RFR: 8277474: jarsigner does not check if algorithm parameters are disabled

Weijun Wang weijun at openjdk.java.net
Wed Mar 2 16:54:00 UTC 2022


On Tue, 22 Feb 2022 22:00:05 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

> This fixes jarsigner to enforce checking against algorithm constraint properties so when the signature algorithms parameters use disabled or legacy algorithms, it will emit warnings accordingly. If the algorithm used in parameters is disabled, jarsigner treats the jar as unsigned.

src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 1438:

> 1436:             try {
> 1437:                 LEGACY_CHECK.permits(algParams, jcp);
> 1438:                 return alg;

No need to return here since it will be returned on line 1445 anyway.

test/jdk/sun/security/tools/jarsigner/CheckAlgParams.java line 30:

> 28:  *          its signature algorithm use disabled or legacy algorithms
> 29:  * @library /test/lib
> 30:  * @modules java.base/sun.security.x509

Is this `@modules` line useful?

-------------

PR: https://git.openjdk.java.net/jdk/pull/7582



More information about the security-dev mailing list