659 && !signatureRelated(name);
660
661 int inStoreOrScope = inKeyStore(signers);
662
663 boolean inStore = (inStoreOrScope & IN_KEYSTORE) != 0;
664 boolean inScope = (inStoreOrScope & IN_SCOPE) != 0;
665
666 notSignedByAlias |= (inStoreOrScope & NOT_ALIAS) != 0;
667 if (keystore != null) {
668 aliasNotInStore |= isSigned && (!inStore && !inScope);
669 }
670
671 // Only used when -verbose provided
672 StringBuffer sb = null;
673 if (verbose != null) {
674 sb = new StringBuffer();
675 boolean inManifest =
676 ((man.getAttributes(name) != null) ||
677 (man.getAttributes("./"+name) != null) ||
678 (man.getAttributes("/"+name) != null));
679 sb.append(
680 (isSigned ? rb.getString("s") : rb.getString("SPACE")) +
681 (inManifest ? rb.getString("m") : rb.getString("SPACE")) +
682 (inStore ? rb.getString("k") : rb.getString("SPACE")) +
683 (inScope ? rb.getString("i") : rb.getString("SPACE")) +
684 ((inStoreOrScope & NOT_ALIAS) != 0 ?"X":" ") +
685 rb.getString("SPACE"));
686 sb.append("|");
687 }
688
689 // When -certs provided, display info has extra empty
690 // lines at the beginning and end.
691 if (isSigned) {
692 if (showcerts) sb.append('\n');
693 for (CodeSigner signer: signers) {
694 // signerInfo() must be called even if -verbose
695 // not provided. The method updates various
696 // warning flags.
697 String si = signerInfo(signer, tab);
698 if (showcerts) {
699 sb.append(si);
700 sb.append('\n');
701 }
702 }
703 } else if (showcerts && !verbose.equals("all")) {
704 // Print no info for unsigned entries when -verbose:all,
705 // to be consistent with old behavior.
706 if (signatureRelated(name)) {
707 sb.append("\n" + tab + rb.getString(
708 ".Signature.related.entries.") + "\n\n");
709 } else {
710 sb.append("\n" + tab + rb.getString(
711 ".Unsigned.entries.") + "\n\n");
712 }
713 }
714
715 if (verbose != null) {
716 String label = sb.toString();
717 if (signatureRelated(name)) {
718 // Entries inside META-INF and other unsigned
719 // entries are grouped separately.
720 label = "-" + label;
721 }
722
723 // The label finally contains 2 parts separated by '|':
724 // The legend displayed before the entry names, and
725 // the cert info (if -certs specified).
726
727 if (!output.containsKey(label)) {
728 output.put(label, new ArrayList<String>());
729 }
730
731 StringBuilder fb = new StringBuilder();
1588 // display the certificate(sb). The first one is end-entity cert and
1589 // its KeyUsage should be checked.
1590 boolean first = true;
1591 for (Certificate c : certs) {
1592 sb.append(printCert(tab, c, true, timestamp, first));
1593 sb.append('\n');
1594 first = false;
1595 }
1596 try {
1597 validateCertChain(certs);
1598 } catch (Exception e) {
1599 if (debug) {
1600 e.printStackTrace();
1601 }
1602 if (e.getCause() != null &&
1603 (e.getCause() instanceof CertificateExpiredException ||
1604 e.getCause() instanceof CertificateNotYetValidException)) {
1605 // No more warning, we alreay have hasExpiredCert or notYetValidCert
1606 } else {
1607 chainNotValidated = true;
1608 sb.append(tab + rb.getString(".CertPath.not.validated.") +
1609 e.getLocalizedMessage() + "]\n"); // TODO
1610 }
1611 }
1612 String result = sb.toString();
1613 cacheForSignerInfo.put(signer, result);
1614 return result;
1615 }
1616
1617 private void writeEntry(ZipFile zf, ZipOutputStream os, ZipEntry ze)
1618 throws IOException
1619 {
1620 ZipEntry ze2 = new ZipEntry(ze.getName());
1621 ze2.setMethod(ze.getMethod());
1622 ze2.setTime(ze.getTime());
1623 ze2.setComment(ze.getComment());
1624 ze2.setExtra(ze.getExtra());
1625 if (ze.getMethod() == ZipEntry.STORED) {
1626 ze2.setSize(ze.getSize());
1627 ze2.setCrc(ze.getCrc());
1628 }
1629 os.putNextEntry(ze2);
|
659 && !signatureRelated(name);
660
661 int inStoreOrScope = inKeyStore(signers);
662
663 boolean inStore = (inStoreOrScope & IN_KEYSTORE) != 0;
664 boolean inScope = (inStoreOrScope & IN_SCOPE) != 0;
665
666 notSignedByAlias |= (inStoreOrScope & NOT_ALIAS) != 0;
667 if (keystore != null) {
668 aliasNotInStore |= isSigned && (!inStore && !inScope);
669 }
670
671 // Only used when -verbose provided
672 StringBuffer sb = null;
673 if (verbose != null) {
674 sb = new StringBuffer();
675 boolean inManifest =
676 ((man.getAttributes(name) != null) ||
677 (man.getAttributes("./"+name) != null) ||
678 (man.getAttributes("/"+name) != null));
679 sb.append(isSigned ? rb.getString("s") : rb.getString("SPACE"))
680 .append(inManifest ? rb.getString("m") : rb.getString("SPACE"))
681 .append(inStore ? rb.getString("k") : rb.getString("SPACE"))
682 .append(inScope ? rb.getString("i") : rb.getString("SPACE"))
683 .append((inStoreOrScope & NOT_ALIAS) != 0 ? 'X' : ' ')
684 .append(rb.getString("SPACE"));
685 sb.append('|');
686 }
687
688 // When -certs provided, display info has extra empty
689 // lines at the beginning and end.
690 if (isSigned) {
691 if (showcerts) sb.append('\n');
692 for (CodeSigner signer: signers) {
693 // signerInfo() must be called even if -verbose
694 // not provided. The method updates various
695 // warning flags.
696 String si = signerInfo(signer, tab);
697 if (showcerts) {
698 sb.append(si);
699 sb.append('\n');
700 }
701 }
702 } else if (showcerts && !verbose.equals("all")) {
703 // Print no info for unsigned entries when -verbose:all,
704 // to be consistent with old behavior.
705 if (signatureRelated(name)) {
706 sb.append('\n')
707 .append(tab)
708 .append(rb
709 .getString(".Signature.related.entries."))
710 .append("\n\n");
711 } else {
712 sb.append('\n').append(tab)
713 .append(rb.getString(".Unsigned.entries."))
714 .append("\n\n");
715 }
716 }
717
718 if (verbose != null) {
719 String label = sb.toString();
720 if (signatureRelated(name)) {
721 // Entries inside META-INF and other unsigned
722 // entries are grouped separately.
723 label = "-" + label;
724 }
725
726 // The label finally contains 2 parts separated by '|':
727 // The legend displayed before the entry names, and
728 // the cert info (if -certs specified).
729
730 if (!output.containsKey(label)) {
731 output.put(label, new ArrayList<String>());
732 }
733
734 StringBuilder fb = new StringBuilder();
1591 // display the certificate(sb). The first one is end-entity cert and
1592 // its KeyUsage should be checked.
1593 boolean first = true;
1594 for (Certificate c : certs) {
1595 sb.append(printCert(tab, c, true, timestamp, first));
1596 sb.append('\n');
1597 first = false;
1598 }
1599 try {
1600 validateCertChain(certs);
1601 } catch (Exception e) {
1602 if (debug) {
1603 e.printStackTrace();
1604 }
1605 if (e.getCause() != null &&
1606 (e.getCause() instanceof CertificateExpiredException ||
1607 e.getCause() instanceof CertificateNotYetValidException)) {
1608 // No more warning, we alreay have hasExpiredCert or notYetValidCert
1609 } else {
1610 chainNotValidated = true;
1611 sb.append(tab).append(rb.getString(".CertPath.not.validated."))
1612 .append(e.getLocalizedMessage()).append("]\n"); // TODO
1613 }
1614 }
1615 String result = sb.toString();
1616 cacheForSignerInfo.put(signer, result);
1617 return result;
1618 }
1619
1620 private void writeEntry(ZipFile zf, ZipOutputStream os, ZipEntry ze)
1621 throws IOException
1622 {
1623 ZipEntry ze2 = new ZipEntry(ze.getName());
1624 ze2.setMethod(ze.getMethod());
1625 ze2.setTime(ze.getTime());
1626 ze2.setComment(ze.getComment());
1627 ze2.setExtra(ze.getExtra());
1628 if (ze.getMethod() == ZipEntry.STORED) {
1629 ze2.setSize(ze.getSize());
1630 ze2.setCrc(ze.getCrc());
1631 }
1632 os.putNextEntry(ze2);
|