> There is an error in `jarsigner` on the "This JAR contains signed entries > that aren't signed by alias in this keystore" warning. The exit code is > determined by > [`notSignedByAlias`](https://github.com/openjdk/jdk/blob/0a60b0f99efb38d2cc97f3862ef95a0d26ba49a7/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java#L344) > but the warning message is controlled by > [`allAliasesFound`](https://github.com/openjdk/jdk/blob/0a60b0f99efb38d2cc97f3862ef95a0d26ba49a7/src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java#L1183). > > Also, inside the `inKeyStoreForOneSigner()` method, all certificates in a > cert chain are used to determine whether the signer is in a keystore and if > any is inside the JAR file is treated as being signed by an alias in this > keystore. In fact, only the end-entity certificate (the first one in the > chain) should be checked. > > After the fix, the `allAliasesFound` field and the `SOME_ALIASES_NOT_FOUND` > constant are useless and can be removed. > > *Update*: this warning is reclassified as an informational warning in the > latest commits.
Weijun Wang has updated the pull request incrementally with one additional commit since the last revision: ensure aliasNotInStore is not severe ------------- Changes: - all: https://git.openjdk.org/jdk/pull/19701/files - new: https://git.openjdk.org/jdk/pull/19701/files/718f7858..8264e7de Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=19701&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=19701&range=01-02 Stats: 8 lines in 1 file changed: 5 ins; 0 del; 3 mod Patch: https://git.openjdk.org/jdk/pull/19701.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/19701/head:pull/19701 PR: https://git.openjdk.org/jdk/pull/19701
