Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8180289

jarsigner treats timestamped signed jar invalid after the signer cert expires

    XMLWordPrintable

Details

    • 9
    • b30
    • Verified

    Backports

      Description

        If a jar was signed some time ago with a timestamp when the signer cert was valid, it should be treated valid even after the signer cert expires. However, jarsigner shows a warning saying signer cert chain not validated.

        Jarsigner has always been doing the validity check itself and the timestamp is considered. On the other hand, it also performs a CertPath validation and this validation has never used the timestamp. Before JDK-8172529, when the validation throws a CertificateExpiredException or CertificateNotYetValidException, it is simply ignored because the validity is already checked. After JDK-8172529, the exceptions are only ignored when jarsigner's own validity check fails. The result is that when a timestamp exists and the signer cert has expired after the timestamp, jarsigner's own validity check succeeds, but the CertPath validation fails (since it has not used the timestamp) and the exception is now rethrown.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8191004 jarsigner treats timestamped signed jar invalid after the signer cert expires

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8191366 jarsigner treats timestamped signed jar invalid after the signer cert expires

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8195659 jarsigner treats timestamped signed jar invalid after the signer cert expires

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8208798 jarsigner treats timestamped signed jar invalid after the signer cert expires

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8211503 jarsigner treats timestamped signed jar invalid after the signer cert expires

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8212426 jarsigner treats timestamped signed jar invalid after the signer cert expires

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8213877 jarsigner treats timestamped signed jar invalid after the signer cert expires

            • P3 - Major loss of function.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8191003 jarsigner treats timestamped signed jar invalid after the signer cert expires

            • P3 - Major loss of function.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8191005 jarsigner treats timestamped signed jar invalid after the signer cert expires

            • P3 - Major loss of function.
            • Closed
            blocks

            Enhancement - null JDK-8191438 jarsigner should print when a timestamp will expire

            • P3 - Major loss of function.
            • Resolved
            relates to

            Enhancement - null JDK-8166222 Don't treat signed jars with invalid timestamps as unsigned

            • P3 - Major loss of function.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-8172529 Use PKIXValidator in jarsigner

            • P3 - Major loss of function.
            • Closed
            There are no Sub-Tasks for this issue.

            Activity

              People

                weijun Weijun Wang
                weijun Weijun Wang
                Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: