Looks fine to me. Xuelei
On 4/13/2010 10:47 AM, Weijun Wang wrote: > Hi Xuelei and Sean > > Please take a review on the fix for OpenJDK: > > http://cr.openjdk.java.net/~weijun/6939248/webrev.00 > > Note that I've added some check: > > 1. response cert null check > 2. extension isCritical check > > About the test: > > 1. Since keytool can now generate extensions, binary keystore is changed to > scripts and now moved from closed test to open > 2. -J-Djava.security.egd=file:/dev/./urandom is added to jarsigner so that it > does not hang on linux > > Thanks > Max > >> *Synopsis*: Jarsigner can't extract Extended Key Usage from Timestamp Reply >> currectly >> >> *Change Request ID*: 6939248/7 >> >> === *Description* >> ============================================================ >> PKCS #7 block includes a set of certificates and several signerinfos. To >> locate the certificate for a given signer, one should first look for a >> reference in the signerinfo, and then try to locate one in the certificates >> set. >> >> Currently, jarsigner, when validating certificate for a timestamping >> service, simply looks for a non-CA cert inside the certificate set. This is >> not correct. >> >> *** (#1 of 1): 2010-04-12 07:04:14 GMT+00:00 weijun.w...@sun.com >
