JDK-7081783 : jarsigner error when no $HOME/.keystore
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2011-08-22
  • Updated: 2018-06-11
  • Resolved: 2012-09-05
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7u4Fixed 8 b06Fixed
jarsigner includes a certpath validation check, and shows a warning when the check fails. The CertPathValidator object, unfortunately, is initialized in a method that can only be executed if a local keystore is found (either ~/.keystore or specified by -keystore). Therefore, if there is no local keystore but the jarfile's signer can be directly verified by a cert in cacerts, we still see this warning.

EVALUATION fixed: always initialize certpath validator even if ~/.keystore does not exist

EVALUATION http://hg.openjdk.java.net/jdk8/tl/jdk/rev/62c25e4c30a3