diff options
| author | Deepak Bhole <[email protected]> | 2010-12-06 15:34:01 -0500 |
|---|---|---|
| committer | Deepak Bhole <[email protected]> | 2010-12-06 15:34:01 -0500 |
| commit | 6ca1a9a369b10703da9af8f8a1ced0f3b02ae5c2 (patch) | |
| tree | 568f8e454db94fa8abc896b46ce8cac7a9f3b74d /netx/net/sourceforge/jnlp/tools | |
| parent | 0d66adf24179c33bbdccaacc10d4c8a5f5e2cd54 (diff) | |
Fixed indentation and spacing for all .java files.
Added a new .settings directory which contains Eclipse
preferences for code style.
Diffstat (limited to 'netx/net/sourceforge/jnlp/tools')
| -rw-r--r-- | netx/net/sourceforge/jnlp/tools/CharacterEncoder.java | 57 | ||||
| -rw-r--r-- | netx/net/sourceforge/jnlp/tools/HexDumpEncoder.java | 12 | ||||
| -rw-r--r-- | netx/net/sourceforge/jnlp/tools/JarRunner.java | 13 | ||||
| -rw-r--r-- | netx/net/sourceforge/jnlp/tools/JarSigner.java | 118 | ||||
| -rw-r--r-- | netx/net/sourceforge/jnlp/tools/JarSignerResources.java | 324 | ||||
| -rw-r--r-- | netx/net/sourceforge/jnlp/tools/KeyStoreUtil.java | 3 | ||||
| -rw-r--r-- | netx/net/sourceforge/jnlp/tools/KeyTool.java | 292 |
7 files changed, 405 insertions, 414 deletions
diff --git a/netx/net/sourceforge/jnlp/tools/CharacterEncoder.java b/netx/net/sourceforge/jnlp/tools/CharacterEncoder.java index 2d8af4f..7913114 100644 --- a/netx/net/sourceforge/jnlp/tools/CharacterEncoder.java +++ b/netx/net/sourceforge/jnlp/tools/CharacterEncoder.java @@ -33,7 +33,6 @@ import java.io.PrintStream; import java.io.IOException; import java.nio.ByteBuffer; - /** * This class defines the encoding half of character encoders. * A character encoder is an algorithim for transforming 8 bit binary @@ -102,7 +101,7 @@ public abstract class CharacterEncoder { * Encode the prefix that starts every output line. */ protected void encodeLinePrefix(OutputStream aStream, int aLength) - throws IOException { + throws IOException { } /** @@ -122,12 +121,12 @@ public abstract class CharacterEncoder { * read method. */ protected int readFully(InputStream in, byte buffer[]) - throws java.io.IOException { + throws java.io.IOException { for (int i = 0; i < buffer.length; i++) { int q = in.read(); if (q == -1) return i; - buffer[i] = (byte)q; + buffer[i] = (byte) q; } return buffer.length; } @@ -139,10 +138,10 @@ public abstract class CharacterEncoder { * line that is shorter than bytesPerLine(). */ public void encode(InputStream inStream, OutputStream outStream) - throws IOException { - int j; - int numBytes; - byte tmpbuffer[] = new byte[bytesPerLine()]; + throws IOException { + int j; + int numBytes; + byte tmpbuffer[] = new byte[bytesPerLine()]; encodeBufferPrefix(outStream); @@ -157,7 +156,7 @@ public abstract class CharacterEncoder { if ((j + bytesPerAtom()) <= numBytes) { encodeAtom(outStream, tmpbuffer, j, bytesPerAtom()); } else { - encodeAtom(outStream, tmpbuffer, j, (numBytes)- j); + encodeAtom(outStream, tmpbuffer, j, (numBytes) - j); } } if (numBytes < bytesPerLine()) { @@ -174,7 +173,7 @@ public abstract class CharacterEncoder { * result to the OutputStream <i>aStream</i>. */ public void encode(byte aBuffer[], OutputStream aStream) - throws IOException { + throws IOException { ByteArrayInputStream inStream = new ByteArrayInputStream(aBuffer); encode(inStream, aStream); } @@ -184,8 +183,8 @@ public abstract class CharacterEncoder { * bytes and returns a string containing the encoded buffer. */ public String encode(byte aBuffer[]) { - ByteArrayOutputStream outStream = new ByteArrayOutputStream(); - ByteArrayInputStream inStream = new ByteArrayInputStream(aBuffer); + ByteArrayOutputStream outStream = new ByteArrayOutputStream(); + ByteArrayInputStream inStream = new ByteArrayInputStream(aBuffer); String retVal = null; try { encode(inStream, outStream); @@ -207,19 +206,19 @@ public abstract class CharacterEncoder { * byte array backing the ByteBuffer. If this is not possible, a * new byte array will be created. */ - private byte [] getBytes(ByteBuffer bb) { + private byte[] getBytes(ByteBuffer bb) { /* * This should never return a BufferOverflowException, as we're * careful to allocate just the right amount. */ - byte [] buf = null; + byte[] buf = null; /* * If it has a usable backing byte buffer, use it. Use only * if the array exactly represents the current ByteBuffer. */ if (bb.hasArray()) { - byte [] tmp = bb.array(); + byte[] tmp = bb.array(); if ((tmp.length == bb.capacity()) && (tmp.length == bb.remaining())) { buf = tmp; @@ -251,8 +250,8 @@ public abstract class CharacterEncoder { * The ByteBuffer's position will be advanced to ByteBuffer's limit. */ public void encode(ByteBuffer aBuffer, OutputStream aStream) - throws IOException { - byte [] buf = getBytes(aBuffer); + throws IOException { + byte[] buf = getBytes(aBuffer); encode(buf, aStream); } @@ -263,7 +262,7 @@ public abstract class CharacterEncoder { * The ByteBuffer's position will be advanced to ByteBuffer's limit. */ public String encode(ByteBuffer aBuffer) { - byte [] buf = getBytes(aBuffer); + byte[] buf = getBytes(aBuffer); return encode(buf); } @@ -274,10 +273,10 @@ public abstract class CharacterEncoder { * line at the end of a final line that is shorter than bytesPerLine(). */ public void encodeBuffer(InputStream inStream, OutputStream outStream) - throws IOException { - int j; - int numBytes; - byte tmpbuffer[] = new byte[bytesPerLine()]; + throws IOException { + int j; + int numBytes; + byte tmpbuffer[] = new byte[bytesPerLine()]; encodeBufferPrefix(outStream); @@ -291,7 +290,7 @@ public abstract class CharacterEncoder { if ((j + bytesPerAtom()) <= numBytes) { encodeAtom(outStream, tmpbuffer, j, bytesPerAtom()); } else { - encodeAtom(outStream, tmpbuffer, j, (numBytes)- j); + encodeAtom(outStream, tmpbuffer, j, (numBytes) - j); } } encodeLineSuffix(outStream); @@ -307,7 +306,7 @@ public abstract class CharacterEncoder { * result to the OutputStream <i>aStream</i>. */ public void encodeBuffer(byte aBuffer[], OutputStream aStream) - throws IOException { + throws IOException { ByteArrayInputStream inStream = new ByteArrayInputStream(aBuffer); encodeBuffer(inStream, aStream); } @@ -317,8 +316,8 @@ public abstract class CharacterEncoder { * bytes and returns a string containing the encoded buffer. */ public String encodeBuffer(byte aBuffer[]) { - ByteArrayOutputStream outStream = new ByteArrayOutputStream(); - ByteArrayInputStream inStream = new ByteArrayInputStream(aBuffer); + ByteArrayOutputStream outStream = new ByteArrayOutputStream(); + ByteArrayInputStream inStream = new ByteArrayInputStream(aBuffer); try { encodeBuffer(inStream, outStream); } catch (Exception IOException) { @@ -335,8 +334,8 @@ public abstract class CharacterEncoder { * The ByteBuffer's position will be advanced to ByteBuffer's limit. */ public void encodeBuffer(ByteBuffer aBuffer, OutputStream aStream) - throws IOException { - byte [] buf = getBytes(aBuffer); + throws IOException { + byte[] buf = getBytes(aBuffer); encodeBuffer(buf, aStream); } @@ -347,7 +346,7 @@ public abstract class CharacterEncoder { * The ByteBuffer's position will be advanced to ByteBuffer's limit. */ public String encodeBuffer(ByteBuffer aBuffer) { - byte [] buf = getBytes(aBuffer); + byte[] buf = getBytes(aBuffer); return encodeBuffer(buf); } diff --git a/netx/net/sourceforge/jnlp/tools/HexDumpEncoder.java b/netx/net/sourceforge/jnlp/tools/HexDumpEncoder.java index 4f7c27f..7b6b242 100644 --- a/netx/net/sourceforge/jnlp/tools/HexDumpEncoder.java +++ b/netx/net/sourceforge/jnlp/tools/HexDumpEncoder.java @@ -55,15 +55,15 @@ public class HexDumpEncoder extends CharacterEncoder { c = (char) ((x >> 4) & 0xf); if (c > 9) - c = (char) ((c-10) + 'A'); + c = (char) ((c - 10) + 'A'); else - c = (char)(c + '0'); + c = (char) (c + '0'); p.write(c); c = (char) (x & 0xf); if (c > 9) - c = (char)((c-10) + 'A'); + c = (char) ((c - 10) + 'A'); else - c = (char)(c + '0'); + c = (char) (c + '0'); p.write(c); } @@ -81,8 +81,8 @@ public class HexDumpEncoder extends CharacterEncoder { } protected void encodeLinePrefix(OutputStream o, int len) throws IOException { - hexDigit(pStream, (byte)((offset >>> 8) & 0xff)); - hexDigit(pStream, (byte)(offset & 0xff)); + hexDigit(pStream, (byte) ((offset >>> 8) & 0xff)); + hexDigit(pStream, (byte) (offset & 0xff)); pStream.print(": "); currentByte = 0; thisLineLength = len; diff --git a/netx/net/sourceforge/jnlp/tools/JarRunner.java b/netx/net/sourceforge/jnlp/tools/JarRunner.java index 52e86da..33c056f 100644 --- a/netx/net/sourceforge/jnlp/tools/JarRunner.java +++ b/netx/net/sourceforge/jnlp/tools/JarRunner.java @@ -1,15 +1,14 @@ package net.sourceforge.jnlp.tools; import net.sourceforge.jnlp.tools.JarSigner; -public class JarRunner { - - public static void main(String[] args) throws Exception{ +public class JarRunner { + public static void main(String[] args) throws Exception { - //JarSigner.main(args); - JarSigner js = new JarSigner(); - js.verifyJar(args[0]); - } + //JarSigner.main(args); + JarSigner js = new JarSigner(); + js.verifyJar(args[0]); + } } diff --git a/netx/net/sourceforge/jnlp/tools/JarSigner.java b/netx/net/sourceforge/jnlp/tools/JarSigner.java index da7cf13..0630702 100644 --- a/netx/net/sourceforge/jnlp/tools/JarSigner.java +++ b/netx/net/sourceforge/jnlp/tools/JarSigner.java @@ -64,15 +64,16 @@ public class JarSigner implements CertVerifier { // prefix for new signature-related files in META-INF directory private static final String SIG_PREFIX = META_INF + "SIG-"; - - private static final long SIX_MONTHS = 180*24*60*60*1000L; //milliseconds + private static final long SIX_MONTHS = 180 * 24 * 60 * 60 * 1000L; //milliseconds static final String VERSION = "1.0"; static final int IN_KEYSTORE = 0x01; static final int IN_SCOPE = 0x02; - static enum verifyResult {UNSIGNED, SIGNED_OK, SIGNED_NOT_OK} + static enum verifyResult { + UNSIGNED, SIGNED_OK, SIGNED_NOT_OK + } // signer's certificate chain (when composing) X509Certificate[] certChain; @@ -86,14 +87,14 @@ public class JarSigner implements CertVerifier { String keystore; // key store file boolean nullStream = false; // null keystore input stream (NONE) boolean token = false; // token-based keystore - String jarfile; // jar file to sign - String alias; // alias to sign jar with + String jarfile; // jar file to sign + String alias; // alias to sign jar with char[] storepass; // keystore password boolean protectedPath; // protected authentication path String storetype; // keystore type String providerName; // provider name Vector<String> providers = null; // list of providers - HashMap<String,String> providerArgs = new HashMap<String, String>(); // arguments for provider constructors + HashMap<String, String> providerArgs = new HashMap<String, String>(); // arguments for provider constructors char[] keypass; // private key password String sigfile; // name of .SF file String sigalg; // name of signature algorithm @@ -165,7 +166,7 @@ public class JarSigner implements CertVerifier { */ public boolean hasSigningIssues() { return hasExpiredCert || notYetValidCert || badKeyUsage - || badExtendedKeyUsage || badNetscapeCertType; + || badExtendedKeyUsage || badNetscapeCertType; } /* (non-Javadoc) @@ -194,7 +195,7 @@ public class JarSigner implements CertVerifier { } public void verifyJars(List<JARDesc> jars, ResourceTracker tracker) - throws Exception { + throws Exception { certs = new ArrayList<CertPath>(); for (int i = 0; i < jars.size(); i++) { @@ -224,7 +225,7 @@ public class JarSigner implements CertVerifier { } else if (result == verifyResult.SIGNED_OK) { verifiedJars.add(localFile); } - } catch (Exception e){ + } catch (Exception e) { // We may catch exceptions from using verifyJar() // or from checkTrustedCerts throw e; @@ -267,7 +268,8 @@ public class JarSigner implements CertVerifier { } if (jarFile.getManifest() != null) { - if (verbose) System.out.println(); + if (verbose) + System.out.println(); Enumeration<JarEntry> e = entriesVec.elements(); long now = System.currentTimeMillis(); @@ -290,16 +292,16 @@ public class JarSigner implements CertVerifier { certs.add(certPath); //we really only want the first certPath - if (!certPath.equals(this.certPath)){ + if (!certPath.equals(this.certPath)) { this.certPath = certPath; } Certificate cert = signers[i].getSignerCertPath() - .getCertificates().get(0); + .getCertificates().get(0); if (cert instanceof X509Certificate) { - checkCertUsage((X509Certificate)cert, null); + checkCertUsage((X509Certificate) cert, null); if (!showcerts) { - long notAfter = ((X509Certificate)cert) + long notAfter = ((X509Certificate) cert) .getNotAfter().getTime(); if (notAfter < now) { @@ -358,8 +360,7 @@ public class JarSigner implements CertVerifier { //anySigned does not guarantee that all files were signed. return (anySigned && !(hasUnsignedEntry || hasExpiredCert - || badKeyUsage || badExtendedKeyUsage || badNetscapeCertType - || notYetValidCert)) ? verifyResult.SIGNED_OK : verifyResult.SIGNED_NOT_OK; + || badKeyUsage || badExtendedKeyUsage || badNetscapeCertType || notYetValidCert)) ? verifyResult.SIGNED_OK : verifyResult.SIGNED_NOT_OK; } /** @@ -368,24 +369,24 @@ public class JarSigner implements CertVerifier { */ private void checkTrustedCerts() throws Exception { if (certPath != null) { - try { - X509Certificate publisher = (X509Certificate) getPublisher(); - KeyStore[] certKeyStores = KeyStores.getCertKeyStores(); - alreadyTrustPublisher = CertificateUtils.inKeyStores(publisher, certKeyStores); - X509Certificate root = (X509Certificate) getRoot(); - KeyStore[] caKeyStores = KeyStores.getCAKeyStores(); - rootInCacerts = CertificateUtils.inKeyStores(root, caKeyStores); - } catch (Exception e) { - // TODO: Warn user about not being able to - // look through their cacerts/trusted.certs - // file depending on exception. - throw e; - } + try { + X509Certificate publisher = (X509Certificate) getPublisher(); + KeyStore[] certKeyStores = KeyStores.getCertKeyStores(); + alreadyTrustPublisher = CertificateUtils.inKeyStores(publisher, certKeyStores); + X509Certificate root = (X509Certificate) getRoot(); + KeyStore[] caKeyStores = KeyStores.getCAKeyStores(); + rootInCacerts = CertificateUtils.inKeyStores(root, caKeyStores); + } catch (Exception e) { + // TODO: Warn user about not being able to + // look through their cacerts/trusted.certs + // file depending on exception. + throw e; + } - if (!rootInCacerts) - addToDetails(R("SUntrustedCertificate")); - else - addToDetails(R("STrustedCertificate")); + if (!rootInCacerts) + addToDetails(R("SUntrustedCertificate")); + else + addToDetails(R("STrustedCertificate")); } } @@ -394,15 +395,14 @@ public class JarSigner implements CertVerifier { */ public Certificate getPublisher() { if (certPath != null) { - List<? extends Certificate> certList - = certPath.getCertificates(); - if (certList.size() > 0) { - return (Certificate)certList.get(0); - } else { - return null; - } - } else { + List<? extends Certificate> certList = certPath.getCertificates(); + if (certList.size() > 0) { + return (Certificate) certList.get(0); + } else { return null; + } + } else { + return null; } } @@ -411,26 +411,25 @@ public class JarSigner implements CertVerifier { */ public Certificate getRoot() { if (certPath != null) { - List<? extends Certificate> certList - = certPath.getCertificates(); - if (certList.size() > 0) { - return (Certificate)certList.get( + List<? extends Certificate> certList = certPath.getCertificates(); + if (certList.size() > 0) { + return (Certificate) certList.get( certList.size() - 1); - } else { - return null; - } - } else { + } else { return null; + } + } else { + return null; } } - private void addToDetails(String detail) { - if (!details.contains(detail)) - details.add(detail); - } + private void addToDetails(String detail) { + if (!details.contains(detail)) + details.add(detail); + } Hashtable<Certificate, String> storeHash = - new Hashtable<Certificate, String>(); + new Hashtable<Certificate, String>(); /** * signature-related files include: @@ -498,7 +497,7 @@ public class JarSigner implements CertVerifier { List<String> xKeyUsage = userCert.getExtendedKeyUsage(); if (xKeyUsage != null) { if (!xKeyUsage.contains("2.5.29.37.0") // anyExtendedKeyUsage - && !xKeyUsage.contains("1.3.6.1.5.5.7.3.3")) { // codeSigning + && !xKeyUsage.contains("1.3.6.1.5.5.7.3.3")) { // codeSigning if (bad != null) { bad[1] = true; } else { @@ -518,12 +517,12 @@ public class JarSigner implements CertVerifier { DerInputStream in = new DerInputStream(netscapeEx); byte[] encoded = in.getOctetString(); encoded = new DerValue(encoded).getUnalignedBitString() - .toByteArray(); + .toByteArray(); NetscapeCertTypeExtension extn = - new NetscapeCertTypeExtension(encoded); + new NetscapeCertTypeExtension(encoded); - Boolean val = (Boolean)extn.get( + Boolean val = (Boolean) extn.get( NetscapeCertTypeExtension.OBJECT_SIGNING); if (!val) { if (bad != null) { @@ -538,14 +537,13 @@ public class JarSigner implements CertVerifier { } } - /** * Returns if all jars are signed. * * @return True if all jars are signed, false if there are one or more unsigned jars */ public boolean allJarsSigned() { - return this.unverifiedJars.size() == 0; + return this.unverifiedJars.size() == 0; } } diff --git a/netx/net/sourceforge/jnlp/tools/JarSignerResources.java b/netx/net/sourceforge/jnlp/tools/JarSignerResources.java index 50655ab..7d02b66 100644 --- a/netx/net/sourceforge/jnlp/tools/JarSignerResources.java +++ b/netx/net/sourceforge/jnlp/tools/JarSignerResources.java @@ -34,169 +34,169 @@ public class JarSignerResources extends java.util.ListResourceBundle { private static final Object[][] contents = { - // shared (from jarsigner) - {" ", " "}, - {" ", " "}, - {" ", " "}, - {", ", ", "}, + // shared (from jarsigner) + { " ", " " }, + { " ", " " }, + { " ", " " }, + { ", ", ", " }, - {"provName not a provider", "{0} not a provider"}, - {"signerClass is not a signing mechanism", "{0} is not a signing mechanism"}, - {"jarsigner error: ", "jarsigner error: "}, - {"Illegal option: ", "Illegal option: "}, - {"-keystore must be NONE if -storetype is {0}", - "-keystore must be NONE if -storetype is {0}"}, - {"-keypass can not be specified if -storetype is {0}", - "-keypass can not be specified if -storetype is {0}"}, - {"If -protected is specified, then -storepass and -keypass must not be specified", - "If -protected is specified, then -storepass and -keypass must not be specified"}, - {"If keystore is not password protected, then -storepass and -keypass must not be specified", - "If keystore is not password protected, then -storepass and -keypass must not be specified"}, - {"Usage: jarsigner [options] jar-file alias", - "Usage: jarsigner [options] jar-file alias"}, - {" jarsigner -verify [options] jar-file", - " jarsigner -verify [options] jar-file"}, - {"[-keystore <url>] keystore location", - "[-keystore <url>] keystore location"}, - {"[-storepass <password>] password for keystore integrity", - "[-storepass <password>] password for keystore integrity"}, - {"[-storetype <type>] keystore type", - "[-storetype <type>] keystore type"}, - {"[-keypass <password>] password for private key (if different)", - "[-keypass <password>] password for private key (if different)"}, - {"[-sigfile <file>] name of .SF/.DSA file", - "[-sigfile <file>] name of .SF/.DSA file"}, - {"[-signedjar <file>] name of signed JAR file", - "[-signedjar <file>] name of signed JAR file"}, - {"[-digestalg <algorithm>] name of digest algorithm", - "[-digestalg <algorithm>] name of digest algorithm"}, - {"[-sigalg <algorithm>] name of signature algorithm", - "[-sigalg <algorithm>] name of signature algorithm"}, - {"[-verify] verify a signed JAR file", - "[-verify] verify a signed JAR file"}, - {"[-verbose] verbose output when signing/verifying", - "[-verbose] verbose output when signing/verifying"}, - {"[-certs] display certificates when verbose and verifying", - "[-certs] display certificates when verbose and verifying"}, - {"[-tsa <url>] location of the Timestamping Authority", - "[-tsa <url>] location of the Timestamping Authority"}, - {"[-tsacert <alias>] public key certificate for Timestamping Authority", - "[-tsacert <alias>] public key certificate for Timestamping Authority"}, - {"[-altsigner <class>] class name of an alternative signing mechanism", - "[-altsigner <class>] class name of an alternative signing mechanism"}, - {"[-altsignerpath <pathlist>] location of an alternative signing mechanism", - "[-altsignerpath <pathlist>] location of an alternative signing mechanism"}, - {"[-internalsf] include the .SF file inside the signature block", - "[-internalsf] include the .SF file inside the signature block"}, - {"[-sectionsonly] don't compute hash of entire manifest", - "[-sectionsonly] don't compute hash of entire manifest"}, - {"[-protected] keystore has protected authentication path", - "[-protected] keystore has protected authentication path"}, - {"[-providerName <name>] provider name", - "[-providerName <name>] provider name"}, - {"[-providerClass <class> name of cryptographic service provider's", - "[-providerClass <class> name of cryptographic service provider's"}, - {" [-providerArg <arg>]] ... master class file and constructor argument", - " [-providerArg <arg>]] ... master class file and constructor argument"}, - {"s", "s"}, - {"m", "m"}, - {"k", "k"}, - {"i", "i"}, - {" s = signature was verified ", - " s = signature was verified "}, - {" m = entry is listed in manifest", - " m = entry is listed in manifest"}, - {" k = at least one certificate was found in keystore", - " k = at least one certificate was found in keystore"}, - {" i = at least one certificate was found in identity scope", - " i = at least one certificate was found in identity scope"}, - {"no manifest.", "no manifest."}, - {"jar is unsigned. (signatures missing or not parsable)", - "jar is unsigned. (signatures missing or not parsable)"}, - {"jar verified.", "jar verified."}, - {"jarsigner: ", "jarsigner: "}, - {"signature filename must consist of the following characters: A-Z, 0-9, _ or -", - "signature filename must consist of the following characters: A-Z, 0-9, _ or -"}, - {"unable to open jar file: ", "unable to open jar file: "}, - {"unable to create: ", "unable to create: "}, - {" adding: ", " adding: "}, - {" updating: ", " updating: "}, - {" signing: ", " signing: "}, - {"attempt to rename signedJarFile to jarFile failed", - "attempt to rename {0} to {1} failed"}, - {"attempt to rename jarFile to origJar failed", - "attempt to rename {0} to {1} failed"}, - {"unable to sign jar: ", "unable to sign jar: "}, - {"Enter Passphrase for keystore: ", "Enter Passphrase for keystore: "}, - {"keystore load: ", "keystore load: "}, - {"certificate exception: ", "certificate exception: "}, - {"unable to instantiate keystore class: ", - "unable to instantiate keystore class: "}, - {"Certificate chain not found for: alias. alias must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.", - "Certificate chain not found for: {0}. {1} must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain."}, - {"found non-X.509 certificate in signer's chain", - "found non-X.509 certificate in signer's chain"}, - {"incomplete certificate chain", "incomplete certificate chain"}, - {"Enter key password for alias: ", "Enter key password for {0}: "}, - {"unable to recover key from keystore", - "unable to recover key from keystore"}, - {"key associated with alias not a private key", - "key associated with {0} not a private key"}, - {"you must enter key password", "you must enter key password"}, - {"unable to read password: ", "unable to read password: "}, - {"certificate is valid from", "certificate is valid from {0} to {1}"}, - {"certificate expired on", "certificate expired on {0}"}, - {"certificate is not valid until", - "certificate is not valid until {0}"}, - {"certificate will expire on", "certificate will expire on {0}"}, - {"requesting a signature timestamp", - "requesting a signature timestamp"}, - {"TSA location: ", "TSA location: "}, - {"TSA certificate: ", "TSA certificate: "}, - {"no response from the Timestamping Authority. ", - "no response from the Timestamping Authority. "}, - {"When connecting from behind a firewall then an HTTP proxy may need to be specified. ", - "When connecting from behind a firewall then an HTTP proxy may need to be specified. "}, - {"Supply the following options to jarsigner: ", - "Supply the following options to jarsigner: "}, - {"Certificate not found for: alias. alias must reference a valid KeyStore entry containing an X.509 public key certificate for the Timestamping Authority.", - "Certificate not found for: {0}. {1} must reference a valid KeyStore entry containing an X.509 public key certificate for the Timestamping Authority."}, - {"using an alternative signing mechanism", - "using an alternative signing mechanism"}, - {"entry was signed on", "entry was signed on {0}"}, - {"Warning: ", "Warning: "}, - {"This jar contains unsigned entries which have not been integrity-checked. ", - "This jar contains unsigned entries which have not been integrity-checked. "}, - {"This jar contains entries whose signer certificate has expired. ", - "This jar contains entries whose signer certificate has expired. "}, - {"This jar contains entries whose signer certificate will expire within six months. ", - "This jar contains entries whose signer certificate will expire within six months. "}, - {"This jar contains entries whose signer certificate is not yet valid. ", - "This jar contains entries whose signer certificate is not yet valid. "}, - {"Re-run with the -verbose option for more details.", - "Re-run with the -verbose option for more details."}, - {"Re-run with the -verbose and -certs options for more details.", - "Re-run with the -verbose and -certs options for more details."}, - {"The signer certificate has expired.", - "The signer certificate has expired."}, - {"The signer certificate will expire within six months.", - "The signer certificate will expire within six months."}, - {"The signer certificate is not yet valid.", - "The signer certificate is not yet valid."}, - {"The signer certificate's KeyUsage extension doesn't allow code signing.", - "The signer certificate's KeyUsage extension doesn't allow code signing."}, - {"The signer certificate's ExtendedKeyUsage extension doesn't allow code signing.", - "The signer certificate's ExtendedKeyUsage extension doesn't allow code signing."}, - {"The signer certificate's NetscapeCertType extension doesn't allow code signing.", - "The signer certificate's NetscapeCertType extension doesn't allow code signing."}, - {"This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing.", - "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing."}, - {"This jar contains entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing.", - "This jar contains entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing."}, - {"This jar contains entries whose signer certificate's NetscapeCertType extension doesn't allow code signing.", - "This jar contains entries whose signer certificate's NetscapeCertType extension doesn't allow code signing."}, - {"[{0} extension does not support code signing]", - "[{0} extension does not support code signing]"}, + { "provName not a provider", "{0} not a provider" }, + { "signerClass is not a signing mechanism", "{0} is not a signing mechanism" }, + { "jarsigner error: ", "jarsigner error: " }, + { "Illegal option: ", "Illegal option: " }, + { "-keystore must be NONE if -storetype is {0}", + "-keystore must be NONE if -storetype is {0}" }, + { "-keypass can not be specified if -storetype is {0}", + "-keypass can not be specified if -storetype is {0}" }, + { "If -protected is specified, then -storepass and -keypass must not be specified", + "If -protected is specified, then -storepass and -keypass must not be specified" }, + { "If keystore is not password protected, then -storepass and -keypass must not be specified", + "If keystore is not password protected, then -storepass and -keypass must not be specified" }, + { "Usage: jarsigner [options] jar-file alias", + "Usage: jarsigner [options] jar-file alias" }, + { " jarsigner -verify [options] jar-file", + " jarsigner -verify [options] jar-file" }, + { "[-keystore <url>] keystore location", + "[-keystore <url>] keystore location" }, + { "[-storepass <password>] password for keystore integrity", + "[-storepass <password>] password for keystore integrity" }, + { "[-storetype <type>] keystore type", + "[-storetype <type>] keystore type" }, + { "[-keypass <password>] password for private key (if different)", + "[-keypass <password>] password for private key (if different)" }, + { "[-sigfile <file>] name of .SF/.DSA file", + "[-sigfile <file>] name of .SF/.DSA file" }, + { "[-signedjar <file>] name of signed JAR file", + "[-signedjar <file>] name of signed JAR file" }, + { "[-digestalg <algorithm>] name of digest algorithm", + "[-digestalg <algorithm>] name of digest algorithm" }, + { "[-sigalg <algorithm>] name of signature algorithm", + "[-sigalg <algorithm>] name of signature algorithm" }, + { "[-verify] verify a signed JAR file", + "[-verify] verify a signed JAR file" }, + { "[-verbose] verbose output when signing/verifying", + "[-verbose] verbose output when signing/verifying" }, + { "[-certs] display certificates when verbose and verifying", + "[-certs] display certificates when verbose and verifying" }, + { "[-tsa <url>] location of the Timestamping Authority", + "[-tsa <url>] location of the Timestamping Authority" }, + { "[-tsacert <alias>] public key certificate for Timestamping Authority", + "[-tsacert <alias>] public key certificate for Timestamping Authority" }, + { "[-altsigner <class>] class name of an alternative signing mechanism", + "[-altsigner <class>] class name of an alternative signing mechanism" }, + { "[-altsignerpath <pathlist>] location of an alternative signing mechanism", + "[-altsignerpath <pathlist>] location of an alternative signing mechanism" }, + { "[-internalsf] include the .SF file inside the signature block", + "[-internalsf] include the .SF file inside the signature block" }, + { "[-sectionsonly] don't compute hash of entire manifest", + "[-sectionsonly] don't compute hash of entire manifest" }, + { "[-protected] keystore has protected authentication path", + "[-protected] keystore has protected authentication path" }, + { "[-providerName <name>] provider name", + "[-providerName <name>] provider name" }, + { "[-providerClass <class> name of cryptographic service provider's", + "[-providerClass <class> name of cryptographic service provider's" }, + { " [-providerArg <arg>]] ... master class file and constructor argument", + " [-providerArg <arg>]] ... master class file and constructor argument" }, + { "s", "s" }, + { "m", "m" }, + { "k", "k" }, + { "i", "i" }, + { " s = signature was verified ", + " s = signature was verified " }, + { " m = entry is listed in manifest", + " m = entry is listed in manifest" }, + { " k = at least one certificate was found in keystore", + " k = at least one certificate was found in keystore" }, + { " i = at least one certificate was found in identity scope", + " i = at least one certificate was found in identity scope" }, + { "no manifest.", "no manifest." }, + { "jar is unsigned. (signatures missing or not parsable)", + "jar is unsigned. (signatures missing or not parsable)" }, + { "jar verified.", "jar verified." }, + { "jarsigner: ", "jarsigner: " }, + { "signature filename must consist of the following characters: A-Z, 0-9, _ or -", + "signature filename must consist of the following characters: A-Z, 0-9, _ or -" }, + { "unable to open jar file: ", "unable to open jar file: " }, + { "unable to create: ", "unable to create: " }, + { " adding: ", " adding: " }, + { " updating: ", " updating: " }, + { " signing: ", " signing: " }, + { "attempt to rename signedJarFile to jarFile failed", + "attempt to rename {0} to {1} failed" }, + { "attempt to rename jarFile to origJar failed", + "attempt to rename {0} to {1} failed" }, + { "unable to sign jar: ", "unable to sign jar: " }, + { "Enter Passphrase for keystore: ", "Enter Passphrase for keystore: " }, + { "keystore load: ", "keystore load: " }, + { "certificate exception: ", "certificate exception: " }, + { "unable to instantiate keystore class: ", + "unable to instantiate keystore class: " }, + { "Certificate chain not found for: alias. alias must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.", + "Certificate chain not found for: {0}. {1} must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain." }, + { "found non-X.509 certificate in signer's chain", + "found non-X.509 certificate in signer's chain" }, + { "incomplete certificate chain", "incomplete certificate chain" }, + { "Enter key password for alias: ", "Enter key password for {0}: " }, + { "unable to recover key from keystore", + "unable to recover key from keystore" }, + { "key associated with alias not a private key", + "key associated with {0} not a private key" }, + { "you must enter key password", "you must enter key password" }, + { "unable to read password: ", "unable to read password: " }, + { "certificate is valid from", "certificate is valid from {0} to {1}" }, + { "certificate expired on", "certificate expired on {0}" }, + { "certificate is not valid until", + "certificate is not valid until {0}" }, + { "certificate will expire on", "certificate will expire on {0}" }, + { "requesting a signature timestamp", + "requesting a signature timestamp" }, + { "TSA location: ", "TSA location: " }, + { "TSA certificate: ", "TSA certificate: " }, + { "no response from the Timestamping Authority. ", + "no response from the Timestamping Authority. " }, + { "When connecting from behind a firewall then an HTTP proxy may need to be specified. ", + "When connecting from behind a firewall then an HTTP proxy may need to be specified. " }, + { "Supply the following options to jarsigner: ", + "Supply the following options to jarsigner: " }, + { "Certificate not found for: alias. alias must reference a valid KeyStore entry containing an X.509 public key certificate for the Timestamping Authority.", + "Certificate not found for: {0}. {1} must reference a valid KeyStore entry containing an X.509 public key certificate for the Timestamping Authority." }, + { "using an alternative signing mechanism", + "using an alternative signing mechanism" }, + { "entry was signed on", "entry was signed on {0}" }, + { "Warning: ", "Warning: " }, + { "This jar contains unsigned entries which have not been integrity-checked. ", + "This jar contains unsigned entries which have not been integrity-checked. " }, + { "This jar contains entries whose signer certificate has expired. ", + "This jar contains entries whose signer certificate has expired. " }, + { "This jar contains entries whose signer certificate will expire within six months. ", + "This jar contains entries whose signer certificate will expire within six months. " }, + { "This jar contains entries whose signer certificate is not yet valid. ", + "This jar contains entries whose signer certificate is not yet valid. " }, + { "Re-run with the -verbose option for more details.", + "Re-run with the -verbose option for more details." }, + { "Re-run with the -verbose and -certs options for more details.", + "Re-run with the -verbose and -certs options for more details." }, + { "The signer certificate has expired.", + "The signer certificate has expired." }, + { "The signer certificate will expire within six months.", + "The signer certificate will expire within six months." }, + { "The signer certificate is not yet valid.", + "The signer certificate is not yet valid." }, + { "The signer certificate's KeyUsage extension doesn't allow code signing.", + "The signer certificate's KeyUsage extension doesn't allow code signing." }, + { "The signer certificate's ExtendedKeyUsage extension doesn't allow code signing.", + "The signer certificate's ExtendedKeyUsage extension doesn't allow code signing." }, + { "The signer certificate's NetscapeCertType extension doesn't allow code signing.", + "The signer certificate's NetscapeCertType extension doesn't allow code signing." }, + { "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing.", + "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing." }, + { "This jar contains entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing.", + "This jar contains entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing." }, + { "This jar contains entries whose signer certificate's NetscapeCertType extension doesn't allow code signing.", + "This jar contains entries whose signer certificate's NetscapeCertType extension doesn't allow code signing." }, + { "[{0} extension does not support code signing]", + "[{0} extension does not support code signing]" }, }; /** diff --git a/netx/net/sourceforge/jnlp/tools/KeyStoreUtil.java b/netx/net/sourceforge/jnlp/tools/KeyStoreUtil.java index 5f497ef..017bbea 100644 --- a/netx/net/sourceforge/jnlp/tools/KeyStoreUtil.java +++ b/netx/net/sourceforge/jnlp/tools/KeyStoreUtil.java @@ -44,7 +44,6 @@ public class KeyStoreUtil { // this class is not meant to be instantiated } - /** * Returns true if KeyStore has a password. This is true except for * MSCAPI KeyStores @@ -60,7 +59,7 @@ public class KeyStoreUtil { public static String niceStoreTypeName(String storetype) { if (storetype.equalsIgnoreCase("Windows-MY")) { return "Windows-MY"; - } else if(storetype.equalsIgnoreCase("Windows-ROOT")) { + } else if (storetype.equalsIgnoreCase("Windows-ROOT")) { return "Windows-ROOT"; } else { return storetype.toUpperCase(); diff --git a/netx/net/sourceforge/jnlp/tools/KeyTool.java b/netx/net/sourceforge/jnlp/tools/KeyTool.java index 7e7d4e7..eeda0aa 100644 --- a/netx/net/sourceforge/jnlp/tools/KeyTool.java +++ b/netx/net/sourceforge/jnlp/tools/KeyTool.java @@ -53,137 +53,137 @@ import net.sourceforge.jnlp.security.SecurityUtil; */ public class KeyTool { - // The user's keystore. - private KeyStore usercerts = null; - // JDK cacerts - private KeyStore cacerts = null; - // System ca-bundle.crt - private KeyStore systemcerts = null; + // The user's keystore. + private KeyStore usercerts = null; + // JDK cacerts + private KeyStore cacerts = null; + // System ca-bundle.crt + private KeyStore systemcerts = null; - private String fullCertPath = SecurityUtil.getTrustedCertsFilename(); + private String fullCertPath = SecurityUtil.getTrustedCertsFilename(); - private FileOutputStream fos = null; + private FileOutputStream fos = null; - /** - * Whether we trust the system cacerts file. - */ - private boolean trustcacerts = true; + /** + * Whether we trust the system cacerts file. + */ + private boolean trustcacerts = true; - private final char[] password = "changeit".toCharArray(); + private final char[] password = "changeit".toCharArray(); - /** - * Whether we prompt for user input. - */ - private boolean noprompt = true; + /** + * Whether we prompt for user input. + */ + private boolean noprompt = true; - public KeyTool() throws Exception { + public KeyTool() throws Exception { - // Initialize all the keystores. - usercerts = SecurityUtil.getUserKeyStore(); - cacerts = SecurityUtil.getCacertsKeyStore(); - systemcerts = SecurityUtil.getSystemCertStore(); - } + // Initialize all the keystores. + usercerts = SecurityUtil.getUserKeyStore(); + cacerts = SecurityUtil.getCacertsKeyStore(); + systemcerts = SecurityUtil.getSystemCertStore(); + } - /** - * Adds a trusted certificate to the user's keystore. - * @return true if the add was successful, false otherwise. - */ - public boolean importCert(File file) throws Exception { - - BufferedInputStream bis = new BufferedInputStream(new FileInputStream(file)); - CertificateFactory cf = CertificateFactory.getInstance("X509"); - X509Certificate cert = null; - - if (bis.available() >= 1) { - try { - cert = (X509Certificate)cf.generateCertificate(bis); - } catch (ClassCastException cce) { - throw new Exception("Input file is not an X509 Certificate"); - } catch (CertificateException ce) { - throw new Exception("Input file is not an X509 Certificate"); - } - } + /** + * Adds a trusted certificate to the user's keystore. + * @return true if the add was successful, false otherwise. + */ + public boolean importCert(File file) throws Exception { - return importCert((Certificate)cert); + BufferedInputStream bis = new BufferedInputStream(new FileInputStream(file)); + CertificateFactory cf = CertificateFactory.getInstance("X509"); + X509Certificate cert = null; + + if (bis.available() >= 1) { + try { + cert = (X509Certificate) cf.generateCertificate(bis); + } catch (ClassCastException cce) { + throw new Exception("Input file is not an X509 Certificate"); + } catch (CertificateException ce) { + throw new Exception("Input file is not an X509 Certificate"); + } } - /** - * Adds a trusted certificate to the user's keystore. - * @return true if the add was successful, false otherwise. - */ - public boolean importCert(Certificate cert) throws Exception { + return importCert((Certificate) cert); + } - String alias = usercerts.getCertificateAlias(cert); + /** + * Adds a trusted certificate to the user's keystore. + * @return true if the add was successful, false otherwise. + */ + public boolean importCert(Certificate cert) throws Exception { - if (alias != null) { //cert already exists - return true; - } else { - String newAlias = getRandomAlias(); - //check to make sure this alias doesn't exist - while (usercerts.getCertificate(newAlias) != null) - newAlias = getRandomAlias(); - return addTrustedCert(newAlias, cert); - } - } + String alias = usercerts.getCertificateAlias(cert); - /** - * Generates a random alias for storing a trusted Certificate. - */ - private String getRandomAlias() { - Random r = new Random(); - String token = Long.toString(Math.abs(r.nextLong()), 36); - return "trustedCert-" + token; + if (alias != null) { //cert already exists + return true; + } else { + String newAlias = getRandomAlias(); + //check to make sure this alias doesn't exist + while (usercerts.getCertificate(newAlias) != null) + newAlias = getRandomAlias(); + return addTrustedCert(newAlias, cert); } + } - /** - * Prints all keystore entries. + /** + * Generates a random alias for storing a trusted Certificate. */ - private void doPrintEntries(PrintStream out) throws Exception { + private String getRandomAlias() { + Random r = new Random(); + String token = Long.toString(Math.abs(r.nextLong()), 36); + return "trustedCert-" + token; + } + + /** + * Prints all keystore entries. + */ + private void doPrintEntries(PrintStream out) throws Exception { - out.println("KeyStore type: " + usercerts.getType()); - out.println("KeyStore provider: " + usercerts.getProvider().toString()); - out.println(); + out.println("KeyStore type: " + usercerts.getType()); + out.println("KeyStore provider: " + usercerts.getProvider().toString()); + out.println(); - for (Enumeration<String> e = usercerts.aliases(); e.hasMoreElements();) { - String alias = e.nextElement(); - doPrintEntry(alias, out, false); - } + for (Enumeration<String> e = usercerts.aliases(); e.hasMoreElements();) { + String alias = e.nextElement(); + doPrintEntry(alias, out, false); } + } /** * Prints a single keystore entry. */ - private void doPrintEntry(String alias, PrintStream out, + private void doPrintEntry(String alias, PrintStream out, boolean printWarning) throws Exception { - if (usercerts.containsAlias(alias) == false) { - throw new Exception("Alias does not exist"); - } + if (usercerts.containsAlias(alias) == false) { + throw new Exception("Alias does not exist"); + } - if (usercerts.entryInstanceOf(alias, + if (usercerts.entryInstanceOf(alias, KeyStore.TrustedCertificateEntry.class)) { - Certificate cert = usercerts.getCertificate(alias); + Certificate cert = usercerts.getCertificate(alias); - out.println("Alias: " + alias); - out.println("Date Created: " + usercerts.getCreationDate(alias)); - out.println("Subject: " + SecurityUtil.getCN(((X509Certificate)usercerts + out.println("Alias: " + alias); + out.println("Date Created: " + usercerts.getCreationDate(alias)); + out.println("Subject: " + SecurityUtil.getCN(((X509Certificate) usercerts .getCertificate(alias)).getSubjectX500Principal().getName())); - out.println("Certificate fingerprint (MD5): " + out.println("Certificate fingerprint (MD5): " + getCertFingerPrint("MD5", cert)); - out.println(); - } + out.println(); } + } /** * Gets the requested finger print of the certificate. */ - private String getCertFingerPrint(String mdAlg, Certificate cert) + private String getCertFingerPrint(String mdAlg, Certificate cert) throws Exception { - byte[] encCertInfo = cert.getEncoded(); - MessageDigest md = MessageDigest.getInstance(mdAlg); - byte[] digest = md.digest(encCertInfo); - return toHexString(digest); - } + byte[] encCertInfo = cert.getEncoded(); + MessageDigest md = MessageDigest.getInstance(mdAlg); + byte[] digest = md.digest(encCertInfo); + return toHexString(digest); + } /** * Converts a byte to hex digit and writes to the supplied buffer @@ -204,31 +204,31 @@ public class KeyTool { StringBuffer buf = new StringBuffer(); int len = block.length; for (int i = 0; i < len; i++) { - byte2hex(block[i], buf); - if (i < len-1) { - buf.append(":"); - } + byte2hex(block[i], buf); + if (i < len - 1) { + buf.append(":"); + } } return buf.toString(); } - /** - * Adds a certificate to the keystore, and writes new keystore to disk. - */ + /** + * Adds a certificate to the keystore, and writes new keystore to disk. + */ private boolean addTrustedCert(String alias, Certificate cert) - throws Exception { + throws Exception { - if (isSelfSigned((X509Certificate)cert)) { - //will throw exception if this fails - cert.verify(cert.getPublicKey()); - } + if (isSelfSigned((X509Certificate) cert)) { + //will throw exception if this fails + cert.verify(cert.getPublicKey()); + } if (noprompt) { - usercerts.setCertificateEntry(alias, cert); - fos = new FileOutputStream(fullCertPath); - usercerts.store(fos, password); - fos.close(); - return true; + usercerts.setCertificateEntry(alias, cert); + fos = new FileOutputStream(fullCertPath); + usercerts.store(fos, password); + fos.close(); + return true; } return false; @@ -239,12 +239,12 @@ public class KeyTool { */ public boolean isTrusted(Certificate cert) throws Exception { if (cert != null) { - if (usercerts.getCertificateAlias(cert) != null) { - return true; // found in own keystore - } - return false; + if (usercerts.getCertificateAlias(cert) != null) { + return true; // found in own keystore + } + return false; } else { - return false; + return false; } } @@ -265,23 +265,23 @@ public class KeyTool { public boolean checkCacertsForCertificate(Certificate c) throws Exception { if (c != null) { - String alias = null; + String alias = null; - //first try jdk cacerts. - if (cacerts != null) { - alias = cacerts.getCertificateAlias(c); + //first try jdk cacerts. + if (cacerts != null) { + alias = cacerts.getCertificateAlias(c); - //if we can't find it here, try the system certs. - if (alias == null && systemcerts != null) - alias = systemcerts.getCertificateAlias(c); - } - //otherwise try the system certs if you can't use the jdk certs. - else if (systemcerts != null) - alias = systemcerts.getCertificateAlias(c); + //if we can't find it here, try the system certs. + if (alias == null && systemcerts != null) + alias = systemcerts.getCertificateAlias(c); + } + //otherwise try the system certs if you can't use the jdk certs. + else if (systemcerts != null) + alias = systemcerts.getCertificateAlias(c); - return (alias != null); + return (alias != null); } else - return false; + return false; } /** @@ -294,8 +294,7 @@ public class KeyTool { */ public boolean establishCertChain(Certificate userCert, Certificate certToVerify) - throws Exception - { + throws Exception { if (userCert != null) { // Make sure that the public key of the certificate reply matches // the original public key in the keystore @@ -325,8 +324,8 @@ public class KeyTool { keystorecerts2Hashtable(usercerts, certs); } if (trustcacerts) { //if we're trusting the cacerts - KeyStore caks = SecurityUtil.getCacertsKeyStore(); - if (caks!=null && caks.size()>0) { + KeyStore caks = SecurityUtil.getCacertsKeyStore(); + if (caks != null && caks.size() > 0) { if (certs == null) { certs = new Hashtable<Principal, Vector<Certificate>>(11); } @@ -336,13 +335,13 @@ public class KeyTool { // start building chain Vector<Certificate> chain = new Vector<Certificate>(2); - if (buildChain((X509Certificate)certToVerify, chain, certs)) { + if (buildChain((X509Certificate) certToVerify, chain, certs)) { Certificate[] newChain = new Certificate[chain.size()]; // buildChain() returns chain with self-signed root-cert first and // user-cert last, so we need to invert the chain before we store // it - int j=0; - for (int i=chain.size()-1; i>=0; i--) { + int j = 0; + for (int i = chain.size() - 1; i >= 0; i--) { newChain[j] = chain.elementAt(i); j++; } @@ -360,14 +359,13 @@ public class KeyTool { */ private void keystorecerts2Hashtable(KeyStore ks, Hashtable<Principal, Vector<Certificate>> hash) - throws Exception { + throws Exception { - for (Enumeration<String> aliases = ks.aliases(); - aliases.hasMoreElements(); ) { + for (Enumeration<String> aliases = ks.aliases(); aliases.hasMoreElements();) { String alias = aliases.nextElement(); Certificate cert = ks.getCertificate(alias); if (cert != null) { - Principal subjectDN = ((X509Certificate)cert).getSubjectDN(); + Principal subjectDN = ((X509Certificate) cert).getSubjectDN(); Vector<Certificate> vec = hash.get(subjectDN); if (vec == null) { vec = new Vector<Certificate>(); @@ -412,10 +410,8 @@ public class KeyTool { // Try out each certificate in the vector, until we find one // whose public key verifies the signature of the certificate // in question. - for (Enumeration<Certificate> issuerCerts = vec.elements(); - issuerCerts.hasMoreElements(); ) { - X509Certificate issuerCert - = (X509Certificate)issuerCerts.nextElement(); + for (Enumeration<Certificate> issuerCerts = vec.elements(); issuerCerts.hasMoreElements();) { + X509Certificate issuerCert = (X509Certificate) issuerCerts.nextElement(); PublicKey issuerPubKey = issuerCert.getPublicKey(); try { certToVerify.verify(issuerPubKey); @@ -430,8 +426,8 @@ public class KeyTool { return false; } - public static void main(String[] args) throws Exception { - KeyTool kt = new KeyTool(); - kt.doPrintEntries(System.out); - } + public static void main(String[] args) throws Exception { + KeyTool kt = new KeyTool(); + kt.doPrintEntries(System.out); + } } |