RFR: 8277474: jarsigner does not check if algorithm parameters are disabled [v3]
Hai-May Chao
hchao at openjdk.java.net
Thu Mar 3 01:40:40 UTC 2022
On Wed, 2 Mar 2022 19:54:13 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> What does it look like now? Also, you might need to create a mapping in `Resources.java` because "using" should only be shown when system language is English.
>
> Also, what if it's another algorithm using another type of parameters? You cannot hardcode "RSASSA-PSS" and take it for granted that there is a "]" inside the string format of the parameter and it's the end of the weak part.
Made change to add "RSASSA-PSS using” before its parameter output when the signature algorithm is RSASSA-PSS. Also, keep the parameter string without doing further parsing and stripping off based on the "]".
-------------
PR: https://git.openjdk.java.net/jdk/pull/7582
More information about the security-dev
mailing list