diff options
author | Raif S. Naffah <raif@swiftdsl.com.au> | 2006-07-18 12:44:17 +0000 |
---|---|---|
committer | Raif S. Naffah <raif@swiftdsl.com.au> | 2006-07-18 12:44:17 +0000 |
commit | 65dcbc6c0de9dadb4cf95fb14b850cdeccd50a44 (patch) | |
tree | 77b36f9321c3ade7ecf005a0797f6768709e0da2 | |
parent | b77b54f200723f26d40e311c81e79b34c2538281 (diff) | |
download | classpath-65dcbc6c0de9dadb4cf95fb14b850cdeccd50a44.tar.gz |
2006-07-18 Raif S. Naffah <raif@swiftdsl.com.au>
PR Classpath/27205
* tools/gnu/classpath/tools/jarsigner/SFHelper.java (writeDSA): Check
certificate validity.
(getIssuerName): New method.
(getSubjectName): Likewise.
(getNotAfterDate): Likewise.
(getNotBeforeDate): Likewise.
* resource/gnu/classpath/tools/jarsigner/messages.properties: Added
messages for newly added messages in SFHelper.
-rw-r--r-- | ChangeLog | 12 | ||||
-rw-r--r-- | resource/gnu/classpath/tools/jarsigner/messages.properties | 4 | ||||
-rw-r--r-- | tools/gnu/classpath/tools/jarsigner/SFHelper.java | 123 |
3 files changed, 139 insertions, 0 deletions
@@ -1,3 +1,15 @@ +2006-07-18 Raif S. Naffah <raif@swiftdsl.com.au> + + PR Classpath/27205 + * tools/gnu/classpath/tools/jarsigner/SFHelper.java (writeDSA): Check + certificate validity. + (getIssuerName): New method. + (getSubjectName): Likewise. + (getNotAfterDate): Likewise. + (getNotBeforeDate): Likewise. + * resource/gnu/classpath/tools/jarsigner/messages.properties: Added + messages for newly added messages in SFHelper. + 2006-07-18 Roman Kennke <kennke@aicas.com> * gnu/java/awt/peer/x/XDialogPeer.java: New class. diff --git a/resource/gnu/classpath/tools/jarsigner/messages.properties b/resource/gnu/classpath/tools/jarsigner/messages.properties index 4383256de..d4088177c 100644 --- a/resource/gnu/classpath/tools/jarsigner/messages.properties +++ b/resource/gnu/classpath/tools/jarsigner/messages.properties @@ -119,4 +119,8 @@ SFHelper.1=Helper is NOT finished SFHelper.4=.SF file has NOT been generated SFHelper.6=Unknown or unsupported private key algorithm SFHelper.9=Helper is NOT ready +SFHelper.0=Warning: The certificate issued by {0}, for {1}, has expired as of {3,date,full} - {3,time,full}. SFHelper.10=Helper is NOT started +SFHelper.11=Warning: The certificate issued by {0}, for {1}, is only valid after {3,date,full} - {3,time,full}. +SFHelper.14=[unknown] +SFHelper.17=[unnamed] diff --git a/tools/gnu/classpath/tools/jarsigner/SFHelper.java b/tools/gnu/classpath/tools/jarsigner/SFHelper.java index 0d8c2eb44..83e87b843 100644 --- a/tools/gnu/classpath/tools/jarsigner/SFHelper.java +++ b/tools/gnu/classpath/tools/jarsigner/SFHelper.java @@ -63,10 +63,13 @@ import java.security.PrivateKey; import java.security.cert.CRLException; import java.security.cert.Certificate; import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateExpiredException; +import java.security.cert.CertificateNotYetValidException; import java.security.cert.X509CRL; import java.security.interfaces.DSAPrivateKey; import java.security.interfaces.RSAPrivateKey; import java.util.ArrayList; +import java.util.Date; import java.util.HashMap; import java.util.HashSet; import java.util.List; @@ -265,6 +268,30 @@ public class SFHelper Set signerInfos = new HashSet(); X509Certificate cert = (X509Certificate) certificates[0]; + try + { + cert.checkValidity(); + } + catch (CertificateExpiredException x) + { + String issuerName = getIssuerName(cert); + String subjectName = getSubjectName(cert); + Date notAfterDate = getNotAfterDate(cert); + System.out.println(Messages.getFormattedString("SFHelper.0", //$NON-NLS-1$ + new Object[] { issuerName, + subjectName, + notAfterDate })); + } + catch (CertificateNotYetValidException x) + { + String issuerName = getIssuerName(cert); + String subjectName = getSubjectName(cert); + Date notBeforeDate = getNotBeforeDate(cert); + System.out.println(Messages.getFormattedString("SFHelper.11", //$NON-NLS-1$ + new Object[] { issuerName, + subjectName, + notBeforeDate })); + } X500Principal issuer = cert.getIssuerX500Principal(); BigInteger serialNumber = cert.getSerialNumber(); byte[] authenticatedAttributes = null; @@ -379,4 +406,100 @@ public class SFHelper this.state = FINISHED; } + + /** + * Given an X.509 certificate this method returns the string representation of + * the Issuer Distinguished Name. + * + * @param cert an X.509 certificate. + * @return the string representation of the Issuer's DN. + */ + private String getIssuerName(X509Certificate cert) + { + X500Principal xp = cert.getIssuerX500Principal(); + if (xp == null) + { + if (Configuration.DEBUG) + log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$ + + ", has null Issuer. Return [unknown]"); //$NON-NLS-1$ + return Messages.getString("SFHelper.14"); //$NON-NLS-1$ + } + String result = xp.getName(); + if (result == null) + { + if (Configuration.DEBUG) + log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$ + + ", has an Issuer with null DN. Return [unnamed]"); //$NON-NLS-1$ + return Messages.getString("SFHelper.17"); //$NON-NLS-1$ + } + return result; + } + + /** + * Given an X.509 certificate this method returns the string representation of + * the Subject Distinguished Name. + * + * @param cert an X.509 certificate. + * @return the string representation of the Subject's DN. + */ + private String getSubjectName(X509Certificate cert) + { + X500Principal xp = cert.getSubjectX500Principal(); + if (xp == null) + { + if (Configuration.DEBUG) + log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$ + + ", has null Subject. Return [unknown]"); //$NON-NLS-1$ + return Messages.getString("SFHelper.14"); //$NON-NLS-1$ + } + String result = xp.getName(); + if (result == null) + { + if (Configuration.DEBUG) + log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$ + + ", has a Subject with null DN. Return [unnamed]"); //$NON-NLS-1$ + return Messages.getString("SFHelper.17"); //$NON-NLS-1$ + } + return result; + } + + /** + * Given an X.509 certificate this method returns the end validity date of + * this certificate. + * + * @param cert an X.509 certificate. + * @return the date when this certificate stops being valid. + */ + private Date getNotAfterDate(X509Certificate cert) + { + Date result = cert.getNotAfter(); + if (result == null) + { + if (Configuration.DEBUG) + log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$ + + ", has null start-validity date. Return epoch"); //$NON-NLS-1$ + return new Date(0); + } + return result; + } + + /** + * Given an X.509 certificate this method returns the start validity date of + * this certificate. + * + * @param cert an X.509 certificate. + * @return the date when this certificate starts being valid. + */ + private Date getNotBeforeDate(X509Certificate cert) + { + Date result = cert.getNotBefore(); + if (result == null) + { + if (Configuration.DEBUG) + log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$ + + ", has null end-validity date. Return epoch"); //$NON-NLS-1$ + return new Date(0); + } + return result; + } } |