diff options
author | Raif S. Naffah <raif@swiftdsl.com.au> | 2006-05-02 01:00:22 +0000 |
---|---|---|
committer | Raif S. Naffah <raif@swiftdsl.com.au> | 2006-05-02 01:00:22 +0000 |
commit | 2f87c016b0638a8174c9d5d63b85f7ca080413d9 (patch) | |
tree | d59b1062d1487cbabc50525288a059b0654fe74f | |
parent | db2454007119854a1e24115a69e6f3ac649b8b17 (diff) | |
download | classpath-2f87c016b0638a8174c9d5d63b85f7ca080413d9.tar.gz |
2006-05-02 Raif S. Naffah <raif@swiftdsl.com.au>
* tools/gnu/classpath/tools/jarsigner/jarsigner.txt: Re-arranged to
resemble more closely man-page style text.
* tools/gnu/classpath/tools/jarsigner/SFHelper.java:
Mark (Eclipse) strings that need not be externalised.
(writeSF): Likewise.
(writeDSA): Likewise.
Use package-private Messages class to provide i18n-ready strings.
(startSigning):
Use package-private Messages class to provide i18n-ready strings.
(updateEntry): Likewise.
Mark (Eclipse) strings that need not be externalised.
(finishSigning): Likewise.
* tools/gnu/classpath/tools/jarsigner/Main.java:
Mark (Eclipse) strings that need not be externalised.
(main): Do not use constant strings as class name.
Use package-private Messages class to provide i18n-ready strings.
Reduced logging level so INFO becomes FINER, and WARNING becomes FINE.
(processArgs): Do not use constant strings as class name.
Mark (Eclipse) strings that need not be externalised.
Reduced logging level so INFO becomes FINER, and WARNING becomes FINE.
(start): Do not use constant strings as class name.
(teardown): Likewise.
Use ProviderUtil.
(setupCommonParams): Do not use constant strings as class name.
Use package-private Messages class to provide i18n-ready strings.
Reduced logging level so INFO becomes FINER, and WARNING becomes FINE.
(installNewProvider): Do not use constant strings as class name.
Use ProviderUtil.
(setupSigningParams): Do not use constant strings as class name.
Use package-private Messages class to provide i18n-ready strings.
Mark (Eclipse) strings that need not be externalised.
(getCallbackHandler): Use CallbackUtil.
* tools/gnu/classpath/tools/jarsigner/JarSigner.java (start):
Use package-private Messages class to provide i18n-ready strings.
Reduced logging level so INFO becomes FINER, and WARNING becomes FINE.
* tools/gnu/classpath/tools/jarsigner/JarVerifier.java (start): Likewise.
(verifySF): Likewise.
(verifySFEntries): Do not use constant strings as class name.
Use Boolean.valueOf instead of new Boolean().
(verifySFEntry): Mark (Eclipse) strings that need not be externalised.
* resource/gnu/classpath/tools/jarsigner/MessageBundle.properties:
New file.
* tools/gnu/classpath/tools/jarsigner/package.html: Likewise.
* tools/gnu/classpath/tools/jarsigner/Messages.java: Likewise.
-rw-r--r-- | ChangeLog | 47 | ||||
-rw-r--r-- | resource/gnu/classpath/tools/jarsigner/MessageBundle.properties | 33 | ||||
-rw-r--r-- | tools/gnu/classpath/tools/jarsigner/JarSigner.java | 30 | ||||
-rw-r--r-- | tools/gnu/classpath/tools/jarsigner/JarVerifier.java | 51 | ||||
-rw-r--r-- | tools/gnu/classpath/tools/jarsigner/Main.java | 245 | ||||
-rw-r--r-- | tools/gnu/classpath/tools/jarsigner/Messages.java | 115 | ||||
-rw-r--r-- | tools/gnu/classpath/tools/jarsigner/SFHelper.java | 30 | ||||
-rw-r--r-- | tools/gnu/classpath/tools/jarsigner/jarsigner.txt | 219 | ||||
-rw-r--r-- | tools/gnu/classpath/tools/jarsigner/package.html | 60 |
9 files changed, 515 insertions, 315 deletions
@@ -1,5 +1,52 @@ 2006-05-02 Raif S. Naffah <raif@swiftdsl.com.au> + * tools/gnu/classpath/tools/jarsigner/jarsigner.txt: Re-arranged to + resemble more closely man-page style text. + * tools/gnu/classpath/tools/jarsigner/SFHelper.java: + Mark (Eclipse) strings that need not be externalised. + (writeSF): Likewise. + (writeDSA): Likewise. + Use package-private Messages class to provide i18n-ready strings. + (startSigning): + Use package-private Messages class to provide i18n-ready strings. + (updateEntry): Likewise. + Mark (Eclipse) strings that need not be externalised. + (finishSigning): Likewise. + * tools/gnu/classpath/tools/jarsigner/Main.java: + Mark (Eclipse) strings that need not be externalised. + (main): Do not use constant strings as class name. + Use package-private Messages class to provide i18n-ready strings. + Reduced logging level so INFO becomes FINER, and WARNING becomes FINE. + (processArgs): Do not use constant strings as class name. + Mark (Eclipse) strings that need not be externalised. + Reduced logging level so INFO becomes FINER, and WARNING becomes FINE. + (start): Do not use constant strings as class name. + (teardown): Likewise. + Use ProviderUtil. + (setupCommonParams): Do not use constant strings as class name. + Use package-private Messages class to provide i18n-ready strings. + Reduced logging level so INFO becomes FINER, and WARNING becomes FINE. + (installNewProvider): Do not use constant strings as class name. + Use ProviderUtil. + (setupSigningParams): Do not use constant strings as class name. + Use package-private Messages class to provide i18n-ready strings. + Mark (Eclipse) strings that need not be externalised. + (getCallbackHandler): Use CallbackUtil. + * tools/gnu/classpath/tools/jarsigner/JarSigner.java (start): + Use package-private Messages class to provide i18n-ready strings. + Reduced logging level so INFO becomes FINER, and WARNING becomes FINE. + * tools/gnu/classpath/tools/jarsigner/JarVerifier.java (start): Likewise. + (verifySF): Likewise. + (verifySFEntries): Do not use constant strings as class name. + Use Boolean.valueOf instead of new Boolean(). + (verifySFEntry): Mark (Eclipse) strings that need not be externalised. + * resource/gnu/classpath/tools/jarsigner/MessageBundle.properties: + New file. + * tools/gnu/classpath/tools/jarsigner/package.html: Likewise. + * tools/gnu/classpath/tools/jarsigner/Messages.java: Likewise. + +2006-05-02 Raif S. Naffah <raif@swiftdsl.com.au> + * tools/gnu/classpath/tools/common/CallbackUtil.java: New file. * tools/gnu/classpath/tools/common/ProviderUtil.java: Likewise. * tools/gnu/classpath/tools/common/SecurityProviderInfo.java: Likewise. diff --git a/resource/gnu/classpath/tools/jarsigner/MessageBundle.properties b/resource/gnu/classpath/tools/jarsigner/MessageBundle.properties new file mode 100644 index 000000000..902166d5f --- /dev/null +++ b/resource/gnu/classpath/tools/jarsigner/MessageBundle.properties @@ -0,0 +1,33 @@ +# default locale messages for gnu.classpath.tools.jarsigner package + +Main.7=jarsigner: +Main.9=jarsigner error: +Main.70=JAR file [{0}] is NOT a file object +Main.72=JAR file [{0}] is NOT readable +#Main.85=Option '-keystore' is not defined or is an empty string, and 'user.home' is unknown +Main.85=Unable to locate a valid key store +Main.92=Enter key store password: +Main.6=Designated alias [{0}] MUST be known to the key store in use +Main.95=Designated alias [{0}] MUST be an Alias of a Key Entry +Main.97=Enter key password for <{0}>: +Main.99=Key associated with [{0}] MUST be a private key + +JarSigner.1=\ \ signing: +JarSigner.2=\ updating: +JarSigner.8=\ \ \ adding: +JarSigner.11=\ \ \ adding: +JarSigner.14=jar signed. + +JarVerifier.2=jar is not signed.--no signature files found. +JarVerifier.3=jar verification failed. +JarVerifier.4=jar partially verified --{0,numer} of {1,number} signers. +JarVerifier.7=jar verified --{0,number} signer(s). +JarVerifier.13=Signature Block missing for {0} +JarVerifier.14=At least one SignerInfo element MUST be present in a Signature Block (.DSA file) +JarVerifier.16=Missing EncryptedDigest in Signature Block (.DSA file) first SignerInfo element + +SFHelper.1=Helper is NOT finished +SFHelper.4=.SF file has NOT been generated +SFHelper.6=Unknown or unsupported private key algorithm +SFHelper.9=Helper is NOT ready +SFHelper.10=Helper is NOT started diff --git a/tools/gnu/classpath/tools/jarsigner/JarSigner.java b/tools/gnu/classpath/tools/jarsigner/JarSigner.java index e6106a600..40bee9fe9 100644 --- a/tools/gnu/classpath/tools/jarsigner/JarSigner.java +++ b/tools/gnu/classpath/tools/jarsigner/JarSigner.java @@ -69,7 +69,7 @@ public class JarSigner void start() throws Exception { - log.entering("JarSigner", "start"); + log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$ JarFile jarFile = new JarFile(main.getJarFileName()); SFHelper sfHelper = new SFHelper(jarFile); @@ -87,15 +87,15 @@ public class JarSigner sfHelper.updateEntry(je); if (main.isVerbose()) - System.out.println(" signing: " + jeName); + System.out.println(Messages.getString("JarSigner.1") + jeName); //$NON-NLS-1$ } sfHelper.finishSigning(main.isSectionsOnly()); if (main.isVerbose()) - System.out.println(" updating: " + JarFile.MANIFEST_NAME); + System.out.println(Messages.getString("JarSigner.2") + JarFile.MANIFEST_NAME); //$NON-NLS-1$ // 2. write jar entries and manifest - File signedJarFile = File.createTempFile("gcp-", ".jar"); + File signedJarFile = File.createTempFile("gcp-", ".jar"); //$NON-NLS-1$ //$NON-NLS-2$ FileOutputStream fos = new FileOutputStream(signedJarFile); JarOutputStream outSignedJarFile = new JarOutputStream(fos, sfHelper.getManifest()); @@ -107,7 +107,7 @@ public class JarSigner || jeName.endsWith(File.separator)) continue; - log.finest("Processing " + jeName); + log.finest("Processing " + jeName); //$NON-NLS-1$ JarEntry newEntry = new JarEntry(jeName); newEntry.setTime(je.getTime()); outSignedJarFile.putNextEntry(newEntry); @@ -119,19 +119,19 @@ public class JarSigner String signaturesFileName = main.getSigFileName(); String sfFileName = JarUtils.META_INF + signaturesFileName + JarUtils.SF_SUFFIX; - log.finest("Processing " + sfFileName); + log.finest("Processing " + sfFileName); //$NON-NLS-1$ JarEntry sfEntry = new JarEntry(sfFileName); sfEntry.setTime(System.currentTimeMillis()); outSignedJarFile.putNextEntry(sfEntry); sfHelper.writeSF(outSignedJarFile); - log.info("Created .SF file"); + log.finer("Created .SF file"); //$NON-NLS-1$ if (main.isVerbose()) - System.out.println(" adding: " + sfFileName); + System.out.println(Messages.getString("JarSigner.8") + sfFileName); //$NON-NLS-1$ // 4. create the .DSA file String dsaFileName = JarUtils.META_INF + signaturesFileName + JarUtils.DSA_SUFFIX; - log.finest("Processing " + dsaFileName); + log.finest("Processing " + dsaFileName); //$NON-NLS-1$ JarEntry dsaEntry = new JarEntry(dsaFileName); dsaEntry.setTime(System.currentTimeMillis()); outSignedJarFile.putNextEntry(dsaEntry); @@ -139,20 +139,20 @@ public class JarSigner main.getSignerPrivateKey(), main.getSignerCertificateChain(), main.isInternalSF()); - log.info("Created .DSA file"); + log.finer("Created .DSA file"); //$NON-NLS-1$ if (main.isVerbose()) - System.out.println(" adding: " + dsaFileName); + System.out.println(Messages.getString("JarSigner.11") + dsaFileName); //$NON-NLS-1$ // cleanup outSignedJarFile.close(); fos.close(); signedJarFile.renameTo(new File(main.getSignedJarFileName())); - log.info("Renamed signed JAR file"); + log.finer("Renamed signed JAR file"); //$NON-NLS-1$ if (main.isVerbose()) - System.out.println(SystemProperties.getProperty("line.separator") - + "jar signed."); + System.out.println(SystemProperties.getProperty("line.separator") //$NON-NLS-1$ + + Messages.getString("JarSigner.14")); //$NON-NLS-1$ - log.exiting("JarSigner", "start"); + log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$ } private void copyFromTo(InputStream in, JarOutputStream out) diff --git a/tools/gnu/classpath/tools/jarsigner/JarVerifier.java b/tools/gnu/classpath/tools/jarsigner/JarVerifier.java index 1d3a98dda..f80147dfa 100644 --- a/tools/gnu/classpath/tools/jarsigner/JarVerifier.java +++ b/tools/gnu/classpath/tools/jarsigner/JarVerifier.java @@ -94,7 +94,7 @@ public class JarVerifier void start() throws Exception { - log.entering("JarVerifier", "start"); + log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$ String jarFileName = main.getJarFileName(); jarFile = new JarFile(jarFileName); @@ -110,7 +110,7 @@ public class JarVerifier continue; // only interested in .SF files in, and not deeper than, META-INF - String[] jeNameParts = jeName.split("/"); + String[] jeNameParts = jeName.split("/"); //$NON-NLS-1$ if (jeNameParts.length != 2) continue; @@ -121,7 +121,7 @@ public class JarVerifier // 2. verify each one if (sfFiles.isEmpty()) - System.out.println("jar is not signed.--no signature files found."); + System.out.println(Messages.getString("JarVerifier.2")); //$NON-NLS-1$ else { int limit = sfFiles.size(); @@ -135,15 +135,17 @@ public class JarVerifier } if (count == 0) - System.out.println("jar verification failed."); + System.out.println(Messages.getString("JarVerifier.3")); //$NON-NLS-1$ else if (count != limit) - System.out.println("jar partially verified --" + count + " of " - + limit + " signers."); + System.out.println(Messages.getFormattedString("JarVerifier.4", //$NON-NLS-1$ + new Integer[] {Integer.valueOf(count), + Integer.valueOf(limit)})); else - System.out.println("jar verified --" + limit + " signer(s)."); + System.out.println(Messages.getFormattedString("JarVerifier.7", //$NON-NLS-1$ + Integer.valueOf(limit))); } - log.exiting("JarVerifier", "start"); + log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$ } /** @@ -160,15 +162,15 @@ public class JarVerifier private boolean verifySF(String sigFileName) throws CRLException, CertificateException, ZipException, IOException { - log.entering("JarVerifier", "verifySF"); - log.finest("About to verify signature of " + sigFileName + "..."); + log.entering(this.getClass().getName(), "verifySF"); //$NON-NLS-1$ + log.finest("About to verify signature of " + sigFileName + "..."); //$NON-NLS-1$ //$NON-NLS-2$ // 1. find the corresponding .DSA file for this .SF file JarEntry dsaEntry = jarFile.getJarEntry(JarUtils.META_INF + sigFileName + JarUtils.DSA_SUFFIX); if (dsaEntry == null) - throw new SecurityException("Signature Block missing for " + sigFileName); - + throw new SecurityException(Messages.getFormattedString("JarVerifier.13", //$NON-NLS-1$ + sigFileName)); // 2. read the .DSA file contents as a PKCS7 SignedData InputStream in = jarFile.getInputStream(dsaEntry); PKCS7SignedData pkcs7SignedData = new PKCS7SignedData(in); @@ -177,19 +179,19 @@ public class JarVerifier // this octet string is the digital signature of the .SF file contents Set signerInfos = pkcs7SignedData.getSignerInfos(); if (signerInfos == null || signerInfos.isEmpty()) - throw new SecurityException("At least one SignerInfo element MUST be " - + "present in a Signature Block (.DSA file)"); + throw new SecurityException(Messages.getString("JarVerifier.14")); //$NON-NLS-1$ + SignerInfo signerInfo = (SignerInfo) signerInfos.iterator().next(); byte[] encryptedDigest = signerInfo.getEncryptedDigest(); if (encryptedDigest == null) - throw new SecurityException("Missing EncryptedDigest in Signature Block " - + "(.DSA file) first SignerInfo element"); - log.finest("\n" + Util.dumpString(encryptedDigest, "--- signedSFBytes ")); + throw new SecurityException(Messages.getString("JarVerifier.16")); //$NON-NLS-1$ + + log.finest("\n" + Util.dumpString(encryptedDigest, "--- signedSFBytes ")); //$NON-NLS-1$ //$NON-NLS-2$ // 5. get the signer public key Certificate cert = pkcs7SignedData.getCertificates()[0]; PublicKey verifierKey = cert.getPublicKey(); - log.finest("--- verifier public key = " + verifierKey); + log.finest("--- verifier public key = " + verifierKey); //$NON-NLS-1$ // 6. verify the signature file signature OID digestEncryptionAlgorithmOID = signerInfo.getDigestEncryptionAlgorithmId(); @@ -223,10 +225,10 @@ public class JarVerifier signatureAlgorithm.update(buffer, 0, n); boolean result = signatureAlgorithm.verify(herSignature); - log.info("Signature block [" + sigFileName + "] is " - + (result ? "" : "NOT ") + "OK"); + log.finer("Signature block [" + sigFileName + "] is " //$NON-NLS-1$ //$NON-NLS-2$ + + (result ? "" : "NOT ") + "OK"); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ - log.exiting("JarVerifier", "verifySF", new Boolean(result)); + log.exiting(this.getClass().getName(), "verifySF", Boolean.valueOf(result)); //$NON-NLS-1$ return result; } @@ -248,7 +250,7 @@ public class JarVerifier */ private boolean verifySFEntries(String alias) throws IOException { - log.entering("JarVerifier", "verifySFEntries"); + log.entering(this.getClass().getName(), "verifySFEntries"); //$NON-NLS-1$ // 1. read the signature file JarEntry jarEntry = jarFile.getJarEntry(JarUtils.META_INF + alias @@ -289,7 +291,8 @@ public class JarVerifier break; } - log.exiting("JarVerifier", "verifySFEntries", new Boolean(result)); + log.exiting(this.getClass().getName(), "verifySFEntries", + Boolean.valueOf(result)); //$NON-NLS-1$ return result; } @@ -316,7 +319,7 @@ public class JarVerifier { String expectedValue = getEntryHash(JarFile.MANIFEST_NAME); boolean result = expectedValue.equalsIgnoreCase(hash); - log.finest("Is " + name + " OK? " + result); + log.finest("Is " + name + " OK? " + result); //$NON-NLS-1$ //$NON-NLS-2$ return result; } diff --git a/tools/gnu/classpath/tools/jarsigner/Main.java b/tools/gnu/classpath/tools/jarsigner/Main.java index 360a88e56..8ca839759 100644 --- a/tools/gnu/classpath/tools/jarsigner/Main.java +++ b/tools/gnu/classpath/tools/jarsigner/Main.java @@ -40,6 +40,8 @@ package gnu.classpath.tools.jarsigner; import gnu.classpath.SystemProperties; import gnu.classpath.tools.HelpPrinter; +import gnu.classpath.tools.common.CallbackUtil; +import gnu.classpath.tools.common.ProviderUtil; import gnu.java.security.OID; import gnu.java.security.Registry; import gnu.javax.security.auth.callback.ConsoleCallbackHandler; @@ -49,13 +51,11 @@ import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.net.URL; -import java.security.AccessController; import java.security.Key; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; -import java.security.PrivilegedAction; import java.security.Provider; import java.security.Security; import java.security.UnrecoverableKeyException; @@ -82,10 +82,10 @@ import javax.security.auth.callback.UnsupportedCallbackException; public class Main { private static final Logger log = Logger.getLogger(Main.class.getName()); - private static final String HELP_PATH = "jarsigner/jarsigner.txt"; - private static final Locale EN_US_LOCALE = new Locale("en", "US"); - static final String DIGEST = "SHA1-Digest"; - static final String DIGEST_MANIFEST = "SHA1-Digest-Manifest"; + private static final String HELP_PATH = "jarsigner/jarsigner.txt"; //$NON-NLS-1$ + private static final Locale EN_US_LOCALE = new Locale("en", "US"); //$NON-NLS-1$ //$NON-NLS-2$ + static final String DIGEST = "SHA1-Digest"; //$NON-NLS-1$ + static final String DIGEST_MANIFEST = "SHA1-Digest-Manifest"; //$NON-NLS-1$ static final Name DIGEST_ATTR = new Name(DIGEST); static final Name DIGEST_MANIFEST_ATTR = new Name(DIGEST_MANIFEST); static final OID DSA_SIGNATURE_OID = new OID(Registry.DSA_OID_STRING); @@ -123,7 +123,7 @@ public class Main public static final void main(String[] args) { - log.entering("Main", "main", args); + log.entering(Main.class.getName(), "main", args); //$NON-NLS-1$ Main tool = new Main(); try @@ -133,18 +133,18 @@ public class Main } catch (SecurityException x) { - log.throwing("Main", "main", x); - System.err.println("jarsigner: " + x.getMessage()); + log.throwing(Main.class.getName(), "main", x); //$NON-NLS-1$ + System.err.println(Messages.getString("Main.7") + x.getMessage()); //$NON-NLS-1$ } catch (Exception x) { - log.throwing("Main", "main", x); - System.err.println("jarsigner error: " + x); + log.throwing(Main.class.getName(), "main", x); //$NON-NLS-1$ + System.err.println(Messages.getString("Main.9") + x); //$NON-NLS-1$ } tool.teardown(); - log.exiting("Main", "main"); + log.exiting(Main.class.getName(), "main"); //$NON-NLS-1$ // System.exit(0); } @@ -159,46 +159,46 @@ public class Main */ private void processArgs(String[] args) throws Exception { - log.entering("Main", "processArgs", args); + log.entering(this.getClass().getName(), "processArgs", args); //$NON-NLS-1$ HelpPrinter.checkHelpKey(args, HELP_PATH); if (args == null || args.length == 0) HelpPrinter.printHelpAndExit(HELP_PATH); int limit = args.length; - log.finest("args.length=" + limit); + log.finest("args.length=" + limit); //$NON-NLS-1$ int i = 0; String opt; while (i < limit) { opt = args[i++]; - log.finest("args[" + (i - 1) + "]=" + opt); + log.finest("args[" + (i - 1) + "]=" + opt); //$NON-NLS-1$ //$NON-NLS-2$ if (opt == null || opt.length() == 0) continue; - if ("-verify".equals(opt)) // -verify + if ("-verify".equals(opt)) // -verify //$NON-NLS-1$ verify = true; - else if ("-keystore".equals(opt)) // -keystore URL + else if ("-keystore".equals(opt)) // -keystore URL //$NON-NLS-1$ ksURL = args[i++]; - else if ("-storetype".equals(opt)) // -storetype STORE_TYPE + else if ("-storetype".equals(opt)) // -storetype STORE_TYPE //$NON-NLS-1$ ksType = args[i++]; - else if ("-storepass".equals(opt)) // -storepass PASSWORD + else if ("-storepass".equals(opt)) // -storepass PASSWORD //$NON-NLS-1$ ksPassword = args[i++]; - else if ("-keypass".equals(opt)) // -keypass PASSWORD + else if ("-keypass".equals(opt)) // -keypass PASSWORD //$NON-NLS-1$ password = args[i++]; - else if ("-sigfile".equals(opt)) // -sigfile NAME + else if ("-sigfile".equals(opt)) // -sigfile NAME //$NON-NLS-1$ sigFileName = args[i++]; - else if ("-signedjar".equals(opt)) // -signedjar FILE_NAME + else if ("-signedjar".equals(opt)) // -signedjar FILE_NAME //$NON-NLS-1$ signedJarFileName = args[i++]; - else if ("-verbose".equals(opt)) // -verbose + else if ("-verbose".equals(opt)) // -verbose //$NON-NLS-1$ verbose = true; - else if ("-certs".equals(opt)) // -certs + else if ("-certs".equals(opt)) // -certs //$NON-NLS-1$ certs = true; - else if ("-internalsf".equals(opt)) // -internalsf + else if ("-internalsf".equals(opt)) // -internalsf //$NON-NLS-1$ internalSF = true; - else if ("-sectionsonly".equals(opt)) // -sectionsonly + else if ("-sectionsonly".equals(opt)) // -sectionsonly //$NON-NLS-1$ sectionsOnly = true; - else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME + else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME //$NON-NLS-1$ providerClassName = args[i++]; else { @@ -211,43 +211,43 @@ public class Main } if (i < limit) // more options than needed - log.warning("Last argument is assumed at index #" + (i - 1) - + ". Remaining arguments (" + args[i] - + "...) will be ignored"); + log.fine("Last argument is assumed at index #" + (i - 1) //$NON-NLS-1$ + + ". Remaining arguments (" + args[i] //$NON-NLS-1$ + + "...) will be ignored"); //$NON-NLS-1$ setupCommonParams(); if (verify) { - log.info("Will verify with the following parameters:"); - log.info(" jar-file = '" + jarFileName + "'"); - log.info("Options:"); - log.info(" provider = '" + providerClassName + "'"); - log.info(" verbose ? " + verbose); - log.info(" certs ? " + certs); - log.info(" internalsf ? " + internalSF); - log.info(" sectionsonly ? " + sectionsOnly); + log.finer("Will verify with the following parameters:"); //$NON-NLS-1$ + log.finer(" jar-file = '" + jarFileName + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer("Options:"); //$NON-NLS-1$ + log.finer(" provider = '" + providerClassName + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" verbose ? " + verbose); //$NON-NLS-1$ + log.finer(" certs ? " + certs); //$NON-NLS-1$ + log.finer(" internalsf ? " + internalSF); //$NON-NLS-1$ + log.finer(" sectionsonly ? " + sectionsOnly); //$NON-NLS-1$ } else // sign { setupSigningParams(); - log.info("Will sign with the following parameters:"); - log.info(" jar-file = '" + jarFileName + "'"); - log.info(" alias = '" + alias + "'"); - log.info("Options:"); - log.info(" keystore = '" + ksURL + "'"); - log.info(" storetype = '" + ksType + "'"); - log.info(" storepass = '" + ksPassword + "'"); - log.info(" keypass = '" + password + "'"); - log.info(" sigfile = '" + sigFileName + "'"); - log.info(" signedjar = '" + signedJarFileName + "'"); - log.info(" provider = '" + providerClassName + "'"); - log.info(" verbose ? " + verbose); - log.info(" internalsf ? " + internalSF); - log.info(" sectionsonly ? " + sectionsOnly); + log.finer("Will sign with the following parameters:"); //$NON-NLS-1$ + log.finer(" jar-file = '" + jarFileName + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" alias = '" + alias + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer("Options:"); //$NON-NLS-1$ + log.finer(" keystore = '" + ksURL + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" storetype = '" + ksType + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" storepass = '" + ksPassword + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" keypass = '" + password + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" sigfile = '" + sigFileName + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" signedjar = '" + signedJarFileName + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" provider = '" + providerClassName + "'"); //$NON-NLS-1$ //$NON-NLS-2$ + log.finer(" verbose ? " + verbose); //$NON-NLS-1$ + log.finer(" internalsf ? " + internalSF); //$NON-NLS-1$ + log.finer(" sectionsonly ? " + sectionsOnly); //$NON-NLS-1$ } - log.exiting("Main", "processArgs"); + log.exiting(this.getClass().getName(), "processArgs"); //$NON-NLS-1$ } /** @@ -260,7 +260,7 @@ public class Main */ private void start() throws Exception { - log.entering("Main", "start"); + log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$ if (verify) { @@ -273,7 +273,7 @@ public class Main js.start(); } - log.exiting("Main", "start"); + log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$ } /** @@ -287,24 +287,12 @@ public class Main */ private void teardown() { - log.entering("Main", "teardown"); + log.entering(this.getClass().getName(), "teardown"); //$NON-NLS-1$ if (providerInstalled) - { - final String providerName = provider.getName(); - log.info("About to remove provider: " + providerName); - // remove it. again we need to override security checks - AccessController.doPrivileged(new PrivilegedAction() - { - public Object run() - { - Security.removeProvider(providerName); - return null; - } - }); - } + ProviderUtil.removeProvider(provider.getName()); - log.exiting("Main", "teardown"); + log.exiting(this.getClass().getName(), "teardown"); //$NON-NLS-1$ } /** @@ -329,7 +317,7 @@ public class Main private void setupCommonParams() throws InstantiationException, IllegalAccessException, ClassNotFoundException, IOException { - log.entering("Main", "setupCommonParams"); + log.entering(this.getClass().getName(), "setupCommonParams"); //$NON-NLS-1$ if (jarFileName == null) HelpPrinter.printHelpAndExit(HELP_PATH); @@ -339,10 +327,10 @@ public class Main throw new FileNotFoundException(jarFileName); if (jar.isDirectory()) - throw new IOException("JAR file [" + jarFileName - + "] is NOT a file object"); + throw new IOException(Messages.getFormattedString("Main.70", jarFileName)); //$NON-NLS-1$ + if (! jar.canRead()) - throw new IOException("JAR file [" + jarFileName + "] is NOT readable"); + throw new IOException(Messages.getFormattedString("Main.72", jarFileName)); //$NON-NLS-1$ //$NON-NLS-2$ if (providerClassName != null && providerClassName.length() > 0) { @@ -351,18 +339,18 @@ public class Main String providerName = provider.getName(); Provider installedProvider = Security.getProvider(providerName); if (installedProvider != null) - log.info("Provider " + providerName + " is already installed"); + log.finer("Provider " + providerName + " is already installed"); //$NON-NLS-1$ //$NON-NLS-2$ else // install it installNewProvider(); } if (! verbose && certs) { - log.warning("Option <certs> is set but <verbose> is not. Ignored"); + log.fine("Option <certs> is set but <verbose> is not. Ignored"); //$NON-NLS-1$ certs = false; } - log.exiting("Main", "setupCommonParams"); + log.exiting(this.getClass().getName(), "setupCommonParams"); //$NON-NLS-1$ } /** @@ -372,23 +360,11 @@ public class Main */ private void installNewProvider() { - log.entering("Main", "installNewProvider"); - - String providerName = provider.getName(); - log.info("About to install new provider: " + providerName); - // we need to override security checks - Boolean result = (Boolean) AccessController.doPrivileged(new PrivilegedAction() - { - public Object run() - { - int actualPosition = Security.insertProviderAt(provider, 1); - return new Boolean(actualPosition != - 1); - } - }); - log.info("Provider " + providerName + " installed successfully? " + result); - providerInstalled = result.booleanValue(); + log.entering(this.getClass().getName(), "installNewProvider"); //$NON-NLS-1$ + + providerInstalled = ProviderUtil.addProvider(provider) != -1; - log.exiting("Main", "installNewProvider"); + log.exiting(this.getClass().getName(), "installNewProvider"); //$NON-NLS-1$ } /** @@ -414,22 +390,21 @@ public class Main NoSuchAlgorithmException, CertificateException, UnsupportedCallbackException, UnrecoverableKeyException { - log.entering("Main", "setupSigningParams"); + log.entering(this.getClass().getName(), "setupSigningParams"); //$NON-NLS-1$ if (ksURL == null || ksURL.trim().length() == 0) { - String userHome = SystemProperties.getProperty("user.home"); + String userHome = SystemProperties.getProperty("user.home"); //$NON-NLS-1$ if (userHome == null || userHome.trim().length() == 0) - throw new SecurityException("Option '-keystore' is not defined or" - + " is an empty string, and 'user.home'" - + " is unknown"); - ksURL = "file:" + userHome.trim() + "/.keystore"; + throw new SecurityException(Messages.getString("Main.85")); //$NON-NLS-1$ + + ksURL = "file:" + userHome.trim() + "/.keystore"; //$NON-NLS-1$ //$NON-NLS-2$ } else { ksURL = ksURL.trim(); - if (ksURL.indexOf(":") == -1) - ksURL = "file:" + ksURL; + if (ksURL.indexOf(":") == -1) //$NON-NLS-1$ + ksURL = "file:" + ksURL; //$NON-NLS-1$ } if (ksType == null || ksType.trim().length() == 0) @@ -442,7 +417,7 @@ public class Main if (ksPassword == null) { // ask the user to provide one - PasswordCallback pcb = new PasswordCallback("Enter keystore password: ", + PasswordCallback pcb = new PasswordCallback(Messages.getString("Main.92"), //$NON-NLS-1$ false); getCallbackHandler().handle(new Callback[] { pcb }); ksPasswordChars = pcb.getPassword(); @@ -458,11 +433,11 @@ public class Main HelpPrinter.printHelpAndExit(HELP_PATH); if (! store.containsAlias(alias)) - throw new SecurityException("Designated alias [" + alias - + "] MUST be known to the key store in use"); + throw new SecurityException(Messages.getFormattedString("Main.6", alias)); //$NON-NLS-1$ + if (! store.isKeyEntry(alias)) - throw new SecurityException("Designated alias [" + alias - + "] MUST be an Alias of a Key Entry"); + throw new SecurityException(Messages.getFormattedString("Main.95", alias)); //$NON-NLS-1$ + Key key; if (password == null) { @@ -474,8 +449,8 @@ public class Main catch (UnrecoverableKeyException x) { // ask the user to provide one - PasswordCallback pcb = new PasswordCallback("Enter key password for " - + alias + ": ", false); + String prompt = Messages.getFormattedString("Main.97", alias); //$NON-NLS-1$ + PasswordCallback pcb = new PasswordCallback(prompt, false); getCallbackHandler().handle(new Callback[] { pcb }); passwordChars = pcb.getPassword(); // take 2 @@ -489,8 +464,8 @@ public class Main } if (! (key instanceof PrivateKey)) - throw new SecurityException("Key associated with " + alias - + " MUST be a private key"); + throw new SecurityException(Messages.getFormattedString("Main.99", alias)); //$NON-NLS-1$ + signerPrivateKey = (PrivateKey) key; signerCertificateChain = store.getCertificateChain(alias); log.finest(String.valueOf(signerCertificateChain)); @@ -518,7 +493,7 @@ public class Main if (signedJarFileName == null) signedJarFileName = jarFileName; - log.exiting("Main", "setupSigningParams"); + log.exiting(this.getClass().getName(), "setupSigningParams"); //$NON-NLS-1$ } boolean isVerbose() @@ -585,53 +560,7 @@ public class Main protected CallbackHandler getCallbackHandler() { if (handler == null) - { - String service = "CallbackHandler.Console"; //$NON-NLS-1$ - Provider[] providers = Security.getProviders(service); - if (providers != null) - for (int i = 0; i < providers.length; i++) - { - Provider p = providers[i]; - String className = p.getProperty(service); - if (className != null) - try - { - handler = (CallbackHandler) Class.forName(className).newInstance(); - } - catch (InstantiationException x) - { - log.fine("InstantiationException while creating [" //$NON-NLS-1$ - + className + "] from provider [" + p.getName() //$NON-NLS-1$ - + "]. Ignore"); //$NON-NLS-1$ - } - catch (IllegalAccessException x) - { - log.fine("IllegalAccessException while creating [" //$NON-NLS-1$ - + className + "] from provider [" + p.getName() //$NON-NLS-1$ - + "]. Ignore"); //$NON-NLS-1$ - } - catch (ClassNotFoundException x) - { - log.fine("ClassNotFoundException while creating [" //$NON-NLS-1$ - + className + "] from provider [" + p.getName() //$NON-NLS-1$ - + "]. Ignore"); //$NON-NLS-1$ - } - - if (handler != null) - { - - log.fine("Will use [" + handler.getClass().getName() //$NON-NLS-1$ - + "] from [" + p.getName() + "]"); //$NON-NLS-1$ //$NON-NLS-2$ - break; - } - } - - if (handler == null) - { - log.fine("No console callback handler found. Will use ours"); //$NON-NLS-1$ - handler = new ConsoleCallbackHandler(); - } - } + CallbackUtil.getConsoleHandler(); return handler; } diff --git a/tools/gnu/classpath/tools/jarsigner/Messages.java b/tools/gnu/classpath/tools/jarsigner/Messages.java new file mode 100644 index 000000000..284639115 --- /dev/null +++ b/tools/gnu/classpath/tools/jarsigner/Messages.java @@ -0,0 +1,115 @@ +/* Messages.java -- I18N related helper class + Copyright (C) 2006 Free Software Foundation, Inc. + + This file is part of GNU Classpath. + + GNU Classpath is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + GNU Classpath is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNU Classpath; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301 USA. + + Linking this library statically or dynamically with other modules is + making a combined work based on this library. Thus, the terms and + conditions of the GNU General Public License cover the whole + combination. + + As a special exception, the copyright holders of this library give you + permission to link this library with independent modules to produce an + executable, regardless of the license terms of these independent + modules, and to copy and distribute the resulting executable under + terms of your choice, provided that you also meet, for each linked + independent module, the terms and conditions of the license of that + module. An independent module is a module which is not derived from + or based on this library. If you modify this library, you may extend + this exception to your version of the library, but you are not + obligated to do so. If you do not wish to do so, delete this + exception statement from your version. */ + + +package gnu.classpath.tools.jarsigner; + +import java.text.MessageFormat; +import java.util.HashMap; +import java.util.Map; +import java.util.MissingResourceException; +import java.util.ResourceBundle; +import java.util.logging.Logger; + +/** + * An initially generated Eclipse helper class to ease the use of localized + * messages. + * <p> + * Enriched to handle localized message formats. + */ +class Messages +{ + private static final Logger log = Logger.getLogger(Messages.class.getName()); + private static final String BUNDLE_NAME = "gnu.classpath.tools.jarsigner.MessageBundle"; //$NON-NLS-1$ + private static final ResourceBundle RESOURCE_BUNDLE = ResourceBundle.getBundle(BUNDLE_NAME); + private static final Map CACHED_FORMATS = new HashMap(5); + + private Messages() + { + super(); + } + + public static String getString(String key) + { + try + { + return RESOURCE_BUNDLE.getString(key); + } + catch (MissingResourceException e) + { + return constructMessage(key, null); + } + } + + public static String getFormattedString(String key, Object args) + { + MessageFormat mf = (MessageFormat) CACHED_FORMATS.get(key); + if (mf == null) + { + String formatString = getString(key); + if (formatString.startsWith("!")) + return constructMessage(key, args); + + mf = new MessageFormat(formatString); + CACHED_FORMATS.put(key, mf); + } + + // if the argument is not an array, then build one consisiting of the + // sole argument before passing it to the format() method + try + { + if (args instanceof Object[]) + return mf.format(args); + + return mf.format(new Object[] { args }); + } + catch (IllegalArgumentException x) + { + log.fine("Exception while rendering a message format keyed by [" + + key + "]: " + mf.toPattern()); + return constructMessage(mf.toPattern(), args); + } + } + + private static final String constructMessage(String m, Object args) + { + if (args == null) + return '!' + m + '!'; + + return '!' + m + '!' + String.valueOf(args) + '!'; + } +} diff --git a/tools/gnu/classpath/tools/jarsigner/SFHelper.java b/tools/gnu/classpath/tools/jarsigner/SFHelper.java index cf72cfc2a..b4e5cc193 100644 --- a/tools/gnu/classpath/tools/jarsigner/SFHelper.java +++ b/tools/gnu/classpath/tools/jarsigner/SFHelper.java @@ -96,7 +96,7 @@ public class SFHelper private static final int SF_GENERATED = 3; private static final int DSA_GENERATED = 4; /** http://asn1.elibel.tm.fr/cgi-bin/oid/display?oid=1.3.14.3.2.26&action=display */ - private static final OID hashAlgorithmIdentifierSHA1 = new OID("1.3.14.3.2.26"); + private static final OID hashAlgorithmIdentifierSHA1 = new OID("1.3.14.3.2.26"); //$NON-NLS-1$ private int state; private JarFile jar; @@ -137,12 +137,12 @@ public class SFHelper void writeSF(JarOutputStream jar) throws IOException { if (this.state != FINISHED) - throw new IllegalStateException("Helper is NOT finished"); + throw new IllegalStateException(Messages.getString("SFHelper.1")); //$NON-NLS-1$ ByteArrayOutputStream baos = new ByteArrayOutputStream(); JarUtils.writeSFManifest(sfMainAttributes, sfEntries, baos); sfBytes = baos.toByteArray(); - log.finest("\n" + Util.dumpString(sfBytes, "+++ sfBytes ")); + log.finest("\n" + Util.dumpString(sfBytes, "+++ sfBytes ")); //$NON-NLS-1$ //$NON-NLS-2$ jar.write(sfBytes); jar.flush(); @@ -214,9 +214,9 @@ public class SFHelper throws IOException, CertificateEncodingException, CRLException { if (this.state != SF_GENERATED) - throw new IllegalStateException(".SF file has NOT been generated"); + throw new IllegalStateException(Messages.getString("SFHelper.4")); //$NON-NLS-1$ - log.finest("+++ signer private key = " + signerKey); + log.finest("+++ signer private key = " + signerKey); //$NON-NLS-1$ ISignature signatureAlgorithm; ISignatureCodec signatureCodec; OID digestEncryptionAlgorithmOID; @@ -233,7 +233,7 @@ public class SFHelper digestEncryptionAlgorithmOID = Main.RSA_SIGNATURE_OID; } else - throw new SecurityException("Unknown or unsupported private key algorithm"); + throw new SecurityException(Messages.getString("SFHelper.6")); //$NON-NLS-1$ Map signatureAttributes = new HashMap(); signatureAttributes.put(ISignature.SIGNER_KEY, signerKey); @@ -241,7 +241,7 @@ public class SFHelper signatureAlgorithm.update(sfBytes, 0, sfBytes.length); Object signature = signatureAlgorithm.sign(); byte[] signedSFBytes = signatureCodec.encodeSignature(signature); - log.finest("\n" + Util.dumpString(signedSFBytes, "+++ signedSFBytes ")); + log.finest("\n" + Util.dumpString(signedSFBytes, "+++ signedSFBytes ")); //$NON-NLS-1$ //$NON-NLS-2$ Set digestAlgorithms = new HashSet(); List digestAlgorithm = new ArrayList(2); @@ -296,7 +296,7 @@ public class SFHelper void startSigning() throws IOException { if (this.state != READY) - throw new IllegalStateException("Helper is NOT ready"); + throw new IllegalStateException(Messages.getString("SFHelper.9")); //$NON-NLS-1$ Manifest oldManifest = jar.getManifest(); this.manifest = oldManifest == null ? new Manifest() @@ -317,12 +317,12 @@ public class SFHelper void updateEntry(JarEntry entry) throws IOException { if (this.state != STARTED) - throw new IllegalStateException("Helper is NOT started"); + throw new IllegalStateException(Messages.getString("SFHelper.10")); //$NON-NLS-1$ String name = entry.getName(); InputStream jeis = jar.getInputStream(entry); String hash = util.hashStream(jeis); - log.finer("Hash of " + name + " = " + hash); + log.finer("Hash of " + name + " = " + hash); //$NON-NLS-1$ //$NON-NLS-2$ Attributes mainfestAttributes = manifest.getAttributes(name); if (mainfestAttributes == null) @@ -344,9 +344,9 @@ public class SFHelper } sfAttributes.putValue(Main.DIGEST, sfHash); - log.finest("Name: " + name); - log.finest(Main.DIGEST + ": " + sfHash); - log.finest(""); + log.finest("Name: " + name); //$NON-NLS-1$ + log.finest(Main.DIGEST + ": " + sfHash); //$NON-NLS-1$ + log.finest(""); //$NON-NLS-1$ } /** @@ -356,7 +356,7 @@ public class SFHelper void finishSigning(boolean sectionsOnly) throws IOException { if (state != STARTED) - throw new IllegalStateException("Helper is NOT started"); + throw new IllegalStateException(Messages.getString("SFHelper.10")); //$NON-NLS-1$ if (sectionsOnly) return; @@ -365,7 +365,7 @@ public class SFHelper manifest.write(baos); baos.flush(); String manifestHash = util.hashByteArray(baos.toByteArray()); - log.fine("Hashed Manifest " + manifestHash); + log.fine("Hashed Manifest " + manifestHash); //$NON-NLS-1$ sfMainAttributes.putValue(Main.DIGEST_MANIFEST, manifestHash); this.state = FINISHED; diff --git a/tools/gnu/classpath/tools/jarsigner/jarsigner.txt b/tools/gnu/classpath/tools/jarsigner/jarsigner.txt index 499c81fc9..e615609c1 100644 --- a/tools/gnu/classpath/tools/jarsigner/jarsigner.txt +++ b/tools/gnu/classpath/tools/jarsigner/jarsigner.txt @@ -1,103 +1,116 @@ -Java ARchive (JAR) file signing and verification tool. - -Copyright (C) 2006 Free Software Foundation, Inc. -This is free software; see the source for copying conditions. There is NO -warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - -Please report bugs at http://www.gnu.org/software/classpath/bugs.html - -Usage: - jarsigner [options] jar-file alias - jarsigner -verify [options] jar-file - - When the first form is used, the tool signs the designated <jar-file>. The - second form, on the other hand, is used to verify a previously signed JAR - file. - - The <jar-file> is the JAR file to process; i.e. to sign if the first syntax - form is used, or to verify if the second syntax form is used instead. - - <alias> is the Keystore alias to use for signing the <jar-file>. - - - When the tool is used for signing a JAR file, the possible <options> include: - -keystore URL - Indicates to the tool that the Keystore located at the - designated <URL> must be used. When this option is missing, - the tool, by default, will look for a Keystore named - ".keystore" in the current User's home directory; i.e. the - value of the System property named "user.home". - - If the <URL> is malformed --e.g. missing protocol element-- the - tool will attempt to use the <URL> value as a file-name (with - absolute or relative path-name) of a Keystore --as if the - protocol was "file:". - - -storetype STORE_TYPE - Designates the type of Keystore to expect. The default value - is that of the property "keystore.type" in the security - properties file, which is obtained by invoking the static - method call getDefaultType() in java.security.KeyStore. - - -storepass PASSWORD - Designates the <PASSWORD> to use when accessing the Keystore. - If this option is missing, the User will be prompted to provide - one. - - -keypass PASSWORD - Designates the <PASSWORD> protecting the private key to use, - from the Keystore, for signing the JAR file. If this option is - missing, the User will be prompted to provide one. - - -sigfile NAME - Designates a literal that will be used to construct file names - for the .SF and .DSA signature files which will be generated - and placed in the MET-INF directory of the signed JAR. - Permissible characters for <NAME> must be in the range - "a-zA-Z0-9_-". All characters will be converted by the tool to - upper-case ones. - - If this option is missing, the first eight characters of the - <alias> argument will be used. When this is the case, any - character in <alias> that is outside the permissible range of - characters will be replaced by an underscore. - - -signedjar FILE_NAME - If present, <FILE_NAME> will be used as the name of the signed - JAR. If this option is not present, then the signed JAR will - be named the same as <jar-file>; i.e. the input JAR will be - replaced with the signed one. - - - When the tool is used for verifying a JAR file, the possible options include: - -verify Indicates that the tool is to be used for verification purposes. - - -certs This option is used in conjunction with the -verbose option. - When present, along with the -verbose option, the tool will - print more detailed information about the certificates of the - signer(s) being processed. - - - Other options, common to both signing and verification include: - -verbose Specifies that the tool should generate more messages, during - its processing. - - -internalsf When present, the tool will include --which otherwise it does - not-- the .SF file in the .DSA generated file. - - -sectionsonly - When present, the tool will include in the .SF generated file - --which otherwise it does not-- a header containing a hash of - the whole manifest file. When that header is included, the - tool can quickly check, during verification, if the hash (in - the header) matches or not the manifest file. - - -provider PROVIDER_CLASS_NAME - Designates an implementation of the Provider interface to use - for obtaining cryptographic algorithm implementations required - by this tool to perform its functions; specifically the - implementation of the Security Provider capable of managing a - Key Store of the designated, or default, type. - - -help Prints this help text. - +NAME + jarsigner - Java ARchive (JAR) file signing and verification tool + +SYNOPSIS + jarsigner [OPTION]... FILE ALIAS + jarsigner -verify [OPTION]... FILE + +DESCRIPTION + When the first form is used, the tool signs the designated JAR file. + The second form, on the other hand, is used to verify a previously + signed JAR file. + + FILE is the .JAR file to process; i.e. to sign if the first syntax form + is used, or to verify if the second syntax form is used instead. + + ALIAS must be a known Alias of a Key Entry in the designated key store. + The private key material associated with this Alias is then used for + signing the designated .JAR file. + +SIGNING OPTIONS + -keystore URL + Use this option to specify the location of the key store to use. + The default value is a file URL referencing the file named + ".keystore" (all lower case and without the enclosing quotes) + located in the path returned by the call to + java.lang.System#getProperty(String) using "user.home" as + argument. + + If a URL was specified, but was found to be malformed --e.g. + missing protocol element-- the tool will attempt to use the URL + value as a file-name (with absolute or relative path-name) of a + key store --as if the protocol was "file:". + + -storetype STORE_TYPE + Use this option to specify the type of the key store to use. + The default value, if this option is omitted, is that of the + property "keystore.type" in the security properties file, which + is obtained by invoking the static method call getDefaultType() + in java.security.KeyStore. + + -storepass PASSWORD + Use this option to specify the password which will be used to + unlock the key store. If this option is missing, the User will + be prompted to provide a password. + + -keypass PASSWORD + Use this option to specify the password which the tool will use + to unlock the Key Entry associated with the designated Alias. + + If this option is omitted, the tool will first attempt to unlock + the Key Entry using the same password protecting the key store. + If this fails, you will then be prompted to provide a password. + + -sigfile NAME + Use this option to designate a literal that will be used to + construct file names for both the .SF and .DSA signature files. + These files will be generated, by the tool, and placed in the + META-INF directory of the signed JAR. Permissible characters + for NAME must be in the range "a-zA-Z0-9_-". All characters + will be converted to upper-case ones. + + If this option is missing, the first eight characters of the + ALIAS argument will be used. When this is the case, any + character in ALIAS that is outside the permissible range of + characters will be replaced by an underscore. + + -signedjar FILE_NAME + Use this option to specify the file name of the signed JAR. If + this option is omitted, then the signed JAR will be named the + same as FILE; i.e. the input JAR file will be replaced with the + signed copy. + +VERIFICATION OPTIONS + -verify + Use this option to indicate that the tool is to be used for + verification purposes. + + -certs This option is used in conjunction with the -verbose option. + When present, along with the -verbose option, the tool will + print more detailed information about the certificates of the + signer(s) being processed. + +COMMON OPTIONS + -verbose + Use this option to force the tool to generate more verbose + messages, during its processing. + + -internalsf + When present, the tool will include --which otherwise it does + not-- the .SF file in the .DSA generated file. + + -sectionsonly + When present, the tool will include in the .SF generated file + --which otherwise it does not-- a header containing a hash of + the whole manifest file. When that header is included, the + tool can quickly check, during verification, if the hash (in + the header) matches or not the manifest file. + + -provider PROVIDER_CLASS_NAME + A fully qualified class name of a Security Provider to add to + the current list of Security Providers already installed in the + JVM in-use. If a provider class is specified with this option, + and was successfully added to the runtime --i.e. it was not + already installed-- then the tool will attempt to remove this + Security Provider before exiting. + + -help Prints this help text. + +REPORTING BUGS + Please report bugs at http://www.gnu.org/software/classpath/bugs.html + +COPYRIGHT + Copyright (C) 2006 Free Software Foundation, Inc. + This is free software; see the source for copying conditions. There is + NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. diff --git a/tools/gnu/classpath/tools/jarsigner/package.html b/tools/gnu/classpath/tools/jarsigner/package.html new file mode 100644 index 000000000..50574ddb7 --- /dev/null +++ b/tools/gnu/classpath/tools/jarsigner/package.html @@ -0,0 +1,60 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> +<!-- package.html - describes classes in gnu.classpath.tools.jarsigner + +Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. --> + +<html> +<head> + <title>GNU Classpath - gnu.classpath.tools.jarsigner</title> +</head> + +<body> +This package contains the classes that provide an implementation of the +Security Tool: <code>jarsigner</code>. The behaviour of these classes should +match that of the same tool provided in the RI version 1.4.2, except for the +following: + +<ul> + <li>The RI tool accepts -J<i>javaoption</i> options which it then passes to + the underlying JVM. This is because the RI tool acts as a <i>wrapper</i> + around the JVM launcher. + <p> + This implementation DOES NOT support these options. + </li> +</ul> +</body> +</html> |