> This PR resurrects VerifySignedJar which currently tests nothing. > > VerifySignedJar currently verifies a binary JAR which was signed with SHA-1 > back in April 2000. Because SHA-1 signed JARs has been disabled for a while, > the JAR is treated as unsigned so the test doesn't really test anything as of > now. > > The test is updated in the following ways: > > - The JAR used for verification is now created and signed with SHA-256 by the > test itself > - The test is updated to check that the JAR is actually signed and with the > expected certificate > - JarEntry InputStreams are now read fully to ensure verification of all > entries > - Objects.requireNonNull is used to check that entries returned by getEntry, > getJarEntry are non-null > - The existing binary JAR is retired
Eirik Bjorsnos has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains six additional commits since the last revision: - Merge remote-tracking branch 'eirbjo/verify-signed-jar' into verify-signed-jar - Add whitespace after "if" Co-authored-by: Andrey Turbanov <turban...@gmail.com> - Remove unused local variables, replace Unreached/catch with runAndCheckException - Merge branch 'master' into verify-signed-jar - Simplify checkSignedBy by using JarEntry.getCertificates() instead of JarEntry.getCodeSigners() - o Update VerifySignedJar test to create and sign a JAR file instead of reading a binary JAR from version control. o Make sure that verification is actually triggered by reading the entire file contents of each entry o Check that entries are signed with the expected certificate. o Use Objects.requireNonNull to check that entries returned by getEntry, getJarEntry are non-null o Retire the now unused binary test JAR "thawjar.jar" ------------- Changes: - all: https://git.openjdk.org/jdk/pull/12206/files - new: https://git.openjdk.org/jdk/pull/12206/files/8ff06744..c26b27da Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=12206&range=02 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=12206&range=01-02 Stats: 5306 lines in 266 files changed: 1548 ins; 1145 del; 2613 mod Patch: https://git.openjdk.org/jdk/pull/12206.diff Fetch: git fetch https://git.openjdk.org/jdk pull/12206/head:pull/12206 PR: https://git.openjdk.org/jdk/pull/12206
