Re: RFR 8180289: jarsigner treats timestamped signed jar invalid after the signer cert expires

Sean Mullan Thu, 26 Oct 2017 13:00:03 -0700

- test/jdk/sun/security/tools/jarsigner/TimestampCheck.java

65 * @bug 6543842 6543440 6939248 8009636 8024302 8163304 81699118166222 8180289


should not include 8166222

 346                 // 8166222: unvalidated TSA cert chain
 347                 sign("tsnoca")

348 .shouldContain("TSA certificate chain isinvalid")

 349                         .shouldHaveExitValue(64);

wrong bugid?

Looks fine otherwise.

--Sean

On 10/19/17 3:11 AM, Weijun Wang wrote:

Please review the fix at

   http://cr.openjdk.java.net/~weijun/8180289/webrev.00/

The code change contains:

- Fix the bug by passing the timestamp to Validator::validate.

- CertPath validation on timestamp signer cert and related warning messages

- Output change: "chain not validated" -> "invalid chain". Otherwise it looks 
jarsigner has not validated them.

Thanks
Max

Re: RFR 8180289: jarsigner treats timestamped signed jar invalid after the signer cert expires

Reply via email to