search

ebourg / jsign

Java implementation of Microsoft Authenticode for signing Windows executables, installers & scripts
https://ebourg.github.io/jsign
Apache License 2.0
250 stars 107 forks source link

improve the docs and samples a bit what you can really fill in in the "tsa.url" property #110

Closed jcompagner closed 2 years ago

jcompagner commented 2 years ago

here: https://ebourg.github.io/jsign/ there is talk about "Timestamping with retries and fallback on alternative servers (RFC 3161 and Authenticode protocols supported)"

so that you can use alternative servers. but maybe i an overlooking it but it is not in the section that explains the tsa url property:

tsaurl | The URL of the timestamping authority, either RFC 3161 or Authenticode services. You can use for example the Sectigo (http://timestamp.sectigo.com) or the DigiCert (http://timestamp.digicert.com) services.

or in the samples it is described how you can set multiply urls

i just looked at the source:

https://github.com/ebourg/jsign/blob/master/jsign-core/src/main/java/net/jsign/SignerHelper.java#L483

to understand that i can just give multiply urls separated with a , So maybe the "doc" should mention this can be a , separated list of urls and/or also add that as a sample of for example the mvn plugin

ebourg commented 2 years ago

Yes you are right, thank you for the suggestion.