Skip to content

Commit a8a70dd

Browse files
juliusmusseaujuliusmusseau
committed
decided to sign the prebuilt log4j-detector-2021.12.16.jar using the mergebase code-signing key
to verify the signature: jarsigner -verbose -verify log4j-detector-2021.12.16.jar should print something like this: s 1739 Fri Dec 17 22:32:26 UTC 2021 META-INF/MANIFEST.MF 1787 Fri Dec 17 22:32:26 UTC 2021 META-INF/MERGEBAS.SF 9925 Fri Dec 17 22:32:26 UTC 2021 META-INF/MERGEBAS.RSA 0 Thu Dec 16 10:51:56 UTC 2021 META-INF/ 0 Thu Dec 16 10:51:56 UTC 2021 META-INF/maven/com.mergebase/log4j-detector/ 0 Thu Dec 16 10:51:56 UTC 2021 META-INF/maven/ 0 Thu Dec 16 10:51:56 UTC 2021 META-INF/maven/com.mergebase/ 0 Thu Dec 16 10:51:54 UTC 2021 com/mergebase/log4j/ 0 Thu Dec 16 10:51:54 UTC 2021 com/ 0 Thu Dec 16 10:51:54 UTC 2021 com/mergebase/ sm 2436 Wed Dec 15 18:30:14 UTC 2021 META-INF/maven/com.mergebase/log4j-detector/pom.xml sm 117 Thu Dec 16 10:51:54 UTC 2021 META-INF/maven/com.mergebase/log4j-detector/pom.properties sm 547 Thu Dec 16 10:51:54 UTC 2021 com/mergebase/log4j/Throwables.class sm 1188 Thu Dec 16 10:51:54 UTC 2021 jar-with-deps-with-exclude.xml sm 16382 Thu Dec 16 10:51:54 UTC 2021 com/mergebase/log4j/Log4JDetector.class sm 1244 Thu Dec 16 10:51:54 UTC 2021 com/mergebase/log4j/Log4JDetector$1.class sm 4832 Thu Dec 16 10:51:54 UTC 2021 com/mergebase/log4j/Bytes.class sm 198 Thu Dec 16 10:51:54 UTC 2021 com/mergebase/log4j/Zipper.class sm 1327 Thu Dec 16 10:51:54 UTC 2021 com/mergebase/log4j/CRC64.class sm 1027 Thu Dec 16 10:51:54 UTC 2021 com/mergebase/log4j/Log4JDetector$2.class sm 2990 Thu Dec 16 10:51:54 UTC 2021 com/mergebase/log4j/Util.class sm 695 Thu Dec 16 10:51:54 UTC 2021 com/mergebase/log4j/Util$CloseFailedException.class sm 1703 Thu Dec 16 10:51:54 UTC 2021 com/mergebase/log4j/Log4JDetector$3.class sm 2147 Thu Dec 16 10:51:54 UTC 2021 com/mergebase/log4j/Log4JDetector$4.class s = signature was verified m = entry is listed in manifest k = at least one certificate was found in keystore i = at least one certificate was found in identity scope - Signed by "CN=Mergebase Software Inc., O=Mergebase Software Inc., STREET=741 Blue Mountain Street, L=Coquitlam, ST=BC, OID.2.5.4.17=V3J 4S3, C=CA" Digest algorithm: SHA-256 Signature algorithm: SHA256withRSA, 2048-bit key Timestamped by "CN="Sectigo RSA Time Stamping Signer #2", O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB" on Fri Dec 17 22:32:27 UTC 2021 Timestamp digest algorithm: SHA-256 Timestamp signature algorithm: SHA384withRSA, 4096-bit key jar verified. The signer certificate will expire on 2023-02-16. The timestamp will expire on 2032-01-22.
1 parent 14b6948 commit a8a70dd

File tree

3 files changed

+0
-0
lines changed

3 files changed

+0
-0
lines changed

log4j-detector-2021.12.14.jar

-19.7 KB
Binary file not shown.

log4j-detector-2021.12.15.jar

-21.7 KB
Binary file not shown.

log4j-detector-2021.12.16.jar

8.58 KB
Binary file not shown.

0 commit comments

Comments
 (0)