Code review request for storing code signer info
Sean Mullan
sean.mullan at oracle.com
Thu Jan 13 07:52:23 PST 2011
See http://cr.openjdk.java.net/~mullan/jigsaw/webrevs/jigsaw-certs/webrev.00/
This patch fixes two issues:
1) A signed module's code signer information (the signer's
certificate chain and timestamp) is now stored as metadata rather than using
serialization. This addresses Mark's code review comment that had been deferred:
http://mail.openjdk.java.net/pipermail/jigsaw-dev/2010-June/001071.html
2) The signed-module.sh test failure has been fixed. This failure
occurred because the cacerts keystore in the OpenJDK source repository is empty.
A new system property has been introduced to allow you to override the cacerts file.
Also, I moved the loading of the cacerts keystore into the
PKCS7VerifierParameters class and changed the getTrustAnchors method to
getTrustedCerts.
Thanks,
Sean
More information about the jigsaw-dev
mailing list