[10] RFR 8166222: Don't treat signed jars with invalid timestamps as unsigned

Weijun Wang weijun.wang at oracle.com
Wed Apr 12 15:52:15 UTC 2017


Please take a review at

    http://cr.openjdk.java.net/~weijun/8166222/webrev.00/

The major code change is inside SignatureFileVerifier.java. Now if the 
timestamp on a signed jar is invalid (For example, using a weak 
algorithm now disabled), the jar file will be treated as a signed jar 
without a timestamp. Before this change, it was treated unsigned.

In jarsigner/Main.java, I also add a line to validate the TSA cert 
chain. If not validated, a warning will be shown which is similar to the 
one when signer cert chain is not validated. If -strict is on, exit code 
will change too.

I also make a small change at

    http://cr.openjdk.java.net/~weijun/8166222/root/webrev.00/

The executeCommand() method shows more info (mainly stdout and stderr 
outputs) than executeProcess().

Because of the behavior change and new warnings, this change will need a 
Compatibility and Specification Review (CSR). At the moment, please 
review the code change first.

Thanks
Max


More information about the security-dev mailing list