Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7004168

jarsigner -verify checks for KeyUsage codesigning ext on all certs instead of just signing cert

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 7
    • Fix Version/s: 7
    • Component/s: security-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b123
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Description

      It appears that jarsigner -verify checks for the KeyUsage extension codesigning bit on all certificates in the chain, rather than just the signer's certificate.

        Activity

        Hide
        weijun Weijun Wang added a comment -
        BT2:EVALUATION

        Correct, keyusage (and eKU, nKU) should be only checked upon the end-entity cert of the signer.

        Another code change in fix:
        When -keystore is not provided, the "alias is not specified in keystore" warning is not printed. After this, the "jarsigner -verify jarfile" output will be very clean.
        Show
        weijun Weijun Wang added a comment - BT2:EVALUATION Correct, keyusage (and eKU, nKU) should be only checked upon the end-entity cert of the signer. Another code change in fix: When -keystore is not provided, the "alias is not specified in keystore" warning is not printed. After this, the "jarsigner -verify jarfile" output will be very clean.
        Show
        weijun Weijun Wang added a comment - BT2:EVALUATION http://hg.openjdk.java.net/jdk7/tl/jdk/rev/6fc2e1efcb9a
        Show
        jprtbugupd JPRT Bug Updates (Inactive) added a comment - BT2:EVALUATION http://hg.openjdk.java.net/jdk7/build/jdk/rev/6fc2e1efcb9a

          People

          • Assignee:
            weijun Weijun Wang
            Reporter:
            mullan Sean Mullan
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Imported:
              Indexed: