RFR: 8277474: jarsigner does not check if algorithm parameters are disabled
Weijun Wang
weijun at openjdk.java.net
Wed Mar 2 16:54:00 UTC 2022
On Tue, 22 Feb 2022 22:00:05 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
> This fixes jarsigner to enforce checking against algorithm constraint properties so when the signature algorithms parameters use disabled or legacy algorithms, it will emit warnings accordingly. If the algorithm used in parameters is disabled, jarsigner treats the jar as unsigned.
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 1438:
> 1436: try {
> 1437: LEGACY_CHECK.permits(algParams, jcp);
> 1438: return alg;
No need to return here since it will be returned on line 1445 anyway.
test/jdk/sun/security/tools/jarsigner/CheckAlgParams.java line 30:
> 28: * its signature algorithm use disabled or legacy algorithms
> 29: * @library /test/lib
> 30: * @modules java.base/sun.security.x509
Is this `@modules` line useful?
-------------
PR: https://git.openjdk.java.net/jdk/pull/7582
More information about the security-dev
mailing list