A DESCRIPTION OF THE REQUEST :
JARsigner is not proving options for defining an TSAPolicyID for TimeStamping signed code. This option is defined in RFC 3161 and that is also what jarsigner is using for communicating to the TSA (as described in the oracle docs: http://docs.oracle.com/javase/7/docs/technotes/tools/windows/jarsigner.html)
It always uses the default Policy on the TSA.
The ETSI TSA Policy - RFC3628 (http://www.ietf.org/rfc/rfc3628.txt) is currently defaulted and cannot be changed. Actually it might evne be interesting to include support for the RFC3628 TSA Policy.
Applications like Adobe, Word and signtool (amongst others) are already RFC3628 'ready' and/or provide support for the TSAPolicyID.
Example TimeStamp Servers:
TimeStamp Server can be configured with multiple TSAPolicies. This is due to (for instance) security and compliancy. Only one Policy can be defaulted, but it could be case that specific applications are unable to sign using the specific policy. So new policies can be generated to make several applications compliant. Many Application have options for Request Policy OID's, so the correct policy from the TSA can be selected instead of the default one.
EXPECTED VERSUS ACTUAL BEHAVIOR :
An additinal (optional) argument where a policy can be defined. For instance
-tsapolicyid " 126.96.36.199.332.122313.8 "
When the argument is not included, the behaviour should be as it currently is.
There is no actual behaviour. It just errors out when trying to use a TimeStamp server with a non 'compatible' TSAPolicy as default. As it is the defaulted RFC3628 policy, it gives an error about not being capable to decode the bytes:
jarsigner: unable to sign jar: sun.security.pkcs.ParsingException: Unable to par
se the encoded bytes
---------- BEGIN SOURCE ----------
jarsigner -keystore CertName.p12 -storetype PKCS12 -tsa http://free-tsu.e-timing.ne.jp/TSS/HttpTspServer test.jar " CertName "
---------- END SOURCE ----------