-
Bug
-
Resolution: Fixed
-
P4
-
8, 11, 17, 21, 24, 25
-
b15
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8352639 | 24.0.2 | Sendao Yan | P4 | Resolved | Fixed | b01 |
| JDK-8352572 | 21.0.8-oracle | Konanki Sreenath | P4 | Resolved | Fixed | b01 |
| JDK-8352548 | 21.0.8 | Goetz Lindenmaier | P4 | Resolved | Fixed | master |
| JDK-8352573 | 17.0.16-oracle | Konanki Sreenath | P4 | Resolved | Fixed | b01 |
| JDK-8352561 | 17.0.16 | Goetz Lindenmaier | P4 | Resolved | Fixed | master |
| JDK-8352574 | 11.0.28-oracle | Konanki Sreenath | P4 | Resolved | Fixed | b01 |
| JDK-8352606 | 8u461 | Konanki Sreenath | P4 | Resolved | Fixed | b01 |
Warning:
The input uses a 512-bit RSA key which is considered a security risk and is disabled.
Certificate reply was installed in keystore
Certificate reply was installed in keystore
Certificate reply was installed in keystore
stdout: [
s k 57 Wed Mar 19 01:23:20 GMT 2025 META-INF/MANIFEST.MF
243 Wed Mar 19 01:23:20 GMT 2025 META-INF/PRE2019S.SF
4350 Wed Mar 19 01:23:20 GMT 2025 META-INF/PRE2019S.RSA
smk 1 Wed Mar 19 01:22:52 GMT 2025 A
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
- Signed by "CN=pre2019signer"
Digest algorithm: SHA-1 (weak)
Signature algorithm: SHA384withRSA, 3072-bit RSA key
Timestamped by "CN=tsbefore2019" on Sat Aug 18 19:04:58 UTC 2018
Timestamp digest algorithm: SHA-384
Timestamp signature algorithm: SHA256withRSA, 3072-bit RSA key
jar verified.
Warning:
The SHA-1 digest algorithm is considered a security risk. This algorithm will be disabled in a future update.
The timestamp will expire within one year on 2026-03-20.
Re-run with the -verbose and -certs options for more details.
];
stderr: []
exitValue = 0
java.lang.RuntimeException: 'signer certificate expired on .*. However, the JAR will be valid' missing from stdout/stderr
at jdk.test.lib.process.OutputAnalyzer.shouldMatch(OutputAnalyzer.java:372)
at TimestampCheck.main(TimestampCheck.java:242)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
at java.base/java.lang.reflect.Method.invoke(Method.java:565)
at com.sun.javatest.regtest.agent.MainActionHelper$AgentVMRunnable.run(MainActionHelper.java:335)
at java.base/java.lang.Thread.run(Thread.java:1447)
Failing test case:
239: verify("tsbefore2019.jar", "-verbose")
240: .shouldHaveExitValue(0)
241: .shouldMatch("Digest.*SHA-1.*(weak)")
242: .shouldMatch("signer certificate expired on .*. "
243: + "However, the JAR will be valid");
So, the test expects a warning like
The signer certificate expired on 2019-06-01. However, the JAR will be valid until the timestamp expires on 2026-03-20.
but instead sees
The timestamp will expire within one year on 2026-03-20.
This is because the tsbefore2019 cert is created with a start date of 2018/1/1 and 3000 valid days, and it will expire in a year.
- backported by
-
JDK-8352548 Test sun/security/tools/jarsigner/TimestampCheck.java is failing
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-
- duplicates
-
-
- Closed
-
- links to
-
Commit(master)
openjdk/jdk17u-dev/b2255b98
-
Commit(master)
openjdk/jdk21u-dev/f3112ef8
-
Commit(master)
openjdk/jdk24u/9880a973
-
Commit(master)
openjdk/jdk/577ede73
-
Review(master)
openjdk/jdk11u-dev/3014
-
Review(master)
openjdk/jdk11u-dev/3017
-
Review(master)
openjdk/jdk17u-dev/3383
-
Review(master)
openjdk/jdk21u-dev/1524
-
Review(master)
openjdk/jdk24u/145
-
Review(master)
openjdk/jdk/24107