RFR: 8353749: Improve security warning when using JKS or JCEKS keystores [v2]
Hai-May Chao
hchao at openjdk.org
Thu Nov 13 07:50:06 UTC 2025
On Fri, 10 Oct 2025 14:19:18 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Hai-May Chao has updated the pull request incrementally with four additional commits since the last revision:
>>
>> - Updates with review comments
>> - Updates with review comments
>> - Revert changes to KeyStore.java
>> - Remove test TestOutdatedKeyStore.java
>
> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 2432:
>
>> 2430: }
>> 2431: }
>> 2432: if (store.getType().equalsIgnoreCase("JKS")
>
> We should put in the same logic here as in `keytool` to check if the real storetype is JKS or JCEKS. See https://github.com/openjdk/jdk/blob/f6d77cb33299ae0636a2b52ee752f27e9ea9191b/src/java.base/share/classes/sun/security/tools/keytool/Main.java#L1392
Fixed.
> test/jdk/sun/security/tools/jarsigner/warnings/Test.java line 1:
>
>> 1: /*
>
> I think you should create a new test which is a subclass of this Test which checks that JKS and JCEKS produce the proper warnings when using jarsigner.
A new test was created under sun/security/tools/keytool to provide test coverage for keytool on JKS and JCEKS followed by using jarsigner.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27624#discussion_r2522077007
PR Review Comment: https://git.openjdk.org/jdk/pull/27624#discussion_r2522076843
More information about the security-dev
mailing list