Re: RFR 8242260: Remove customizable ContentSigner from jarsigner
So the classes will be useless but at least old program still compiles. I'll modify the CSR and see how Joe thinks of this. Thanks, Max > 在 2020年4月9日,22:58,Sean Mullan 写道: > > On 4/9/20 10:52 AM, Weijun Wang wrote: >> All info for signing are passed into a ContentSigner through a >> ContentSignerParameters object. In order to pass more info, I’ll need to >> create new interface methods for it. > > But you can just use your solution in JarSigner in the webrev below where you > are calling PKCS7.generateSignedData instead of ContentSigner. Just because > the ContentSigner APIs are still there doesn't mean you have to use it in > jarsigner (unless I am missing something). > > --Sean > >> —Max 在 2020年4月9日,21:27,Sean Mullan 写道: >>> >>> On 4/9/20 3:13 AM, Wang Weijun wrote: Oh, I'll then need to add new fields to it to support RSASSA-PSS and EdDSA. Sigh. >>> >>> Why would you need to do that if they are deprecated? >>> >>> --Sean >>> --Max >> 在 2020年4月9日,01:58,Sean Mullan 写道: > > We never actually deprecated the com.sun.jarsigner package with a > forRemoval=true flag, so while it may be very low-risk to remove these > APIs, I feel that we should not remove it w/o prior notice. > > I would suggest adding the forRemoval=true for this package/APIs instead, > and plan on removing it in JDK 16 or 17. > > I'm ok with removing the jarsigner options because the man page already > warned that they may be removed. > > --Sean > > >> On 4/7/20 4:04 AM, Weijun Wang wrote: >> I am thinking about removing the `jarsigner -altsigner -altsignerpath` >> options and underlying classes: >> JBS : https://bugs.openjdk.java.net/browse/JDK-8242260 >> Please review everything at: >>Release note : https://bugs.openjdk.java.net/browse/JDK-8242261 >> CSR : https://bugs.openjdk.java.net/browse/JDK-8242262 >> webrev : http://cr.openjdk.java.net/~weijun/8242260/webrev.00/ >> The CSR "Problem" section has more info on why it's better to remove it >> now. >> Thanks, >> Max
Re: RFR JDK-8239595/JDK-8239594 : ssl context version is not respected/jdk.tls.client.protocols is not respected
Thanks Rahul. I believe you can mark it as Delivered now. On 09/04/2020 14:13, Rahul wrote: Thanks for the review Daniel. I have created a release note. RN :https://bugs.openjdk.java.net/browse/JDK-8242387
Re: RFR 8242260: Remove customizable ContentSigner from jarsigner
On 4/9/20 10:52 AM, Weijun Wang wrote: All info for signing are passed into a ContentSigner through a ContentSignerParameters object. In order to pass more info, I’ll need to create new interface methods for it. But you can just use your solution in JarSigner in the webrev below where you are calling PKCS7.generateSignedData instead of ContentSigner. Just because the ContentSigner APIs are still there doesn't mean you have to use it in jarsigner (unless I am missing something). --Sean —Max 在 2020年4月9日,21:27,Sean Mullan 写道: On 4/9/20 3:13 AM, Wang Weijun wrote: Oh, I'll then need to add new fields to it to support RSASSA-PSS and EdDSA. Sigh. Why would you need to do that if they are deprecated? --Sean --Max 在 2020年4月9日,01:58,Sean Mullan 写道: We never actually deprecated the com.sun.jarsigner package with a forRemoval=true flag, so while it may be very low-risk to remove these APIs, I feel that we should not remove it w/o prior notice. I would suggest adding the forRemoval=true for this package/APIs instead, and plan on removing it in JDK 16 or 17. I'm ok with removing the jarsigner options because the man page already warned that they may be removed. --Sean On 4/7/20 4:04 AM, Weijun Wang wrote: I am thinking about removing the `jarsigner -altsigner -altsignerpath` options and underlying classes: JBS : https://bugs.openjdk.java.net/browse/JDK-8242260 Please review everything at: Release note : https://bugs.openjdk.java.net/browse/JDK-8242261 CSR : https://bugs.openjdk.java.net/browse/JDK-8242262 webrev : http://cr.openjdk.java.net/~weijun/8242260/webrev.00/ The CSR "Problem" section has more info on why it's better to remove it now. Thanks, Max
Re: RFR 8242260: Remove customizable ContentSigner from jarsigner
All info for signing are passed into a ContentSigner through a ContentSignerParameters object. In order to pass more info, I’ll need to create new interface methods for it. —Max > 在 2020年4月9日,21:27,Sean Mullan 写道: > > On 4/9/20 3:13 AM, Wang Weijun wrote: >> Oh, I'll then need to add new fields to it to support RSASSA-PSS and EdDSA. >> Sigh. > > Why would you need to do that if they are deprecated? > > --Sean > >> --Max 在 2020年4月9日,01:58,Sean Mullan 写道: >>> >>> We never actually deprecated the com.sun.jarsigner package with a >>> forRemoval=true flag, so while it may be very low-risk to remove these >>> APIs, I feel that we should not remove it w/o prior notice. >>> >>> I would suggest adding the forRemoval=true for this package/APIs instead, >>> and plan on removing it in JDK 16 or 17. >>> >>> I'm ok with removing the jarsigner options because the man page already >>> warned that they may be removed. >>> >>> --Sean >>> >>> On 4/7/20 4:04 AM, Weijun Wang wrote: I am thinking about removing the `jarsigner -altsigner -altsignerpath` options and underlying classes: JBS : https://bugs.openjdk.java.net/browse/JDK-8242260 Please review everything at: Release note : https://bugs.openjdk.java.net/browse/JDK-8242261 CSR : https://bugs.openjdk.java.net/browse/JDK-8242262 webrev : http://cr.openjdk.java.net/~weijun/8242260/webrev.00/ The CSR "Problem" section has more info on why it's better to remove it now. Thanks, Max
Re: RFR 8242260: Remove customizable ContentSigner from jarsigner
On 4/9/20 3:13 AM, Wang Weijun wrote: Oh, I'll then need to add new fields to it to support RSASSA-PSS and EdDSA. Sigh. Why would you need to do that if they are deprecated? --Sean --Max 在 2020年4月9日,01:58,Sean Mullan 写道: We never actually deprecated the com.sun.jarsigner package with a forRemoval=true flag, so while it may be very low-risk to remove these APIs, I feel that we should not remove it w/o prior notice. I would suggest adding the forRemoval=true for this package/APIs instead, and plan on removing it in JDK 16 or 17. I'm ok with removing the jarsigner options because the man page already warned that they may be removed. --Sean On 4/7/20 4:04 AM, Weijun Wang wrote: I am thinking about removing the `jarsigner -altsigner -altsignerpath` options and underlying classes: JBS : https://bugs.openjdk.java.net/browse/JDK-8242260 Please review everything at: Release note : https://bugs.openjdk.java.net/browse/JDK-8242261 CSR : https://bugs.openjdk.java.net/browse/JDK-8242262 webrev : http://cr.openjdk.java.net/~weijun/8242260/webrev.00/ The CSR "Problem" section has more info on why it's better to remove it now. Thanks, Max
Re: RFR JDK-8239595/JDK-8239594 : ssl context version is not respected/jdk.tls.client.protocols is not respected
Thanks for the review Daniel. I have created a release note. RN : https://bugs.openjdk.java.net/browse/JDK-8242387 --Rahul On 08/04/2020, 16:00, "Daniel Fuchs" wrote: Good work Rahul! I am not sure whether that deserves a CSR (probably not) but we may want to create some release note to explain that the HttpClient is no longer overriding the default protocols selected by the SSLContext. So HTTP 1.1 over TLSv1.1 might now get negotiated where previously an handshake failure would have occurred. It might be worth mentioning in a release note. best regards, -- daniel On 08/04/2020 10:13, Rahul wrote: > Updated patch after considering the impact of returning default parameters on the http client. > TLS versions earlier limited to 1.2 and above by client, now will support all versions(wrt the scenarios for this bug). > > Issue:https://bugs.openjdk.java.net/browse/JDK-8239595 > Issue:https://bugs.openjdk.java.net/browse/JDK-8239594 > > Webrev:http://cr.openjdk.java.net/~jboes/rayayada/webrevs/8239595/webrev.01/ > > -- Rahul
Re: RFR 8242184: CRL generation error with RSASSA-PSS
Valerie in another reply suggested that the default parameters of the default sigAlg depends on either the size of the key (if RSA) of the params of the key (if RSASSA-PSS). I'll address all of these in another bug. Thanks, Max > 在 2020年4月9日,03:47,Sean Mullan 写道: > > On 4/6/20 11:11 PM, Weijun Wang wrote: >> Please review the fix at >>http://cr.openjdk.java.net/~weijun/8242184/webrev.00/ >> The major change is inside X509CRLImpl.java to allow params setting and >> reading. >> I also take this chance to: >> 1. Provide a default -sigalg for "keytool -genkeypair -keyalg rsassa-pss". > > I think you should file a CSR for that, since it is a new default, and the > default varies based on the size of the key. You should also update the > keytool man page section on defaults. > > --Sean > >> 2. Revert a former change in X509CertImpl.java, which might be a safer call. >> Thanks, >> Max
Re: RFR 8242260: Remove customizable ContentSigner from jarsigner
Oh, I'll then need to add new fields to it to support RSASSA-PSS and EdDSA. Sigh. --Max > 在 2020年4月9日,01:58,Sean Mullan 写道: > > We never actually deprecated the com.sun.jarsigner package with a > forRemoval=true flag, so while it may be very low-risk to remove these APIs, > I feel that we should not remove it w/o prior notice. > > I would suggest adding the forRemoval=true for this package/APIs instead, and > plan on removing it in JDK 16 or 17. > > I'm ok with removing the jarsigner options because the man page already > warned that they may be removed. > > --Sean > > >> On 4/7/20 4:04 AM, Weijun Wang wrote: >> I am thinking about removing the `jarsigner -altsigner -altsignerpath` >> options and underlying classes: >> JBS : https://bugs.openjdk.java.net/browse/JDK-8242260 >> Please review everything at: >>Release note : https://bugs.openjdk.java.net/browse/JDK-8242261 >> CSR : https://bugs.openjdk.java.net/browse/JDK-8242262 >> webrev : http://cr.openjdk.java.net/~weijun/8242260/webrev.00/ >> The CSR "Problem" section has more info on why it's better to remove it now. >> Thanks, >> Max
