RFR 8049480: Current versions of Java can't verify jars signed and timestamped with Java 9
Sean Mullan
sean.mullan at oracle.com
Tue Jul 8 16:45:48 UTC 2014
On 07/08/2014 10:37 AM, Wang Weijun wrote:
> Please review the jdk7u-only code change at
>
> http://cr.openjdk.java.net/~weijun/8049480/webrev.00/
>
> The reason is that the jdk7u version [1] of fix for JDK-8049480 is just a hack and not as powerful as its jdk8 sibling [2] and now I'll have to apply the jdk7u jar signature "hack" to timestamp signature again.
>
> I did a find usage on Algorithm.getName() and other cases are not impacted by the name difference.
In the test, you should close the InputStream before finishing. Also, it
would be nice to change OAEPParameters to call
AlgorithmId.getStandardDigestName and remove the duplicate method. Looks
fine otherwise.
--Sean
>
> Thanks
> Max
>
> [1] http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c399756623cb
> [2] http://hg.openjdk.java.net/jdk9/dev/jdk/rev/5dc3f32c0d26
>
More information about the security-dev
mailing list