Re: [jboss-dev] certs and verified signers
Read the fine manual :-)
http://java.sun.com/j2se/1.5.0/docs/api/java/util/jar/JarEntry.html#getCe...
i.e. you have to read() the entire stream before asking
for the certs/signers.
The classloader will have already done that when it loaded the byte
code, see BaseClassLoader.loadClassLocally():
// Load the bytecode
byte[] byteCode = ClassLoaderUtils.loadByteCode(name, is);
// Let the policy do things before we define the class
BaseClassLoaderPolicy basePolicy = policy;
ProtectionDomain protectionDomain = basePolicy.getProtectionDomain(name,
resourcePath);
where the last line will expect the VFSClassLoaderPolicy to
get the certificates for the "resource path".
But the real reason for JBCL-67 - besides having a
mechanism to do a VirtualFile.getCertificates() - is how to do it for
non-jar files, e.g. unpacked deployments?
On Tue, 2009-09-15 at 16:26 +0200, Ales Justin wrote:
WRT JBCL-67.
I have a jar which I signed with
keytool -genkeypair -alias mycert -keystore keystore -keypass ambam123
jarsigner -keystore keystore -storepass ambam123
..\DIFramework\dist\another.jar mycert
keytool -exportcert -keystore keystore -alias mycert -file mare_cert.cer
keytool -importcert -file mare_cert.cer -keystore ales_store -storepass
ambam5
java -Djavax.net.ssl.trustStore=ales_store
-Djavax.net.ssl.trustStorePassword=ambam5
This jar includes com/acme/X.class.
So, I would now expect when I access this class in jar via JarEntry
to be able to get its certificates: JarEntry::getCertificates.
But I get null.
I guess I'm missing a list of verified signers?
JarVerfier.class:
/**
* Return an array of java.security.cert.Certificate objects for
* the given file in the jar.
*/
public java.security.cert.Certificate[] getCerts(String name)
{
CodeSigner[] signers = getCodeSigners(name);
// Extract the certs in each code signer's cert chain
if (signers != null) { // <----- THIS is null in my case
How do I add this signers?
I already hacked out my security knowledge, w/o any success. ;-(
_______________________________________________
jboss-development mailing list
jboss-development(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-development
--
xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Adrian Brock
Chief Scientist
JBoss by Red Hat
xxxxxxxxxxxxxxxxxxxxxxxxxxxx