RFR: 8159393 - jlink should print a warning that a signed modular JAR will be treated as unsigned

Mon Nov 7 16:31:29 UTC 2016

On 11/7/16 11:21 AM, Sundararajan Athijegannathan wrote:
> Looks good to me.
>
> PS. jmods, jars are not modified by jlink. Only a new image directory is
> generated. So, strip-signing-info confusion is unlikely.

I still find it confusing. If I saw that option, I would hesitate to use 
it until I was sure it would not strip the signature from my JAR file. 
Best to rename it to avoid confusion.

--Sean

>
> -Sundar
>
>
> On 11/7/2016 9:36 PM, Sean Mullan wrote:
>> On 11/7/16 9:13 AM, Jim Laskey (Oracle) wrote:
>>> The bug https://bugs.openjdk.java.net/browse/JDK-8159393
>>> <https://bugs.openjdk.java.net/browse/JDK-8159393> is really about
>>> warning developers that their image does not support signing.  If
>>> they are okay with that then they can override with
>>> --strip-signing-information.
>>
>> I find the option name --strip-signing-information a little bit
>> confusing. To me this implies jlink might remove the signature
>> information from the original signed modular JAR, which is not what
>> you are doing, correct? Why not call it "--ignore-signing-information"?
>>
>> --Sean
>>
>>>
>>> — Jim
>>>
>>>
>>>
>>>> On Nov 7, 2016, at 10:11 AM, Jim Laskey (Oracle)
>>>> <james.laskey at oracle.com> wrote:
>>>>
>>>> The security entries are (have been) ignored when building the
>>>> image.  At some future date (post-9), we need to decide how to sign
>>>> an image.
>>>>
>>>> — Jim
>>>>
>>>>
>>>>> On Nov 7, 2016, at 10:06 AM, Wang Weijun <weijun.wang at oracle.com>
>>>>> wrote:
>>>>>
>>>>> The code block below checking if a jar file was signed is
>>>>> correct.
>>>>>
>>>>> There is one thing I don't understand, the
>>>>> --strip-signing-information option. It looks like you will remove
>>>>> the signature-related files if this option is set. But, where are
>>>>> they stripped?
>>>>>
>>>>> Thanks Max
>>>>>
>>>>> On 11/7/2016 9:48 PM, Jim Laskey (Oracle) wrote:
>>>>>> Apologies for the poor links earlier.
>>>>>>
>>>>>> http://cr.openjdk.java.net/~jlaskey/8159393/webrev/index.html
>>>>>> https://bugs.openjdk.java.net/browse/JDK-8159393
>>>>>>
>>>>>>
>>>>>>> On Nov 7, 2016, at 9:26 AM, Jim Laskey (Oracle)
>>>>>>> <james.laskey at oracle.com> wrote:
>>>>>>>
>>>>>>> Revising to
>>>>>>>
>>>>>>> String name = entry.name().toUpperCase(Locale.ENGLISH);
>>>>>>>
>>>>>>> return name.startsWith("META-INF/") && name.indexOf('/', 9)
>>>>>>> == -1 && ( name.endsWith(".SF") || name.endsWith(".DSA") ||
>>>>>>> name.endsWith(".RSA") || name.endsWith(".EC") ||
>>>>>>> name.startsWith("META-INF/SIG-") );
>>>>>>>
>>>>>>>
>>>>>>>> On Nov 7, 2016, at 9:17 AM, Jim Laskey (Oracle)
>>>>>>>> <james.laskey at oracle.com> wrote:
>>>>>>>>
>>>>>>>> Right.  From SignatureFileVerifier.java
>>>>>>>>
>>>>>>>>
>>>>>>>> /** * Utility method used by JarVerifier and JarSigner * to
>>>>>>>> determine the signature file names and PKCS7 block * files
>>>>>>>> names that are supported * * @param s file name * @return
>>>>>>>> true if the input file name is a supported *
>>>>>>>> Signature File or PKCS7 block file name */ public static
>>>>>>>> boolean isBlockOrSF(String s) { // we currently only
>>>>>>>> support DSA and RSA PKCS7 blocks return s.endsWith(".SF")
>>>>>>>> || s.endsWith(".DSA") || s.endsWith(".RSA") ||
>>>>>>>> s.endsWith(".EC"); }
>>>>>>>>
>>>>>>>> /** * Yet another utility method used by JarVerifier and
>>>>>>>> JarSigner * to determine what files are signature related,
>>>>>>>> which includes * the MANIFEST, SF files, known signature
>>>>>>>> block files, and other * unknown signature related files
>>>>>>>> (those starting with SIG- with * an optional [A-Z0-9]{1,3}
>>>>>>>> extension right inside META-INF). * * @param name file
>>>>>>>> name * @return true if the input file name is signature
>>>>>>>> related */ public static boolean isSigningRelated(String
>>>>>>>> name) { name = name.toUpperCase(Locale.ENGLISH); if
>>>>>>>> (!name.startsWith("META-INF/")) { return false; } name =
>>>>>>>> name.substring(9); if (name.indexOf('/') != -1) { return
>>>>>>>> false; } if (isBlockOrSF(name) ||
>>>>>>>> name.equals("MANIFEST.MF")) { return true; } else if
>>>>>>>> (name.startsWith("SIG-")) { // check filename extension //
>>>>>>>> see
>>>>>>>> http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html#Digital_Signatures
>>>>>>>>
>>>>>>>>
>>>>>>>>
>> // for what filename extensions are legal
>>>>>>>> int extIndex = name.lastIndexOf('.'); if (extIndex != -1)
>>>>>>>> { String ext = name.substring(extIndex + 1); // validate
>>>>>>>> length first if (ext.length() > 3 || ext.length() < 1) {
>>>>>>>> return false; } // then check chars, must be in [a-zA-Z0-9]
>>>>>>>> per the jar spec for (int index = 0; index < ext.length();
>>>>>>>> index++) { char cc = ext.charAt(index); // chars are
>>>>>>>> promoted to uppercase so skip lowercase checks if ((cc <
>>>>>>>> 'A' || cc > 'Z') && (cc < '0' || cc > '9')) { return
>>>>>>>> false; } } } return true; // no extension is OK } return
>>>>>>>> false; }
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On Nov 7, 2016, at 9:16 AM, Alan Bateman
>>>>>>>>> <Alan.Bateman at oracle.com> wrote:
>>>>>>>>>
>>>>>>>>> On 07/11/2016 13:09, Jim Laskey (Oracle) wrote:
>>>>>>>>>
>>>>>>>>>> Thank you.  Regarding SIG- I was just followed the
>>>>>>>>>> spec.
>>>>>>>>>>
>>>>>>>>> I hope Sean or Max can jump in on this, the other
>>>>>>>>> question is .EC as I believe the JDK allows this when
>>>>>>>>> signing too.
>>>>>>>>>
>>>>>>>>> -Alan
>>>>>>>>
>>>>>>>
>>>>>>
>>>>
>>>
>