RFR 8056174: New APIs for jar signing

Wang Weijun weijun.wang at oracle.com
Thu Nov 19 02:54:26 UTC 2015


> On Nov 19, 2015, at 2:40 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> Looks good, just a couple of minor comments:
> 
> In JarSigner.Builder.getDefaultSignatureAlgorithm, change the word "bigger" to "greater than".

Updated.

> 
> In AlgorithmId.getDefaultSigAlgForKey, I think you can remove the last sentence ("Remember ...") - this seems like a ToDo note to yourself which has been done.

It's a reminder if we update it again in the future.

It makes me feel a little uncomfortable that the rule is coded inside java.base but the spec is in jdk.jartool, although most likely we don't suggest users mixing modules from different releases.

--Max

> 
> --Sean
> 
> On 11/18/2015 01:53 AM, Wang Weijun wrote:
>> Hi All
>> 
>> An updated webrev is available at
>> 
>>   http://cr.openjdk.java.net/~weijun/8056174/webrev.06/
>> 
>> Compared with webrev.05, these changes are made:
>> 
>> 1. In AlgorithmId.java, getDefaultSigAlgForKey() looks at the key size and returns signature algorithms with different digest part. Thanks, Mike!
>> 
>> 2. In JarSigner.java:
>> 
>>  - method names are longer, sigAlg() is now signatureAlgorithm(). Thanks, Mandy!
>> 
>>  - a new eventHandler() setter, so caller can show the progress of signing
>> 
>>  - value in setProperty(key, value) is only String now. No need to care about cloning
>> 
>> The change in the root idk repo is still
>> 
>> diff --git a/modules.xml b/modules.xml
>> --- a/modules.xml
>> +++ b/modules.xml
>> @@ -1704,12 +1704,15 @@
>>    <module>
>>      <name>jdk.jartool</name>
>>      <depend>java.base</depend>
>>      <export>
>>        <name>com.sun.jarsigner</name>
>>      </export>
>> +    <export>
>> +      <name>jdk.security.jarsigner</name>
>> +    </export>
>>    </module>
>> 
>> Thanks
>> Max
>> 




More information about the security-dev mailing list