[jdk17u] RFR: 8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled
Martin Doerr
mdoerr at openjdk.org
Thu Sep 15 14:00:00 UTC 2022
On Thu, 15 Sep 2022 10:38:06 GMT, Goetz Lindenmaier <goetz at openjdk.org> wrote:
> I backport this for parity with 17.0.5-oracle.
>
> I had to resolve the change in a few places:
>
> src/java.base/share/classes/sun/security/provider/certpath/AlgorithmChecker.java
> Where "true" is added to permits() call, code looks different. This is because
> "8243585: AlgorithmChecker::check throws confusing exception when it rejects the signer key"
> is not backported.
> Added true to all calls of permits().
>
> src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java
> Method permits() has a slightly different implementation in 17.
> The new parameter is just switching off the check. I
> wrapped the check around the code in 17 as in the original.
>
> src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java
> Copyright
> Call to permits() has different argument.
>
> It already ran successful through our nightly testing.
LGTM. Thanks for backporting!
-------------
Marked as reviewed by mdoerr (Reviewer).
PR: https://git.openjdk.org/jdk17u/pull/354
More information about the jdk-updates-dev
mailing list