Main.java: The warning (and the subsequent empty line) should be printed into System.err.
Resources.java: "This tool accepts any algorithm" is a little confusing (sorry that I originally suggested it). Maybe "This tool does not attempt to verify a signed jar file, please run \"jarsigner -verify\" if you want to." Also, ever since the 1st time hard coded strings are changed into dot-connected resource keys, newly added keys do not necessarily use the exact same string. Make it simple so next time if the value needs to be updated you don't need to change the key. Test: - You can also add -Duser.language=en and -Duser.country=US to keytool. - With my recent update to JarUtils.createJar(), there is no need to create the "test" file. Everything else looks fine. Thanks Max > On Nov 2, 2016, at 7:35 AM, Artem Smotrakov <artem.smotra...@oracle.com> > wrote: > > Hello, > > Please review this small update for keytool. > > "keytool -printcert -jarfile" doesn't work with jars which were signed with > algorithms listed in "jdk.jar.disabledAlgorithms" security property. > > The patch below resets "jdk.jar.disabledAlgorithms" security property before > reading a jar file, and prints a warning. > > I also re-wrote readjar.sh test, and added SecurityTools class with a couple > of re-usable methods for jarsigner and keytool (those methods are based on > methods from TimestampCheck.java). > > Bug: https://bugs.openjdk.java.net/browse/JDK-8168882 > Webrev: http://cr.openjdk.java.net/~asmotrak/8168882/webrev.00/ > > Artem
