Hi Xuelei and Sean Please take a review on the fix for OpenJDK:
http://cr.openjdk.java.net/~weijun/6939248/webrev.00 Note that I've added some check: 1. response cert null check 2. extension isCritical check About the test: 1. Since keytool can now generate extensions, binary keystore is changed to scripts and now moved from closed test to open 2. -J-Djava.security.egd=file:/dev/./urandom is added to jarsigner so that it does not hang on linux Thanks Max > *Synopsis*: Jarsigner can't extract Extended Key Usage from Timestamp Reply > currectly > > *Change Request ID*: 6939248/7 > > === *Description* ============================================================ > PKCS #7 block includes a set of certificates and several signerinfos. To > locate the certificate for a given signer, one should first look for a > reference in the signerinfo, and then try to locate one in the certificates > set. > > Currently, jarsigner, when validating certificate for a timestamping service, > simply looks for a non-CA cert inside the certificate set. This is not > correct. > > *** (#1 of 1): 2010-04-12 07:04:14 GMT+00:00 weijun.w...@sun.com
