On Wed, 23 Sep 2020 14:41:59 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> Major points in CSR at https://bugs.openjdk.java.net/browse/JDK-8245274: > > - new sigalg "RSASSA-PSS", "EdDSA", "Ed25519" and "Ed448" can be used in > jarsigner > > - The ".RSA" and ".EC" block extension types (PKCS #7 SignedData inside a > signed JAR) are reused for new signature > algorithms > > - A new JarSigner property "directsign" > > - Updating the jarsigner tool doc > > Major code changes: > > - Always use the signature algorithm directly as > SignerInfo::signatureAlgorithm. We used to use the encryption algorithm > there like RSA, DSA, and EC. Now it's always SHA1withRSA or RSASSA-PSS. > > - Move signature related utilities methods from AlgorithmId.java to > SignatureUtil.java > > - Add new SignatureUtil methods fromKey() and fromSignature() to simplify > creating Signature and getting its AlgorithmId > > - Use the new methods in PKCS10, X509CertImpl, and X509CRLImpl signing > > - Add a new (and intuitive, IMHO) PKCS7::generateNewSignedData capable of all > old and new signature algorithms > > - Mark all -altsign related code deprecated and they can be removed once > ContentSigner is removed Changes requested by alanb (Reviewer). test/lib/jdk/test/lib/util/JarUtils.java line 90: > 88: String name = toJarEntryName(entry); > 89: jos.putNextEntry(new JarEntry(name)); > 90: if (Files.exists(dir.resolve(entry))) { This is test infrastructure that we use in several areas and changing it to allow file paths to files that don't exist be problematic. Is there any reason why the jarsigner can't create an empty or dummy file to put into the JAR file? ------------- PR: https://git.openjdk.java.net/jdk/pull/322
