1 /*
2 * Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.tools.jarsigner;
27
28 /**
29 * <p> This class represents the <code>ResourceBundle</code>
30 * for JarSigner.
31 *
32 */
33 public class Resources extends java.util.ListResourceBundle {
34
35 private static final Object[][] contents = {
36
37 // shared (from jarsigner)
38 {"SPACE", " "},
39 {"6SPACE", " "},
40 {"COMMA", ", "},
41
42 {"provclass.not.a.provider", "%s not a provider"},
43 {"provider.name.not.found", "Provider named \"%s\" not found"},
44 {"provider.class.not.found", "Provider \"%s\" not found"},
45 {"jarsigner.error.", "jarsigner error: "},
46 {"Illegal.option.", "Illegal option: "},
47 {"This.option.is.forremoval", "This option is deprecated and will be removed in a future release: "},
48 {".keystore.must.be.NONE.if.storetype.is.{0}",
49 "-keystore must be NONE if -storetype is {0}"},
50 {".keypass.can.not.be.specified.if.storetype.is.{0}",
51 "-keypass can not be specified if -storetype is {0}"},
52 {"If.protected.is.specified.then.storepass.and.keypass.must.not.be.specified",
53 "If -protected is specified, then -storepass and -keypass must not be specified"},
54 {"If.keystore.is.not.password.protected.then.storepass.and.keypass.must.not.be.specified",
55 "If keystore is not password protected, then -storepass and -keypass must not be specified"},
56 {"Usage.jarsigner.options.jar.file.alias",
57 "Usage: jarsigner [options] jar-file alias"},
58 {".jarsigner.verify.options.jar.file.alias.",
59 " jarsigner -verify [options] jar-file [alias...]"},
60 {".keystore.url.keystore.location",
61 "[-keystore <url>] keystore location"},
62 {".storepass.password.password.for.keystore.integrity",
63 "[-storepass <password>] password for keystore integrity"},
64 {".storetype.type.keystore.type",
65 "[-storetype <type>] keystore type"},
66 {".keypass.password.password.for.private.key.if.different.",
67 "[-keypass <password>] password for private key (if different)"},
68 {".certchain.file.name.of.alternative.certchain.file",
69 "[-certchain <file>] name of alternative certchain file"},
70 {".sigfile.file.name.of.SF.DSA.file",
71 "[-sigfile <file>] name of .SF/.DSA file"},
72 {".signedjar.file.name.of.signed.JAR.file",
73 "[-signedjar <file>] name of signed JAR file"},
74 {".digestalg.algorithm.name.of.digest.algorithm",
75 "[-digestalg <algorithm>] name of digest algorithm"},
76 {".sigalg.algorithm.name.of.signature.algorithm",
77 "[-sigalg <algorithm>] name of signature algorithm"},
78 {".verify.verify.a.signed.JAR.file",
79 "[-verify] verify a signed JAR file"},
80 {".verbose.suboptions.verbose.output.when.signing.verifying.",
81 "[-verbose[:suboptions]] verbose output when signing/verifying."},
82 {".suboptions.can.be.all.grouped.or.summary",
83 " suboptions can be all, grouped or summary"},
84 {".certs.display.certificates.when.verbose.and.verifying",
85 "[-certs] display certificates when verbose and verifying"},
86 {".certs.revocation.check",
87 "[-revCheck] Enable certificate revocation check"},
88 {".tsa.url.location.of.the.Timestamping.Authority",
89 "[-tsa <url>] location of the Timestamping Authority"},
90 {".tsacert.alias.public.key.certificate.for.Timestamping.Authority",
91 "[-tsacert <alias>] public key certificate for Timestamping Authority"},
92 {".tsapolicyid.tsapolicyid.for.Timestamping.Authority",
93 "[-tsapolicyid <oid>] TSAPolicyID for Timestamping Authority"},
94 {".tsadigestalg.algorithm.of.digest.data.in.timestamping.request",
95 "[-tsadigestalg <algorithm>] algorithm of digest data in timestamping request"},
96 {".altsigner.class.class.name.of.an.alternative.signing.mechanism",
97 "[-altsigner <class>] class name of an alternative signing mechanism\n" +
98 " (This option is deprecated and will be removed in a future release.)"},
99 {".altsignerpath.pathlist.location.of.an.alternative.signing.mechanism",
100 "[-altsignerpath <pathlist>] location of an alternative signing mechanism\n" +
101 " (This option is deprecated and will be removed in a future release.)"},
102 {".internalsf.include.the.SF.file.inside.the.signature.block",
103 "[-internalsf] include the .SF file inside the signature block"},
104 {".sectionsonly.don.t.compute.hash.of.entire.manifest",
105 "[-sectionsonly] don't compute hash of entire manifest"},
106 {".protected.keystore.has.protected.authentication.path",
107 "[-protected] keystore has protected authentication path"},
108 {".providerName.name.provider.name",
109 "[-providerName <name>] provider name"},
110 {".add.provider.option",
111 "[-addprovider <name> add security provider by name (e.g. SunPKCS11)"},
112 {".providerArg.option.1",
113 " [-providerArg <arg>]] ... configure argument for -addprovider"},
114 {".providerClass.option",
115 "[-providerClass <class> add security provider by fully-qualified class name"},
116 {".providerArg.option.2",
117 " [-providerArg <arg>]] ... configure argument for -providerClass"},
118 {".strict.treat.warnings.as.errors",
119 "[-strict] treat warnings as errors"},
120 {".conf.url.specify.a.pre.configured.options.file",
121 "[-conf <url>] specify a pre-configured options file"},
122 {".print.this.help.message",
123 "[-? -h --help] Print this help message"},
124 {"Option.lacks.argument", "Option lacks argument"},
125 {"Please.type.jarsigner.help.for.usage", "Please type jarsigner --help for usage"},
126 {"Please.specify.jarfile.name", "Please specify jarfile name"},
127 {"Please.specify.alias.name", "Please specify alias name"},
128 {"Only.one.alias.can.be.specified", "Only one alias can be specified"},
129 {"This.jar.contains.signed.entries.which.is.not.signed.by.the.specified.alias.es.",
130 "This jar contains signed entries which are not signed by the specified alias(es)."},
131 {"This.jar.contains.signed.entries.that.s.not.signed.by.alias.in.this.keystore.",
132 "This jar contains signed entries that are not signed by alias in this keystore."},
133 {"s", "s"},
134 {"m", "m"},
135 {"k", "k"},
136 {".and.d.more.", "(and %d more)"},
137 {".s.signature.was.verified.",
138 " s = signature was verified "},
139 {".m.entry.is.listed.in.manifest",
140 " m = entry is listed in manifest"},
141 {".k.at.least.one.certificate.was.found.in.keystore",
142 " k = at least one certificate was found in keystore"},
143 {".X.not.signed.by.specified.alias.es.",
144 " X = not signed by specified alias(es)"},
145 {"no.manifest.", "no manifest."},
146 {".Signature.related.entries.","(Signature related entries)"},
147 {".Unsigned.entries.", "(Unsigned entries)"},
148 {"jar.is.unsigned",
149 "jar is unsigned."},
150 {"jar.treated.unsigned",
151 "WARNING: Signature is either not parsable or not verifiable, and the jar will be treated as unsigned. For more information, re-run jarsigner with debug enabled (-J-Djava.security.debug=jar)."},
152 {"jar.treated.unsigned.see.weak",
153 "The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled.\n\nRe-run jarsigner with the -verbose option for more details."},
154 {"jar.treated.unsigned.see.weak.verbose",
155 "WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:"},
156 {"jar.signed.", "jar signed."},
157 {"jar.signed.with.signer.errors.", "jar signed, with signer errors."},
158 {"jar.verified.", "jar verified."},
159 {"jar.verified.with.signer.errors.", "jar verified, with signer errors."},
160
161 {"history.with.ts", "- Signed by \"%1$s\"\n Digest algorithm: %2$s\n Signature algorithm: %3$s, %4$s\n Timestamped by \"%6$s\" on %5$tc\n Timestamp digest algorithm: %7$s\n Timestamp signature algorithm: %8$s, %9$s"},
162 {"history.without.ts", "- Signed by \"%1$s\"\n Digest algorithm: %2$s\n Signature algorithm: %3$s, %4$s"},
163 {"history.unparsable", "- Unparsable signature-related file %s"},
164 {"history.nosf", "- Missing signature-related file META-INF/%s.SF"},
165 {"history.nobk", "- Missing block file for signature-related file META-INF/%s.SF"},
166
167 {"with.weak", "%s (weak)"},
168 {"with.disabled", "%s (disabled)"},
169 {"key.bit", "%d-bit key"},
170 {"key.bit.weak", "%d-bit key (weak)"},
171 {"key.bit.disabled", "%d-bit key (disabled)"},
172 {"unknown.size", "unknown size"},
173
174 {"jarsigner.", "jarsigner: "},
175 {"signature.filename.must.consist.of.the.following.characters.A.Z.0.9.or.",
176 "signature filename must consist of the following characters: A-Z, 0-9, _ or -"},
177 {"unable.to.open.jar.file.", "unable to open jar file: "},
178 {"unable.to.create.", "unable to create: "},
179 {".adding.", " adding: "},
180 {".updating.", " updating: "},
181 {".signing.", " signing: "},
182 {"attempt.to.rename.signedJarFile.to.jarFile.failed",
183 "attempt to rename {0} to {1} failed"},
184 {"attempt.to.rename.jarFile.to.origJar.failed",
185 "attempt to rename {0} to {1} failed"},
186 {"unable.to.sign.jar.", "unable to sign jar: "},
187 {"Enter.Passphrase.for.keystore.", "Enter Passphrase for keystore: "},
188 {"keystore.load.", "keystore load: "},
189 {"certificate.exception.", "certificate exception: "},
190 {"unable.to.instantiate.keystore.class.",
191 "unable to instantiate keystore class: "},
192 {"Certificate.chain.not.found.for.alias.alias.must.reference.a.valid.KeyStore.key.entry.containing.a.private.key.and",
193 "Certificate chain not found for: {0}. {1} must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain."},
194 {"File.specified.by.certchain.does.not.exist",
195 "File specified by -certchain does not exist"},
196 {"Cannot.restore.certchain.from.file.specified",
197 "Cannot restore certchain from file specified"},
198 {"Certificate.chain.not.found.in.the.file.specified.",
199 "Certificate chain not found in the file specified."},
200 {"found.non.X.509.certificate.in.signer.s.chain",
201 "found non-X.509 certificate in signer's chain"},
202 {"Enter.key.password.for.alias.", "Enter key password for {0}: "},
203 {"unable.to.recover.key.from.keystore",
204 "unable to recover key from keystore"},
205 {"key.associated.with.alias.not.a.private.key",
206 "key associated with {0} not a private key"},
207 {"you.must.enter.key.password", "you must enter key password"},
208 {"unable.to.read.password.", "unable to read password: "},
209 {"certificate.is.valid.from", "certificate is valid from {0} to {1}"},
210 {"certificate.expired.on", "certificate expired on {0}"},
211 {"certificate.is.not.valid.until",
212 "certificate is not valid until {0}"},
213 {"certificate.will.expire.on", "certificate will expire on {0}"},
214 {".Invalid.certificate.chain.", "[Invalid certificate chain: "},
215 {".Invalid.TSA.certificate.chain.", "[Invalid TSA certificate chain: "},
216 {"requesting.a.signature.timestamp",
217 "requesting a signature timestamp"},
218 {"TSA.location.", "TSA location: "},
219 {"TSA.certificate.", "TSA certificate: "},
220 {"no.response.from.the.Timestamping.Authority.",
221 "no response from the Timestamping Authority. When connecting"
222 + " from behind a firewall an HTTP or HTTPS proxy may need to"
223 + " be specified. Supply the following options to jarsigner:"},
224 {"or", "or"},
225 {"Certificate.not.found.for.alias.alias.must.reference.a.valid.KeyStore.entry.containing.an.X.509.public.key.certificate.for.the",
226 "Certificate not found for: {0}. {1} must reference a valid KeyStore entry containing an X.509 public key certificate for the Timestamping Authority."},
227 {"using.an.alternative.signing.mechanism",
228 "using an alternative signing mechanism"},
229 {"entry.was.signed.on", "entry was signed on {0}"},
230 {"Warning.", "Warning: "},
231 {"Error.", "Error: "},
232 {"...Signer", ">>> Signer"},
233 {"...TSA", ">>> TSA"},
234 {"trusted.certificate", "trusted certificate"},
235 {"This.jar.contains.unsigned.entries.which.have.not.been.integrity.checked.",
236 "This jar contains unsigned entries which have not been integrity-checked. "},
237 {"This.jar.contains.entries.whose.signer.certificate.has.expired.",
238 "This jar contains entries whose signer certificate has expired. "},
239 {"This.jar.contains.entries.whose.signer.certificate.will.expire.within.six.months.",
240 "This jar contains entries whose signer certificate will expire within six months. "},
241 {"This.jar.contains.entries.whose.signer.certificate.is.not.yet.valid.",
242 "This jar contains entries whose signer certificate is not yet valid. "},
243 {"This.jar.contains.entries.whose.signer.certificate.is.self.signed.",
244 "This jar contains entries whose signer certificate is self-signed."},
245 {"Re.run.with.the.verbose.and.certs.options.for.more.details.",
246 "Re-run with the -verbose and -certs options for more details."},
247 {"The.signer.certificate.has.expired.",
248 "The signer certificate has expired."},
249 {"The.timestamp.expired.1.but.usable.2",
250 "The timestamp expired on %1$tY-%1$tm-%1$td. However, the JAR will be valid until the signer certificate expires on %2$tY-%2$tm-%2$td."},
251 {"The.timestamp.has.expired.",
252 "The timestamp has expired."},
253 {"The.signer.certificate.will.expire.within.six.months.",
254 "The signer certificate will expire within six months."},
255 {"The.timestamp.will.expire.within.one.year.on.1",
256 "The timestamp will expire within one year on %1$tY-%1$tm-%1$td."},
257 {"The.timestamp.will.expire.within.one.year.on.1.but.2",
258 "The timestamp will expire within one year on %1$tY-%1$tm-%1$td. However, the JAR will be valid until the signer certificate expires on %2$tY-%2$tm-%2$td."},
259 {"The.signer.certificate.is.not.yet.valid.",
260 "The signer certificate is not yet valid."},
261 {"The.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
262 "The signer certificate's KeyUsage extension doesn't allow code signing."},
263 {"The.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.",
264 "The signer certificate's ExtendedKeyUsage extension doesn't allow code signing."},
265 {"The.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.",
266 "The signer certificate's NetscapeCertType extension doesn't allow code signing."},
267 {"This.jar.contains.entries.whose.signer.certificate.s.KeyUsage.extension.doesn.t.allow.code.signing.",
268 "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing."},
269 {"This.jar.contains.entries.whose.signer.certificate.s.ExtendedKeyUsage.extension.doesn.t.allow.code.signing.",
270 "This jar contains entries whose signer certificate's ExtendedKeyUsage extension doesn't allow code signing."},
271 {"This.jar.contains.entries.whose.signer.certificate.s.NetscapeCertType.extension.doesn.t.allow.code.signing.",
272 "This jar contains entries whose signer certificate's NetscapeCertType extension doesn't allow code signing."},
273 {".{0}.extension.does.not.support.code.signing.",
274 "[{0} extension does not support code signing]"},
275 {"The.signer.s.certificate.chain.is.invalid.reason.1",
276 "The signer's certificate chain is invalid. Reason: %s"},
277 {"The.tsa.certificate.chain.is.invalid.reason.1",
278 "The TSA certificate chain is invalid. Reason: %s"},
279 {"The.signer.s.certificate.is.self.signed.",
280 "The signer's certificate is self-signed."},
281 {"The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update.",
282 "The %1$s algorithm specified for the %2$s option is considered a security risk. This algorithm will be disabled in a future update."},
283 {"The.1.algorithm.specified.for.the.2.option.is.considered.a.security.risk.and.is.disabled.",
284 "The %1$s algorithm specified for the %2$s option is considered a security risk and is disabled."},
285 {"The.timestamp.digest.algorithm.1.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update.",
286 "The %1$s timestamp digest algorithm is considered a security risk. This algorithm will be disabled in a future update."},
287 {"The.digest.algorithm.1.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update.",
288 "The %1$s digest algorithm is considered a security risk. This algorithm will be disabled in a future update."},
289 {"The.signature.algorithm.1.is.considered.a.security.risk..This.algorithm.will.be.disabled.in.a.future.update.",
290 "The %1$s signature algorithm is considered a security risk. This algorithm will be disabled in a future update."},
291 {"The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk..This.key.size.will.be.disabled.in.a.future.update.",
292 "The %1$s signing key has a keysize of %2$d which is considered a security risk. This key size will be disabled in a future update."},
293 {"The.1.signing.key.has.a.keysize.of.2.which.is.considered.a.security.risk.and.is.disabled.",
294 "The %1$s signing key has a keysize of %2$d which is considered a security risk and is disabled."},
295 {"This.jar.contains.entries.whose.certificate.chain.is.invalid.reason.1",
296 "This jar contains entries whose certificate chain is invalid. Reason: %s"},
297 {"This.jar.contains.entries.whose.tsa.certificate.chain.is.invalid.reason.1",
298 "This jar contains entries whose TSA certificate chain is invalid. Reason: %s"},
299 {"no.timestamp.signing",
300 "No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td)."},
301 {"invalid.timestamp.signing",
302 "The timestamp is invalid. Without a valid timestamp, users may not be able to validate this jar after the signer certificate's expiration date (%1$tY-%1$tm-%1$td)."},
303 {"no.timestamp.verifying",
304 "This jar contains signatures that do not include a timestamp. Without a timestamp, users may not be able to validate this jar after any of the signer certificates expire (as early as %1$tY-%1$tm-%1$td)."},
305 {"bad.timestamp.verifying",
306 "This jar contains signatures that include an invalid timestamp. Without a valid timestamp, users may not be able to validate this jar after any of the signer certificates expire (as early as %1$tY-%1$tm-%1$td).\nRerun jarsigner with -J-Djava.security.debug=jar for more information."},
307 {"The.signer.certificate.will.expire.on.1.",
308 "The signer certificate will expire on %1$tY-%1$tm-%1$td."},
309 {"The.timestamp.will.expire.on.1.",
310 "The timestamp will expire on %1$tY-%1$tm-%1$td."},
311 {"signer.cert.expired.1.but.timestamp.good.2.",
312 "The signer certificate expired on %1$tY-%1$tm-%1$td. However, the JAR will be valid until the timestamp expires on %2$tY-%2$tm-%2$td."},
313 {"Unknown.password.type.", "Unknown password type: "},
314 {"Cannot.find.environment.variable.",
315 "Cannot find environment variable: "},
316 {"Cannot.find.file.", "Cannot find file: "},
317 {"event.ocsp.check", "Contacting OCSP server at %s ..."},
318 {"event.crl.check", "Downloading CRL from %s ..."},
319 };
320
321 /**
322 * Returns the contents of this <code>ResourceBundle</code>.
323 *
324 * <p>
325 *
326 * @return the contents of this <code>ResourceBundle</code>.
327 */
328 @Override
329 public Object[][] getContents() {
330 return contents;
331 }
332 }