Bug ID: JDK-6594047 jarsigner cannot use external certchain

JDK-6594047 : jarsigner cannot use external certchain

Type: Enhancement
Component: security-libs
Sub-Component: java.security
Affected Version: 7

Priority: P4
Status: Closed
Resolution: Duplicate
OS: generic
CPU: generic

Submitted: 2007-08-17
Updated: 2017-05-16
Resolved: 2009-03-23

Related Reports

Duplicate :

JDK-6802846 - jarsigner needs enhanced cert validation(options)

Description

jarsigner reads private key and certchain from the same entry in a single keystore. Sometimes, the certchain inside the keystore may not be complete (especially in the case of a PKCS# 11 token when the capacity is not big enough), and jarsigner cannot work with such kind of keystore.

Comments

EVALUATION This RFE will be implemented inside 6802846 (jarsigner needs enhanced cert validation(options)).

23-03-2009

EVALUATION Provide a new option "-certchain <file>" so that user can create the full certchain manually before running the jarsigner tool. The file can be any format that's accepted by the method: java.security.cert.CertificateFactory.getInstance("X.509").generateCertificates(InputStream)

17-08-2007