RFR: 8277474: jarsigner does not check if algorithm parameters are disabled [v4]
Hai-May Chao
hchao at openjdk.java.net
Thu Mar 3 21:12:49 UTC 2022
On Thu, 3 Mar 2022 19:35:21 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Removed unused string
>
> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 1418:
>
>> 1416: "RSASSA-PSS", algParams);
>> 1417: default:
>> 1418: return String.format(rb.getString("with.disabled"), algParams);
>
> There is no need to differentiate RSASSA-PSS and other algorithms. Just use the exact same format as you defined in `Resources.java`. This makes sure if one day another type of algorithm parameters fail the check, we will see the algorithm name and full description of the parameters as well. If the description is not clear, it's the problem of its `toString()` implementation.
Removed code that differentiates.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7582
More information about the security-dev
mailing list