Max (Weijun) Wang wrote:
Hi All
Looking at this bug now:
jarsigner needs enhanced cert validation(options)
http://bugs.sun.com/view_bug.do?bug_id=6802846
I've exchanged some emails with the bug reporter (BCC'ed :) ).
Basically we found these problems with the current jarsigner:
1. Does not care much about warnings. The exit code is almost always 0
2. Too verbose output, esp when there're many entries in the jar
Therefore, I'm suggesting these enhancements:
1. Add -check option, which means "treat warning as error". The exit
code will be 0:OK, -1:verify error, or, OR-value of various 2^n
(n=0,1,..) which maps to predefined warnings. More warnings will be
added for the criteria proposed by the bug reporter.
Sounds good to me. I like the name "-strict" against "-check", and
prefer the OR-value for error.
2. Refine output. Group entries with the same signer info, and, in the
simplest mode, only output a summary.
Sounds fine.
Andrew
Precisely, before the fix, the output for -verify is --
1) When there's no more option:
Jar verified
2) When there's -verbose -certs
smk A.class
Certificate A (CN=A, OU=B)
Fingerprint 90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90
smk B.class
Certificate A (CN=A, OU=B)
Fingerprint 90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90
...
After the fix --
1) When there's no more option, we add a summary:
smk A.class (and 1 more)
Jar verified
2) When there's -verbose -certs, we groups entries:
smk A.class
smk B.class
...
Certificate A (CN=A, OU=B)
Fingerprint 90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90
3) When there's -certs (not available in the old version), we have
smk A.class (and 1 more)
Certificate A (CN=A, OU=B)
Fingerprint 90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90:90
Here, I guess the 3)rd option would be the more useful one.
Any suggestions?
Thanks
Max
