Is it possible to find out the key size of the signer if we only have the signature

I am writing a tool to warn about weak key usage in a certificate or CRL. One of the warnings is if it's signed by a cert with a small key size. But the signer's cert is not always available. I can see that the signature's size depends on the signer's key size. Is there a reliable way to

Re: RFR 8168075: Custom system class loader + security manager + malformed policy file = recursive initialization

> On Jan 11, 2017, at 5:34 AM, Adam Petcher wrote: > > Please review the following bug fix: > > http://cr.openjdk.java.net/~apetcher/8168075/webrev.00/ > > This fixes a bug in which a permission check would try to load resources > while the system class loader is

RFR: 8037325: Class.getConstructor() performance regression

Hi, please review this fix to various performance regressions observed as the security model has evolved over the years. Bug: https://bugs.openjdk.java.net/browse/JDK-8037325 Webrev: http://cr.openjdk.java.net/~redestad/8037325/webrev.01 - For cases where a SecurityManager is not installed,

Re: RFR: 8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default

> On Jan 9, 2017, at 11:25 AM, Sean Mullan wrote: > > Please review this JDK 9 change to make the > SecurityManager::checkPackageAccess and checkPackageDefinition > implementations restrict access to the same set of internal JDK packages as > the module system. > >

Re: Is it possible to find out the key size of the signer if we only have the signature

On 1/12/2017 3:03 AM, Weijun Wang wrote: I am writing a tool to warn about weak key usage in a certificate or CRL. One of the warnings is if it's signed by a cert with a small key size. But the signer's cert is not always available. I can see that the signature's size depends on the signer's

Re: RFR 8168075: Custom system class loader + security manager + malformed policy file = recursive initialization

I need to incorporate some feedback. Also, one of Siba's tests still fails on this code, so I need to fix that. Stand by for the next diff. On 1/12/2017 1:50 PM, Sean Mullan wrote: Fix looks good to me. --Sean On 1/11/17 8:34 AM, Adam Petcher wrote: Please review the following bug fix:

Re: Feedback on SSLEngine.setHandshakeApplicationProtocolSelector()

Hi, On Wed, Jan 11, 2017 at 5:57 PM, Simone Bordet wrote: > Hi, > > I just wanted to report that I have implemented the new mechanism > provided by SSLEngine.setHandshakeApplicationProtocolSelector() in > Jetty, and it works well in a much much simpler way. > > The

Re: RFR 8168075: Custom system class loader + security manager + malformed policy file = recursive initialization

Fix looks good to me. --Sean On 1/11/17 8:34 AM, Adam Petcher wrote: Please review the following bug fix: http://cr.openjdk.java.net/~apetcher/8168075/webrev.00/ This fixes a bug in which a permission check would try to load resources while the system class loader is being initialized.

Re: Is it possible to find out the key size of the signer if we only have the signature

On 1/12/2017 1:50 PM, Michael StJohns wrote: On 1/12/2017 3:03 AM, Weijun Wang wrote: I am writing a tool to warn about weak key usage in a certificate or CRL. One of the warnings is if it's signed by a cert with a small key size. But the signer's cert is not always available. I can see that