RFR: 8259401: Add checking to jarsigner to warn weak algorithms used in signer’s cert chain [v2]

Hai-May Chao hchao at openjdk.java.net
Wed Jan 13 22:20:09 UTC 2021


On Wed, 13 Jan 2021 15:17:22 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   No warning for trusted cert's SHA1, and added debug output to test
>
> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 1491:
> 
>> 1489:                         .append(checkWeakKey(key));
>> 1490: 
>> 1491:                 certStr.append("\n").append(tab).append("[");
> 
> It's a little strange to leave the other half of the bracket (`certStr.append("]");` on line 1568) outside the if-else block. Can you please move it inside? Of course you will have to duplicate them.

I'd prefer to keep it as is instead of duplicating the code in several places inside if block and else block.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2042


More information about the security-dev mailing list