> On Oct 27, 2017, at 3:58 AM, Sean Mullan <sean.mul...@oracle.com> wrote: > > - test/jdk/sun/security/tools/jarsigner/TimestampCheck.java > > 65 * @bug 6543842 6543440 6939248 8009636 8024302 8163304 8169911 8166222 > 8180289 > > should not include 8166222
Yes. > > 346 // 8166222: unvalidated TSA cert chain > 347 sign("tsnoca") > 348 .shouldContain("TSA certificate chain is invalid") > 349 .shouldHaveExitValue(64); > > wrong bugid? This part is about the newly added timestamp cert validation. I'll use 8180289. Thanks Max > > Looks fine otherwise. > > --Sean > > On 10/19/17 3:11 AM, Weijun Wang wrote: >> Please review the fix at >> http://cr.openjdk.java.net/~weijun/8180289/webrev.00/ >> The code change contains: >> - Fix the bug by passing the timestamp to Validator::validate. >> - CertPath validation on timestamp signer cert and related warning messages >> - Output change: "chain not validated" -> "invalid chain". Otherwise it >> looks jarsigner has not validated them. >> Thanks >> Max