<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Sean and Max,<br>
Thanks for your comments.<br>
Please review the updated webrev:
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~jjiang/8179614/webrev.01/">http://cr.openjdk.java.net/~jjiang/8179614/webrev.01/</a><br>
<br>
The test has been modified significantly. The main points are:<br>
1. Adds cases on EC. Now the test supports key algorithms RSA, DSA
and EC.<br>
2. Adds cases on SHA-512. Now the test supports digest algorithms
SHA-1, SHA-256 and SHA-512.<br>
3. Adds cases on key size. Exactly, [384, 571] for EC, [1024,
2048] for RSA and DSA.<br>
4. <a class="moz-txt-link-freetext">Adds cases on default
signature algorithm. Now the test report can display the default
</a><a class="moz-txt-link-freetext">algorithm</a><a
class="moz-txt-link-freetext"> at column [Signature Algorithm].<br>
5. Adds property -Djava.security.egd=</a><a
class="moz-txt-link-freetext">file:/dev/./urandom for keytool
and jarsigner commands.</a><a class="moz-txt-link-freetext"><br>
6. Create a separated application, JdkUtils.java, to determine
the JDK build version (java.runtime.version) and check if a
signature algorithm is supported by a JDK.<br>
7. Introduces a new property, named javaSecurityFile, for
allowing users to specify alternative java security properties
file.<br>
8. Renames report column [Cert Type] to [Certificate]. This
column displays the certificate identifiers, which is a
combination of key algorithm, digest algorithm, key size and
expired mark (if any).<br>
9. The test summary also be updated accordingly.</a><br>
<br>
Best regards,<br>
John Jiang<br>
</p>
<br>
<div class="moz-cite-prefix">On 07/06/2017 23:11, Sean Mullan wrote:<br>
</div>
<blockquote type="cite"
cite="mid:7bf702ef-5ba4-e2b4-5b88-1c6ab222534f@oracle.com">On
6/6/17 9:14 PM, <a class="moz-txt-link-abbreviated" href="mailto:sha.jiang@oracle.com">sha.jiang@oracle.com</a> wrote:
<br>
<blockquote type="cite">Hi Sean,
<br>
<br>
On 07/06/2017 04:27, Sean Mullan wrote:
<br>
<blockquote type="cite">Hi John,
<br>
<br>
This looks like a very useful test. I have not gone through
all of the code, but here are a few comments for now until I
have more time:
<br>
<br>
- add tests for EC keys
<br>
- add tests for SHA-512 variants of the signature algorithms
<br>
- add tests for larger key sizes (ex: 2048 for DSA/RSA)
<br>
- you can use the diamond operator <> in various places
<br>
- might be more compact if jdkList() used Files.lines() to
parse the file into a stream then an array
<br>
</blockquote>
I did consider about the above two points. Because the test will
be backported to JDK 6, so I only used the features those
supported by JDK 6.
<br>
I supposed that would make the backport easier. Does it make
sense?
<br>
</blockquote>
<br>
Yes, that makes sense.
<br>
<br>
--Sean
<br>
<br>
<blockquote type="cite">
<br>
Best regards,
<br>
John Jiang
<br>
<blockquote type="cite">- did you consider using the jarsigner
API (jdk.security.jarsigner) instead of the command-line? I
think this would be better (if possible) and it would give us
some more tests of that API.
<br>
<br>
--Sean
<br>
<br>
On 6/5/17 6:31 AM, <a class="moz-txt-link-abbreviated" href="mailto:sha.jiang@oracle.com">sha.jiang@oracle.com</a> wrote:
<br>
<blockquote type="cite">Hi,
<br>
Please review this manual test for checking if a jar, which
is signed and timestamped by a JDK build, could be verified
by other JDK builds.
<br>
It also can be used to check if the default timestamp digest
algorithm on signing is SHA-256.
<br>
For more details, please look through the test summary.
<br>
<br>
Issue: <a class="moz-txt-link-freetext" href="https://bugs.openjdk.java.net/browse/JDK-8179614">https://bugs.openjdk.java.net/browse/JDK-8179614</a>
<br>
Webrev:
<a class="moz-txt-link-freetext" href="http://cr.openjdk.java.net/~jjiang/8179614/webrev.00/">http://cr.openjdk.java.net/~jjiang/8179614/webrev.00/</a>
<br>
<br>
Best regards,
<br>
John Jiang
<br>
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>