RFR: 8365559: jarsigner shows files non-existent if signed with a weak algorithm [v2]
Bradford Wetmore
wetmore at openjdk.org
Fri Aug 15 20:03:13 UTC 2025
On Fri, 15 Aug 2025 00:35:27 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> See the bug report for details. Basically, entries in the SF set should always be removed no matter if it's treated signed or not.
>
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>
> add comment to test
Marked as reviewed by wetmore (Reviewer).
test/jdk/sun/security/tools/jarsigner/RemovedFiles.java line 44:
> 42: = "This jar contains signed entries for files that do not exist. See the -verbose output for more details.";
> 43: private static final String WEAK_UNSIGNED
> 44: = "The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled";
I know the existing test doesn't do this, but would it make sense to read the `resources/jarsigner.properties` files to get these messages instead of hard-coding them here? Seems that if anyone were to change the messages down the road, they'll likely find out during test.
Otherwise, change looks good to me.
-------------
PR Review: https://git.openjdk.org/jdk/pull/26781#pullrequestreview-3124986035
PR Review Comment: https://git.openjdk.org/jdk/pull/26781#discussion_r2279788205
More information about the security-dev
mailing list