[jdk17u-dev] Integrated: 8278851: Correct signer logic for jars signed with multiple digestalgs
Goetz Lindenmaier
goetz at openjdk.java.net
Fri Mar 18 12:26:46 UTC 2022
On Thu, 17 Mar 2022 17:23:34 GMT, Goetz Lindenmaier <goetz at openjdk.org> wrote:
> I backport this for parity with 17.0.4-oracle.
>
> JarVerifier: resolve due to context.
> ManifestEntryVerifier.java: I had to remove an argument 'false' because "JDK-8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled" is not in 17.
>
> I had to add a hunk from "JDK-8269039: Disable SHA-1 Signed JARs" to
> SecurityUtils.java to make a method public that is called in a test.
This pull request has now been integrated.
Changeset: cbe49739
Author: Goetz Lindenmaier <goetz at openjdk.org>
URL: https://git.openjdk.java.net/jdk17u-dev/commit/cbe497394786ff76a09f9743040e3ba96ee8298f
Stats: 273 lines in 4 files changed: 221 ins; 20 del; 32 mod
8278851: Correct signer logic for jars signed with multiple digestalgs
Reviewed-by: mbaesken
Backport-of: 61b8944327e3d12cf58dc3f6bc45ecbeba4ef611
-------------
PR: https://git.openjdk.java.net/jdk17u-dev/pull/262
More information about the jdk-updates-dev
mailing list