Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8269039: Disable SHA-1 Signed JARs #5320

Closed
wants to merge 9 commits into from
@@ -103,7 +103,7 @@ public String extendedExceptionMsg() {
@Override
public String toString() {
StringBuilder sb = new StringBuilder("[\n");
sb.append("\n Variant: ").append(variant);
sb.append(" Variant: ").append(variant);
if (anchor != null) {
sb.append("\n Anchor: ").append(anchor);
}
@@ -157,8 +157,13 @@ List<CertStore> certStores() {
}
Date date() {
if (!gotDate) {
// use timestamp if checking signed code that is
// timestamped, otherwise use date parameter
// Use timestamp if checking signed code that is
// timestamped, otherwise use date parameter.
// Note that TSA server certificates do not use the
// timestamp, which means that an expired TSA certificate
// is considered a validation failure. This policy means
// that signed and timestamped code is valid until the TSA
// certificate expires (assuming all other checks are valid).
if (timestamp != null &&
variant.equals(Validator.VAR_CODE_SIGNING)) {
date = timestamp.getTimestamp();
@@ -210,6 +215,9 @@ PKIXParameters getPKIXParameters() {
String variant() {
return variant;
}
// The timestamp param is passed as the date param when creating an
// AlgorithmChecker. An AlgorithmChecker always uses the timestamp
// if specified in order to enforce the denyAfter constraint.
Date timestamp() {
// return timestamp date if set, otherwise use date parameter
if (timestampDate == null) {
@@ -184,7 +184,7 @@ public String extendedExceptionMsg() {
@Override
public String toString() {
StringBuilder sb = new StringBuilder("[\n");
sb.append("\n Variant: ").append(getVariant());
sb.append(" Variant: ").append(getVariant());
sb.append("\n Certs Issued by Anchor:");
for (X509Certificate cert : certsIssuedByAnchor) {
sb.append("\n Cert Issuer: ")

This file was deleted.