hello all,
the attached patch --already committed-- was originally submitted by David
Walluck. it fixes the above PR.
2006-07-18 Raif S. Naffah <[EMAIL PROTECTED]>
PR Classpath/27205
* tools/gnu/classpath/tools/jarsigner/SFHelper.java (writeDSA): Check
certificate validity.
(getIssuerName): New method.
(getSubjectName): Likewise.
(getNotAfterDate): Likewise.
(getNotBeforeDate): Likewise.
* resource/gnu/classpath/tools/jarsigner/messages.properties: Added
messages for newly added messages in SFHelper.
cheers;
rsn
Index: messages.properties
===================================================================
RCS file: /cvsroot/classpath/classpath/resource/gnu/classpath/tools/jarsigner/messages.properties,v
retrieving revision 1.1
diff -u -r1.1 messages.properties
--- messages.properties 21 May 2006 01:49:04 -0000 1.1
+++ messages.properties 18 Jul 2006 12:38:09 -0000
@@ -119,4 +119,8 @@
SFHelper.4=.SF file has NOT been generated
SFHelper.6=Unknown or unsupported private key algorithm
SFHelper.9=Helper is NOT ready
+SFHelper.0=Warning: The certificate issued by {0}, for {1}, has expired as of {3,date,full} - {3,time,full}.
SFHelper.10=Helper is NOT started
+SFHelper.11=Warning: The certificate issued by {0}, for {1}, is only valid after {3,date,full} - {3,time,full}.
+SFHelper.14=[unknown]
+SFHelper.17=[unnamed]
Index: SFHelper.java
===================================================================
RCS file: /cvsroot/classpath/classpath/tools/gnu/classpath/tools/jarsigner/SFHelper.java,v
retrieving revision 1.6
diff -u -r1.6 SFHelper.java
--- SFHelper.java 12 Jun 2006 05:14:06 -0000 1.6
+++ SFHelper.java 18 Jul 2006 12:38:31 -0000
@@ -63,10 +63,13 @@
import java.security.cert.CRLException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateExpiredException;
+import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509CRL;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
+import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
@@ -265,6 +268,30 @@
Set signerInfos = new HashSet();
X509Certificate cert = (X509Certificate) certificates[0];
+ try
+ {
+ cert.checkValidity();
+ }
+ catch (CertificateExpiredException x)
+ {
+ String issuerName = getIssuerName(cert);
+ String subjectName = getSubjectName(cert);
+ Date notAfterDate = getNotAfterDate(cert);
+ System.out.println(Messages.getFormattedString("SFHelper.0", //$NON-NLS-1$
+ new Object[] { issuerName,
+ subjectName,
+ notAfterDate }));
+ }
+ catch (CertificateNotYetValidException x)
+ {
+ String issuerName = getIssuerName(cert);
+ String subjectName = getSubjectName(cert);
+ Date notBeforeDate = getNotBeforeDate(cert);
+ System.out.println(Messages.getFormattedString("SFHelper.11", //$NON-NLS-1$
+ new Object[] { issuerName,
+ subjectName,
+ notBeforeDate }));
+ }
X500Principal issuer = cert.getIssuerX500Principal();
BigInteger serialNumber = cert.getSerialNumber();
byte[] authenticatedAttributes = null;
@@ -379,4 +406,100 @@
this.state = FINISHED;
}
+
+ /**
+ * Given an X.509 certificate this method returns the string representation of
+ * the Issuer Distinguished Name.
+ *
+ * @param cert an X.509 certificate.
+ * @return the string representation of the Issuer's DN.
+ */
+ private String getIssuerName(X509Certificate cert)
+ {
+ X500Principal xp = cert.getIssuerX500Principal();
+ if (xp == null)
+ {
+ if (Configuration.DEBUG)
+ log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$
+ + ", has null Issuer. Return [unknown]"); //$NON-NLS-1$
+ return Messages.getString("SFHelper.14"); //$NON-NLS-1$
+ }
+ String result = xp.getName();
+ if (result == null)
+ {
+ if (Configuration.DEBUG)
+ log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$
+ + ", has an Issuer with null DN. Return [unnamed]"); //$NON-NLS-1$
+ return Messages.getString("SFHelper.17"); //$NON-NLS-1$
+ }
+ return result;
+ }
+
+ /**
+ * Given an X.509 certificate this method returns the string representation of
+ * the Subject Distinguished Name.
+ *
+ * @param cert an X.509 certificate.
+ * @return the string representation of the Subject's DN.
+ */
+ private String getSubjectName(X509Certificate cert)
+ {
+ X500Principal xp = cert.getSubjectX500Principal();
+ if (xp == null)
+ {
+ if (Configuration.DEBUG)
+ log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$
+ + ", has null Subject. Return [unknown]"); //$NON-NLS-1$
+ return Messages.getString("SFHelper.14"); //$NON-NLS-1$
+ }
+ String result = xp.getName();
+ if (result == null)
+ {
+ if (Configuration.DEBUG)
+ log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$
+ + ", has a Subject with null DN. Return [unnamed]"); //$NON-NLS-1$
+ return Messages.getString("SFHelper.17"); //$NON-NLS-1$
+ }
+ return result;
+ }
+
+ /**
+ * Given an X.509 certificate this method returns the end validity date of
+ * this certificate.
+ *
+ * @param cert an X.509 certificate.
+ * @return the date when this certificate stops being valid.
+ */
+ private Date getNotAfterDate(X509Certificate cert)
+ {
+ Date result = cert.getNotAfter();
+ if (result == null)
+ {
+ if (Configuration.DEBUG)
+ log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$
+ + ", has null start-validity date. Return epoch"); //$NON-NLS-1$
+ return new Date(0);
+ }
+ return result;
+ }
+
+ /**
+ * Given an X.509 certificate this method returns the start validity date of
+ * this certificate.
+ *
+ * @param cert an X.509 certificate.
+ * @return the date when this certificate starts being valid.
+ */
+ private Date getNotBeforeDate(X509Certificate cert)
+ {
+ Date result = cert.getNotBefore();
+ if (result == null)
+ {
+ if (Configuration.DEBUG)
+ log.fine("Certiticate, with serial number " + cert.getSerialNumber() //$NON-NLS-1$
+ + ", has null end-validity date. Return epoch"); //$NON-NLS-1$
+ return new Date(0);
+ }
+ return result;
+ }
}
