Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8026393

jarsigner never shows a warning in badKeyUsage case

XMLWordPrintable

        According to http://docs.oracle.com/javase/7/docs/technotes/tools/windows/jarsigner.html , jarsigner should show a warning "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing." if certificate does not contain digitalSignature or nonRepudiation flag in KeyUsage extension. But in this case, jar file can be signed successfully:
        - "jar signed" message is shown
        - "The signer certificate's KeyUsage extension doesn't allow code signing." warning is showd

        But the jar is treated as unsigned during verification:
        - "jar is unsigned. (signatures missing or not parsable)" message is shown
        - no "This jar contains entries whose signer certificate's KeyUsage extension doesn't allow code signing." warning is shown

        Seems badKeyUsage warning is never shown for verification, and signed jar is treated as unsigned.

          1. test.tar
            10 kB
          2. webrev.00.zip
            183 kB
          There are no Sub-Tasks for this issue.

              weijun Weijun Wang
              asmotrak Artem Smotrakov
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: