What X.509v3 extensions are required for JAR authentication?

Question

What X.509v3 extensions are required for JAR authentication?

The Oracle documentation says that “a successful validation of the JAR file occurs if the signature is valid [...]”, without further specifying what “valid” means.

Being “valid” requires, among other things, a “valid” corresponding X.509 certificate. “Correct” here will include, for example, the correct expiration date and suitable X.509v3 extensions (if any).

My question is about the latter. What combination of X.509v3 extensions does Oracle require for JAR authentication?

For example, I would expect it to be present if ExtendedKeyUsage , and then it should contain a CodeSigning bit.

I am writing a non-Java library for JAR validation, and I have not been able to find a specification for this.

+7

jar digital-signature x509

Konstantin shemyak Mar 11 '18 at 16:07

source share

No one has answered this question yet.

See related questions:

838

Unable to execute jar file: "no main manifest attribute"

526

How to get the path to the running JAR file?

432

"Invalid signature file" when trying to run .jar

eighteen

What prevents Java from checking signed banks with several signature algorithms

2

A separate signature in CMSSignedData verifies the use of Bouncy Castle, but does NOT use java.security.Signature

2

How to check Apache level digital signature?

2

Alexa Request Signature Verification

one

Why do I keep getting “Object Digitally Not Signed” for Windows JavaEE Installer

one

Adding additional extensions directly to X.509

0

Verify WebAuthentication X.509 Certificate in Rust

What X.509v3 extensions are required for JAR authentication?

More articles: