RFR: 8353749: Improve security warning when using JKS or JCEKS keystores [v2]
Sean Mullan
mullan at openjdk.org
Fri Oct 10 14:21:58 UTC 2025
On Fri, 10 Oct 2025 07:20:20 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> This PR improves security warning when using JKS or JCEKS keystores.
>
> Hai-May Chao has updated the pull request incrementally with four additional commits since the last revision:
>
> - Updates with review comments
> - Updates with review comments
> - Revert changes to KeyStore.java
> - Remove test TestOutdatedKeyStore.java
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 2432:
> 2430: }
> 2431: }
> 2432: if (store.getType().equalsIgnoreCase("JKS")
We should put in the same logic here as in `keytool` to check if the real storetype is JKS or JCEKS. See https://github.com/openjdk/jdk/blob/f6d77cb33299ae0636a2b52ee752f27e9ea9191b/src/java.base/share/classes/sun/security/tools/keytool/Main.java#L1392
test/jdk/sun/security/tools/jarsigner/compatibility/Compatibility.java line 26:
> 24: /*
> 25: * @test
> 26: * @bug 8217375 8260286 8267319 8353749
This is not specifically testing this issue, so I don't think you should include the bugid.
test/jdk/sun/security/tools/jarsigner/warnings/Test.java line 1:
> 1: /*
I think you should create a new test which is a subclass of this Test which checks that JKS and JCEKS produce the proper warnings when using jarsigner.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27624#discussion_r2420484696
PR Review Comment: https://git.openjdk.org/jdk/pull/27624#discussion_r2420255919
PR Review Comment: https://git.openjdk.org/jdk/pull/27624#discussion_r2420295556
More information about the security-dev
mailing list