Code review request: 8009636: JARSigner including TimeStamp PolicyID (TSAPolicyID) as defined in RFC3161
Weijun Wang
weijun.wang at oracle.com
Fri Apr 12 00:34:37 UTC 2013
I added comments to two methods:
+ * @param tSAPolicyID the TSAPolicyID of the Timestamping Authority;
+ * or null if we leave the TSA server to choose one. This
argument
+ * is only used when tsaURI is provided
public static byte[] generateSignedData(byte[] signature,
X509Certificate[] signerChain,
byte[] content,
String signatureAlgorithm,
URI tsaURI,
String tSAPolicyID)
+ * @param tSAPolicyID the TSAPolicyID of the Timestamping Authority;
+ * or null if we leave the TSA server to choose one
* @throws IOException The exception is thrown if an error occurs
while
- * communicating with the TSA.
+ * communicating with the TSA, or a non-null
+ * TSAPolicyID is specified in the request but it
+ * does not match the one in the reply
private static byte[] generateTimestampToken(Timestamper tsa,
String tSAPolicyID,
byte[] toBeTimestamped)
Thanks
Max
On 4/12/13 12:25 AM, Sean Mullan wrote:
> Looks good. One comment. In PKCS7.java, can you document the new
> tSAPolicyId parameter in the javadoc.
>
> --Sean
>
> On 04/10/2013 10:06 PM, Weijun Wang wrote:
>> Hi Sean
>>
>> Please review the code changes
>>
>> http://cr.openjdk.java.net/~weijun/8009636/webrev.00/
>>
>> Here I add a new -tsapolicycd option to jarsigner and pass the value all
>> the way down to TSRequest. A new check inside
>> PKCS7::generateTimestampToken is added to confirm the responded policyID
>> is identical to the requested one (if provided). A test is also enhanced
>> to check this check.
>>
>> Thanks
>> Max
>
More information about the security-dev
mailing list