClassLoader extends URL
return file.getFileLocation().toString();
}
+ public boolean getSigning() {
+ return signing;
+ }
+
}
diff -r 217c9bffb37f -r a2497d56461b tools/netx/jnlp/runtime/JNLPRuntime.java
--- a/tools/netx/jnlp/runtime/JNLPRuntime.java Tue Feb 05 12:26:45 2008 -0500
+++ b/tools/netx/jnlp/runtime/JNLPRuntime.java Tue Feb 05 15:58:12 2008 -0500
@@ -81,7 +81,7 @@ public class JNLPRuntime {
private static boolean headless = false;
/** whether we'll be checking for jar signing */
- private static boolean verify = false;
+ private static boolean verify = true;
/** whether the runtime uses security */
private static boolean securityEnabled = true;
diff -r 217c9bffb37f -r a2497d56461b tools/netx/jnlp/security/CertsInfoPane.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/netx/jnlp/security/CertsInfoPane.java Tue Feb 05 15:58:12 2008 -0500
@@ -0,0 +1,312 @@
+/* CertsInfoPane.java
+ Copyright (C) 2008 Red Hat, Inc.
+
+This file is part of IcedTea.
+
+IcedTea is free software; you can redistribute it and/or
+modify it under the terms of the GNU General Public License as published by
+the Free Software Foundation, version 2.
+
+IcedTea is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with IcedTea; see the file COPYING. If not, write to
+the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version.
+*/
+
+package netx.jnlp.security;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.security.cert.CertPath;
+import java.security.cert.X509Certificate;
+import java.math.BigInteger;
+import javax.security.auth.x500.X500Principal;
+import sun.security.x509.*;
+import javax.swing.*;
+import javax.swing.event.*;
+import javax.swing.table.*;
+import java.awt.*;
+import java.awt.event.*;
+import java.awt.datatransfer.Clipboard;
+import java.awt.datatransfer.StringSelection;
+import javax.swing.tree.DefaultMutableTreeNode;
+import javax.swing.tree.TreeSelectionModel;
+import netx.jnlp.tools.*;
+
+/**
+ * Provides the UI for the Certificate Info dialog. This dialog displays data from
+ * X509Certificate(s) used in jar signing.
+ *
+ * @author <a href="mailto:jsumali at redhat.com">Joshua Sumali</a>
+ */
+public class CertsInfoPane extends SecurityDialogUI {
+
+ private ArrayList<CertPath> certs;
+ private JList list;
+ private JTree tree;
+ private JTable table;
+ private JTextArea output;
+ private ListSelectionModel listSelectionModel;
+ private ListSelectionModel tableSelectionModel;
+ private String[] certNames;
+ private String[] columnNames = { "Field", "Value" };
+ private ArrayList<String[][]> certsData;
+
+ public CertsInfoPane(JComponent x) {
+ super(x);
+ }
+
+ /**
+ * Builds the JTree out of CertPaths.
+ */
+ private void buildTree() {
+ //for now, we're only going to display the first signer, even though
+ //jars can be signed by multiple people.
+ CertPath firstPath = certs.get(0);
+ X509Certificate firstCert =
+ ((X509Certificate)firstPath.getCertificates().get(0));
+ String subjectString =
+ getCN(firstCert.getSubjectX500Principal().getName());
+ String issuerString =
+ getCN(firstCert.getIssuerX500Principal().getName());
+
+ DefaultMutableTreeNode top =
+ new DefaultMutableTreeNode(subjectString
+ + " (" + issuerString + ")");
+
+ //not self signed
+ if (firstPath.getCertificates().size() > 1) {
+ X509Certificate secondCert =
+ ((X509Certificate)firstPath.getCertificates().get(1));
+ subjectString =
+ getCN(secondCert.getSubjectX500Principal().getName());
+ issuerString =
+ getCN(secondCert.getIssuerX500Principal().getName());
+ top.add(new DefaultMutableTreeNode(subjectString
+ + " (" + issuerString + ")"));
+ }
+
+ tree = new JTree(top);
+ tree.getSelectionModel().setSelectionMode
+ (TreeSelectionModel.SINGLE_TREE_SELECTION);
+ tree.addTreeSelectionListener(new TreeSelectionHandler());
+ }
+
+ /**
+ * Constructs the GUI components of this UI
+ */
+ protected void installComponents() {
+ certs = ((SecurityWarningDialog)optionPane).getCerts();
+ buildTree();
+ certNames = new String[certs.get(0).getCertificates().size()];
+ certsData = new ArrayList<String[][]>();
+
+ for (int i = 0; i < certs.get(0).getCertificates().size(); i++) {
+
+ X509Certificate c = (X509Certificate) certs.get(0).getCertificates().get(i);
+
+ String version = ""+c.getVersion();
+ String serialNumber = c.getSerialNumber().toString();
+ String signatureAlg = c.getSigAlgName();
+ String issuer = c.getIssuerX500Principal().toString();
+ String validity = new CertificateValidity(c.getNotBefore(),
+ c.getNotAfter()).toString();
+ String subject = c.getSubjectX500Principal().toString();
+
+ //convert our signature into a nice human-readable form.
+ HexDumpEncoder encoder = new HexDumpEncoder();
+ String signature = encoder.encodeBuffer(c.getSignature());
+
+ String[][] cert = { {"Version", version},
+ {"Serial", serialNumber},
+ {"Signature Algorithm", signatureAlg},
+ {"Issuer", issuer},
+ {"Validity", validity},
More information about the distro-pkg-dev
mailing list