JDK-7149012 : jarsigner needs not warn about cert expiration if the jar has a TSA timestamp
  • Type: Bug
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 8
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2012-02-27
  • Updated: 2013-09-12
  • Resolved: 2012-03-14
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7u40Fixed 8 b30Fixed
If the cert used to sign a jar is expired, jarsigner will print out a warning, and if -strict is specified, exits with an error. However, if there is a TSA timestamp attached to the jar (and the timestamp is shown to be before the expiration), it's completely valid and jarsigner should not report any warning or error.

EVALUATION http://hg.openjdk.java.net/jdk8/tl/jdk/rev/26ed9a64a318