> On Feb 13, 2018, at 6:01 AM, Sean Mullan wrote:
>
> Just a few comments:
>
> - Update copyrights to include 2018
OK.
> - I think you should also open a jarsigner docs issue to add new warnings for
> expired TSA and expiring signer and TSA certs
Just a few comments:
- Update copyrights to include 2018
- I think you should also open a jarsigner docs issue to add new
warnings for expired TSA and expiring signer and TSA certs
* Main.java
l1740, typo: s/singer/signer/
--Sean
On 2/9/18 4:10 AM, Weijun Wang wrote:
Updated again at
Updated again at http://cr.openjdk.java.net/~weijun/8191438/webrev.05/.
--Max
> On Jan 4, 2018, at 8:48 AM, Weijun Wang wrote:
>
> Please take a review at
>
> http://cr.openjdk.java.net/~weijun/8191438/webrev.04/
>
> Major changes:
>
> 1. Warnings on TSA cert chain:
Please take a review at
http://cr.openjdk.java.net/~weijun/8191438/webrev.04/
Major changes:
1. Warnings on TSA cert chain: expired or expiring
2. No more check on trusted certs
3. More output at signing when -verbose is on
4. Fine tune messages when TSA cert expires earlier than signer
> On Dec 14, 2017, at 5:18 AM, Sean Mullan wrote:
>
> Looks good, but just to confirm something -- when verifying, if the signer's
> certificate chain is still valid and unexpired, then an expired or invalid
> timestamp or chain should not be an error. Essentially,
Looks good, but just to confirm something -- when verifying, if the
signer's certificate chain is still valid and unexpired, then an expired
or invalid timestamp or chain should not be an error. Essentially, the
validation of the timestamp should only be done when the signer's
certificate
All suggestions accepted. Here is an updated webrev.
http://cr.openjdk.java.net/~weijun/8191438/webrev.01/
New test cases added. Other changes are:
1. noTimestamp == true at signing side means no TSA or timestamping failed.
2. New method certsAndTSInfo() used by both signing and
When signing, I think we should always print when the timestamp will
expire, even if it is 10 years from now. For the warning, I would bump
it up 6 months to a year. (It could potentially be more than this - a
fresh timestamp ideally should be good for > 5 years in my opinion).
Perhaps we
Hi All
Please take a look at http://cr.openjdk.java.net/~weijun/8191438/webrev.00/.
Regression tests not added yet. I'd like to hear your comments on the output
format.
Major changes:
1. New flags hasExpiringTsaCert and hasExpiredTsaCert for TSA cert chain. They
are set and used similar to