RFR 8056174: New APIs for jar signing

Mandy Chung mandy.chung at oracle.com
Thu Mar 26 16:26:00 UTC 2015

On 3/24/2015 2:47 AM, Wang Weijun wrote:
> Hi All
> Please review the code change at
>     http://cr.openjdk.java.net/~weijun/8056174/webrev.00/
> It provides a new jdk.Exported API JarSigner to perform jar signing. The class contains popular functions of the jarsigner tool. The jarsigner tool is unchanged and currently independent of the new class.

Passing comment when skimming on the webrev:

JarSignerException.ErrorCode - do you expect the caller will want
to process error handling differently with different type of error?

I wonder if the error message would be good enough wrapping the
Throwable cause.  Should JarSignerException be an unchecked exception?

One other thing to mention: @jdk.Exported will go away some time.
For now it's okay to use it and will be cleaned up together with
other JDK exported APIs when time comes.

> The root repo also needs a little change:
> diff --git a/common/bin/unshuffle_list.txt b/common/bin/unshuffle_list.txt

This is a new package that you don't need to include in the
unshuffle_list.txt (that's mainly for backporting use).

> diff --git a/modules.xml b/modules.xml
> --- a/modules.xml
> +++ b/modules.xml
> @@ -1634,6 +1645,9 @@
>       <export>
>         <name>com.sun.jarsigner</name>
>       </export>
> +    <export>
> +      <name>jdk.security.jarsigner</name>
> +    </export>
>     </module>
>     <module>
>       <name>jdk.javadoc</name>
Looks fine.


More information about the security-dev mailing list