RFR: 8160655 Fix denyAfter and usage types for security properties
Seán Coffey
sean.coffey at oracle.com
Mon Jan 30 11:31:20 UTC 2017
src/java.base/share/classes/sun/security/util/SignatureFileVerifier.java
CertPathValidatorException is caught 3 times in new code but we're not
printing out the exact algorithm that caused the exception. AFAIK, that
should be in the exception message. Would it be possible to use
something e.getMessage() call to print more detail ? You'd have to check
for null also.
371 } catch(CertPathValidatorException e) {
372 if (debug != null) {
373 debug.println(key + " uses a disabled
algorithm.");
374 }
Spacing issue on line 371 of same file :
> 371 } catch(CertPathValidatorException e) {
Regards,
Sean.
On 26/01/17 21:57, Sean Mullan wrote:
> Looks good, mostly minor stuff so far, just have one other file I need
> more time to review:
>
> * java.security
>
> Update description of new constraints to match CCC.
>
> * PKIXExtendedParameters.java
>
> Update class description (it is out-of-date).
>
> * CertConstraintParameters.java
>
> 2 * Copyright (c) 2016, 2017 Oracle and/or its affiliates. All rights
> reserved.
>
> Should be a comma after 2017.
>
> * AlgorithmChecker.java
>
> 278 String currSigAlg = ((X509Certificate)cert).getSigAlgName();
>
> Just use x509Cert.getSigAlgName() instead
>
> * SignatureFileVerifier.java
>
> 294 Timestamp[] timestamp = new Timestamp[newSigners.length];
>
> "timestamps" would be more clear as a variable name
>
> 299 System.out.println("Timestamp[" + (i - 1) + "] = " +
>
> debug.println
>
> --Sean
>
> On 1/23/17 6:27 PM, Anthony Scarpino wrote:
>> Hi,
>>
>> I need a code review of this change that brings more detail constraints
>> checking and control to certpath and jar disabled algorithm Security
>> properties.
>>
>> http://cr.openjdk.java.net/~ascarpino/8160655/webrev/
>>
>> thanks
>>
>> Tony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20170130/f2e10ed5/attachment.htm>
More information about the security-dev
mailing list