[jdk11u] RFR: 8275887: jarsigner prints invalid digest/signature algorithm warnings if keysize is weak/disabled
Martin Doerr
mdoerr at openjdk.org
Fri Sep 16 07:50:56 UTC 2022
On Fri, 16 Sep 2022 07:27:22 GMT, Goetz Lindenmaier <goetz at openjdk.org> wrote:
> I backport this change from 17u because I had to do adaptions for 17 that
> are needed here, too. I needed further fixes, though:
>
> src/java.base/share/classes/sun/security/pkcs/SignerInfo.java
> Slight difference in context, change applies to code clean.
> I had to change a record to a class to make the change compile
> with Java 11.
>
> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java
> Chunks don't apply because in 11 method JAR_DISABLED_CHECK
> lacks the prefix JAR_.
> checkWeakKey() and checkWeakAlg() are not implemented in 11. Hunk omitted.
>
> test/jdk/sun/security/tools/jarsigner/TimestampCheck.java
> Resolved adding bugID to @bug.
See below. Otherwise, LGTM. Thanks for backporting.
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 985:
> 983: tsDate);
> 984: history = String.format(
> 985: rb.getString("history.with.ts"), // GLGLGL
I suggest to remove the comment.
-------------
Marked as reviewed by mdoerr (Reviewer).
PR: https://git.openjdk.org/jdk11u/pull/56
More information about the jdk-updates-dev
mailing list