jar


jarsigner -verify: warning messages - BouncyCastle signed jar


This is new domain for me so not entirely sure how to interpret the available information.
Research yields the following relevant posts:
Version 1.50 + WebStart: signature not verified
java SSL and cert keystore
However, still not sure if this is noise or if I am lacking configuration in my JVM or JDK environment.
Do I conclude that these files are valid and safe to use?
What do I need to do to eliminate the warning messages?
My question is how do I interpret the following messages that are generated by this command:
jarsigner -verify -verbose -certs bcmail-jdk15on-157.jar
Generates the following output:
s 11224 Thu May 11 17:31:18 EDT 2017 META-INF/MANIFEST.MF
X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Sun Microsystems Inc
[certificate is valid from 3/10/17 8:15 PM to 4/25/20 3:00 AM]
X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc, L=Palo Alto, ST=CA, C=US
[certificate is valid from 4/25/01 3:00 AM to 4/25/20 3:00 AM]
[CertPath not validated: Path does not chain with any of the trust anchors]
[entry was signed on 5/11/17 3:31 AM]
X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Oracle Corporation
[certificate is valid from 3/10/17 8:07 PM to 3/10/22 8:07 PM]
X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation
[certificate is valid from 7/6/16 7:48 PM to 12/30/30 7:00 PM]
[CertPath not validated: Path does not chain with any of the trust anchors]
8546 Thu May 11 17:31:20 EDT 2017 META-INF/BC1024KE.SF
2221 Thu May 11 17:31:20 EDT 2017 META-INF/BC1024KE.DSA
8546 Thu May 11 17:31:18 EDT 2017 META-INF/BC2048KE.SF
6365 Thu May 11 17:31:18 EDT 2017 META-INF/BC2048KE.DSA
0 Thu May 11 17:30:54 EDT 2017 org/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/examples/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/handlers/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/util/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/validator/
sm 715 Thu May 11 17:27:56 EDT 2017 org/bouncycastle/mail/smime/CMSProcessableBodyPart.class
X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Sun Microsystems Inc
[certificate is valid from 3/10/17 8:15 PM to 4/25/20 3:00 AM]
X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc, L=Palo Alto, ST=CA, C=US
[certificate is valid from 4/25/01 3:00 AM to 4/25/20 3:00 AM]
[CertPath not validated: Path does not chain with any of the trust anchors]
[entry was signed on 5/11/17 3:31 AM]
X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Oracle Corporation
[certificate is valid from 3/10/17 8:07 PM to 3/10/22 8:07 PM]
X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation
[certificate is valid from 7/6/16 7:48 PM to 12/30/30 7:00 PM]
[CertPath not validated: Path does not chain with any of the trust anchors]
.
.
.
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2020-04-25) or after any future revocation date.

Related Links

create source code to be attached in Scala IDE
Where to find IBM WebSphere WMQ 6.0 jar files
Error in deploying java socket server jar on Openshift
Sun java wireless toolkit does not compile JD-GUI decompiled code?
Pig Jobs Failed on Sahara
Deploy OSGI bundle (JAR) in external Jetty instance
Seeing Websphere class instead of a class in one of my app's jars
How to rename a jar file inside another jar file?
How do Java excuteables detect Bluecove?
Jar to exe using NSIS
install4j - to speed up the version check
Can .java file be saved as .class file without compilation?
linux script for restart jar if it crashes
Getting error when converting .jar and .jad files to .apk format
javac with MigLayout
Issue while installing the weblogic 12 jar at windows

Categories

HOME
dotnetrdf
cil
ssas-2012
app-inventor
puzzle
amazon-swf
facebook-graph-api
gspread
websphere-liberty
requirejs
currency
packer
equalizer
typeahead
google-openid
jogl
ng2-dragula
aws-cognito
flexboxgrid
uiautomator
rails-activerecord
scalaz7
iup
explode
non-deterministic
python-textprocessing
interrupt-handling
data-conversion
websauna
red-black-tree
android-vpn-service
strophe
geo
pljson
precedence
code-behind
polyfills
stdclass
taglib
homekit
stress-testing
email-parsing
amazon-clouddrive
jtds
jags
goquery
tiddlywiki
xmgrace
shutdown
ogre3d
search-box
adler32
onresume
sql-server-administration
typhoon
mailcatcher
try-finally
date-format
usb-drive
loose-typing
insertion-sort
application-loader
achartengine
guzzle6
gyroscope-framework
mser
cg
ember-components
unison
exiv2
confusion-matrix
nsmatrix
facebook-sdk-3.1
client-library
vt100
icsharpcode
tridion2009
emacs23
ajax.beginform
webkit-transform
noir
.app
symbol-server
boost-date-time

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App