hello there, the attached patch --already committed-- adds support for localisable messages in jarsigner. it also refactors some classes to use the newly added common utilities.
2006-05-02 Raif S. Naffah <[EMAIL PROTECTED]>
* tools/gnu/classpath/tools/jarsigner/jarsigner.txt: Re-arranged to
resemble more closely man-page style text.
* tools/gnu/classpath/tools/jarsigner/SFHelper.java:
Mark (Eclipse) strings that need not be externalised.
(writeSF): Likewise.
(writeDSA): Likewise.
Use package-private Messages class to provide i18n-ready strings.
(startSigning):
Use package-private Messages class to provide i18n-ready strings.
(updateEntry): Likewise.
Mark (Eclipse) strings that need not be externalised.
(finishSigning): Likewise.
* tools/gnu/classpath/tools/jarsigner/Main.java:
Mark (Eclipse) strings that need not be externalised.
(main): Do not use constant strings as class name.
Use package-private Messages class to provide i18n-ready strings.
Reduced logging level so INFO becomes FINER, and WARNING becomes FINE.
(processArgs): Do not use constant strings as class name.
Mark (Eclipse) strings that need not be externalised.
Reduced logging level so INFO becomes FINER, and WARNING becomes FINE.
(start): Do not use constant strings as class name.
(teardown): Likewise.
Use ProviderUtil.
(setupCommonParams): Do not use constant strings as class name.
Use package-private Messages class to provide i18n-ready strings.
Reduced logging level so INFO becomes FINER, and WARNING becomes FINE.
(installNewProvider): Do not use constant strings as class name.
Use ProviderUtil.
(setupSigningParams): Do not use constant strings as class name.
Use package-private Messages class to provide i18n-ready strings.
Mark (Eclipse) strings that need not be externalised.
(getCallbackHandler): Use CallbackUtil.
* tools/gnu/classpath/tools/jarsigner/JarSigner.java (start):
Use package-private Messages class to provide i18n-ready strings.
Reduced logging level so INFO becomes FINER, and WARNING becomes FINE.
* tools/gnu/classpath/tools/jarsigner/JarVerifier.java (start):
Likewise.
(verifySF): Likewise.
(verifySFEntries): Do not use constant strings as class name.
Use Boolean.valueOf instead of new Boolean().
(verifySFEntry): Mark (Eclipse) strings that need not be externalised.
* resource/gnu/classpath/tools/jarsigner/MessageBundle.properties:
New file.
* tools/gnu/classpath/tools/jarsigner/package.html: Likewise.
* tools/gnu/classpath/tools/jarsigner/Messages.java: Likewise.
cheers;
rsn
Index: MessageBundle.properties
===================================================================
RCS file: MessageBundle.properties
diff -N MessageBundle.properties
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ MessageBundle.properties 2 May 2006 00:26:52 -0000
@@ -0,0 +1,33 @@
+# default locale messages for gnu.classpath.tools.jarsigner package
+
+Main.7=jarsigner:
+Main.9=jarsigner error:
+Main.70=JAR file [{0}] is NOT a file object
+Main.72=JAR file [{0}] is NOT readable
+#Main.85=Option '-keystore' is not defined or is an empty string, and
'user.home' is unknown
+Main.85=Unable to locate a valid key store
+Main.92=Enter key store password:
+Main.6=Designated alias [{0}] MUST be known to the key store in use
+Main.95=Designated alias [{0}] MUST be an Alias of a Key Entry
+Main.97=Enter key password for <{0}>:
+Main.99=Key associated with [{0}] MUST be a private key
+
+JarSigner.1=\ \ signing:
+JarSigner.2=\ updating:
+JarSigner.8=\ \ \ adding:
+JarSigner.11=\ \ \ adding:
+JarSigner.14=jar signed.
+
+JarVerifier.2=jar is not signed.--no signature files found.
+JarVerifier.3=jar verification failed.
+JarVerifier.4=jar partially verified --{0,numer} of {1,number} signers.
+JarVerifier.7=jar verified --{0,number} signer(s).
+JarVerifier.13=Signature Block missing for {0}
+JarVerifier.14=At least one SignerInfo element MUST be present in a Signature
Block (.DSA file)
+JarVerifier.16=Missing EncryptedDigest in Signature Block (.DSA file) first
SignerInfo element
+
+SFHelper.1=Helper is NOT finished
+SFHelper.4=.SF file has NOT been generated
+SFHelper.6=Unknown or unsupported private key algorithm
+SFHelper.9=Helper is NOT ready
+SFHelper.10=Helper is NOT started
Index: package.html
===================================================================
RCS file: package.html
diff -N package.html
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ package.html 2 May 2006 00:28:24 -0000
@@ -0,0 +1,60 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<!-- package.html - describes classes in gnu.classpath.tools.jarsigner
+
+Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. -->
+
+<html>
+<head>
+ <title>GNU Classpath - gnu.classpath.tools.jarsigner</title>
+</head>
+
+<body>
+This package contains the classes that provide an implementation of the
+Security Tool: <code>jarsigner</code>. The behaviour of these classes should
+match that of the same tool provided in the RI version 1.4.2, except for the
+following:
+
+<ul>
+ <li>The RI tool accepts -J<i>javaoption</i> options which it then passes to
+ the underlying JVM. This is because the RI tool acts as a <i>wrapper</i>
+ around the JVM launcher.
+ <p>
+ This implementation DOES NOT support these options.
+ </li>
+</ul>
+</body>
+</html>
Index: JarSigner.java
===================================================================
RCS file:
/cvsroot/classpath/classpath/tools/gnu/classpath/tools/jarsigner/JarSigner.java,v
retrieving revision 1.4
diff -u -r1.4 JarSigner.java
--- JarSigner.java 29 Apr 2006 07:39:19 -0000 1.4
+++ JarSigner.java 2 May 2006 00:29:11 -0000
@@ -69,7 +69,7 @@
void start() throws Exception
{
- log.entering("JarSigner", "start");
+ log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$
JarFile jarFile = new JarFile(main.getJarFileName());
SFHelper sfHelper = new SFHelper(jarFile);
@@ -87,15 +87,15 @@
sfHelper.updateEntry(je);
if (main.isVerbose())
- System.out.println(" signing: " + jeName);
+ System.out.println(Messages.getString("JarSigner.1") + jeName);
//$NON-NLS-1$
}
sfHelper.finishSigning(main.isSectionsOnly());
if (main.isVerbose())
- System.out.println(" updating: " + JarFile.MANIFEST_NAME);
+ System.out.println(Messages.getString("JarSigner.2") +
JarFile.MANIFEST_NAME); //$NON-NLS-1$
// 2. write jar entries and manifest
- File signedJarFile = File.createTempFile("gcp-", ".jar");
+ File signedJarFile = File.createTempFile("gcp-", ".jar"); //$NON-NLS-1$
//$NON-NLS-2$
FileOutputStream fos = new FileOutputStream(signedJarFile);
JarOutputStream outSignedJarFile = new JarOutputStream(fos,
sfHelper.getManifest());
@@ -107,7 +107,7 @@
|| jeName.endsWith(File.separator))
continue;
- log.finest("Processing " + jeName);
+ log.finest("Processing " + jeName); //$NON-NLS-1$
JarEntry newEntry = new JarEntry(jeName);
newEntry.setTime(je.getTime());
outSignedJarFile.putNextEntry(newEntry);
@@ -119,19 +119,19 @@
String signaturesFileName = main.getSigFileName();
String sfFileName = JarUtils.META_INF + signaturesFileName
+ JarUtils.SF_SUFFIX;
- log.finest("Processing " + sfFileName);
+ log.finest("Processing " + sfFileName); //$NON-NLS-1$
JarEntry sfEntry = new JarEntry(sfFileName);
sfEntry.setTime(System.currentTimeMillis());
outSignedJarFile.putNextEntry(sfEntry);
sfHelper.writeSF(outSignedJarFile);
- log.info("Created .SF file");
+ log.finer("Created .SF file"); //$NON-NLS-1$
if (main.isVerbose())
- System.out.println(" adding: " + sfFileName);
+ System.out.println(Messages.getString("JarSigner.8") + sfFileName);
//$NON-NLS-1$
// 4. create the .DSA file
String dsaFileName = JarUtils.META_INF + signaturesFileName
+ JarUtils.DSA_SUFFIX;
- log.finest("Processing " + dsaFileName);
+ log.finest("Processing " + dsaFileName); //$NON-NLS-1$
JarEntry dsaEntry = new JarEntry(dsaFileName);
dsaEntry.setTime(System.currentTimeMillis());
outSignedJarFile.putNextEntry(dsaEntry);
@@ -139,20 +139,20 @@
main.getSignerPrivateKey(),
main.getSignerCertificateChain(),
main.isInternalSF());
- log.info("Created .DSA file");
+ log.finer("Created .DSA file"); //$NON-NLS-1$
if (main.isVerbose())
- System.out.println(" adding: " + dsaFileName);
+ System.out.println(Messages.getString("JarSigner.11") + dsaFileName);
//$NON-NLS-1$
// cleanup
outSignedJarFile.close();
fos.close();
signedJarFile.renameTo(new File(main.getSignedJarFileName()));
- log.info("Renamed signed JAR file");
+ log.finer("Renamed signed JAR file"); //$NON-NLS-1$
if (main.isVerbose())
- System.out.println(SystemProperties.getProperty("line.separator")
- + "jar signed.");
+ System.out.println(SystemProperties.getProperty("line.separator")
//$NON-NLS-1$
+ + Messages.getString("JarSigner.14")); //$NON-NLS-1$
- log.exiting("JarSigner", "start");
+ log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$
}
private void copyFromTo(InputStream in, JarOutputStream out)
Index: JarVerifier.java
===================================================================
RCS file:
/cvsroot/classpath/classpath/tools/gnu/classpath/tools/jarsigner/JarVerifier.java,v
retrieving revision 1.4
diff -u -r1.4 JarVerifier.java
--- JarVerifier.java 29 Apr 2006 07:39:19 -0000 1.4
+++ JarVerifier.java 2 May 2006 00:33:31 -0000
@@ -94,7 +94,7 @@
void start() throws Exception
{
- log.entering("JarVerifier", "start");
+ log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$
String jarFileName = main.getJarFileName();
jarFile = new JarFile(jarFileName);
@@ -110,7 +110,7 @@
continue;
// only interested in .SF files in, and not deeper than, META-INF
- String[] jeNameParts = jeName.split("/");
+ String[] jeNameParts = jeName.split("/"); //$NON-NLS-1$
if (jeNameParts.length != 2)
continue;
@@ -121,7 +121,7 @@
// 2. verify each one
if (sfFiles.isEmpty())
- System.out.println("jar is not signed.--no signature files found.");
+ System.out.println(Messages.getString("JarVerifier.2")); //$NON-NLS-1$
else
{
int limit = sfFiles.size();
@@ -135,15 +135,17 @@
}
if (count == 0)
- System.out.println("jar verification failed.");
+ System.out.println(Messages.getString("JarVerifier.3"));
//$NON-NLS-1$
else if (count != limit)
- System.out.println("jar partially verified --" + count + " of "
- + limit + " signers.");
+ System.out.println(Messages.getFormattedString("JarVerifier.4",
//$NON-NLS-1$
+ new Integer[]
{Integer.valueOf(count),
+
Integer.valueOf(limit)}));
else
- System.out.println("jar verified --" + limit + " signer(s).");
+ System.out.println(Messages.getFormattedString("JarVerifier.7",
//$NON-NLS-1$
+
Integer.valueOf(limit)));
}
- log.exiting("JarVerifier", "start");
+ log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$
}
/**
@@ -160,15 +162,15 @@
private boolean verifySF(String sigFileName) throws CRLException,
CertificateException, ZipException, IOException
{
- log.entering("JarVerifier", "verifySF");
- log.finest("About to verify signature of " + sigFileName + "...");
+ log.entering(this.getClass().getName(), "verifySF"); //$NON-NLS-1$
+ log.finest("About to verify signature of " + sigFileName + "...");
//$NON-NLS-1$ //$NON-NLS-2$
// 1. find the corresponding .DSA file for this .SF file
JarEntry dsaEntry = jarFile.getJarEntry(JarUtils.META_INF + sigFileName
+ JarUtils.DSA_SUFFIX);
if (dsaEntry == null)
- throw new SecurityException("Signature Block missing for " +
sigFileName);
-
+ throw new
SecurityException(Messages.getFormattedString("JarVerifier.13", //$NON-NLS-1$
+ sigFileName));
// 2. read the .DSA file contents as a PKCS7 SignedData
InputStream in = jarFile.getInputStream(dsaEntry);
PKCS7SignedData pkcs7SignedData = new PKCS7SignedData(in);
@@ -177,19 +179,19 @@
// this octet string is the digital signature of the .SF file contents
Set signerInfos = pkcs7SignedData.getSignerInfos();
if (signerInfos == null || signerInfos.isEmpty())
- throw new SecurityException("At least one SignerInfo element MUST be "
- + "present in a Signature Block (.DSA
file)");
+ throw new SecurityException(Messages.getString("JarVerifier.14"));
//$NON-NLS-1$
+
SignerInfo signerInfo = (SignerInfo) signerInfos.iterator().next();
byte[] encryptedDigest = signerInfo.getEncryptedDigest();
if (encryptedDigest == null)
- throw new SecurityException("Missing EncryptedDigest in Signature Block "
- + "(.DSA file) first SignerInfo element");
- log.finest("\n" + Util.dumpString(encryptedDigest, "--- signedSFBytes "));
+ throw new SecurityException(Messages.getString("JarVerifier.16"));
//$NON-NLS-1$
+
+ log.finest("\n" + Util.dumpString(encryptedDigest, "--- signedSFBytes "));
//$NON-NLS-1$ //$NON-NLS-2$
// 5. get the signer public key
Certificate cert = pkcs7SignedData.getCertificates()[0];
PublicKey verifierKey = cert.getPublicKey();
- log.finest("--- verifier public key = " + verifierKey);
+ log.finest("--- verifier public key = " + verifierKey); //$NON-NLS-1$
// 6. verify the signature file signature
OID digestEncryptionAlgorithmOID =
signerInfo.getDigestEncryptionAlgorithmId();
@@ -223,10 +225,10 @@
signatureAlgorithm.update(buffer, 0, n);
boolean result = signatureAlgorithm.verify(herSignature);
- log.info("Signature block [" + sigFileName + "] is "
- + (result ? "" : "NOT ") + "OK");
+ log.finer("Signature block [" + sigFileName + "] is " //$NON-NLS-1$
//$NON-NLS-2$
+ + (result ? "" : "NOT ") + "OK"); //$NON-NLS-1$ //$NON-NLS-2$
//$NON-NLS-3$
- log.exiting("JarVerifier", "verifySF", new Boolean(result));
+ log.exiting(this.getClass().getName(), "verifySF",
Boolean.valueOf(result)); //$NON-NLS-1$
return result;
}
@@ -248,7 +250,7 @@
*/
private boolean verifySFEntries(String alias) throws IOException
{
- log.entering("JarVerifier", "verifySFEntries");
+ log.entering(this.getClass().getName(), "verifySFEntries"); //$NON-NLS-1$
// 1. read the signature file
JarEntry jarEntry = jarFile.getJarEntry(JarUtils.META_INF + alias
@@ -289,7 +291,8 @@
break;
}
- log.exiting("JarVerifier", "verifySFEntries", new Boolean(result));
+ log.exiting(this.getClass().getName(), "verifySFEntries",
+ Boolean.valueOf(result)); //$NON-NLS-1$
return result;
}
@@ -316,7 +319,7 @@
{
String expectedValue = getEntryHash(JarFile.MANIFEST_NAME);
boolean result = expectedValue.equalsIgnoreCase(hash);
- log.finest("Is " + name + " OK? " + result);
+ log.finest("Is " + name + " OK? " + result); //$NON-NLS-1$ //$NON-NLS-2$
return result;
}
Index: Main.java
===================================================================
RCS file:
/cvsroot/classpath/classpath/tools/gnu/classpath/tools/jarsigner/Main.java,v
retrieving revision 1.7
diff -u -r1.7 Main.java
--- Main.java 29 Apr 2006 07:39:19 -0000 1.7
+++ Main.java 2 May 2006 00:39:04 -0000
@@ -40,6 +40,8 @@
import gnu.classpath.SystemProperties;
import gnu.classpath.tools.HelpPrinter;
+import gnu.classpath.tools.common.CallbackUtil;
+import gnu.classpath.tools.common.ProviderUtil;
import gnu.java.security.OID;
import gnu.java.security.Registry;
import gnu.javax.security.auth.callback.ConsoleCallbackHandler;
@@ -49,13 +51,11 @@
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
-import java.security.AccessController;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
-import java.security.PrivilegedAction;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
@@ -82,10 +82,10 @@
public class Main
{
private static final Logger log = Logger.getLogger(Main.class.getName());
- private static final String HELP_PATH = "jarsigner/jarsigner.txt";
- private static final Locale EN_US_LOCALE = new Locale("en", "US");
- static final String DIGEST = "SHA1-Digest";
- static final String DIGEST_MANIFEST = "SHA1-Digest-Manifest";
+ private static final String HELP_PATH = "jarsigner/jarsigner.txt";
//$NON-NLS-1$
+ private static final Locale EN_US_LOCALE = new Locale("en", "US");
//$NON-NLS-1$ //$NON-NLS-2$
+ static final String DIGEST = "SHA1-Digest"; //$NON-NLS-1$
+ static final String DIGEST_MANIFEST = "SHA1-Digest-Manifest"; //$NON-NLS-1$
static final Name DIGEST_ATTR = new Name(DIGEST);
static final Name DIGEST_MANIFEST_ATTR = new Name(DIGEST_MANIFEST);
static final OID DSA_SIGNATURE_OID = new OID(Registry.DSA_OID_STRING);
@@ -123,7 +123,7 @@
public static final void main(String[] args)
{
- log.entering("Main", "main", args);
+ log.entering(Main.class.getName(), "main", args); //$NON-NLS-1$
Main tool = new Main();
try
@@ -133,18 +133,18 @@
}
catch (SecurityException x)
{
- log.throwing("Main", "main", x);
- System.err.println("jarsigner: " + x.getMessage());
+ log.throwing(Main.class.getName(), "main", x); //$NON-NLS-1$
+ System.err.println(Messages.getString("Main.7") + x.getMessage());
//$NON-NLS-1$
}
catch (Exception x)
{
- log.throwing("Main", "main", x);
- System.err.println("jarsigner error: " + x);
+ log.throwing(Main.class.getName(), "main", x); //$NON-NLS-1$
+ System.err.println(Messages.getString("Main.9") + x); //$NON-NLS-1$
}
tool.teardown();
- log.exiting("Main", "main");
+ log.exiting(Main.class.getName(), "main"); //$NON-NLS-1$
// System.exit(0);
}
@@ -159,46 +159,46 @@
*/
private void processArgs(String[] args) throws Exception
{
- log.entering("Main", "processArgs", args);
+ log.entering(this.getClass().getName(), "processArgs", args); //$NON-NLS-1$
HelpPrinter.checkHelpKey(args, HELP_PATH);
if (args == null || args.length == 0)
HelpPrinter.printHelpAndExit(HELP_PATH);
int limit = args.length;
- log.finest("args.length=" + limit);
+ log.finest("args.length=" + limit); //$NON-NLS-1$
int i = 0;
String opt;
while (i < limit)
{
opt = args[i++];
- log.finest("args[" + (i - 1) + "]=" + opt);
+ log.finest("args[" + (i - 1) + "]=" + opt); //$NON-NLS-1$ //$NON-NLS-2$
if (opt == null || opt.length() == 0)
continue;
- if ("-verify".equals(opt)) // -verify
+ if ("-verify".equals(opt)) // -verify //$NON-NLS-1$
verify = true;
- else if ("-keystore".equals(opt)) // -keystore URL
+ else if ("-keystore".equals(opt)) // -keystore URL //$NON-NLS-1$
ksURL = args[i++];
- else if ("-storetype".equals(opt)) // -storetype STORE_TYPE
+ else if ("-storetype".equals(opt)) // -storetype STORE_TYPE
//$NON-NLS-1$
ksType = args[i++];
- else if ("-storepass".equals(opt)) // -storepass PASSWORD
+ else if ("-storepass".equals(opt)) // -storepass PASSWORD //$NON-NLS-1$
ksPassword = args[i++];
- else if ("-keypass".equals(opt)) // -keypass PASSWORD
+ else if ("-keypass".equals(opt)) // -keypass PASSWORD //$NON-NLS-1$
password = args[i++];
- else if ("-sigfile".equals(opt)) // -sigfile NAME
+ else if ("-sigfile".equals(opt)) // -sigfile NAME //$NON-NLS-1$
sigFileName = args[i++];
- else if ("-signedjar".equals(opt)) // -signedjar FILE_NAME
+ else if ("-signedjar".equals(opt)) // -signedjar FILE_NAME
//$NON-NLS-1$
signedJarFileName = args[i++];
- else if ("-verbose".equals(opt)) // -verbose
+ else if ("-verbose".equals(opt)) // -verbose //$NON-NLS-1$
verbose = true;
- else if ("-certs".equals(opt)) // -certs
+ else if ("-certs".equals(opt)) // -certs //$NON-NLS-1$
certs = true;
- else if ("-internalsf".equals(opt)) // -internalsf
+ else if ("-internalsf".equals(opt)) // -internalsf //$NON-NLS-1$
internalSF = true;
- else if ("-sectionsonly".equals(opt)) // -sectionsonly
+ else if ("-sectionsonly".equals(opt)) // -sectionsonly //$NON-NLS-1$
sectionsOnly = true;
- else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME
+ else if ("-provider".equals(opt)) // -provider PROVIDER_CLASS_NAME
//$NON-NLS-1$
providerClassName = args[i++];
else
{
@@ -211,43 +211,43 @@
}
if (i < limit) // more options than needed
- log.warning("Last argument is assumed at index #" + (i - 1)
- + ". Remaining arguments (" + args[i]
- + "...) will be ignored");
+ log.fine("Last argument is assumed at index #" + (i - 1) //$NON-NLS-1$
+ + ". Remaining arguments (" + args[i] //$NON-NLS-1$
+ + "...) will be ignored"); //$NON-NLS-1$
setupCommonParams();
if (verify)
{
- log.info("Will verify with the following parameters:");
- log.info(" jar-file = '" + jarFileName + "'");
- log.info("Options:");
- log.info(" provider = '" + providerClassName + "'");
- log.info(" verbose ? " + verbose);
- log.info(" certs ? " + certs);
- log.info(" internalsf ? " + internalSF);
- log.info(" sectionsonly ? " + sectionsOnly);
+ log.finer("Will verify with the following parameters:"); //$NON-NLS-1$
+ log.finer(" jar-file = '" + jarFileName + "'"); //$NON-NLS-1$
//$NON-NLS-2$
+ log.finer("Options:"); //$NON-NLS-1$
+ log.finer(" provider = '" + providerClassName + "'");
//$NON-NLS-1$ //$NON-NLS-2$
+ log.finer(" verbose ? " + verbose); //$NON-NLS-1$
+ log.finer(" certs ? " + certs); //$NON-NLS-1$
+ log.finer(" internalsf ? " + internalSF); //$NON-NLS-1$
+ log.finer(" sectionsonly ? " + sectionsOnly); //$NON-NLS-1$
}
else // sign
{
setupSigningParams();
- log.info("Will sign with the following parameters:");
- log.info(" jar-file = '" + jarFileName + "'");
- log.info(" alias = '" + alias + "'");
- log.info("Options:");
- log.info(" keystore = '" + ksURL + "'");
- log.info(" storetype = '" + ksType + "'");
- log.info(" storepass = '" + ksPassword + "'");
- log.info(" keypass = '" + password + "'");
- log.info(" sigfile = '" + sigFileName + "'");
- log.info(" signedjar = '" + signedJarFileName + "'");
- log.info(" provider = '" + providerClassName + "'");
- log.info(" verbose ? " + verbose);
- log.info(" internalsf ? " + internalSF);
- log.info(" sectionsonly ? " + sectionsOnly);
+ log.finer("Will sign with the following parameters:"); //$NON-NLS-1$
+ log.finer(" jar-file = '" + jarFileName + "'"); //$NON-NLS-1$
//$NON-NLS-2$
+ log.finer(" alias = '" + alias + "'"); //$NON-NLS-1$
//$NON-NLS-2$
+ log.finer("Options:"); //$NON-NLS-1$
+ log.finer(" keystore = '" + ksURL + "'"); //$NON-NLS-1$
//$NON-NLS-2$
+ log.finer(" storetype = '" + ksType + "'"); //$NON-NLS-1$
//$NON-NLS-2$
+ log.finer(" storepass = '" + ksPassword + "'"); //$NON-NLS-1$
//$NON-NLS-2$
+ log.finer(" keypass = '" + password + "'"); //$NON-NLS-1$
//$NON-NLS-2$
+ log.finer(" sigfile = '" + sigFileName + "'"); //$NON-NLS-1$
//$NON-NLS-2$
+ log.finer(" signedjar = '" + signedJarFileName + "'");
//$NON-NLS-1$ //$NON-NLS-2$
+ log.finer(" provider = '" + providerClassName + "'");
//$NON-NLS-1$ //$NON-NLS-2$
+ log.finer(" verbose ? " + verbose); //$NON-NLS-1$
+ log.finer(" internalsf ? " + internalSF); //$NON-NLS-1$
+ log.finer(" sectionsonly ? " + sectionsOnly); //$NON-NLS-1$
}
- log.exiting("Main", "processArgs");
+ log.exiting(this.getClass().getName(), "processArgs"); //$NON-NLS-1$
}
/**
@@ -260,7 +260,7 @@
*/
private void start() throws Exception
{
- log.entering("Main", "start");
+ log.entering(this.getClass().getName(), "start"); //$NON-NLS-1$
if (verify)
{
@@ -273,7 +273,7 @@
js.start();
}
- log.exiting("Main", "start");
+ log.exiting(this.getClass().getName(), "start"); //$NON-NLS-1$
}
/**
@@ -287,24 +287,12 @@
*/
private void teardown()
{
- log.entering("Main", "teardown");
+ log.entering(this.getClass().getName(), "teardown"); //$NON-NLS-1$
if (providerInstalled)
- {
- final String providerName = provider.getName();
- log.info("About to remove provider: " + providerName);
- // remove it. again we need to override security checks
- AccessController.doPrivileged(new PrivilegedAction()
- {
- public Object run()
- {
- Security.removeProvider(providerName);
- return null;
- }
- });
- }
+ ProviderUtil.removeProvider(provider.getName());
- log.exiting("Main", "teardown");
+ log.exiting(this.getClass().getName(), "teardown"); //$NON-NLS-1$
}
/**
@@ -329,7 +317,7 @@
private void setupCommonParams() throws InstantiationException,
IllegalAccessException, ClassNotFoundException, IOException
{
- log.entering("Main", "setupCommonParams");
+ log.entering(this.getClass().getName(), "setupCommonParams"); //$NON-NLS-1$
if (jarFileName == null)
HelpPrinter.printHelpAndExit(HELP_PATH);
@@ -339,10 +327,10 @@
throw new FileNotFoundException(jarFileName);
if (jar.isDirectory())
- throw new IOException("JAR file [" + jarFileName
- + "] is NOT a file object");
+ throw new IOException(Messages.getFormattedString("Main.70",
jarFileName)); //$NON-NLS-1$
+
if (! jar.canRead())
- throw new IOException("JAR file [" + jarFileName + "] is NOT readable");
+ throw new IOException(Messages.getFormattedString("Main.72",
jarFileName)); //$NON-NLS-1$ //$NON-NLS-2$
if (providerClassName != null && providerClassName.length() > 0)
{
@@ -351,18 +339,18 @@
String providerName = provider.getName();
Provider installedProvider = Security.getProvider(providerName);
if (installedProvider != null)
- log.info("Provider " + providerName + " is already installed");
+ log.finer("Provider " + providerName + " is already installed");
//$NON-NLS-1$ //$NON-NLS-2$
else // install it
installNewProvider();
}
if (! verbose && certs)
{
- log.warning("Option <certs> is set but <verbose> is not. Ignored");
+ log.fine("Option <certs> is set but <verbose> is not. Ignored");
//$NON-NLS-1$
certs = false;
}
- log.exiting("Main", "setupCommonParams");
+ log.exiting(this.getClass().getName(), "setupCommonParams"); //$NON-NLS-1$
}
/**
@@ -372,23 +360,11 @@
*/
private void installNewProvider()
{
- log.entering("Main", "installNewProvider");
+ log.entering(this.getClass().getName(), "installNewProvider");
//$NON-NLS-1$
- String providerName = provider.getName();
- log.info("About to install new provider: " + providerName);
- // we need to override security checks
- Boolean result = (Boolean) AccessController.doPrivileged(new
PrivilegedAction()
- {
- public Object run()
- {
- int actualPosition = Security.insertProviderAt(provider, 1);
- return new Boolean(actualPosition != - 1);
- }
- });
- log.info("Provider " + providerName + " installed successfully? " +
result);
- providerInstalled = result.booleanValue();
+ providerInstalled = ProviderUtil.addProvider(provider) != -1;
- log.exiting("Main", "installNewProvider");
+ log.exiting(this.getClass().getName(), "installNewProvider"); //$NON-NLS-1$
}
/**
@@ -414,22 +390,21 @@
NoSuchAlgorithmException, CertificateException,
UnsupportedCallbackException, UnrecoverableKeyException
{
- log.entering("Main", "setupSigningParams");
+ log.entering(this.getClass().getName(), "setupSigningParams");
//$NON-NLS-1$
if (ksURL == null || ksURL.trim().length() == 0)
{
- String userHome = SystemProperties.getProperty("user.home");
+ String userHome = SystemProperties.getProperty("user.home");
//$NON-NLS-1$
if (userHome == null || userHome.trim().length() == 0)
- throw new SecurityException("Option '-keystore' is not defined or"
- + " is an empty string, and 'user.home'"
- + " is unknown");
- ksURL = "file:" + userHome.trim() + "/.keystore";
+ throw new SecurityException(Messages.getString("Main.85"));
//$NON-NLS-1$
+
+ ksURL = "file:" + userHome.trim() + "/.keystore"; //$NON-NLS-1$
//$NON-NLS-2$
}
else
{
ksURL = ksURL.trim();
- if (ksURL.indexOf(":") == -1)
- ksURL = "file:" + ksURL;
+ if (ksURL.indexOf(":") == -1) //$NON-NLS-1$
+ ksURL = "file:" + ksURL; //$NON-NLS-1$
}
if (ksType == null || ksType.trim().length() == 0)
@@ -442,7 +417,7 @@
if (ksPassword == null)
{
// ask the user to provide one
- PasswordCallback pcb = new PasswordCallback("Enter keystore password:
",
+ PasswordCallback pcb = new
PasswordCallback(Messages.getString("Main.92"), //$NON-NLS-1$
false);
getCallbackHandler().handle(new Callback[] { pcb });
ksPasswordChars = pcb.getPassword();
@@ -458,11 +433,11 @@
HelpPrinter.printHelpAndExit(HELP_PATH);
if (! store.containsAlias(alias))
- throw new SecurityException("Designated alias [" + alias
- + "] MUST be known to the key store in use");
+ throw new SecurityException(Messages.getFormattedString("Main.6",
alias)); //$NON-NLS-1$
+
if (! store.isKeyEntry(alias))
- throw new SecurityException("Designated alias [" + alias
- + "] MUST be an Alias of a Key Entry");
+ throw new SecurityException(Messages.getFormattedString("Main.95",
alias)); //$NON-NLS-1$
+
Key key;
if (password == null)
{
@@ -474,8 +449,8 @@
catch (UnrecoverableKeyException x)
{
// ask the user to provide one
- PasswordCallback pcb = new PasswordCallback("Enter key password
for "
- + alias + ": ", false);
+ String prompt = Messages.getFormattedString("Main.97", alias);
//$NON-NLS-1$
+ PasswordCallback pcb = new PasswordCallback(prompt, false);
getCallbackHandler().handle(new Callback[] { pcb });
passwordChars = pcb.getPassword();
// take 2
@@ -489,8 +464,8 @@
}
if (! (key instanceof PrivateKey))
- throw new SecurityException("Key associated with " + alias
- + " MUST be a private key");
+ throw new SecurityException(Messages.getFormattedString("Main.99",
alias)); //$NON-NLS-1$
+
signerPrivateKey = (PrivateKey) key;
signerCertificateChain = store.getCertificateChain(alias);
log.finest(String.valueOf(signerCertificateChain));
@@ -518,7 +493,7 @@
if (signedJarFileName == null)
signedJarFileName = jarFileName;
- log.exiting("Main", "setupSigningParams");
+ log.exiting(this.getClass().getName(), "setupSigningParams"); //$NON-NLS-1$
}
boolean isVerbose()
@@ -585,53 +560,7 @@
protected CallbackHandler getCallbackHandler()
{
if (handler == null)
- {
- String service = "CallbackHandler.Console"; //$NON-NLS-1$
- Provider[] providers = Security.getProviders(service);
- if (providers != null)
- for (int i = 0; i < providers.length; i++)
- {
- Provider p = providers[i];
- String className = p.getProperty(service);
- if (className != null)
- try
- {
- handler = (CallbackHandler)
Class.forName(className).newInstance();
- }
- catch (InstantiationException x)
- {
- log.fine("InstantiationException while creating ["
//$NON-NLS-1$
- + className + "] from provider [" + p.getName()
//$NON-NLS-1$
- + "]. Ignore"); //$NON-NLS-1$
- }
- catch (IllegalAccessException x)
- {
- log.fine("IllegalAccessException while creating ["
//$NON-NLS-1$
- + className + "] from provider [" + p.getName()
//$NON-NLS-1$
- + "]. Ignore"); //$NON-NLS-1$
- }
- catch (ClassNotFoundException x)
- {
- log.fine("ClassNotFoundException while creating ["
//$NON-NLS-1$
- + className + "] from provider [" + p.getName()
//$NON-NLS-1$
- + "]. Ignore"); //$NON-NLS-1$
- }
-
- if (handler != null)
- {
-
- log.fine("Will use [" + handler.getClass().getName()
//$NON-NLS-1$
- + "] from [" + p.getName() + "]"); //$NON-NLS-1$
//$NON-NLS-2$
- break;
- }
- }
-
- if (handler == null)
- {
- log.fine("No console callback handler found. Will use ours");
//$NON-NLS-1$
- handler = new ConsoleCallbackHandler();
- }
- }
+ CallbackUtil.getConsoleHandler();
return handler;
}
Index: Messages.java
===================================================================
RCS file: Messages.java
diff -N Messages.java
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ Messages.java 2 May 2006 00:51:59 -0000
@@ -0,0 +1,115 @@
+/* Messages.java -- I18N related helper class
+ Copyright (C) 2006 Free Software Foundation, Inc.
+
+ This file is part of GNU Classpath.
+
+ GNU Classpath is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ GNU Classpath is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with GNU Classpath; see the file COPYING. If not, write to the
+ Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ 02110-1301 USA.
+
+ Linking this library statically or dynamically with other modules is
+ making a combined work based on this library. Thus, the terms and
+ conditions of the GNU General Public License cover the whole
+ combination.
+
+ As a special exception, the copyright holders of this library give you
+ permission to link this library with independent modules to produce an
+ executable, regardless of the license terms of these independent
+ modules, and to copy and distribute the resulting executable under
+ terms of your choice, provided that you also meet, for each linked
+ independent module, the terms and conditions of the license of that
+ module. An independent module is a module which is not derived from
+ or based on this library. If you modify this library, you may extend
+ this exception to your version of the library, but you are not
+ obligated to do so. If you do not wish to do so, delete this
+ exception statement from your version. */
+
+
+package gnu.classpath.tools.jarsigner;
+
+import java.text.MessageFormat;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+import java.util.logging.Logger;
+
+/**
+ * An initially generated Eclipse helper class to ease the use of localized
+ * messages.
+ * <p>
+ * Enriched to handle localized message formats.
+ */
+class Messages
+{
+ private static final Logger log = Logger.getLogger(Messages.class.getName());
+ private static final String BUNDLE_NAME =
"gnu.classpath.tools.jarsigner.MessageBundle"; //$NON-NLS-1$
+ private static final ResourceBundle RESOURCE_BUNDLE =
ResourceBundle.getBundle(BUNDLE_NAME);
+ private static final Map CACHED_FORMATS = new HashMap(5);
+
+ private Messages()
+ {
+ super();
+ }
+
+ public static String getString(String key)
+ {
+ try
+ {
+ return RESOURCE_BUNDLE.getString(key);
+ }
+ catch (MissingResourceException e)
+ {
+ return constructMessage(key, null);
+ }
+ }
+
+ public static String getFormattedString(String key, Object args)
+ {
+ MessageFormat mf = (MessageFormat) CACHED_FORMATS.get(key);
+ if (mf == null)
+ {
+ String formatString = getString(key);
+ if (formatString.startsWith("!"))
+ return constructMessage(key, args);
+
+ mf = new MessageFormat(formatString);
+ CACHED_FORMATS.put(key, mf);
+ }
+
+ // if the argument is not an array, then build one consisiting of the
+ // sole argument before passing it to the format() method
+ try
+ {
+ if (args instanceof Object[])
+ return mf.format(args);
+
+ return mf.format(new Object[] { args });
+ }
+ catch (IllegalArgumentException x)
+ {
+ log.fine("Exception while rendering a message format keyed by ["
+ + key + "]: " + mf.toPattern());
+ return constructMessage(mf.toPattern(), args);
+ }
+ }
+
+ private static final String constructMessage(String m, Object args)
+ {
+ if (args == null)
+ return '!' + m + '!';
+
+ return '!' + m + '!' + String.valueOf(args) + '!';
+ }
+}
Index: SFHelper.java
===================================================================
RCS file:
/cvsroot/classpath/classpath/tools/gnu/classpath/tools/jarsigner/SFHelper.java,v
retrieving revision 1.4
diff -u -r1.4 SFHelper.java
--- SFHelper.java 29 Apr 2006 07:39:19 -0000 1.4
+++ SFHelper.java 2 May 2006 00:53:11 -0000
@@ -96,7 +96,7 @@
private static final int SF_GENERATED = 3;
private static final int DSA_GENERATED = 4;
/**
http://asn1.elibel.tm.fr/cgi-bin/oid/display?oid=1.3.14.3.2.26&action=display */
- private static final OID hashAlgorithmIdentifierSHA1 = new
OID("1.3.14.3.2.26");
+ private static final OID hashAlgorithmIdentifierSHA1 = new
OID("1.3.14.3.2.26"); //$NON-NLS-1$
private int state;
private JarFile jar;
@@ -137,12 +137,12 @@
void writeSF(JarOutputStream jar) throws IOException
{
if (this.state != FINISHED)
- throw new IllegalStateException("Helper is NOT finished");
+ throw new IllegalStateException(Messages.getString("SFHelper.1"));
//$NON-NLS-1$
ByteArrayOutputStream baos = new ByteArrayOutputStream();
JarUtils.writeSFManifest(sfMainAttributes, sfEntries, baos);
sfBytes = baos.toByteArray();
- log.finest("\n" + Util.dumpString(sfBytes, "+++ sfBytes "));
+ log.finest("\n" + Util.dumpString(sfBytes, "+++ sfBytes ")); //$NON-NLS-1$
//$NON-NLS-2$
jar.write(sfBytes);
jar.flush();
@@ -214,9 +214,9 @@
throws IOException, CertificateEncodingException, CRLException
{
if (this.state != SF_GENERATED)
- throw new IllegalStateException(".SF file has NOT been generated");
+ throw new IllegalStateException(Messages.getString("SFHelper.4"));
//$NON-NLS-1$
- log.finest("+++ signer private key = " + signerKey);
+ log.finest("+++ signer private key = " + signerKey); //$NON-NLS-1$
ISignature signatureAlgorithm;
ISignatureCodec signatureCodec;
OID digestEncryptionAlgorithmOID;
@@ -233,7 +233,7 @@
digestEncryptionAlgorithmOID = Main.RSA_SIGNATURE_OID;
}
else
- throw new SecurityException("Unknown or unsupported private key
algorithm");
+ throw new SecurityException(Messages.getString("SFHelper.6"));
//$NON-NLS-1$
Map signatureAttributes = new HashMap();
signatureAttributes.put(ISignature.SIGNER_KEY, signerKey);
@@ -241,7 +241,7 @@
signatureAlgorithm.update(sfBytes, 0, sfBytes.length);
Object signature = signatureAlgorithm.sign();
byte[] signedSFBytes = signatureCodec.encodeSignature(signature);
- log.finest("\n" + Util.dumpString(signedSFBytes, "+++ signedSFBytes "));
+ log.finest("\n" + Util.dumpString(signedSFBytes, "+++ signedSFBytes "));
//$NON-NLS-1$ //$NON-NLS-2$
Set digestAlgorithms = new HashSet();
List digestAlgorithm = new ArrayList(2);
@@ -296,7 +296,7 @@
void startSigning() throws IOException
{
if (this.state != READY)
- throw new IllegalStateException("Helper is NOT ready");
+ throw new IllegalStateException(Messages.getString("SFHelper.9"));
//$NON-NLS-1$
Manifest oldManifest = jar.getManifest();
this.manifest = oldManifest == null ? new Manifest()
@@ -317,12 +317,12 @@
void updateEntry(JarEntry entry) throws IOException
{
if (this.state != STARTED)
- throw new IllegalStateException("Helper is NOT started");
+ throw new IllegalStateException(Messages.getString("SFHelper.10"));
//$NON-NLS-1$
String name = entry.getName();
InputStream jeis = jar.getInputStream(entry);
String hash = util.hashStream(jeis);
- log.finer("Hash of " + name + " = " + hash);
+ log.finer("Hash of " + name + " = " + hash); //$NON-NLS-1$ //$NON-NLS-2$
Attributes mainfestAttributes = manifest.getAttributes(name);
if (mainfestAttributes == null)
@@ -344,9 +344,9 @@
}
sfAttributes.putValue(Main.DIGEST, sfHash);
- log.finest("Name: " + name);
- log.finest(Main.DIGEST + ": " + sfHash);
- log.finest("");
+ log.finest("Name: " + name); //$NON-NLS-1$
+ log.finest(Main.DIGEST + ": " + sfHash); //$NON-NLS-1$
+ log.finest(""); //$NON-NLS-1$
}
/**
@@ -356,7 +356,7 @@
void finishSigning(boolean sectionsOnly) throws IOException
{
if (state != STARTED)
- throw new IllegalStateException("Helper is NOT started");
+ throw new IllegalStateException(Messages.getString("SFHelper.10"));
//$NON-NLS-1$
if (sectionsOnly)
return;
@@ -365,7 +365,7 @@
manifest.write(baos);
baos.flush();
String manifestHash = util.hashByteArray(baos.toByteArray());
- log.fine("Hashed Manifest " + manifestHash);
+ log.fine("Hashed Manifest " + manifestHash); //$NON-NLS-1$
sfMainAttributes.putValue(Main.DIGEST_MANIFEST, manifestHash);
this.state = FINISHED;
Index: jarsigner.txt
===================================================================
RCS file:
/cvsroot/classpath/classpath/tools/gnu/classpath/tools/jarsigner/jarsigner.txt,v
retrieving revision 1.3
diff -u -r1.3 jarsigner.txt
--- jarsigner.txt 29 Apr 2006 07:39:19 -0000 1.3
+++ jarsigner.txt 2 May 2006 00:57:40 -0000
@@ -1,103 +1,116 @@
-Java ARchive (JAR) file signing and verification tool.
-
-Copyright (C) 2006 Free Software Foundation, Inc.
-This is free software; see the source for copying conditions. There is NO
-warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
-
-Please report bugs at http://www.gnu.org/software/classpath/bugs.html
-
-Usage:
- jarsigner [options] jar-file alias
- jarsigner -verify [options] jar-file
-
- When the first form is used, the tool signs the designated <jar-file>. The
- second form, on the other hand, is used to verify a previously signed JAR
- file.
-
- The <jar-file> is the JAR file to process; i.e. to sign if the first syntax
- form is used, or to verify if the second syntax form is used instead.
-
- <alias> is the Keystore alias to use for signing the <jar-file>.
-
-
- When the tool is used for signing a JAR file, the possible <options> include:
- -keystore URL
- Indicates to the tool that the Keystore located at the
- designated <URL> must be used. When this option is missing,
- the tool, by default, will look for a Keystore named
- ".keystore" in the current User's home directory; i.e. the
- value of the System property named "user.home".
-
- If the <URL> is malformed --e.g. missing protocol element-- the
- tool will attempt to use the <URL> value as a file-name (with
- absolute or relative path-name) of a Keystore --as if the
- protocol was "file:".
-
- -storetype STORE_TYPE
- Designates the type of Keystore to expect. The default value
- is that of the property "keystore.type" in the security
- properties file, which is obtained by invoking the static
- method call getDefaultType() in java.security.KeyStore.
-
- -storepass PASSWORD
- Designates the <PASSWORD> to use when accessing the Keystore.
- If this option is missing, the User will be prompted to provide
- one.
-
- -keypass PASSWORD
- Designates the <PASSWORD> protecting the private key to use,
- from the Keystore, for signing the JAR file. If this option is
- missing, the User will be prompted to provide one.
-
- -sigfile NAME
- Designates a literal that will be used to construct file names
- for the .SF and .DSA signature files which will be generated
- and placed in the MET-INF directory of the signed JAR.
- Permissible characters for <NAME> must be in the range
- "a-zA-Z0-9_-". All characters will be converted by the tool to
- upper-case ones.
-
- If this option is missing, the first eight characters of the
- <alias> argument will be used. When this is the case, any
- character in <alias> that is outside the permissible range of
- characters will be replaced by an underscore.
-
- -signedjar FILE_NAME
- If present, <FILE_NAME> will be used as the name of the signed
- JAR. If this option is not present, then the signed JAR will
- be named the same as <jar-file>; i.e. the input JAR will be
- replaced with the signed one.
-
-
- When the tool is used for verifying a JAR file, the possible options include:
- -verify Indicates that the tool is to be used for verification
purposes.
-
- -certs This option is used in conjunction with the -verbose option.
- When present, along with the -verbose option, the tool will
- print more detailed information about the certificates of the
- signer(s) being processed.
-
-
- Other options, common to both signing and verification include:
- -verbose Specifies that the tool should generate more messages, during
- its processing.
-
- -internalsf When present, the tool will include --which otherwise it does
- not-- the .SF file in the .DSA generated file.
-
- -sectionsonly
- When present, the tool will include in the .SF generated file
- --which otherwise it does not-- a header containing a hash of
- the whole manifest file. When that header is included, the
- tool can quickly check, during verification, if the hash (in
- the header) matches or not the manifest file.
-
- -provider PROVIDER_CLASS_NAME
- Designates an implementation of the Provider interface to use
- for obtaining cryptographic algorithm implementations required
- by this tool to perform its functions; specifically the
- implementation of the Security Provider capable of managing a
- Key Store of the designated, or default, type.
-
- -help Prints this help text.
+NAME
+ jarsigner - Java ARchive (JAR) file signing and verification tool
+SYNOPSIS
+ jarsigner [OPTION]... FILE ALIAS
+ jarsigner -verify [OPTION]... FILE
+
+DESCRIPTION
+ When the first form is used, the tool signs the designated JAR file.
+ The second form, on the other hand, is used to verify a previously
+ signed JAR file.
+
+ FILE is the .JAR file to process; i.e. to sign if the first syntax form
+ is used, or to verify if the second syntax form is used instead.
+
+ ALIAS must be a known Alias of a Key Entry in the designated key store.
+ The private key material associated with this Alias is then used for
+ signing the designated .JAR file.
+
+SIGNING OPTIONS
+ -keystore URL
+ Use this option to specify the location of the key store to use.
+ The default value is a file URL referencing the file named
+ ".keystore" (all lower case and without the enclosing quotes)
+ located in the path returned by the call to
+ java.lang.System#getProperty(String) using "user.home" as
+ argument.
+
+ If a URL was specified, but was found to be malformed --e.g.
+ missing protocol element-- the tool will attempt to use the URL
+ value as a file-name (with absolute or relative path-name) of a
+ key store --as if the protocol was "file:".
+
+ -storetype STORE_TYPE
+ Use this option to specify the type of the key store to use.
+ The default value, if this option is omitted, is that of the
+ property "keystore.type" in the security properties file, which
+ is obtained by invoking the static method call getDefaultType()
+ in java.security.KeyStore.
+
+ -storepass PASSWORD
+ Use this option to specify the password which will be used to
+ unlock the key store. If this option is missing, the User will
+ be prompted to provide a password.
+
+ -keypass PASSWORD
+ Use this option to specify the password which the tool will use
+ to unlock the Key Entry associated with the designated Alias.
+
+ If this option is omitted, the tool will first attempt to unlock
+ the Key Entry using the same password protecting the key store.
+ If this fails, you will then be prompted to provide a password.
+
+ -sigfile NAME
+ Use this option to designate a literal that will be used to
+ construct file names for both the .SF and .DSA signature files.
+ These files will be generated, by the tool, and placed in the
+ META-INF directory of the signed JAR. Permissible characters
+ for NAME must be in the range "a-zA-Z0-9_-". All characters
+ will be converted to upper-case ones.
+
+ If this option is missing, the first eight characters of the
+ ALIAS argument will be used. When this is the case, any
+ character in ALIAS that is outside the permissible range of
+ characters will be replaced by an underscore.
+
+ -signedjar FILE_NAME
+ Use this option to specify the file name of the signed JAR. If
+ this option is omitted, then the signed JAR will be named the
+ same as FILE; i.e. the input JAR file will be replaced with the
+ signed copy.
+
+VERIFICATION OPTIONS
+ -verify
+ Use this option to indicate that the tool is to be used for
+ verification purposes.
+
+ -certs This option is used in conjunction with the -verbose option.
+ When present, along with the -verbose option, the tool will
+ print more detailed information about the certificates of the
+ signer(s) being processed.
+
+COMMON OPTIONS
+ -verbose
+ Use this option to force the tool to generate more verbose
+ messages, during its processing.
+
+ -internalsf
+ When present, the tool will include --which otherwise it does
+ not-- the .SF file in the .DSA generated file.
+
+ -sectionsonly
+ When present, the tool will include in the .SF generated file
+ --which otherwise it does not-- a header containing a hash of
+ the whole manifest file. When that header is included, the
+ tool can quickly check, during verification, if the hash (in
+ the header) matches or not the manifest file.
+
+ -provider PROVIDER_CLASS_NAME
+ A fully qualified class name of a Security Provider to add to
+ the current list of Security Providers already installed in the
+ JVM in-use. If a provider class is specified with this option,
+ and was successfully added to the runtime --i.e. it was not
+ already installed-- then the tool will attempt to remove this
+ Security Provider before exiting.
+
+ -help Prints this help text.
+
+REPORTING BUGS
+ Please report bugs at http://www.gnu.org/software/classpath/bugs.html
+
+COPYRIGHT
+ Copyright (C) 2006 Free Software Foundation, Inc.
+ This is free software; see the source for copying conditions. There is
+ NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE.
pgptm6ZJZedI9.pgp
Description: PGP signature
