On Wed, 2 Mar 2022 17:46:26 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
>> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line
>> 1414:
>>
>>> 1412: } catch (CertPathValidatorException e) {
>>> 1413: disabledAlgFound = true;
>>> 1414: return String.format(rb.getString("with.disabled"),
>>> algParams);
>>
>> The return value of this method will be shown as the "Signature algorithm"
>> in the output. It's OK to include an optional "weak" (or "disabled") tag,
>> but the core part still must be an algorithm name. Here, the updated code
>> returns the string format of `algParams`, which is not an algorithm name.
>>
>> I'm not sure how to fix this nicely. Certainly you want to show the user why
>> it is weak so the weak part should be displayed. A verbose solution could be
>> "RSSSSA-PSS using PSSParameterSpec(...SHA-1...) (weak)", but the
>> `toString()` output of `PSSParameterSpec` is quite long.
>>
>> Same comment to the code change below.
>
> I add "RSSSSA-PSS using “ to the `-verbose` output as suggested, and keep the
> remaining output as the parameters for the RSASSA-PSS contain hashAlgorithm
> and maskGenAlgorithm that could be disabled or weak. At the same time, strip
> off the saltLength and trailerField display.
What does it look like now? Also, you might need to create a mapping in
`Resources.java` because "using" should only be shown when system language is
English.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7582
