[13] RFR 8228341: SignTwice.java fails intermittently on Windows

Weijun Wang weijun.wang at oracle.com
Mon Jul 29 01:43:26 UTC 2019



> On Jul 28, 2019, at 10:23 PM, Philipp Kunz <philipp.kunz at paratix.ch> wrote:
> 
> Hi Max,
> 
> Glad to see SignTwice being taken from ProblemList. Is it working now with the timeout added or does it still fail on windows?

It hasn't failed in the last few days.

> 
> > I just ran a test job: SignTwice.java failed on Windows with `failed to clean up files after test`. Most likely a file is not closed.
> 
> For the key algs, "-DkeyAlgs=EC;" or "-DkeyAlgs=EC" might be shorter for the same effect, but "-DkeyAlgs=EC;0" is all right as well.
> 
> However, "-DdigestAlgs=SHA-256" will (far as I remember) not result in a digest that exceeds the maximum manifest line width in its encoded form as a base64 string and makes a difference. I strongly suggest to keep "-DdigestAlgs=SHA-512" or any other digest algorithm that tests line breaking of digests in signed jar file manifests.

OK, I'll revert it some day, maybe as a part of JDK-8228456.

However, I believe that since SignTwice always uses the same JDK to sign and verify, the line width issue will not be a problem itself, right?

Thanks,
Max

> 
> Regards,
> Philipp
> 
> 
> 
> 
> 
> 
> On Tue, 2019-07-23 at 14:28 +0800, Weijun Wang wrote:
>> Please review the patch below. This test signs the same jar multiple times. It's mainly about making sure the manifest and signature file can be updated correctly. There is no need to try different key algorithms. We can also use a faster digest algorithm.
>> 
>> Thanks,
>> Max
>> 
>> diff --git a/test/jdk/ProblemList.txt b/test/jdk/ProblemList.txt
>> --- a/test/jdk/ProblemList.txt
>> +++ b/test/jdk/ProblemList.txt
>> @@ -661,7 +661,6 @@
>>  sun/security/tools/keytool/KeyToolTest.java                     8224644 solaris-all
>>  sun/security/tools/keytool/WeakAlg.java                         8224644 solaris-all
>>  
>> -sun/security/tools/jarsigner/compatibility/SignTwice.java       8228341 windows-all
>>  sun/security/tools/jarsigner/warnings/BadKeyUsageTest.java      8026393 generic-all
>>  
>>  javax/net/ssl/ServerName/SSLEngineExplorerMatchedSNI.java       8212096 generic-all
>> diff --git a/test/jdk/sun/security/tools/jarsigner/compatibility/SignTwice.java b/test/jdk/sun/security/tools/jarsigner/compatibility/SignTwice.java
>> --- a/test/jdk/sun/security/tools/jarsigner/compatibility/SignTwice.java
>> +++ b/test/jdk/sun/security/tools/jarsigner/compatibility/SignTwice.java
>> @@ -36,7 +36,7 @@
>>   * @test
>>   * @library /test/lib ../warnings
>>   * @compile Compatibility.java
>> - * @run main/othervm
>> + * @run main/othervm/timeout=600
>>   *  -Djava.security.properties=./java.security
>>   *  -Duser.language=en
>>   *  -Duser.country=US
>> @@ -46,8 +46,8 @@
>>   *  -DtestComprehensiveJarContents=true
>>   *  -DtestJarUpdate=true
>>   *  -Dstrict=true
>> - *  -DkeyAlgs=EC;#RSA;#DSA;
>> - *  -DdigestAlgs=SHA-512
>> + *  -DkeyAlgs=EC;0
>> + *  -DdigestAlgs=SHA-256
>>   *  SignTwice
>>   */
>>  public class SignTwice {
>> 




More information about the security-dev mailing list