[jdk17u] RFR: 8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled
Goetz Lindenmaier
goetz at openjdk.org
Thu Sep 15 10:46:42 UTC 2022
I backport this for parity with 17.0.5-oracle.
I had to resolve the change in a few places:
src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
Where "true" is added to permits() call, code looks different. This is because
"8243585: AlgorithmChecker::check throws confusing exception when it rejects the signer key"
is not backported.
Added true to all calls of permits().
src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
Method permits() has a slightly different implementation in 17.
The new parameter is just switching off the check. I
wrapped the check around the code in 17 as in the original.
src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java
Copyright
Call to permits() has different argument.
It already ran successful through our nightly testing.
-------------
Commit messages:
- Backport 03f8c0fb9363dc1bb07bed1ae0359c029caa0130
Changes: https://git.openjdk.org/jdk17u/pull/354/files
Webrev: https://webrevs.openjdk.org/?repo=jdk17u&pr=354&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8275887
Stats: 120 lines in 9 files changed: 33 ins; 30 del; 57 mod
Patch: https://git.openjdk.org/jdk17u/pull/354.diff
Fetch: git fetch https://git.openjdk.org/jdk17u pull/354/head:pull/354
PR: https://git.openjdk.org/jdk17u/pull/354
More information about the jdk-updates-dev
mailing list