RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

Jim Laskey (Oracle) james.laskey at oracle.com
Mon Nov 7 16:16:39 UTC 2016 

Suits me.


> On Nov 7, 2016, at 12:06 PM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> On 11/7/16 9:13 AM, Jim Laskey (Oracle) wrote:
>> The bug https://bugs.openjdk.java.net/browse/JDK-8159393
>> <https://bugs.openjdk.java.net/browse/JDK-8159393> is really about
>> warning developers that their image does not support signing.  If
>> they are okay with that then they can override with
>> --strip-signing-information.
> 
> I find the option name --strip-signing-information a little bit confusing. To me this implies jlink might remove the signature information from the original signed modular JAR, which is not what you are doing, correct? Why not call it "--ignore-signing-information"?
> 
> --Sean
> 
>> 
>> — Jim
>> 
>> 
>> 
>>> On Nov 7, 2016, at 10:11 AM, Jim Laskey (Oracle)
>>> <james.laskey at oracle.com> wrote:
>>> 
>>> The security entries are (have been) ignored when building the
>>> image.  At some future date (post-9), we need to decide how to sign
>>> an image.
>>> 
>>> — Jim
>>> 
>>> 
>>>> On Nov 7, 2016, at 10:06 AM, Wang Weijun <weijun.wang at oracle.com>
>>>> wrote:
>>>> 
>>>> The code block below checking if a jar file was signed is
>>>> correct.
>>>> 
>>>> There is one thing I don't understand, the
>>>> --strip-signing-information option. It looks like you will remove
>>>> the signature-related files if this option is set. But, where are
>>>> they stripped?
>>>> 
>>>> Thanks Max
>>>> 
>>>> On 11/7/2016 9:48 PM, Jim Laskey (Oracle) wrote:
>>>>> Apologies for the poor links earlier.
>>>>> 
>>>>> http://cr.openjdk.java.net/~jlaskey/8159393/webrev/index.html
>>>>> https://bugs.openjdk.java.net/browse/JDK-8159393
>>>>> 
>>>>> 
>>>>>> On Nov 7, 2016, at 9:26 AM, Jim Laskey (Oracle)
>>>>>> <james.laskey at oracle.com> wrote:
>>>>>> 
>>>>>> Revising to
>>>>>> 
>>>>>> String name = entry.name().toUpperCase(Locale.ENGLISH);
>>>>>> 
>>>>>> return name.startsWith("META-INF/") && name.indexOf('/', 9)
>>>>>> == -1 && ( name.endsWith(".SF") || name.endsWith(".DSA") ||
>>>>>> name.endsWith(".RSA") || name.endsWith(".EC") ||
>>>>>> name.startsWith("META-INF/SIG-") );
>>>>>> 
>>>>>> 
>>>>>>> On Nov 7, 2016, at 9:17 AM, Jim Laskey (Oracle)
>>>>>>> <james.laskey at oracle.com> wrote:
>>>>>>> 
>>>>>>> Right.  From SignatureFileVerifier.java
>>>>>>> 
>>>>>>> 
>>>>>>> /** * Utility method used by JarVerifier and JarSigner * to
>>>>>>> determine the signature file names and PKCS7 block * files
>>>>>>> names that are supported * * @param s file name * @return
>>>>>>> true if the input file name is a supported *
>>>>>>> Signature File or PKCS7 block file name */ public static
>>>>>>> boolean isBlockOrSF(String s) { // we currently only
>>>>>>> support DSA and RSA PKCS7 blocks return s.endsWith(".SF")
>>>>>>> || s.endsWith(".DSA") || s.endsWith(".RSA") ||
>>>>>>> s.endsWith(".EC"); }
>>>>>>> 
>>>>>>> /** * Yet another utility method used by JarVerifier and
>>>>>>> JarSigner * to determine what files are signature related,
>>>>>>> which includes * the MANIFEST, SF files, known signature
>>>>>>> block files, and other * unknown signature related files
>>>>>>> (those starting with SIG- with * an optional [A-Z0-9]{1,3}
>>>>>>> extension right inside META-INF). * * @param name file
>>>>>>> name * @return true if the input file name is signature
>>>>>>> related */ public static boolean isSigningRelated(String
>>>>>>> name) { name = name.toUpperCase(Locale.ENGLISH); if
>>>>>>> (!name.startsWith("META-INF/")) { return false; } name =
>>>>>>> name.substring(9); if (name.indexOf('/') != -1) { return
>>>>>>> false; } if (isBlockOrSF(name) ||
>>>>>>> name.equals("MANIFEST.MF")) { return true; } else if
>>>>>>> (name.startsWith("SIG-")) { // check filename extension //
>>>>>>> see
>>>>>>> http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html#Digital_Signatures
>>>>>>> 
>>>>>>> 
> // for what filename extensions are legal
>>>>>>> int extIndex = name.lastIndexOf('.'); if (extIndex != -1)
>>>>>>> { String ext = name.substring(extIndex + 1); // validate
>>>>>>> length first if (ext.length() > 3 || ext.length() < 1) {
>>>>>>> return false; } // then check chars, must be in [a-zA-Z0-9]
>>>>>>> per the jar spec for (int index = 0; index < ext.length();
>>>>>>> index++) { char cc = ext.charAt(index); // chars are
>>>>>>> promoted to uppercase so skip lowercase checks if ((cc <
>>>>>>> 'A' || cc > 'Z') && (cc < '0' || cc > '9')) { return
>>>>>>> false; } } } return true; // no extension is OK } return
>>>>>>> false; }
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>> 
>>>>>>>> On Nov 7, 2016, at 9:16 AM, Alan Bateman
>>>>>>>> <Alan.Bateman at oracle.com> wrote:
>>>>>>>> 
>>>>>>>> On 07/11/2016 13:09, Jim Laskey (Oracle) wrote:
>>>>>>>> 
>>>>>>>>> Thank you.  Regarding SIG- I was just followed the
>>>>>>>>> spec.
>>>>>>>>> 
>>>>>>>> I hope Sean or Max can jump in on this, the other
>>>>>>>> question is .EC as I believe the JDK allows this when
>>>>>>>> signing too.
>>>>>>>> 
>>>>>>>> -Alan
>>>>>>> 
>>>>>> 
>>>>> 
>>> 
>>

More information about the jigsaw-dev mailing list