|
我在2年前签了一个带有时间戳的jar(小程序).证书即将到期.会发生什么?是否会向用户发出警告,它是否会起作用?它会停止工作吗?
我没有向applet添加任何特定代码来处理时间戳.签名时我只包含-tsa网址.
编辑:它继续工作.
解决方法
在
Java 5 SE之前,签名证书已过期的签名jar将不再有效或可用.
使用Java 5 SE和更高版本,签名证书过期的签名jar将继续有效.但是,过期的证书不能用于签署任何进一步的jar.
From Oracle’s docs:
Prior to J2SE 5.0,the signature generated by jarsigner contained no information about w hen the signature was generated. With no other information available,systems/deployers (including users of the Java Plug-in) often based their validity assessment of a signed JAR file on the validity of the signing certificate. When the signing certificate expires,systems/deployers conclude that the signature,and hence,the JAR file,has expired. Because signing certificates typically expire annually,this caused customers significant problems by forcing them to re-sign deployed JAR files annually.
Starting in J2SE 5.0,jarsigner can generate signatures that include a timestamp,thus enabling systems/deployer (including Java Plug-in) to check whether the JAR file was signed while the signing certificate was still valid. In addition,APIs were added in J2SE 5.0 to allow applications to obtain the timestamp information.
(编辑:安卓应用网)
【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容!
|
