Re: RFR: 8266225: jarsigner is using incorrect security property to show weakness of certs [v2]
On Fri, 7 May 2021 14:10:14 GMT, Weijun Wang wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Test with new java.security file > > Marked as reviewed by weijun (Reviewer). @wangweij @seanjmullan Thanks for the review. - PR: https://git.openjdk.java.net/jdk/pull/3905
Re: RFR: 8266225: jarsigner is using incorrect security property to show weakness of certs [v2]
On Thu, 6 May 2021 20:57:13 GMT, Hai-May Chao wrote: >> Please review the change to jarsigner so it uses certpath security property >> in order to properly display the weakness of the certificate algorithms. > > Hai-May Chao has updated the pull request incrementally with one additional > commit since the last revision: > > Test with new java.security file Marked as reviewed by mullan (Reviewer). - PR: https://git.openjdk.java.net/jdk/pull/3905
Re: RFR: 8266225: jarsigner is using incorrect security property to show weakness of certs [v2]
On Thu, 6 May 2021 20:57:13 GMT, Hai-May Chao wrote: >> Please review the change to jarsigner so it uses certpath security property >> in order to properly display the weakness of the certificate algorithms. > > Hai-May Chao has updated the pull request incrementally with one additional > commit since the last revision: > > Test with new java.security file Marked as reviewed by weijun (Reviewer). - PR: https://git.openjdk.java.net/jdk/pull/3905
Re: RFR: 8266225: jarsigner is using incorrect security property to show weakness of certs [v2]
On Thu, 6 May 2021 18:08:40 GMT, Weijun Wang wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Test with new java.security file > > test/jdk/sun/security/tools/jarsigner/CheckSignerCertChain.java line 90: > >> 88: // key, but not for its SHA1withRSA algorithm. >> 89: .shouldContain("Signature algorithm: SHA1withRSA, >> 1024-bit key (weak)") >> 90: .shouldHaveExitValue(0); > > What does the test show before this fix? > > I don't see `Security.setProperty` called or a new `java.security` file is > used. If `jdk.jar.dA` and `jdk.certpath.dA` are the same, then there's no way > to find out if the new code works. Added test using new java.security with different disabledAlgorithms for certpath and jar. - PR: https://git.openjdk.java.net/jdk/pull/3905
Re: RFR: 8266225: jarsigner is using incorrect security property to show weakness of certs [v2]
> Please review the change to jarsigner so it uses certpath security property > in order to properly display the weakness of the certificate algorithms. Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision: Test with new java.security file - Changes: - all: https://git.openjdk.java.net/jdk/pull/3905/files - new: https://git.openjdk.java.net/jdk/pull/3905/files/1d37f99e..533a7fed Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk=3905=01 - incr: https://webrevs.openjdk.java.net/?repo=jdk=3905=00-01 Stats: 27 lines in 1 file changed: 26 ins; 0 del; 1 mod Patch: https://git.openjdk.java.net/jdk/pull/3905.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/3905/head:pull/3905 PR: https://git.openjdk.java.net/jdk/pull/3905
Re: RFR: 8266225: jarsigner is using incorrect security property to show weakness of certs
On Thu, 6 May 2021 16:49:33 GMT, Hai-May Chao wrote: > Please review the change to jarsigner so it uses certpath security property > in order to properly display the weakness of the certificate algorithms. test/jdk/sun/security/tools/jarsigner/CheckSignerCertChain.java line 90: > 88: // key, but not for its SHA1withRSA algorithm. > 89: .shouldContain("Signature algorithm: SHA1withRSA, > 1024-bit key (weak)") > 90: .shouldHaveExitValue(0); What does the test show before this fix? I don't see `Security.setProperty` called or a new `java.security` file is used. If `jdk.jar.dA` and `jdk.certpath.dA` are the same, then there's no way to find out if the new code works. - PR: https://git.openjdk.java.net/jdk/pull/3905
RFR: 8266225: jarsigner is using incorrect security property to show weakness of certs
Please review the change to jarsigner so it uses certpath security property in order to properly display the weakness of the certificate algorithms. - Commit messages: - 8266225:jarsigner is using incorrect security property to show weakness of certs Changes: https://git.openjdk.java.net/jdk/pull/3905/files Webrev: https://webrevs.openjdk.java.net/?repo=jdk=3905=00 Issue: https://bugs.openjdk.java.net/browse/JDK-8266225 Stats: 39 lines in 2 files changed: 31 ins; 0 del; 8 mod Patch: https://git.openjdk.java.net/jdk/pull/3905.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/3905/head:pull/3905 PR: https://git.openjdk.java.net/jdk/pull/3905