RFR: 8277474: jarsigner does not check if algorithm parameters are disabled
Sean Mullan
mullan at openjdk.java.net
Wed Mar 2 15:47:01 UTC 2022
On Tue, 22 Feb 2022 22:00:05 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
> This fixes jarsigner to enforce checking against algorithm constraint properties so when the signature algorithms parameters use disabled or legacy algorithms, it will emit warnings accordingly. If the algorithm used in parameters is disabled, jarsigner treats the jar as unsigned.
Marked as reviewed by mullan (Reviewer).
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 33:
> 31: import java.security.cert.CertPathValidatorException;
> 32: import java.security.cert.PKIXBuilderParameters;
> 33: import java.security.spec.PSSParameterSpec;
I don't think you need this import, as this class does not seem to be referenced anywhere.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7582
More information about the security-dev
mailing list