On Thu, 3 Mar 2022 07:24:49 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
>> This fixes jarsigner to enforce checking against algorithm constraint
>> properties so when the signature algorithms parameters use disabled or
>> legacy algorithms, it will emit warnings accordingly. If the algorithm used
>> in parameters is disabled, jarsigner treats the jar as unsigned.
>
> Hai-May Chao has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Removed unused string
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 1418:
> 1416: "RSASSA-PSS", algParams);
> 1417: default:
> 1418: return
> String.format(rb.getString("with.disabled"), algParams);
There is no need to differentiate RSASSA-PSS and other algorithms. Just use the
exact same format as you defined in `Resources.java`. This makes sure if one
day another type of algorithm parameters fail the check, we will see the
algorithm name and full description of the parameters as well. If the
description is not clear, it's the problem of its `toString()` implementation.
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 1452:
> 1450: default:
> 1451: return String.format(rb.getString("with.weak"),
> algParams);
> 1452: }
Same as above.
-------------
PR: https://git.openjdk.java.net/jdk/pull/7582
