> This PR resurrects VerifySignedJar which currently tests nothing. > > VerifySignedJar currently verifies a binary JAR which was signed with SHA-1 > back in April 2000. Because SHA-1 signed JARs has been disabled for a while, > the JAR is treated as unsigned so the test doesn't really test anything as of > now. > > The test is updated in the following ways: > > - The JAR used for verification is now created and signed with SHA-256 by the > test itself > - The test is updated to check that the JAR is actually signed and with the > expected certificate > - JarEntry InputStreams are now read fully to ensure verification of all > entries > - Objects.requireNonNull is used to check that entries returned by getEntry, > getJarEntry are non-null > - The existing binary JAR is retired
Eirik Bjorsnos has updated the pull request incrementally with one additional commit since the last revision: Add whitespace after "if" Co-authored-by: Andrey Turbanov <[email protected]> ------------- Changes: - all: https://git.openjdk.org/jdk/pull/12206/files - new: https://git.openjdk.org/jdk/pull/12206/files/66ad0c7d..8ff06744 Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=12206&range=01 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=12206&range=00-01 Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod Patch: https://git.openjdk.org/jdk/pull/12206.diff Fetch: git fetch https://git.openjdk.org/jdk pull/12206/head:pull/12206 PR: https://git.openjdk.org/jdk/pull/12206
