OpenJDK / amber / amber
changeset 10427:c255e1803e4d
7081783: jarsigner error when no $HOME/.keystore
Reviewed-by: xuelei
| author | weijun |
|---|---|
| date | Mon, 05 Sep 2011 11:22:27 +0800 |
| parents | 90d1b830cdd6 |
| children | 0bb8e9b89b98 |
| files | jdk/src/share/classes/sun/security/tools/JarSigner.java |
| diffstat | 1 files changed, 52 insertions(+), 43 deletions(-) [+] |
line wrap: on
line diff
--- a/jdk/src/share/classes/sun/security/tools/JarSigner.java Sat Sep 03 07:46:35 2011 +0100 +++ b/jdk/src/share/classes/sun/security/tools/JarSigner.java Mon Sep 05 11:22:27 2011 +0800 @@ -1506,6 +1506,9 @@ CertPath cp = certificateFactory.generateCertPath(certs); validator.validate(cp, pkixParameters); } catch (Exception e) { + if (debug) { + e.printStackTrace(); + } chainNotValidated = true; s.append(tab + rb.getString(".CertPath.not.validated.") + e.getLocalizedMessage() + "]\n"); // TODO @@ -1562,6 +1565,27 @@ } try { + + certificateFactory = CertificateFactory.getInstance("X.509"); + validator = CertPathValidator.getInstance("PKIX"); + Set<TrustAnchor> tas = new HashSet<>(); + try { + KeyStore caks = KeyTool.getCacertsKeyStore(); + if (caks != null) { + Enumeration<String> aliases = caks.aliases(); + while (aliases.hasMoreElements()) { + String a = aliases.nextElement(); + try { + tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null)); + } catch (Exception e2) { + // ignore, when a SecretkeyEntry does not include a cert + } + } + } + } catch (Exception e) { + // Ignore, if cacerts cannot be loaded + } + if (providerName == null) { store = KeyStore.getInstance(storetype); } else { @@ -1580,45 +1604,28 @@ (rb.getString("Enter.Passphrase.for.keystore.")); } - if (nullStream) { - store.load(null, storepass); - } else { - keyStoreName = keyStoreName.replace(File.separatorChar, '/'); - URL url = null; - try { - url = new URL(keyStoreName); - } catch (java.net.MalformedURLException e) { - // try as file - url = new File(keyStoreName).toURI().toURL(); - } - InputStream is = null; - try { - is = url.openStream(); - store.load(is, storepass); - } finally { - if (is != null) { - is.close(); + try { + if (nullStream) { + store.load(null, storepass); + } else { + keyStoreName = keyStoreName.replace(File.separatorChar, '/'); + URL url = null; + try { + url = new URL(keyStoreName); + } catch (java.net.MalformedURLException e) { + // try as file + url = new File(keyStoreName).toURI().toURL(); } - } - } - Set<TrustAnchor> tas = new HashSet<>(); - try { - KeyStore caks = KeyTool.getCacertsKeyStore(); - if (caks != null) { - Enumeration<String> aliases = caks.aliases(); - while (aliases.hasMoreElements()) { - String a = aliases.nextElement(); - try { - tas.add(new TrustAnchor((X509Certificate)caks.getCertificate(a), null)); - } catch (Exception e2) { - // ignore, when a SecretkeyEntry does not include a cert + InputStream is = null; + try { + is = url.openStream(); + store.load(is, storepass); + } finally { + if (is != null) { + is.close(); } } } - } catch (Exception e) { - // Ignore, if cacerts cannot be loaded - } - if (store != null) { Enumeration<String> aliases = store.aliases(); while (aliases.hasMoreElements()) { String a = aliases.nextElement(); @@ -1634,14 +1641,13 @@ // ignore, when a SecretkeyEntry does not include a cert } } - } - certificateFactory = CertificateFactory.getInstance("X.509"); - validator = CertPathValidator.getInstance("PKIX"); - try { - pkixParameters = new PKIXParameters(tas); - pkixParameters.setRevocationEnabled(false); - } catch (InvalidAlgorithmParameterException ex) { - // Only if tas is empty + } finally { + try { + pkixParameters = new PKIXParameters(tas); + pkixParameters.setRevocationEnabled(false); + } catch (InvalidAlgorithmParameterException ex) { + // Only if tas is empty + } } } catch (IOException ioe) { throw new RuntimeException(rb.getString("keystore.load.") + @@ -1805,6 +1811,9 @@ CertPath cp = certificateFactory.generateCertPath(Arrays.asList(certChain)); validator.validate(cp, pkixParameters); } catch (Exception e) { + if (debug) { + e.printStackTrace(); + } chainNotValidated = true; }