RFR 8049480: Current versions of Java can't verify jars signed and timestamped with Java 9
Wang Weijun
weijun.wang at oracle.com
Wed Jul 9 04:31:12 UTC 2014
Webrev updated at phttp://cr.openjdk.java.net/~weijun/8049480/webrev.01/.
Thanks
Max
On Jul 9, 2014, at 0:45, Sean Mullan <sean.mullan at oracle.com> wrote:
> On 07/08/2014 10:37 AM, Wang Weijun wrote:
>> Please review the jdk7u-only code change at
>>
>> http://cr.openjdk.java.net/~weijun/8049480/webrev.00/
>>
>> The reason is that the jdk7u version [1] of fix for JDK-8049480 is just a hack and not as powerful as its jdk8 sibling [2] and now I'll have to apply the jdk7u jar signature "hack" to timestamp signature again.
>>
>> I did a find usage on Algorithm.getName() and other cases are not impacted by the name difference.
>
> In the test, you should close the InputStream before finishing. Also, it would be nice to change OAEPParameters to call AlgorithmId.getStandardDigestName and remove the duplicate method. Looks fine otherwise.
>
> --Sean
>
>>
>> Thanks
>> Max
>>
>> [1] http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/c399756623cb
>> [2] http://hg.openjdk.java.net/jdk9/dev/jdk/rev/5dc3f32c0d26
>>
More information about the security-dev
mailing list