Replaced the Comodo timestamping URL with the new Sectigo one

Author: ebourg

README.md

@@ -44,6 +44,7 @@ See https://ebourg.github.io/jsign for more information.
 
 * The Ant task can now sign multiple files by defining a fileset (contributed by Kyle Berezin)
 * Fixed the _"Map failed"_ OutOfMemoryError when signing large MSI files
+* The default timestamping authority is now Sectigo instead of Comodo
 
 #### Version 4.0 (2021-08-09)
 

docs/index.html

@@ -87,7 +87,7 @@ <h3 id="ant">Ant Task</h3>
         keystore="keystore.jks"
         alias="test"
         storepass="password"
-        tsaurl="http://timestamp.comodoca.com/authenticode"/>
+        tsaurl="http://timestamp.sectigo.com"/>
 </pre>
 
 <br>
@@ -196,7 +196,7 @@ <h3 id="ant">Ant Task</h3>
       <td valign="top">tsaurl</td>
       <td valign="top">
           The URL of the timestamping authority, either RFC 3161 or Authenticode services.
-          You can use for example the COMODO (http://timestamp.comodoca.com/authenticode)
+          You can use for example the Sectigo (http://timestamp.sectigo.com)
           or the Verisign (http://timestamp.verisign.com/scripts/timstamp.dll) services.</td>
       <td valign="top" align="center">No</td>
     </tr>
@@ -315,7 +315,7 @@ <h3 id="gradle">Gradle plugin</h3>
                   keystore  : 'keystore.p12',
                   alias     : 'test',
                   storepass : 'secret',
-                  tsaurl    : 'http://timestamp.comodoca.com/authenticode')
+                  tsaurl    : 'http://timestamp.sectigo.com')
         }
     }
 </pre>
@@ -378,7 +378,7 @@ <h4>Example using a Java keystore:</h4>
 
 <pre>
  jsign --keystore keystore.jks --alias test --storepass password \
-       --tsaurl http://timestamp.comodoca.com/authenticode application.exe
+       --tsaurl http://timestamp.sectigo.com application.exe
 </pre>
 
 <h4>Example using SPC/PVK files:</h4>
@@ -455,7 +455,7 @@ <h3>API</h3>
  signer.withProgramName("My Application")
        .withProgramURL("http://www.example.com")
        .withTimestamping(true)
-       .withTimestampingAuthority("http://timestamp.comodoca.com/authenticode");
+       .withTimestampingAuthority("http://timestamp.sectigo.com");
 
  Signable file = Signable.of(new File("application.exe"));
  signer.sign(file);

jsign-ant/src/test/resources/testbuild.xml

@@ -144,7 +144,7 @@
              keystore="${keystore}"
              alias="${alias}"
              keypass="${keypass}"
-             tsaurl="http://timestamp.comodoca.com/authenticode"
+             tsaurl="http://timestamp.sectigo.com"
              tsmode="authenticode"
              tsretries="5"
              tsretrywait="15"/>
@@ -156,7 +156,7 @@
              keystore="${keystore}"
              alias="${alias}"
              keypass="${keypass}"
-             tsaurl="http://timestamp.comodoca.com/rfc3161"
+             tsaurl="http://timestamp.sectigo.com"
              tsmode="rfc3161"
              tsretries="5"
              tsretrywait="15"/>

jsign-cli/src/main/java/net/jsign/JsignCLI.java

@@ -128,7 +128,7 @@ private void printHelp() {
                 "Examples:\n\n" +
                 "   Signing with a PKCS#12 keystore and timestamping:\n\n" +
                 "     jsign --keystore keystore.p12 --alias test --storepass pwd \\\n" +
-                "           --tsaurl http://timestamp.comodoca.com/authenticode application.exe\n\n" +
+                "           --tsaurl http://timestamp.sectigo.com application.exe\n\n" +
                 "   Signing with a SPC certificate and a PVK key:\n\n" +
                 "     jsign --certfile certificate.spc --keyfile key.pvk --keypass pwd installer.msi\n\n" +
                 "Please report suggestions and issues on the GitHub project at https://github.com/ebourg/jsign/issues";

jsign-cli/src/test/java/net/jsign/JsignCLITest.java

@@ -321,7 +321,7 @@ public void testSigningWithYubikey() throws Exception {
     public void testTimestampingAuthenticode() throws Exception {
         File targetFile2 = new File("target/test-classes/wineyes-timestamped-with-cli-authenticode.exe");
         FileUtils.copyFile(sourceFile, targetFile2);
-        cli.execute("--keystore=target/test-classes/keystores/" + keystore, "--alias=" + alias, "--keypass=" + keypass, "--tsaurl=http://timestamp.comodoca.com/authenticode", "--tsmode=authenticode", "" + targetFile2);
+        cli.execute("--keystore=target/test-classes/keystores/" + keystore, "--alias=" + alias, "--keypass=" + keypass, "--tsaurl=http://timestamp.sectigo.com", "--tsmode=authenticode", "" + targetFile2);
 
         assertTrue("The file " + targetFile2 + " wasn't changed", SOURCE_FILE_CRC32 != FileUtils.checksumCRC32(targetFile2));
 
@@ -334,7 +334,7 @@ public void testTimestampingAuthenticode() throws Exception {
     public void testTimestampingRFC3161() throws Exception {
         File targetFile2 = new File("target/test-classes/wineyes-timestamped-with-cli-rfc3161.exe");
         FileUtils.copyFile(sourceFile, targetFile2);
-        cli.execute("--keystore=target/test-classes/keystores/" + keystore, "--alias=" + alias, "--keypass=" + keypass, "--tsaurl=http://timestamp.comodoca.com/rfc3161", "--tsmode=rfc3161", "" + targetFile2);
+        cli.execute("--keystore=target/test-classes/keystores/" + keystore, "--alias=" + alias, "--keypass=" + keypass, "--tsaurl=http://timestamp.sectigo.com", "--tsmode=rfc3161", "" + targetFile2);
 
         assertTrue("The file " + targetFile2 + " wasn't changed", SOURCE_FILE_CRC32 != FileUtils.checksumCRC32(targetFile2));
 
@@ -360,7 +360,7 @@ public HttpFilters filterRequest(HttpRequest originalRequest) {
             File targetFile2 = new File("target/test-classes/wineyes-timestamped-with-cli-rfc3161-proxy-unauthenticated.exe");
             FileUtils.copyFile(sourceFile, targetFile2);
             cli.execute("--keystore=target/test-classes/keystores/" + keystore, "--alias=" + alias, "--keypass=" + keypass,
-                        "--tsaurl=http://timestamp.comodoca.com/rfc3161", "--tsmode=rfc3161", "--tsretries=1", "--tsretrywait=1",
+                        "--tsaurl=http://timestamp.sectigo.com", "--tsmode=rfc3161", "--tsretries=1", "--tsretrywait=1",
                         "--proxyUrl=localhost:" + proxy.getListenAddress().getPort(),
                         "" + targetFile2);
 
@@ -403,7 +403,7 @@ public String getRealm() {
             File targetFile2 = new File("target/test-classes/wineyes-timestamped-with-cli-rfc3161-proxy-authenticated.exe");
             FileUtils.copyFile(sourceFile, targetFile2);
             cli.execute("--keystore=target/test-classes/keystores/" + keystore, "--alias=" + alias, "--keypass=" + keypass,
-                        "--tsaurl=http://timestamp.comodoca.com/rfc3161", "--tsmode=rfc3161", "--tsretries=1", "--tsretrywait=1",
+                        "--tsaurl=http://timestamp.sectigo.com", "--tsmode=rfc3161", "--tsretries=1", "--tsretrywait=1",
                         "--proxyUrl=http://localhost:" + proxy.getListenAddress().getPort(),
                         "--proxyUser=jsign",
                         "--proxyPass=jsign",

jsign-core/src/main/java/net/jsign/AuthenticodeSigner.java

@@ -73,7 +73,7 @@
 
 /**
  * Sign a file with Authenticode. Timestamping is enabled by default and relies
- * on the Comodo server (http://timestamp.comodoca.com/authenticode).
+ * on the Sectigo server (http://timestamp.sectigo.com).
  * 
  * @author Emmanuel Bourg
  * @since 3.0

jsign-core/src/main/java/net/jsign/PESigner.java

@@ -31,7 +31,7 @@
 
 /**
  * Sign a portable executable file. Timestamping is enabled by default
- * and relies on the Comodo server (http://timestamp.comodoca.com/authenticode).
+ * and relies on the Sectigo server (http://timestamp.sectigo.com).
  * 
  * @see <a href="http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/Authenticode_PE.docx">Windows Authenticode Portable Executable Signature Format</a>
  * @see <a href="http://msdn.microsoft.com/en-us/library/windows/desktop/bb931395%28v=vs.85%29.aspx?ppud=4">Time Stamping Authenticode Signatures</a>

jsign-core/src/main/java/net/jsign/timestamp/AuthenticodeTimestamper.java

@@ -43,7 +43,7 @@
 public class AuthenticodeTimestamper extends Timestamper {
 
     public AuthenticodeTimestamper() {
-        setURL("http://timestamp.comodoca.com/authenticode");
+        setURL("http://timestamp.sectigo.com");
     }
 
     protected CMSSignedData timestamp(DigestAlgorithm algo, byte[] encryptedDigest) throws IOException, TimestampingException {

jsign-core/src/main/java/net/jsign/timestamp/RFC3161Timestamper.java

@@ -42,7 +42,7 @@
 public class RFC3161Timestamper extends Timestamper {
 
     public RFC3161Timestamper() {
-        setURL("http://timestamp.comodoca.com/rfc3161");
+        setURL("http://timestamp.sectigo.com");
     }
 
     protected CMSSignedData timestamp(DigestAlgorithm algo, byte[] encryptedDigest) throws IOException, TimestampingException {

jsign-core/src/test/java/net/jsign/PESignerTest.java

@@ -475,12 +475,12 @@ public void testInvalidTimestampingURL() throws Exception {
 
     @Test
     public void testAuthenticodeTimestampingFailover() throws Exception {
-        testTimestampingFailover(TimestampingMode.AUTHENTICODE, "http://timestamp.comodoca.com/authenticode");
+        testTimestampingFailover(TimestampingMode.AUTHENTICODE, "http://timestamp.sectigo.com");
     }
 
     @Test
     public void testRFC3161TimestampingFailover() throws Exception {
-        testTimestampingFailover(TimestampingMode.RFC3161, "http://timestamp.comodoca.com/rfc3161");
+        testTimestampingFailover(TimestampingMode.RFC3161, "http://timestamp.sectigo.com");
     }
 
     public void testTimestampingFailover(TimestampingMode mode, String validURL) throws Exception {

jsign-gradle-plugin/example.gradle

@@ -18,6 +18,6 @@ task sign {
               keystore  : 'keystore.p12',
               alias     : 'test',
               storepass : 'secret',
-              tsaurl    : 'http://timestamp.comodoca.com/authenticode')
+              tsaurl    : 'http://timestamp.sectigo.com')
     }
 }

jsign/src/deb/data/usr/share/man/man1/jsign.1

@@ -78,9 +78,9 @@ option is used in combination with the keyfile option.
 .TP
 .B -t, --tsaurl <URL>
 The URL of the timestamping authority, either RFC 3161 or Authenticode services.
-You can use the COMODO or the Verisign services:
+You can use the Sectigo or the Verisign services:
 .br
-- http://timestamp.comodoca.com/authenticode
+- http://timestamp.sectigo.com
 .br
 - http://timestamp.verisign.com/scripts/timstamp.dll
 
@@ -148,7 +148,7 @@ Print the help
 Signing with a PKCS#12 keystore and timestamping:
 
 jsign --keystore keystore.p12 --alias test --storepass password \\
-      --tsaurl http://timestamp.comodoca.com/authenticode application.exe
+      --tsaurl http://timestamp.sectigo.com application.exe
 
 
 .TP