[11u] RFR: 8244683: A TSA server used by tests
Doerr, Martin
martin.doerr at sap.com
Mon Feb 8 13:28:39 UTC 2021
Hi Götz,
thanks for the review!
Best regards,
Martin
From: Lindenmaier, Goetz <goetz.lindenmaier at sap.com>
Sent: Montag, 8. Februar 2021 14:18
To: Doerr, Martin <martin.doerr at sap.com>; security-dev <security-dev at openjdk.java.net>; jdk-updates-dev at openjdk.java.net
Cc: Langer, Christoph <christoph.langer at sap.com>
Subject: RE: [11u] RFR: 8244683: A TSA server used by tests
Hi Martin,
Thanks for downporting this.
Nice documentation of the changes! Looks good.
Best regards,
Goetz.
From: Doerr, Martin <martin.doerr at sap.com<mailto:martin.doerr at sap.com>>
Sent: Tuesday, February 2, 2021 9:28 PM
To: security-dev <security-dev at openjdk.java.net<mailto:security-dev at openjdk.java.net>>; jdk-updates-dev at openjdk.java.net<mailto:jdk-updates-dev at openjdk.java.net>
Cc: Langer, Christoph <christoph.langer at sap.com<mailto:christoph.langer at sap.com>>; Lindenmaier, Goetz <goetz.lindenmaier at sap.com<mailto:goetz.lindenmaier at sap.com>>
Subject: [11u] RFR: 8244683: A TSA server used by tests
Hi,
JDK-8244683 is backported to 11.0.11-oracle. I'd like to backport it for parity.
It doesn't apply cleanly.
TimestampCheck.java:
- The parts which get removed contain minor differences (see [1])
- Resolution: Take new version.
TsaHandler.java and TsaSigner.java:
- New code contains usages of KnownOIDs which don't exist in 11u.
- Resolution: Translate them (see [2])
TsaSigner.java:
- New code uses ObjectIdentifier.of
- Resolution: Change back to "new ObjectIdentifier" according to [1]
- Uses HexPrinter (for debug code) which doesn't exist in 11u.
- Resolution: Use HexDumpEncoder instead: System.out.println(new HexDumpEncoder().encode(bytes));
An additional testfix is needed:
https://bugs.openjdk.java.net/browse/JDK-8246709
which applies cleanly except that it needs an import change (see [3]).
That change is not included in the webrev. I just want to push 11u backport of 8244683 together with 8246709 (including [3]) together.
Bug:
https://bugs.openjdk.java.net/browse/JDK-8244683
Original change:
https://hg.openjdk.java.net/jdk/jdk/rev/56bda3e6d148
11u backport:
http://cr.openjdk.java.net/~mdoerr/8244683_TSA_11u/webrev.00/
Please review.
Best regards,
Martin
[1] diff JDK11u:test/jdk/sun/security/tools/jarsigner/TimestampCheck.java JDK16:TimestampCheck_before_8244683.java
65a66
> * 8242151
137c138
< ObjectIdentifier policyId = new ObjectIdentifier(defaultPolicyId);
---
> ObjectIdentifier policyId = ObjectIdentifier.of(defaultPolicyId);
161c162
< policyId = new ObjectIdentifier(defaultPolicyId);
---
> policyId = ObjectIdentifier.of(defaultPolicyId);
233c234
< ContentInfo contentInfo = new ContentInfo(new ObjectIdentifier(
---
> ContentInfo contentInfo = new ContentInfo(ObjectIdentifier.of(
[2] KnownOIDs Translation:
https://github.com/openjdk/jdk/commit/080b3b83ebffe5149fbc9ac48e921fb51e9c3c63#diff-e6d5bd6b166be4737084473fcf55b0f101a710263c899c19b0df2a702c89a30e
[3] diff JDK16:TSA_testfix_orig.patch resolved_JDK11u:8246709_TSA.patch
< import jdk.test.lib.process.OutputAnalyzer;
---
> import jdk.testlibrary.OutputAnalyzer;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.java.net/pipermail/security-dev/attachments/20210208/c1f66c63/attachment-0001.htm>
More information about the security-dev
mailing list