I added comments to two methods:
+ * @param tSAPolicyID the TSAPolicyID of the Timestamping Authority;
+ * or null if we leave the TSA server to choose one. This
argument
+ * is only used when tsaURI is provided
public static byte[] generateSignedData(byte[] signature,
X509Certificate[] signerChain,
byte[] content,
String signatureAlgorithm,
URI tsaURI,
String tSAPolicyID)
+ * @param tSAPolicyID the TSAPolicyID of the Timestamping Authority;
+ * or null if we leave the TSA server to choose one
* @throws IOException The exception is thrown if an error occurs
while
- * communicating with the TSA.
+ * communicating with the TSA, or a non-null
+ * TSAPolicyID is specified in the request but it
+ * does not match the one in the reply
private static byte[] generateTimestampToken(Timestamper tsa,
String tSAPolicyID,
byte[] toBeTimestamped)
Thanks
Max
On 4/12/13 12:25 AM, Sean Mullan wrote:
Looks good. One comment. In PKCS7.java, can you document the new
tSAPolicyId parameter in the javadoc.
--Sean
On 04/10/2013 10:06 PM, Weijun Wang wrote:
Hi Sean
Please review the code changes
http://cr.openjdk.java.net/~weijun/8009636/webrev.00/
Here I add a new -tsapolicycd option to jarsigner and pass the value all
the way down to TSRequest. A new check inside
PKCS7::generateTimestampToken is added to confirm the responded policyID
is identical to the requested one (if provided). A test is also enhanced
to check this check.
Thanks
Max
