On Tue, 13 Oct 2020 13:34:27 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Major points in CSR at https://bugs.openjdk.java.net/browse/JDK-8245274: >> >> - new sigalg "RSASSA-PSS", "EdDSA", "Ed25519" and "Ed448" can be used in >> jarsigner >> >> - The ".RSA" and ".EC" block extension types (PKCS #7 SignedData inside a >> signed JAR) are reused for new signature >> algorithms >> >> - A new JarSigner property "directsign" >> >> - Updating the jarsigner tool doc >> >> Major code changes: >> >> - Always use the signature algorithm directly as >> SignerInfo::signatureAlgorithm. We used to use the encryption algorithm >> there like RSA, DSA, and EC. Now it's always SHA1withRSA or RSASSA-PSS. >> >> - Move signature related utilities methods from AlgorithmId.java to >> SignatureUtil.java >> >> - Add new SignatureUtil methods fromKey() and fromSignature() to simplify >> creating Signature and getting its AlgorithmId >> >> - Use the new methods in PKCS10, X509CertImpl, and X509CRLImpl signing >> >> - Add a new (and intuitive, IMHO) PKCS7::generateNewSignedData capable of >> all old and new signature algorithms >> >> - Mark all -altsign related code deprecated and they can be removed once >> ContentSigner is removed > > Weijun Wang has refreshed the contents of this pull request, and previous > commits have been removed. The incremental > views will show differences compared to the previous content of the PR. test/jdk/jdk/security/jarsigner/Spec.java line 128: > 126: npe(()->b1.setProperty("sectionsonly", null)); > 127: iae(()->b1.setProperty("sectionsonly", "OK")); > 128: npe(()->b1.setProperty("sectionsonly", null)); Is 'altsigner' support removed? But I saw it being used in later part of this test. The javadoc for JarSigner.Builder only lists a subset of above properties. Are those not in javadoc internal and can be removed any time, just curious? Nit: maybe add 8242068 to `@bug line` for existing regression tests? ------------- PR: https://git.openjdk.java.net/jdk/pull/322
