RFR: 8300272: Improve readability of the test JarWithOneNonDisabledDigestAlg [v4]

Matthew Donovan duke at openjdk.org
Wed Jan 25 16:17:08 UTC 2023


On Tue, 24 Jan 2023 12:18:10 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:

>> This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to read. 
>> 
>> Some changes are made in the choice of algorithms and naming. The intent here is to reduce confusion and make the purpose of the test clearer:
>> 
>> - Updated the **enabled** digestAlgorithm in use from SHA1 to SHA256. The use of SHA1 here seems just a bit confusing, since it has been considered weak for a while 
>> - The two different signer aliases are now named SIGNER1, SIGNER2 instead of the somewhat confusing SHA1, SHA256
>> - Both signing keys are now generated with -sigalg SHA256withRSA since the sigalg of the keys does not seem to matter for this test
>> 
>> There are also some general code cleanups:
>> 
>> - Moved loading of the key store into the new method loadKeyStore
>> - Updated checkThatJarIsSigned to take a parameter Map<String, Integer> representing the expected signer counts for each path in the JAR. This provides a cleaner separation between expectiations and the enforcement of expectations.
>> - Introduced Path constants for various file names used throughout the test, reducing a number of redundant Path.of calls which seemed to clutter the code a bit
>> - Updated IO code to use new APIs, such as Files.newOutputStream, Files.newInputStream, InputStream.transferTo and OutputStream.nullOutputStream.
>> - Added/updated some comments where appropriate
>
> Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Add whitespace between if and left parenthesis

test/jdk/jdk/security/jarsigner/JarWithOneNonDisabledDigestAlg.java line 109:

> 107:         try {
> 108:             jarConstraints.permits("MD5", cp, false);
> 109:             throw new Exception("This test assumes that MD5 is disabled");

It might be clearer to say something like "This test requires MD5 to be disabled but it is enabled." 

Same for the SHA256 check below.

-------------

PR: https://git.openjdk.org/jdk/pull/11997


More information about the security-dev mailing list