[14] RFR 8229775: Incorrect warning when jar was signed with -sectionsonly
Weijun Wang
weijun.wang at oracle.com
Thu Aug 15 13:34:45 UTC 2019
Please take a review at
http://cr.openjdk.java.net/~weijun/8229775/webrev.00/
The updated code checks both SHA-256-Digest-Manifest and SHA-256-Digest-Manifest-Main-Attributes. The latter should always appear in a SF file generated by our own jarsigner but theoretically it could be missing if MANIFEST.MF has no header. Anyway, checking both is more reliable.
Thanks,
Max
More information about the security-dev
mailing list