RFR JDK-8179614: Test for jarsigner on verifying jars that are signed and timestamped by other JDK releases
sha.jiang at oracle.com
sha.jiang at oracle.com
Wed Jun 7 01:14:50 UTC 2017
Hi Sean,
On 07/06/2017 04:27, Sean Mullan wrote:
> Hi John,
>
> This looks like a very useful test. I have not gone through all of the
> code, but here are a few comments for now until I have more time:
>
> - add tests for EC keys
> - add tests for SHA-512 variants of the signature algorithms
> - add tests for larger key sizes (ex: 2048 for DSA/RSA)
> - you can use the diamond operator <> in various places
> - might be more compact if jdkList() used Files.lines() to parse the
> file into a stream then an array
I did consider about the above two points. Because the test will be
backported to JDK 6, so I only used the features those supported by JDK 6.
I supposed that would make the backport easier. Does it make sense?
Best regards,
John Jiang
> - did you consider using the jarsigner API (jdk.security.jarsigner)
> instead of the command-line? I think this would be better (if
> possible) and it would give us some more tests of that API.
>
> --Sean
>
> On 6/5/17 6:31 AM, sha.jiang at oracle.com wrote:
>> Hi,
>> Please review this manual test for checking if a jar, which is signed
>> and timestamped by a JDK build, could be verified by other JDK builds.
>> It also can be used to check if the default timestamp digest
>> algorithm on signing is SHA-256.
>> For more details, please look through the test summary.
>>
>> Issue: https://bugs.openjdk.java.net/browse/JDK-8179614
>> Webrev: http://cr.openjdk.java.net/~jjiang/8179614/webrev.00/
>>
>> Best regards,
>> John Jiang
>>
>
More information about the security-dev
mailing list