Re: RFR 8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar

2016-10-19 Thread Sean Mullan 
Looks good. 

> On Oct 19, 2016, at 8:07 PM, Wang Weijun  wrote:
> 
> Updated at
> 
>   http://cr.openjdk.java.net/~weijun/8163304/webrev.02/
> 
> changes to webrev.01 is at
> 
>  http://cr.openjdk.java.net/~weijun/8163304/webrev.02/interdiff.patch.html
> 
> Thanks
> Max
>

Re: RFR 8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar

2016-10-19 Thread Wang Weijun 
Updated at

   http://cr.openjdk.java.net/~weijun/8163304/webrev.02/

changes to webrev.01 is at

  http://cr.openjdk.java.net/~weijun/8163304/webrev.02/interdiff.patch.html

Thanks
Max

Re: RFR 8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar

2016-10-19 Thread Wang Weijun 
> Am Wed, 19 Oct 2016 16:13:24 -0400
> schrieb Sean Mullan <
> sean.mullan at oracle.com
> >:
> 
> >
>  150 "The jar will be treated as unsigned, because it
> 
> >
>  is signed with a weak algorithm that is now disabled.\n\nRe-run
> 
> >
>  jarsigner with the -verbose option for more details."},
> 
> 
> I also wondered: what if there are multiple signatures. So a "because
> it is signed only with weak algorithms" might be better?

This is more precise.

But probably not more helpful. This warning only shows when all algorithms are 
weak and saying one algorithm is weak is not misleading.

IMO, people will only get confused when one signature is weak and the other is 
not. In this case, the history prints out 2 signatures but "jarsigner -verify 
-verbose -certs" only shows one for the entries. I hope the weak label there 
could be meaningful.

Thanks
Max

> 
> Gruss
> Bernd

Re: RFR 8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar

2016-10-19 Thread Wang Weijun 

> On Oct 20, 2016, at 4:13 AM, Sean Mullan  wrote:
> 
> * Main.java
> 
>  98 private static final DisabledAlgorithmConstraints SIGN_CHECK =
>  99 new DisabledAlgorithmConstraints(
> 100 DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS);
> 
> This should be changed to PROPERTY_JAR_DISABLED_ALGS now that the fix for 
> 8167594 is in 9.

Yes.

> 
> * Resources.java
> 
> 150 "The jar will be treated as unsigned, because it is 
> signed with a weak algorithm that is now disabled.\n\nRe-run jarsigner with 
> the -verbose option for more details."},
> 
> Should this also have "WARNING:" at the beginning like the other 2 unsigned 
> warning messages?

You suggested this some time ago:

   I think we should say "WARNING: Signature not parsable or verifiable. ..."

   Without the word "WARNING", the impact (to me) seems to get lost in the 
verbose output. The "WARNING" part is not needed if -verbose is not specified.


> 
> * JarUtils.java
> 
> 45  * a new jar entry will be created with the file name itself the 
> content.
> 70  * with the file name itself the content.
> 
> These 2 lines would be more understandable if you changed "itself the 
> content" to "itself as the content".

Yes.

> 
> * TimestampCheck.java
> 
> You will need to update this test based on the new MD5 restrictions added in 
> 8167594.

Yes.

Thanks
Max

> 
> --Sean
> 
> On 10/19/2016 03:36 AM, Wang Weijun wrote:
>> Please review the code change at
>> 
>>   http://cr.openjdk.java.net/~weijun/8163304/webrev.01/
>> 
>> With this change, "jarsigner -verify -verbose" will print out how a jar was 
>> signed.
>> 
>> For example, a jar which was signed and timestamped with many weak 
>> algorithms will show
>> 
>> - Signed by "CN=old"
>>Digest algorithm: MD2 (weak)
>>Signature algorithm: MD2withRSA (weak), 2048-bit key
>>  Timestamped by "CN=tsbad1" on Wed Oct 19 07:32:22 UTC 2016
>>Timestamp digest algorithm: MD2 (weak)
>>Timestamp signature algorithm: SHA1withRSA, 512-bit key (weak)
>> 
>> WARNING: The jar will be treated as unsigned, because it is signed with a 
>> weak algorithm that is now disabled by the security property:
>> 
>>  jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024, DSA keySize < 1024
>> 
>> Thanks
>> Max
>>

Re: RFR 8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar

2016-10-19 Thread Bernd Eckenfels 
Am Wed, 19 Oct 2016 16:13:24 -0400
schrieb Sean Mullan :

> 150 "The jar will be treated as unsigned, because it
> is signed with a weak algorithm that is now disabled.\n\nRe-run
> jarsigner with the -verbose option for more details."},

I also wondered: what if there are multiple signatures. So a "because
it is signed only with weak algorithms" might be better?

Gruss
Bernd

Re: RFR 8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar

2016-10-19 Thread Sean Mullan 

* Main.java

  98 private static final DisabledAlgorithmConstraints SIGN_CHECK =
  99 new DisabledAlgorithmConstraints(
 100 
DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS);


This should be changed to PROPERTY_JAR_DISABLED_ALGS now that the fix 
for 8167594 is in 9.


* Resources.java

150 "The jar will be treated as unsigned, because it is 
signed with a weak algorithm that is now disabled.\n\nRe-run jarsigner 
with the -verbose option for more details."},


Should this also have "WARNING:" at the beginning like the other 2 
unsigned warning messages?


* JarUtils.java

45  * a new jar entry will be created with the file name itself the 
content.

70  * with the file name itself the content.

These 2 lines would be more understandable if you changed "itself the 
content" to "itself as the content".


* TimestampCheck.java

You will need to update this test based on the new MD5 restrictions 
added in 8167594.


--Sean

On 10/19/2016 03:36 AM, Wang Weijun wrote:

Please review the code change at

   http://cr.openjdk.java.net/~weijun/8163304/webrev.01/

With this change, "jarsigner -verify -verbose" will print out how a jar was 
signed.

For example, a jar which was signed and timestamped with many weak algorithms 
will show

- Signed by "CN=old"
Digest algorithm: MD2 (weak)
Signature algorithm: MD2withRSA (weak), 2048-bit key
  Timestamped by "CN=tsbad1" on Wed Oct 19 07:32:22 UTC 2016
Timestamp digest algorithm: MD2 (weak)
Timestamp signature algorithm: SHA1withRSA, 512-bit key (weak)

WARNING: The jar will be treated as unsigned, because it is signed with a weak 
algorithm that is now disabled by the security property:

  jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024, DSA keySize < 1024

Thanks
Max

RFR 8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar

2016-10-19 Thread Wang Weijun 
Please review the code change at

   http://cr.openjdk.java.net/~weijun/8163304/webrev.01/

With this change, "jarsigner -verify -verbose" will print out how a jar was 
signed.

For example, a jar which was signed and timestamped with many weak algorithms 
will show

- Signed by "CN=old"
Digest algorithm: MD2 (weak)
Signature algorithm: MD2withRSA (weak), 2048-bit key
  Timestamped by "CN=tsbad1" on Wed Oct 19 07:32:22 UTC 2016
Timestamp digest algorithm: MD2 (weak)
Timestamp signature algorithm: SHA1withRSA, 512-bit key (weak)

WARNING: The jar will be treated as unsigned, because it is signed with a weak 
algorithm that is now disabled by the security property:

  jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024, DSA keySize < 1024

Thanks
Max