This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.

Bug 243782 - Getting timestamp warning with Jdk 1.7.0_51 in combination with jnlp signing
Summary: Getting timestamp warning with Jdk 1.7.0_51 in combination with jnlp signing
Status: NEW
Alias: None
Product: projects
Classification: Unclassified
Component: Java Webstart (show other bugs)
Version: 8.0
Hardware: PC Linux
: P3 normal with 1 vote (vote)
Assignee: Tomas Zezula
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-04-12 09:34 UTC by tomzi
Modified: 2016-01-18 08:47 UTC (History)
1 user (show)

See Also:
Issue Type: DEFECT
Exception Reporter:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description tomzi 2014-04-12 09:34:10 UTC 
When deploying A JNLP enabled project with 'Signing' enabled (Option 'signed by a specified key') i get following Warning for every jar file in the build process

Warning: 
No -tsa or -tsacert is provided and this jar is not timestamped. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2015-04-06) or after any future revocation date.
Signing JAR:....

I have read somewhere in a forum you can add

jnlp.signing.tsaurl=http://tsa.starfieldtech.com
to 
project.properties 

and add 'tsaurl="${jnlp.signing.tsaurl}' to a 'signjar' task:

    <!-- Custom Code Timestamping using Ant's signjar instead of NetBeans -->
    <target name="sign-jars" depends="-jnlp-init-keystore,-check-signing-possible" if="jnlp.signed.true+signjars.task.available">
        <echo message="Using custom code for signing and timestamping via build.xml..."/>
        <signjar
               alias="${jnlp.signjar.alias}"
               storepass="${jnlp.signjar.storepass}"
               keystore="${jnlp.signjar.keystore}"
               keypass="${jnlp.signjar.keypass}"
               tsaurl="${jnlp.signing.tsaurl}">
            <path>
                <fileset dir="dist" includes="*.jar" />
                <fileset dir="dist/lib" includes="*.jar" />
            </path>
        </signjar>
    </target> 

to build.xml

however for a jnlp deployment the singing process is within the jnlp-build.xml and looks like

    <target name="sign-jars" depends="-jnlp-init-keystore,-check-signing-possible" if="jnlp.signed.true+signjars.task.available">
        <taskdef name="sign-jars" classname="org.netbeans.modules.javawebstart.anttasks.SignJarsTask" 
            classpath="${libs.JWSAntTasks.classpath}"/>
        <sign-jars keystore="${jnlp.signjar.keystore}" storepass="${jnlp.signjar.storepass}" 
                keypass="${jnlp.signjar.keypass}" alias="${jnlp.signjar.alias}" mainjar="${dist.jar}" destdir="dist"
                codebase="${jnlp.codebase.value}" signedjarsprop="jnlp.signed.jars"
                componentsprop="jnlp.components">
            <fileset dir="dist/lib">
                <include name="*.jar"/>
            </fileset>
        </sign-jars>
    </target>

But it seems the 'sign-jars' task in contrast to the 'signjar' task above does not support a 'tsaurl="${jnlp.signing.tsaurl}' option

How else can I get the jar files to be timestamped?