RFR 8056174: New APIs for jar signing
Sean Mullan
sean.mullan at oracle.com
Thu Mar 26 20:41:22 UTC 2015
On 03/24/2015 05:47 AM, Wang Weijun wrote:
> Hi All
>
> Please review the code change at
>
> http://cr.openjdk.java.net/~weijun/8056174/webrev.00/
>
> It provides a new jdk.Exported API JarSigner to perform jar signing. The class contains popular functions of the jarsigner tool. The jarsigner tool is unchanged and currently independent of the new class.
* AlgorithmId
- checKeyAlgSigAlgkMatch
Should this be named "checkKeyAndSigAlgMatch"?
* Builder
- why are methods public when class is package-private?
* JarSigner
- For digestAlg and sigAlg you should add a pointer to the relevant
section of the Standard Algorithm Names guide for a list of standard
algorithms that can be specified.
* JarSignerException
- is there ever a reason to add a ctor that takes a String for the
exception message?
* API
- copyright should be 2015
* options.sh
- how is this relevant if jarsigner has not been updated to use the new
API yet? Also, we should avoid adding more shell script tests.
--Sean
More information about the security-dev
mailing list