2006-07-18 Raif S. Naffah <raif@swiftdsl.com.au>

	PR Classpath/27205
	* tools/gnu/classpath/tools/jarsigner/SFHelper.java (writeDSA): Check
	certificate validity.
	(getIssuerName): New method.
	(getSubjectName): Likewise.
	(getNotAfterDate): Likewise.
	(getNotBeforeDate): Likewise.
	* resource/gnu/classpath/tools/jarsigner/messages.properties: Added
	messages for newly added messages in SFHelper.

3 files changed, 139 insertions, 0 deletions

diff --git a/ChangeLog b/ChangeLog
index 22ed1e9cd..824c114b5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2006-07-18  Raif S. Naffah  <raif@swiftdsl.com.au>
+
+	PR Classpath/27205
+	* tools/gnu/classpath/tools/jarsigner/SFHelper.java (writeDSA): Check
+	certificate validity.
+	(getIssuerName): New method.
+	(getSubjectName): Likewise.
+	(getNotAfterDate): Likewise.
+	(getNotBeforeDate): Likewise.
+	* resource/gnu/classpath/tools/jarsigner/messages.properties: Added
+	messages for newly added messages in SFHelper.
+
 2006-07-18  Roman Kennke  <kennke@aicas.com>
 
 	* gnu/java/awt/peer/x/XDialogPeer.java: New class.
diff --git a/resource/gnu/classpath/tools/jarsigner/messages.properties b/resource/gnu/classpath/tools/jarsigner/messages.properties
index 4383256de..d4088177c 100644
--- a/resource/gnu/classpath/tools/jarsigner/messages.properties
+++ b/resource/gnu/classpath/tools/jarsigner/messages.properties
@@ -119,4 +119,8 @@ SFHelper.1=Helper is NOT finished
 SFHelper.4=.SF file has NOT been generated
 SFHelper.6=Unknown or unsupported private key algorithm
 SFHelper.9=Helper is NOT ready
+SFHelper.0=Warning: The certificate issued by {0}, for {1}, has expired as of {3,date,full} - {3,time,full}.
 SFHelper.10=Helper is NOT started
+SFHelper.11=Warning: The certificate issued by {0}, for {1}, is only valid after {3,date,full} - {3,time,full}.
+SFHelper.14=[unknown]
+SFHelper.17=[unnamed]
diff --git a/tools/gnu/classpath/tools/jarsigner/SFHelper.java b/tools/gnu/classpath/tools/jarsigner/SFHelper.java
index 0d8c2eb44..83e87b843 100644
--- a/tools/gnu/classpath/tools/jarsigner/SFHelper.java
+++ b/tools/gnu/classpath/tools/jarsigner/SFHelper.java
@@ -63,10 +63,13 @@ import java.security.PrivateKey;
 import java.security.cert.CRLException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
 import java.security.cert.X509CRL;
 import java.security.interfaces.DSAPrivateKey;
 import java.security.interfaces.RSAPrivateKey;
 import java.util.ArrayList;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -265,6 +268,30 @@ public class SFHelper
 
     Set signerInfos = new HashSet();
     X509Certificate cert = (X509Certificate) certificates[0];
+    try
+      {
+        cert.checkValidity();
+      }
+    catch (CertificateExpiredException x)
+      {
+        String issuerName = getIssuerName(cert);
+        String subjectName = getSubjectName(cert);
+        Date notAfterDate = getNotAfterDate(cert);
+        System.out.println(Messages.getFormattedString("SFHelper.0", //$NON-NLS-1$
+                                                       new Object[] { issuerName,
+                                                                      subjectName,
+                                                                      notAfterDate }));
+      }
+    catch (CertificateNotYetValidException x)
+      {
+        String issuerName = getIssuerName(cert);
+        String subjectName = getSubjectName(cert);
+        Date notBeforeDate = getNotBeforeDate(cert);
+        System.out.println(Messages.getFormattedString("SFHelper.11", //$NON-NLS-1$
+                                                       new Object[] { issuerName,
+                                                                      subjectName,
+                                                                      notBeforeDate }));
+      }
     X500Principal issuer = cert.getIssuerX500Principal();
     BigInteger serialNumber = cert.getSerialNumber();
     byte[] authenticatedAttributes = null;
@@ -379,4 +406,100 @@ public class SFHelper
 
     this.state = FINISHED;
   }
+
+  /**
+   * Given an X.509 certificate this method returns the string representation of
+   * the Issuer Distinguished Name.
+   * 
+   * @param cert an X.509 certificate.
+   * @return the string representation of the Issuer's DN.
+   */
+  private String getIssuerName(X509Certificate cert)
+  {
+    X500Principal xp = cert.getIssuerX500Principal();
+    if (xp == null)
+      {
+        if (Configuration.DEBUG)
+          log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$
+                   + ", has null Issuer. Return [unknown]"); //$NON-NLS-1$
+        return Messages.getString("SFHelper.14"); //$NON-NLS-1$
+      }
+    String result = xp.getName();
+    if (result == null)
+      {
+        if (Configuration.DEBUG)
+          log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$
+                   + ", has an Issuer with null DN. Return [unnamed]"); //$NON-NLS-1$
+        return Messages.getString("SFHelper.17"); //$NON-NLS-1$
+      }
+    return result;
+  }
+
+  /**
+   * Given an X.509 certificate this method returns the string representation of
+   * the Subject Distinguished Name.
+   * 
+   * @param cert an X.509 certificate.
+   * @return the string representation of the Subject's DN.
+   */
+  private String getSubjectName(X509Certificate cert)
+  {
+    X500Principal xp = cert.getSubjectX500Principal();
+    if (xp == null)
+      {
+        if (Configuration.DEBUG)
+          log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$
+                   + ", has null Subject. Return [unknown]"); //$NON-NLS-1$
+        return Messages.getString("SFHelper.14"); //$NON-NLS-1$
+      }
+    String result = xp.getName();
+    if (result == null)
+      {
+        if (Configuration.DEBUG)
+          log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$
+                   + ", has a Subject with null DN. Return [unnamed]"); //$NON-NLS-1$
+        return Messages.getString("SFHelper.17"); //$NON-NLS-1$
+      }
+    return result;
+  }
+
+  /**
+   * Given an X.509 certificate this method returns the end validity date of 
+   * this certificate.
+   * 
+   * @param cert an X.509 certificate.
+   * @return the date when this certificate stops being valid.
+   */
+  private Date getNotAfterDate(X509Certificate cert)
+  {
+    Date result = cert.getNotAfter();
+    if (result == null)
+      {
+        if (Configuration.DEBUG)
+          log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$
+                   + ", has null start-validity date. Return epoch"); //$NON-NLS-1$
+        return new Date(0);
+      }
+    return result;
+  }
+
+  /**
+   * Given an X.509 certificate this method returns the start validity date of
+   * this certificate.
+   * 
+   * @param cert an X.509 certificate.
+   * @return the date when this certificate starts being valid.
+   */
+  private Date getNotBeforeDate(X509Certificate cert)
+  {
+    Date result = cert.getNotBefore();
+    if (result == null)
+      {
+        if (Configuration.DEBUG)
+          log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$
+                   + ", has null end-validity date. Return epoch"); //$NON-NLS-1$
+        return new Date(0);
+      }
+    return result;
+  }
 }