RFR: 8365559: jarsigner shows files non-existent if signed with a weak algorithm [v2]
Weijun Wang
weijun at openjdk.org
Fri Aug 15 00:35:27 UTC 2025
On Thu, 14 Aug 2025 17:20:50 GMT, Artur Barashev <abarashev at openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>>
>> add comment to test
>
> test/jdk/sun/security/tools/jarsigner/RemovedFiles.java line 107:
>
>> 105: Files.writeString(Path.of("c"), "c"));
>> 106: SecurityTools.keytool("-genkeypair -storepass changeit -keystore ks -alias w -dname CN=w -keyalg ec");
>> 107: SecurityTools.jarsigner("-storepass changeit -keystore ks c.jar w -sigalg SHA1withECDSA")
>
> Nit: A comment explaining that `SHA1` is disabled in `jdk.jar.disabledAlgorithms` security property would be helpful.
That will be helpful. Thanks.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26781#discussion_r2278004693
More information about the security-dev
mailing list