-
Bug
-
Resolution: Not an Issue
-
P4
-
None
-
1.3.0
-
x86
-
windows_nt
Name: mc57594 Date: 11/11/99
1. Generate DSA root CA certificate and private key files, using Phaos
J/CA toolkit. This is a self-signed, version 3 certificate with
extensions.
2. Use JDK and J/CA toolkit to load root certificate and private
key into a JKS keystore. I needed the toolkit for this because
the JDK didn't seem to provide a way to read a DSA private key
from a file.
3. Sign a jar file using this keystore. Jarsigner signs the jar file
with no error messages:
updating: META-INF/MANIFEST.MF
adding: META-INF/ALPROOT.SF
adding: META-INF/ALPROOT.DSA
signing: ALPobjectSigner.class
signing: CertificateValidator.class
signing: CertSignedALPobject.class
signing: GenPKIconfig.class
signing: PKIconfig.class
signing: SessionControl.class
signing: SessionManager.class
signing: StoreKey.class
4. Jarsigner returns the following when verifying:
653 Fri Nov 30 11:54:46 EST 1979 META-INF/MANIFEST.MF
706 Fri Nov 30 11:55:02 EST 1979 META-INF/ALPROOT.SF
932 Fri Nov 30 11:55:02 EST 1979 META-INF/ALPROOT.DSA
0 Fri Nov 30 11:54:40 EST 1979 META-INF/
m 3324 Fri Nov 30 15:41:20 EST 1979 ALPobjectSigner.class
m 4787 Fri Nov 30 10:52:48 EST 1979 CertificateValidator.class
m 1936 Fri Nov 30 15:41:20 EST 1979 CertSignedALPobject.class
m 942 Fri Nov 30 11:28:02 EST 1979 GenPKIconfig.class
m 6207 Fri Nov 30 16:07:38 EST 1979 PKIconfig.class
m 757 Fri Nov 30 17:04:22 EST 1979 SessionControl.class
m 2669 Fri Nov 30 17:04:22 EST 1979 SessionManager.class
m 1689 Fri Nov 30 08:35:00 EST 1979 StoreKey.class
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar is unsigned. (signatures missing or not parsable)
I have used this same root key and certificate pair from this same
keystore to successfully sign and verify a SignedObject. Is
there a problem with jarsigner when the signing certificate is
a self-signed, version 3 certificate with extensions?
(Review ID: 96782)
======================================================================
1. Generate DSA root CA certificate and private key files, using Phaos
J/CA toolkit. This is a self-signed, version 3 certificate with
extensions.
2. Use JDK and J/CA toolkit to load root certificate and private
key into a JKS keystore. I needed the toolkit for this because
the JDK didn't seem to provide a way to read a DSA private key
from a file.
3. Sign a jar file using this keystore. Jarsigner signs the jar file
with no error messages:
updating: META-INF/MANIFEST.MF
adding: META-INF/ALPROOT.SF
adding: META-INF/ALPROOT.DSA
signing: ALPobjectSigner.class
signing: CertificateValidator.class
signing: CertSignedALPobject.class
signing: GenPKIconfig.class
signing: PKIconfig.class
signing: SessionControl.class
signing: SessionManager.class
signing: StoreKey.class
4. Jarsigner returns the following when verifying:
653 Fri Nov 30 11:54:46 EST 1979 META-INF/MANIFEST.MF
706 Fri Nov 30 11:55:02 EST 1979 META-INF/ALPROOT.SF
932 Fri Nov 30 11:55:02 EST 1979 META-INF/ALPROOT.DSA
0 Fri Nov 30 11:54:40 EST 1979 META-INF/
m 3324 Fri Nov 30 15:41:20 EST 1979 ALPobjectSigner.class
m 4787 Fri Nov 30 10:52:48 EST 1979 CertificateValidator.class
m 1936 Fri Nov 30 15:41:20 EST 1979 CertSignedALPobject.class
m 942 Fri Nov 30 11:28:02 EST 1979 GenPKIconfig.class
m 6207 Fri Nov 30 16:07:38 EST 1979 PKIconfig.class
m 757 Fri Nov 30 17:04:22 EST 1979 SessionControl.class
m 2669 Fri Nov 30 17:04:22 EST 1979 SessionManager.class
m 1689 Fri Nov 30 08:35:00 EST 1979 StoreKey.class
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar is unsigned. (signatures missing or not parsable)
I have used this same root key and certificate pair from this same
keystore to successfully sign and verify a SignedObject. Is
there a problem with jarsigner when the signing certificate is
a self-signed, version 3 certificate with extensions?
(Review ID: 96782)
======================================================================