On Wed, 24 Jul 2024 19:12:59 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> There is an error in `jarsigner` on the "This JAR contains signed entries >> that aren't signed by alias in this keystore" warning. The exit code is >> determined by >> [`notSignedByAlias`](https://github.com/openjdk/jdk/blob/0a60b0f99efb38d2cc97f3862ef95a0d26ba49a7/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java#L344) >> but the warning message is controlled by >> [`allAliasesFound`](https://github.com/openjdk/jdk/blob/0a60b0f99efb38d2cc97f3862ef95a0d26ba49a7/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java#L1183). >> >> Also, inside the `inKeyStoreForOneSigner()` method, all certificates in a >> cert chain are used to determine whether the signer is in a keystore and if >> any is inside the JAR file is treated as being signed by an alias in this >> keystore. In fact, only the end-entity certificate (the first one in the >> chain) should be checked. >> >> After the fix, the `allAliasesFound` field and the `SOME_ALIASES_NOT_FOUND` >> constant are useless and can be removed. >> >> *Update*: this warning is reclassified as an informational warning in the >> latest commits. > > Weijun Wang has updated the pull request with a new target base due to a > merge or a rebase. The incremental webrev excludes the unrelated changes > brought in by the merge/rebase. The pull request contains three additional > commits since the last revision: > > - Merge branch 'master' into 8330217 > - aliasNotInStore not severe > - the fix The [CSR](https://bugs.openjdk.org/browse/JDK-8334263) and [release note](https://bugs.openjdk.org/browse/JDK-8334262) have been updated as well. ------------- PR Comment: https://git.openjdk.org/jdk/pull/19701#issuecomment-2248865787
