Bug ID: 4649690 Java Plug-in should consider time-of-signing when verifying signed jars

4649690 : Java Plug-in should consider time-of-signing when verifying signed jars

Details

Type:	Enhancement	Submit Date:	2002-03-08
Status:	Resolved	Updated Date:	2003-11-25
Project Name:	JDK	Resolved Date:	2003-11-17
Component:	deploy	OS:	solaris,solaris_7,generic,windows_2000
Sub-Component:	plugin	CPU:	x86,generic
Priority:	P3
Resolution:	Fixed
Affected Versions:	1.3.1,1.4.0,1.4.1,5.0
Fixed Versions:	5.0

Related Reports

Duplicate:	JDK-4485741 - Signed Jar should still work after Certificate Expires
Duplicate:	JDK-4731841 - Verisign Model Inconsistant w/ Enterprise Deployment Scenarios
Duplicate:	JDK-4938222 - REGRESSION: VMInfo Applet fails to load, throws AccessControlException
Relates:	JDK-4523234 - Timestamped Signatures
Relates:	JDK-4500302 - Verification of signed jars does not consider time-of-signing.
Relates:	JDK-4649703 - Web Start should consider time-of-signing when verifying signed jars

Sub Tasks

Description

RFE 4500302 actually requests several enhancements in various places: JDK, jarsigner, PlugIn and Web Start. There is another rfe (4523234) tracking
work needed in JDK to support timestamped signatures. 

We plan to implement rfe 4523234 for Tiger (pending Tiger team approval, etc.).
Once rfe 4523234 is done, PlugIn should consider time-of-signing when verifying signed jar.

So I'm filing this rfe to track the work needed in PlugIn (if any). I'll file another rfe to track work needed in Web Start (if any).  RFE 4500302 will be used to track enhancements needed in jarsigner. I'll add notes in rfe 4500302.

Comments

CONVERTED DATA

BugTraq+ Release Management Values

COMMIT TO FIX:
tiger

FIXED IN:
tiger
tiger-beta

INTEGRATED IN:
tiger
tiger-b29

2004-06-14

EVALUATION

Yes, this is very good idea. Committed for Tiger.

###@###.### 2002-03-14

Fix in progress by Dennis.
###@###.### 2003-10-09

2002-03-14

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together