> There is an error in `jarsigner` on the "This JAR contains signed entries > that aren't signed by alias in this keystore" warning. The exit code is > determined by > [`notSignedByAlias`](https://github.com/openjdk/jdk/blob/0a60b0f99efb38d2cc97f3862ef95a0d26ba49a7/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java#L344) > but the warning message is controlled by > [`allAliasesFound`](https://github.com/openjdk/jdk/blob/0a60b0f99efb38d2cc97f3862ef95a0d26ba49a7/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java#L1183). > > Also, inside the `inKeyStoreForOneSigner()` method, all certificates in a > cert chain are used to determine whether the signer is in a keystore and if > any is inside the JAR file is treated as being signed by an alias in this > keystore. In fact, only the end-entity certificate (the first one in the > chain) should be checked. > > After the fix, the `allAliasesFound` field and the `SOME_ALIASES_NOT_FOUND` > constant are useless and can be removed.
Weijun Wang has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains three additional commits since the last revision: - Merge branch 'master' into 8330217 - aliasNotInStore not severe - the fix ------------- Changes: - all: https://git.openjdk.org/jdk/pull/19701/files - new: https://git.openjdk.org/jdk/pull/19701/files/0f3be953..718f7858 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=19701&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=19701&range=00-01 Stats: 90223 lines in 2234 files changed: 57564 ins; 22609 del; 10050 mod Patch: https://git.openjdk.org/jdk/pull/19701.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/19701/head:pull/19701 PR: https://git.openjdk.org/jdk/pull/19701
