feat(jdk8): move files to new folder to avoid resources compiled.

jdkSrc/jdk8/sun/security/tools/jarsigner/TimestampedSigner.java

@@ -0,0 +1,192 @@
+/*
+ * Copyright (c) 2007, 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.tools.jarsigner;
+
+import java.io.IOException;
+import java.net.URI;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+import com.sun.jarsigner.*;
+import sun.security.pkcs.PKCS7;
+import sun.security.util.*;
+import sun.security.x509.*;
+
+/**
+ * This class implements a content signing service.
+ * It generates a timestamped signature for a given content according to
+ * <a href="http://www.ietf.org/rfc/rfc3161.txt">RFC 3161</a>.
+ * The signature along with a trusted timestamp and the signer's certificate
+ * are all packaged into a standard PKCS #7 Signed Data message.
+ *
+ * @author Vincent Ryan
+ */
+
+public final class TimestampedSigner extends ContentSigner {
+
+    /*
+     * Object identifier for the subject information access X.509 certificate
+     * extension.
+     */
+    private static final String SUBJECT_INFO_ACCESS_OID = "1.3.6.1.5.5.7.1.11";
+
+    /*
+     * Object identifier for the timestamping access descriptors.
+     */
+    private static final ObjectIdentifier AD_TIMESTAMPING_Id;
+    static {
+        ObjectIdentifier tmp = null;
+        try {
+            tmp = new ObjectIdentifier("1.3.6.1.5.5.7.48.3");
+        } catch (IOException e) {
+            // ignore
+        }
+        AD_TIMESTAMPING_Id = tmp;
+    }
+
+    /**
+     * Instantiates a content signer that supports timestamped signatures.
+     */
+    public TimestampedSigner() {
+    }
+
+    /**
+     * Generates a PKCS #7 signed data message that includes a signature
+     * timestamp.
+     * This method is used when a signature has already been generated.
+     * The signature, a signature timestamp, the signer's certificate chain,
+     * and optionally the content that was signed, are packaged into a PKCS #7
+     * signed data message.
+     *
+     * @param params The non-null input parameters.
+     * @param omitContent true if the content should be omitted from the
+     *        signed data message. Otherwise the content is included.
+     * @param applyTimestamp true if the signature should be timestamped.
+     *        Otherwise timestamping is not performed.
+     * @return A PKCS #7 signed data message including a signature timestamp.
+     * @throws NoSuchAlgorithmException The exception is thrown if the signature
+     *         algorithm is unrecognised.
+     * @throws CertificateException The exception is thrown if an error occurs
+     *         while processing the signer's certificate or the TSA's
+     *         certificate.
+     * @throws IOException The exception is thrown if an error occurs while
+     *         generating the signature timestamp or while generating the signed
+     *         data message.
+     * @throws NullPointerException The exception is thrown if parameters is
+     *         null.
+     */
+    public byte[] generateSignedData(ContentSignerParameters params,
+        boolean omitContent, boolean applyTimestamp)
+            throws NoSuchAlgorithmException, CertificateException, IOException {
+
+        if (params == null) {
+            throw new NullPointerException();
+        }
+
+        // Parse the signature algorithm to extract the digest
+        // algorithm. The expected format is:
+        //     "<digest>with<encryption>"
+        // or  "<digest>with<encryption>and<mgf>"
+        String signatureAlgorithm = params.getSignatureAlgorithm();
+
+        X509Certificate[] signerChain = params.getSignerCertificateChain();
+        byte[] signature = params.getSignature();
+
+        // Include or exclude content
+        byte[] content = (omitContent == true) ? null : params.getContent();
+
+        URI tsaURI = null;
+        if (applyTimestamp) {
+            tsaURI = params.getTimestampingAuthority();
+            if (tsaURI == null) {
+                // Examine TSA cert
+                tsaURI = getTimestampingURI(
+                    params.getTimestampingAuthorityCertificate());
+                if (tsaURI == null) {
+                    throw new CertificateException(
+                        "Subject Information Access extension not found");
+                }
+            }
+        }
+        String tSADigestAlg = "SHA-256";
+        if (params instanceof JarSignerParameters) {
+            tSADigestAlg = ((JarSignerParameters)params).getTSADigestAlg();
+        }
+        return PKCS7.generateSignedData(signature, signerChain, content,
+                                        params.getSignatureAlgorithm(), tsaURI,
+                                        params.getTSAPolicyID(),
+                                        tSADigestAlg);
+    }
+
+    /**
+     * Examine the certificate for a Subject Information Access extension
+     * (<a href="http://tools.ietf.org/html/rfc5280">RFC 5280</a>).
+     * The extension's {@code accessMethod} field should contain the object
+     * identifier defined for timestamping: 1.3.6.1.5.5.7.48.3 and its
+     * {@code accessLocation} field should contain an HTTP or HTTPS URL.
+     *
+     * @param tsaCertificate An X.509 certificate for the TSA.
+     * @return An HTTP or HTTPS URI or null if none was found.
+     */
+    public static URI getTimestampingURI(X509Certificate tsaCertificate) {
+
+        if (tsaCertificate == null) {
+            return null;
+        }
+        // Parse the extensions
+        try {
+            byte[] extensionValue =
+                tsaCertificate.getExtensionValue(SUBJECT_INFO_ACCESS_OID);
+            if (extensionValue == null) {
+                return null;
+            }
+            DerInputStream der = new DerInputStream(extensionValue);
+            der = new DerInputStream(der.getOctetString());
+            DerValue[] derValue = der.getSequence(5);
+            AccessDescription description;
+            GeneralName location;
+            URIName uri;
+            for (int i = 0; i < derValue.length; i++) {
+                description = new AccessDescription(derValue[i]);
+                if (description.getAccessMethod()
+                        .equals((Object)AD_TIMESTAMPING_Id)) {
+                    location = description.getAccessLocation();
+                    if (location.getType() == GeneralNameInterface.NAME_URI) {
+                        uri = (URIName) location.getName();
+                        if (uri.getScheme().equalsIgnoreCase("http") ||
+                                uri.getScheme().equalsIgnoreCase("https")) {
+                            return uri.getURI();
+                        }
+                    }
+                }
+            }
+        } catch (IOException ioe) {
+            // ignore
+        }
+        return null;
+    }
+}