<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi Robert!<br>
<br>
I copied your update to the report and moved it into JDK project.<br>
You should be able to access it now:
<a class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8049480">https://bugs.openjdk.java.net/browse/JDK-8049480</a><br>
<br>
Sincerely yours,<br>
Ivan<br>
<br>
<div class="moz-cite-prefix">On 04.07.2014 12:30, Robert Gibson
wrote:<br>
</div>
<blockquote
cite="mid:1404462608.7517.YahooMailNeo@web121304.mail.ne1.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff;
font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial,
Lucida Grande, Sans-Serif;font-size:12pt">
<div id="yiv6043112129">
<div>
<div style="color: rgb(0, 0, 0); font-family: HelveticaNeue,
Helvetica Neue, Helvetica, Arial, Lucida Grande,
Sans-Serif; font-size: 12pt; background-color: rgb(255,
255, 255);">
<div id="yiv6043112129">
<div id="yiv6043112129yui_3_16_0_1_1404460348297_8227">
<div style="color: rgb(0, 0, 0); font-family:
HelveticaNeue, Helvetica Neue, Helvetica, Arial,
Lucida Grande, Sans-Serif; font-size: 12pt;
background-color: rgb(255, 255, 255);"
id="yiv6043112129yui_3_16_0_1_1404460348297_8226">
<div
id="yiv6043112129yui_3_16_0_1_1404460348297_6706">Hi,</div>
<div
id="yiv6043112129yui_3_16_0_1_1404460348297_6747">I'm
the reporter of JI-9013191 and I just wanted to
follow up with some more information, since I
can't see or comment on the bug in the OpenJDK
JIRA instance. Hope this is the right place.</div>
<div id="yiv6043112129yui_3_16_0_5_1404460348297_6"> </div>
<div id="yiv6043112129yui_3_16_0_5_1404460348297_7">I'm
having problems with JAR files signed and
timestamped with JDK9 - they fail validation under
JDK7u60. It looks like this is due to the fact
that JDK9 timestamps by default using SHA-256 -
but in the JDK 7u tree, AlgorithmId.java is
missing a backport of changeset JDK-7180907 which
means that SignatureFileVerifier#verifyTimestamp
fails since it is looking for an algorithm with
the non-standard name SHA256 (without a hyphen).</div>
<div id="yiv6043112129yui_3_16_0_6_1404460348297_9"> </div>
<div id="yiv6043112129yui_3_16_0_6_1404460348297_10">By
the way, the bug report talks about Web Start, but
the minimal reproducable case is much easier and
doesn't involve Web Start:</div>
<div id="yiv6043112129yui_3_16_0_6_1404460348297_12">-
create a jar with one file in it</div>
<div id="yiv6043112129yui_3_16_0_6_1404460348297_14">-
sign and timestamp with JDK9 using default
settings</div>
<div id="yiv6043112129yui_3_16_0_6_1404460348297_20">-
verify with JDK7 -> verification failure "jar
is unsigned. (signatures missing or not parsable)"</div>
<div id="yiv6043112129yui_3_16_0_6_1404460348297_22"> </div>
<div id="yiv6043112129yui_3_16_0_6_1404460348297_23">Running
the verification with -J-Djava.security.debug=jar
gives </div>
<div
id="yiv6043112129yui_3_16_0_1_1404460348297_8390">jar:
processEntry: processing block<br>
jar: processEntry caught:
java.security.NoSuchAlgorithmException: SHA256
MessageDigest not available<br>
jar: done with meta!<br>
jar: nothing to verify!</div>
<div id="yiv6043112129yui_3_16_0_6_1404460348297_28"> </div>
<div id="yiv6043112129yui_3_16_0_6_1404460348297_31">Hope
that helps,</div>
<div id="yiv6043112129yui_3_16_0_6_1404460348297_33">Robert</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>