On Wed, 25 Jan 2023 17:38:13 GMT, Eirik Bjorsnos <[email protected]> wrote:
> This PR resurrects VerifySignedJar which currently tests nothing. > > VerifySignedJar currently verifies a binary JAR which was signed with SHA-1 > back in April 2000. Because SHA-1 signed JARs has been disabled for a while, > the JAR is treated as unsigned so the test doesn't really test anything as of > now. > > The test is updated in the following ways: > > - The JAR used for verification is now created and signed with SHA-256 by the > test itself > - The test is updated to check that the JAR is actually signed and with the > expected certificate > - JarEntry InputStreams are now read fully to ensure verification of all > entries > - Objects.requireNonNull is used to check that entries returned by getEntry, > getJarEntry are non-null > - The existing binary JAR is retired https://bugs.openjdk.org/browse/JDK-8301167 filed. Thanks. ------------- PR: https://git.openjdk.org/jdk/pull/12206
