CR 6939248/7 Created, P4 java/classes_secu Jarsigner can't extract Extended Key Usage from Timestamp Reply currectly
Xuelei.Fan at Sun.COM
Mon Apr 12 20:13:54 PDT 2010
Looks fine to me.
On 4/13/2010 10:47 AM, Weijun Wang wrote:
> Hi Xuelei and Sean
> Please take a review on the fix for OpenJDK:
> Note that I've added some check:
> 1. response cert null check
> 2. extension isCritical check
> About the test:
> 1. Since keytool can now generate extensions, binary keystore is changed to scripts and now moved from closed test to open
> 2. -J-Djava.security.egd=file:/dev/./urandom is added to jarsigner so that it does not hang on linux
>> *Synopsis*: Jarsigner can't extract Extended Key Usage from Timestamp Reply currectly
>> *Change Request ID*: 6939248/7
>> === *Description* ============================================================
>> PKCS #7 block includes a set of certificates and several signerinfos. To locate the certificate for a given signer, one should first look for a reference in the signerinfo, and then try to locate one in the certificates set.
>> Currently, jarsigner, when validating certificate for a timestamping service, simply looks for a non-CA cert inside the certificate set. This is not correct.
>> *** (#1 of 1): 2010-04-12 07:04:14 GMT+00:00 weijun.wang at sun.com
More information about the security-dev