[jdk11u-dev] Integrated: 8269039: Disable SHA-1 Signed JARs

[Goetz Lindenmaier]

On Wed, 20 Jul 2022 07:44:55 GMT, Goetz Lindenmaier <goetz at openjdk.org> wrote:

> src/java.base/share/conf/security/java.security
> Does not resolve because 11 mentions "include jdk.disabled.namedCurves"
> 
> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
> Some hunks did not apply because DISABLED_CHECK was renamed
> to JAR_DISABLED_CHECK in 17.
> Other hunks patch methods not in 11: checkWeakKey(), checkWeakAlg()
> as well as the calls to these methods.
> 
> test/jdk/java/security/Security/signedfirst/Dyn.sh
> test/jdk/java/security/Security/signedfirst/Static.sh
> Deleting did not apply.
> 
> test/jdk/java/util/jar/JarInputStream/signed.jar
> Patching this binary file failed. I just copied
> the file from 17.
> 
> test/jdk/sun/security/tools/jarsigner/CheckSignerCertChain.java
> Patch skipped, test not in 11.
> 
> test/jdk/sun/security/tools/jarsigner/TimestampCheck.java
> Resolved. Checked output differed.
> 
> test/lib/jdk/test/lib/security/SecurityUtils.java
> The change to this file was already backported.
> 
> In addition, I adapted 
> sun/security/tools/jarsigner/DefaultOptions.java
> sun/security/tools/jarsigner/NameClash.java
> sun/security/tools/jarsigner/EC.java
> according to 
>  "8172404: Tools should warn if weak algorithms are used before restricting them"
> which makes the tests pass.

This pull request has now been integrated.

Changeset: 5a0824ba
Author:    Goetz Lindenmaier <goetz at openjdk.org>
URL:       https://git.openjdk.org/jdk11u-dev/commit/5a0824ba813ceda47847c9162c8a10bb0b8898e8
Stats:     638 lines in 28 files changed: 300 ins; 214 del; 124 mod

8269039: Disable SHA-1 Signed JARs

Reviewed-by: mbalao
Backport-of: 6d91a3eb7bd1e1403cfb67f7eb8ce06d7e08e7a7

-------------

PR: https://git.openjdk.org/jdk11u-dev/pull/1244