[10] RFR 8166222: Don't treat signed jars with invalid timestamps as unsigned
Weijun Wang
weijun.wang at oracle.com
Wed May 10 23:36:25 UTC 2017
Ping again.
On 04/12/2017 11:52 PM, Weijun Wang wrote:
> Please take a review at
>
> http://cr.openjdk.java.net/~weijun/8166222/webrev.00/
>
> The major code change is inside SignatureFileVerifier.java. Now if the
> timestamp on a signed jar is invalid (For example, using a weak
> algorithm now disabled), the jar file will be treated as a signed jar
> without a timestamp. Before this change, it was treated unsigned.
>
> In jarsigner/Main.java, I also add a line to validate the TSA cert
> chain. If not validated, a warning will be shown which is similar to the
> one when signer cert chain is not validated. If -strict is on, exit code
> will change too.
>
> I also make a small change at
>
> http://cr.openjdk.java.net/~weijun/8166222/root/webrev.00/
>
> The executeCommand() method shows more info (mainly stdout and stderr
> outputs) than executeProcess().
>
> Because of the behavior change and new warnings, this change will need a
> Compatibility and Specification Review (CSR). At the moment, please
> review the code change first.
>
> Thanks
> Max
More information about the security-dev
mailing list