113     static final int IN_KEYSTORE = 0x01;        // signer is in keystore
115                                                 // signer is not in alias list
116     static final int SIGNED_BY_ALIAS = 0x08;    // signer is in alias list
118     X509Certificate[] certChain;    // signer's cert chain (when composing)
706             //      key: signer info string
758                         for (CodeSigner signer: signers) {
762                             String si = signerInfo(signer, tab);
861             // If signer is a trusted cert or private entry in user's own
887                             X509Certificate signer = si.getCertificate(p7);
892                             PublicKey key = signer.getPublicKey();
910                                         signer.getSubjectX500Principal(),
922                                         signer.getSubjectX500Principal(),
973                         System.out.println(rb.getString("jar.verified.with.signer.errors."));
994                             rb.getString("This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
999                             rb.getString("This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing."));
1004                             rb.getString("This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing."));
1013                             "This.jar.contains.entries.whose.signer.certificate.has.expired."));
1017                             "This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid."));
1037                                 "This.jar.contains.entries.whose.signer.certificate.is.self.signed."));
1050                                 "This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months."));
1234     private int inKeyStoreForOneSigner(CodeSigner signer) {
1235         if (cacheForInKS.containsKey(signer)) {
1236             return cacheForInKS.get(signer);
1240         List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates();
1267         cacheForInKS.put(signer, result);
1280         for (CodeSigner signer: signers) {
1281             int result = inKeyStoreForOneSigner(signer);
1493                     System.out.println(rb.getString("jar.signed.with.signer.errors."));
1505                         rb.getString("The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing."));
1510                         rb.getString("The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing."));
1515                         rb.getString("The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing."));
1520                         rb.getString("The.signer.certificate.has.expired."));
1523                         rb.getString("The.signer.certificate.is.not.yet.valid."));
1528                             rb.getString("The.signer.s.certificate.chain.is.not.validated.reason.1"),
1534                             rb.getString("The.signer.s.certificate.is.self.signed."));
1569                             rb.getString("The.signer.certificate.will.expire.within.six.months."));
1603     private String signerInfo(CodeSigner signer, String tab) {
1604         if (cacheForSignerInfo.containsKey(signer)) {
1605             return cacheForSignerInfo.get(signer);
1608         List<? extends Certificate> certs = signer.getSignerCertPath().getCertificates();
1611         Timestamp ts = signer.getTimestamp();
1641         cacheForSignerInfo.put(signer, result);
1772      * Check if userCert is designed to be a code signer
1781         // Can act as a signer?
1883                         ("found.non.X.509.certificate.in.signer.s.chain"));

Indexes created Sun Jun 30 11:05:36 MDT 2024