* Main.java
98 private static final DisabledAlgorithmConstraints SIGN_CHECK =
99 new DisabledAlgorithmConstraints(
100
DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS);
This should be changed to PROPERTY_JAR_DISABLED_ALGS now that the fix
for 8167594 is in 9.
* Resources.java
150 "The jar will be treated as unsigned, because it is
signed with a weak algorithm that is now disabled.\n\nRe-run jarsigner
with the -verbose option for more details."},
Should this also have "WARNING:" at the beginning like the other 2
unsigned warning messages?
* JarUtils.java
45 * a new jar entry will be created with the file name itself the
content.
70 * with the file name itself the content.
These 2 lines would be more understandable if you changed "itself the
content" to "itself as the content".
* TimestampCheck.java
You will need to update this test based on the new MD5 restrictions
added in 8167594.
--Sean
On 10/19/2016 03:36 AM, Wang Weijun wrote:
Please review the code change at
http://cr.openjdk.java.net/~weijun/8163304/webrev.01/
With this change, "jarsigner -verify -verbose" will print out how a jar was
signed.
For example, a jar which was signed and timestamped with many weak algorithms
will show
- Signed by "CN=old"
Digest algorithm: MD2 (weak)
Signature algorithm: MD2withRSA (weak), 2048-bit key
Timestamped by "CN=tsbad1" on Wed Oct 19 07:32:22 UTC 2016
Timestamp digest algorithm: MD2 (weak)
Timestamp signature algorithm: SHA1withRSA, 512-bit key (weak)
WARNING: The jar will be treated as unsigned, because it is signed with a weak
algorithm that is now disabled by the security property:
jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024, DSA keySize < 1024
Thanks
Max
