[10] RFR 8166222: Don't treat signed jars with invalid timestamps as unsigned

Weijun Wang weijun.wang at oracle.com
Thu May 18 06:01:51 UTC 2017


Thinking about this again.

Currently we have these warnings and their exit codes (when -strict):

- signer cert validity problem - 4
- signer cert keyUsage problem - 8
- other signer cert validation problems - 4
- disabled alg specified while signing - 4

We are now adding

- TSA cert validation problems

We also intend to add one later

- weak (but not yet disabled) alg specified while signing or detected in 
verification

If we want to be compatible with before, I'd like to reuse 8 for 
extendedKeyUsage issue when a TSA cert does not allow timestamping, and 
4 for other TSA validation errors and weak/disabled algs.

If we can be imcompatible, I am thinking of

2 - disabled alg used in signing or weak alg used in verification.
4 - any problem with signer certs
8 - any problem with TSA certs

Note: 2 was used by "expired soon" some time ago but we stopped using it 
because this is not a real error. It's now an always-warning (like no 
timestamp) and no exit code.

Thanks
Max

On 05/18/2017 09:50 AM, Weijun Wang wrote:
>> [271-2] Perhaps you should use a different exit code to distinguish it
>> from an invalid signer chain?
>
> I can use 64. Although I am not quite sure of the usefulness of
> difference exit codes now.



More information about the security-dev mailing list