archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-26 14:24:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8257722: Improve "keytool -printcert -jarfile" output

Browse source 
Reviewed-by: weijun
This commit is contained in:
Hai-May Chao 2021-10-28 23:04:34 +00:00
parent 21da218387
commit de93b1d0e8
4 changed files with 169 additions and 87 deletions
Download patch file Download diff file Expand all files Collapse all files

106
src/java.base/share/classes/sun/security/tools/keytool/Main.java
View file

@ -2847,6 +2847,23 @@ public final class Main {
}
}
private static String oneInManys(String label, int certNo, int certCnt, int signerNo,
int signerCnt) {
if (certCnt == 1 && signerCnt == 1) {
return label;
}
if (certCnt > 1 && signerCnt == 1) {
return String.format(rb.getString("one.in.many1"), label, certNo);
}
if (certCnt == 1 && signerCnt > 1) {
return String.format(rb.getString("one.in.many2"), label, signerNo);
}
if (certCnt > 1 && signerCnt > 1) {
return String.format(rb.getString("one.in.many3"), label, certNo, signerNo);
}
return label;
}
private void doPrintCert(final PrintStream out) throws Exception {
if (jarfile != null) {
// reset "jdk.certpath.disabledAlgorithms" security property
@ -2855,7 +2872,7 @@ public final class Main {
JarFile jf = new JarFile(jarfile, true);
Enumeration<JarEntry> entries = jf.entries();
Set<CodeSigner> ss = new HashSet<>();
LinkedHashSet<CodeSigner> ss = new LinkedHashSet<>();
byte[] buffer = new byte[8192];
int pos = 0;
while (entries.hasMoreElements()) {
@ -2872,48 +2889,59 @@ public final class Main {
for (CodeSigner signer: signers) {
if (!ss.contains(signer)) {
ss.add(signer);
out.printf(rb.getString("Signer.d."), ++pos);
out.println();
out.println();
out.println(rb.getString("Signature."));
out.println();
List<? extends Certificate> certs
= signer.getSignerCertPath().getCertificates();
int cc = 0;
for (Certificate cert: certs) {
X509Certificate x = (X509Certificate)cert;
if (rfc) {
out.println(rb.getString("Certificate.owner.") + x.getSubjectX500Principal() + "\n");
dumpCert(x, out);
} else {
printX509Cert(x, out);
}
out.println();
checkWeak(oneInMany(rb.getString("the.certificate"), cc++, certs.size()), x);
}
Timestamp ts = signer.getTimestamp();
if (ts != null) {
out.println(rb.getString("Timestamp."));
out.println();
certs = ts.getSignerCertPath().getCertificates();
cc = 0;
for (Certificate cert: certs) {
X509Certificate x = (X509Certificate)cert;
if (rfc) {
out.println(rb.getString("Certificate.owner.") + x.getSubjectX500Principal() + "\n");
dumpCert(x, out);
} else {
printX509Cert(x, out);
}
out.println();
checkWeak(oneInMany(rb.getString("the.tsa.certificate"), cc++, certs.size()), x);
}
}
}
}
}
}
for (CodeSigner signer: ss) {
out.printf(rb.getString("Signer.d."), ++pos);
out.println();
out.println();
List<? extends Certificate> certs
= signer.getSignerCertPath().getCertificates();
int cc = 0;
for (Certificate cert: certs) {
out.printf(rb.getString("Certificate.d."), ++cc);
out.println();
X509Certificate x = (X509Certificate)cert;
if (rfc) {
out.println(rb.getString("Certificate.owner.") + x.getSubjectX500Principal() + "\n");
dumpCert(x, out);
} else {
printX509Cert(x, out);
}
out.println();
checkWeak(oneInManys(rb.getString(
"the.certificate"), cc,
certs.size(), pos,
ss.size()), x);
}
Timestamp ts = signer.getTimestamp();
if (ts != null) {
out.println(rb.getString("Timestamp."));
out.println();
certs = ts.getSignerCertPath().getCertificates();
cc = 0;
for (Certificate cert: certs) {
out.printf(rb.getString("Certificate.d."), ++cc);
out.println();
X509Certificate x = (X509Certificate)cert;
if (rfc) {
out.println(rb.getString("Certificate.owner.") + x.getSubjectX500Principal() + "\n");
dumpCert(x, out);
} else {
printX509Cert(x, out);
}
out.println();
checkWeak(oneInManys(rb.getString(
"the.tsa.certificate"), cc,
certs.size(), pos,
ss.size()), x);
}
}
}
jf.close();
if (ss.isEmpty()) {
out.println(rb.getString("Not.a.signed.jar.file"));