Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8352302

Test sun/security/tools/jarsigner/TimestampCheck.java is failing

XMLWordPrintable

        ...
        Warning:
        The input uses a 512-bit RSA key which is considered a security risk and is disabled.
        Certificate reply was installed in keystore
        Certificate reply was installed in keystore
        Certificate reply was installed in keystore
         stdout: [
        s k 57 Wed Mar 19 01:23:20 GMT 2025 META-INF/MANIFEST.MF
                 243 Wed Mar 19 01:23:20 GMT 2025 META-INF/PRE2019S.SF
                4350 Wed Mar 19 01:23:20 GMT 2025 META-INF/PRE2019S.RSA
        smk 1 Wed Mar 19 01:22:52 GMT 2025 A

          s = signature was verified
          m = entry is listed in manifest
          k = at least one certificate was found in keystore

        - Signed by "CN=pre2019signer"
            Digest algorithm: SHA-1 (weak)
            Signature algorithm: SHA384withRSA, 3072-bit RSA key
          Timestamped by "CN=tsbefore2019" on Sat Aug 18 19:04:58 UTC 2018
            Timestamp digest algorithm: SHA-384
            Timestamp signature algorithm: SHA256withRSA, 3072-bit RSA key

        jar verified.

        Warning:
        The SHA-1 digest algorithm is considered a security risk. This algorithm will be disabled in a future update.
        The timestamp will expire within one year on 2026-03-20.

        Re-run with the -verbose and -certs options for more details.
        ];
         stderr: []
         exitValue = 0

        java.lang.RuntimeException: 'signer certificate expired on .*. However, the JAR will be valid' missing from stdout/stderr
        at jdk.test.lib.process.OutputAnalyzer.shouldMatch(OutputAnalyzer.java:372)
        at TimestampCheck.main(TimestampCheck.java:242)
        at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
        at java.base/java.lang.reflect.Method.invoke(Method.java:565)
        at com.sun.javatest.regtest.agent.MainActionHelper$AgentVMRunnable.run(MainActionHelper.java:335)
        at java.base/java.lang.Thread.run(Thread.java:1447)

        Failing test case:

        239: verify("tsbefore2019.jar", "-verbose")
        240: .shouldHaveExitValue(0)
        241: .shouldMatch("Digest.*SHA-1.*(weak)")
        242: .shouldMatch("signer certificate expired on .*. "
        243: + "However, the JAR will be valid");

        So, the test expects a warning like

           The signer certificate expired on 2019-06-01. However, the JAR will be valid until the timestamp expires on 2026-03-20.

        but instead sees

           The timestamp will expire within one year on 2026-03-20.

        This is because the tsbefore2019 cert is created with a start date of 2018/1/1 and 3000 valid days, and it will expire in a year.

              weijun Weijun Wang
              dholmes David Holmes
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: