[10] RFR 8166222: Don't treat signed jars with invalid timestamps as unsigned
Weijun Wang
weijun.wang at oracle.com
Thu May 18 06:01:51 UTC 2017
Thinking about this again.
Currently we have these warnings and their exit codes (when -strict):
- signer cert validity problem - 4
- signer cert keyUsage problem - 8
- other signer cert validation problems - 4
- disabled alg specified while signing - 4
We are now adding
- TSA cert validation problems
We also intend to add one later
- weak (but not yet disabled) alg specified while signing or detected in
verification
If we want to be compatible with before, I'd like to reuse 8 for
extendedKeyUsage issue when a TSA cert does not allow timestamping, and
4 for other TSA validation errors and weak/disabled algs.
If we can be imcompatible, I am thinking of
2 - disabled alg used in signing or weak alg used in verification.
4 - any problem with signer certs
8 - any problem with TSA certs
Note: 2 was used by "expired soon" some time ago but we stopped using it
because this is not a real error. It's now an always-warning (like no
timestamp) and no exit code.
Thanks
Max
On 05/18/2017 09:50 AM, Weijun Wang wrote:
>> [271-2] Perhaps you should use a different exit code to distinguish it
>> from an invalid signer chain?
>
> I can use 64. Although I am not quite sure of the usefulness of
> difference exit codes now.
More information about the security-dev
mailing list