-
Enhancement
-
Resolution: Fixed
-
P3
-
7, 8, 9, 11-pool
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8319610 | 11.0.22 | Goetz Lindenmaier | P3 | Resolved | Fixed | b02 |
JDK-8311576 | 11.0.21-oracle | Ramesh Gangadhar | P3 | Resolved | Fixed | b02 |
JDK-8314559 | 8u401 | Nibedita Jena | P3 | Resolved | Fixed | b01 |
According to http://docs.oracle.com/javase/7/docs/technotes/tools/windows/jarsigner.html , jarsigner should show a warning "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing." if certificate does not contain digitalSignature or nonRepudiation flag in KeyUsage extension. But in this case, jar file can be signed successfully:
- "jar signed" message is shown
- "The signer certificate's KeyUsage extension doesn't allow code signing." warning is showd
But the jar is treated as unsigned during verification:
- "jar is unsigned. (signatures missing or not parsable)" message is shown
- no "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing." warning is shown
Seems badKeyUsage warning is never shown for verification, and signed jar is treated as unsigned.
- "jar signed" message is shown
- "The signer certificate's KeyUsage extension doesn't allow code signing." warning is showd
But the jar is treated as unsigned during verification:
- "jar is unsigned. (signatures missing or not parsable)" message is shown
- no "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing." warning is shown
Seems badKeyUsage warning is never shown for verification, and signed jar is treated as unsigned.
- backported by
-
JDK-8311576 jarsigner never shows a warning in badKeyUsage case
- Resolved
-
JDK-8314559 jarsigner never shows a warning in badKeyUsage case
- Resolved
-
JDK-8319610 jarsigner never shows a warning in badKeyUsage case
- Resolved