mustang: jarsigner will be unhappy if the signer's certificate does not match several criteria

Jayson Falkner has a blog entry named Blarg #18: Sun enhances WebStart or Sun breaks WebStart and upsets people? You decide. which talks about the new behavior in java web start. basically, now java web start will reject any jar which is signed by a certificate that itself cannot be used to sign codes. for example, a certificate with a KeyUsage extension but without the codeSigning bit set. this is standard-compliant and a correct step to go. unfortunately, jarsigner didn't go the same way at the same time, so developer will only notice this change when the app is deployed somewhere. so, recently we add checks into jarsigner to see if the certificate match several criteria, which is almost identical to the check java web start is doing now. in order to keep compatibility, if the check fails, only warning messages are shown. maybe one day a new option like -strict can be applied to stop the signing process whenever something illegal is detected.
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

This blog has a comments managing system that requires me to approve each comment manually. Please do not re-post and I will reply it (if I have an answer) when I get pinged.

Search

Top Tags
Categories
Archives
« August 2015
SunMonTueWedThuFriSat
      
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
     
Today