code review request: 7081783: jarsigner error when no $HOME/.keystore

Weijun Wang at
Mon Aug 29 21:56:48 PDT 2011

Hi All

7081783: jarsigner error when no $HOME/.keystore

Webrev is at --


jarsigner includes a certpath validation check, and shows a warning when 
the check fails. The CertPathValidator object, unfortunately, is 
initialized in a method that can only be executed if a local keystore is 
found (either ~/.keystore or specified by -keystore). Therefore, if 
there is no local keystore but the jarfile's signer can be directly 
verified by a cert in cacerts, we still see:

    This jar contains entries whose certificate chain is not validated.

The code changes make sure the CertPathValidator object is always 

For reg test, it's a simple call --

${TESTJAVA}${FS}bin${FS}jarsigner \
         -J-Duser.home=. \
         -verify -strict ${TESTSRC}${FS}bootstrap.jar

Here I override user.home so that even if the test machine has a 
./keystore, it won't be affected. The bootstrap.jar file is a small 
signed jar that is signed by a real CA that can be chained into an item 
in cacerts.


More information about the security-dev mailing list