Re: RFR 8191438: jarsigner should print when a timestamp will expire

> On Feb 13, 2018, at 6:01 AM, Sean Mullan wrote: > > Just a few comments: > > - Update copyrights to include 2018 OK. > - I think you should also open a jarsigner docs issue to add new warnings for > expired TSA and expiring signer and TSA certs

Re: RFR 8191438: jarsigner should print when a timestamp will expire

Just a few comments: - Update copyrights to include 2018 - I think you should also open a jarsigner docs issue to add new warnings for expired TSA and expiring signer and TSA certs * Main.java l1740, typo: s/singer/signer/ --Sean On 2/9/18 4:10 AM, Weijun Wang wrote: Updated again at

Re: RFR 8191438: jarsigner should print when a timestamp will expire

Updated again at http://cr.openjdk.java.net/~weijun/8191438/webrev.05/. --Max > On Jan 4, 2018, at 8:48 AM, Weijun Wang wrote: > > Please take a review at > > http://cr.openjdk.java.net/~weijun/8191438/webrev.04/ > > Major changes: > > 1. Warnings on TSA cert chain:

RFR 8191438: jarsigner should print when a timestamp will expire

Please take a review at http://cr.openjdk.java.net/~weijun/8191438/webrev.04/ Major changes: 1. Warnings on TSA cert chain: expired or expiring 2. No more check on trusted certs 3. More output at signing when -verbose is on 4. Fine tune messages when TSA cert expires earlier than signer

Re: RFR 8191438: jarsigner should print when a timestamp will expire

> On Dec 14, 2017, at 5:18 AM, Sean Mullan wrote: > > Looks good, but just to confirm something -- when verifying, if the signer's > certificate chain is still valid and unexpired, then an expired or invalid > timestamp or chain should not be an error. Essentially,

Re: RFR 8191438: jarsigner should print when a timestamp will expire

Looks good, but just to confirm something -- when verifying, if the signer's certificate chain is still valid and unexpired, then an expired or invalid timestamp or chain should not be an error. Essentially, the validation of the timestamp should only be done when the signer's certificate

RFR 8191438: jarsigner should print when a timestamp will expire

All suggestions accepted. Here is an updated webrev. http://cr.openjdk.java.net/~weijun/8191438/webrev.01/ New test cases added. Other changes are: 1. noTimestamp == true at signing side means no TSA or timestamping failed. 2. New method certsAndTSInfo() used by both signing and

Re: 1st round RFR 8191438: jarsigner should print when a timestamp will expire

When signing, I think we should always print when the timestamp will expire, even if it is 10 years from now. For the warning, I would bump it up 6 months to a year. (It could potentially be more than this - a fresh timestamp ideally should be good for > 5 years in my opinion). Perhaps we

1st round RFR 8191438: jarsigner should print when a timestamp will expire

Hi All Please take a look at http://cr.openjdk.java.net/~weijun/8191438/webrev.00/. Regression tests not added yet. I'd like to hear your comments on the output format. Major changes: 1. New flags hasExpiringTsaCert and hasExpiredTsaCert for TSA cert chain. They are set and used similar to