Details
-
Enhancement
-
Resolution: Fixed
-
P3
-
7, 8, 9, 11-pool
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8319610 | 11.0.22 | Goetz Lindenmaier | P3 | Resolved | Fixed | b02 |
| JDK-8311576 | 11.0.21-oracle | Ramesh Gangadhar | P3 | Resolved | Fixed | b02 |
| JDK-8314559 | 8u401 | Nibedita Jena | P3 | Resolved | Fixed | b01 |
Description
According to http://docs.oracle.com/javase/7/docs/technotes/tools/windows/jarsigner.html , jarsigner should show a warning "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing." if certificate does not contain digitalSignature or nonRepudiation flag in KeyUsage extension. But in this case, jar file can be signed successfully:
- "jar signed" message is shown
- "The signer certificate's KeyUsage extension doesn't allow code signing." warning is showd
But the jar is treated as unsigned during verification:
- "jar is unsigned. (signatures missing or not parsable)" message is shown
- no "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing." warning is shown
Seems badKeyUsage warning is never shown for verification, and signed jar is treated as unsigned.
- "jar signed" message is shown
- "The signer certificate's KeyUsage extension doesn't allow code signing." warning is showd
But the jar is treated as unsigned during verification:
- "jar is unsigned. (signatures missing or not parsable)" message is shown
- no "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing." warning is shown
Seems badKeyUsage warning is never shown for verification, and signed jar is treated as unsigned.
Attachments
Issue Links
- backported by
-
JDK-8311576 jarsigner never shows a warning in badKeyUsage case
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
