RFR: 8278851: Correct signer logic for jars signed with multiple digestalgs
Sean Coffey
coffeys at openjdk.java.net
Thu Jan 13 15:31:29 UTC 2022
On Thu, 13 Jan 2022 13:56:14 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java line 212:
>>
>>> 210:
>>> 211: CodeSigner[] entrySigners = sigFileSigners.get(name);
>>> 212: Map<String, Boolean> permittedAlgs =
>>
>> maybe permittedAlgsChecker as variable name ? the Map contains both permitted and non-permitted algs.
>
> `Checker` sounds like it going to do something. But I agree the name could be better. I was mostly being consistent with the `permittedAlgs` variable in `SignatureFileVerifier`. Maybe `algsPermittedStatus`?
yes, algsPermittedStatus sounds better. Thanks.
>> src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java line 239:
>>
>>> 237:
>>> 238: // A non-disabled algorithm was used.
>>> 239: disabledAlgs = false;
>>
>> this usage doesn't seem right. I think it's always set to false no matter what algs are detected.
>
> If all algs are disabled, it will never get here, because it will either continue on line 231 or 234.
Ah yes - I was reading the scope of for loop incorrectly. Thanks for clarifying!
-------------
PR: https://git.openjdk.java.net/jdk/pull/7056
More information about the core-libs-dev
mailing list