RFR 8180289: jarsigner treats timestamped signed jar invalid after the signer cert expires

Sean Mullan sean.mullan at oracle.com
Thu Oct 26 19:58:47 UTC 2017


- test/jdk/sun/security/tools/jarsigner/TimestampCheck.java

65  * @bug 6543842 6543440 6939248 8009636 8024302 8163304 8169911 
8166222 8180289

should not include 8166222

  346                 // 8166222: unvalidated TSA cert chain
  347                 sign("tsnoca")
  348                         .shouldContain("TSA certificate chain is 
invalid")
  349                         .shouldHaveExitValue(64);

wrong bugid?

Looks fine otherwise.

--Sean

On 10/19/17 3:11 AM, Weijun Wang wrote:
> Please review the fix at
> 
>    http://cr.openjdk.java.net/~weijun/8180289/webrev.00/
> 
> The code change contains:
> 
> - Fix the bug by passing the timestamp to Validator::validate.
> 
> - CertPath validation on timestamp signer cert and related warning messages
> 
> - Output change: "chain not validated" -> "invalid chain". Otherwise it looks jarsigner has not validated them.
> 
> Thanks
> Max
> 



More information about the security-dev mailing list