[10] RFR 8166222: Don't treat signed jars with invalid timestamps as unsigned
Anthony Scarpino
anthony.scarpino at oracle.com
Fri May 12 03:19:17 UTC 2017
I think your code looks good.
You should check the CertPathValidator tests, I think one of them might
fail after this change.
Tony
On 05/10/2017 04:36 PM, Weijun Wang wrote:
> Ping again.
>
> On 04/12/2017 11:52 PM, Weijun Wang wrote:
>> Please take a review at
>>
>> http://cr.openjdk.java.net/~weijun/8166222/webrev.00/
>>
>> The major code change is inside SignatureFileVerifier.java. Now if the
>> timestamp on a signed jar is invalid (For example, using a weak
>> algorithm now disabled), the jar file will be treated as a signed jar
>> without a timestamp. Before this change, it was treated unsigned.
>>
>> In jarsigner/Main.java, I also add a line to validate the TSA cert
>> chain. If not validated, a warning will be shown which is similar to the
>> one when signer cert chain is not validated. If -strict is on, exit code
>> will change too.
>>
>> I also make a small change at
>>
>> http://cr.openjdk.java.net/~weijun/8166222/root/webrev.00/
>>
>> The executeCommand() method shows more info (mainly stdout and stderr
>> outputs) than executeProcess().
>>
>> Because of the behavior change and new warnings, this change will need a
>> Compatibility and Specification Review (CSR). At the moment, please
>> review the code change first.
>>
>> Thanks
>> Max
More information about the security-dev
mailing list