[11u] RFR: 8244683: A TSA server used by tests

Doerr, Martin martin.doerr at sap.com
Tue Feb 2 20:28:18 UTC 2021


Hi,

JDK-8244683 is backported to 11.0.11-oracle. I'd like to backport it for parity.
It doesn't apply cleanly.

TimestampCheck.java:
- The parts which get removed contain minor differences (see [1])
- Resolution: Take new version.

TsaHandler.java and TsaSigner.java:
- New code contains usages of KnownOIDs which don't exist in 11u.
- Resolution: Translate them (see [2])

TsaSigner.java:
- New code uses ObjectIdentifier.of
- Resolution: Change back to "new ObjectIdentifier" according to [1]
- Uses HexPrinter (for debug code) which doesn't exist in 11u.
- Resolution: Use HexDumpEncoder instead: System.out.println(new HexDumpEncoder().encode(bytes));

An additional testfix is needed:
https://bugs.openjdk.java.net/browse/JDK-8246709
which applies cleanly except that it needs an import change (see [3]).
That change is not included in the webrev. I just want to push 11u backport of 8244683 together with 8246709 (including [3]) together.

Bug:
https://bugs.openjdk.java.net/browse/JDK-8244683

Original change:
https://hg.openjdk.java.net/jdk/jdk/rev/56bda3e6d148

11u backport:
http://cr.openjdk.java.net/~mdoerr/8244683_TSA_11u/webrev.00/

Please review.

Best regards,
Martin


[1] diff JDK11u:test/jdk/sun/security/tools/jarsigner/TimestampCheck.java JDK16:TimestampCheck_before_8244683.java
65a66
>  *          8242151
137c138
<             ObjectIdentifier policyId = new ObjectIdentifier(defaultPolicyId);
---
>             ObjectIdentifier policyId = ObjectIdentifier.of(defaultPolicyId);
161c162
<                 policyId = new ObjectIdentifier(defaultPolicyId);
---
>                 policyId = ObjectIdentifier.of(defaultPolicyId);
233c234
<             ContentInfo contentInfo = new ContentInfo(new ObjectIdentifier(
---
>             ContentInfo contentInfo = new ContentInfo(ObjectIdentifier.of(

[2] KnownOIDs Translation:
https://github.com/openjdk/jdk/commit/080b3b83ebffe5149fbc9ac48e921fb51e9c3c63#diff-e6d5bd6b166be4737084473fcf55b0f101a710263c899c19b0df2a702c89a30e

[3] diff JDK16:TSA_testfix_orig.patch resolved_JDK11u:8246709_TSA.patch
<  import jdk.test.lib.process.OutputAnalyzer;
---
>  import jdk.testlibrary.OutputAnalyzer;

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20210202/988ec03f/attachment.htm>


More information about the security-dev mailing list