On Mon, 6 Feb 2023 09:21:29 GMT, Eirik Bjorsnos <d...@openjdk.org> wrote:
>> This PR resurrects VerifySignedJar which currently tests nothing. >> >> VerifySignedJar currently verifies a binary JAR which was signed with SHA-1 >> back in April 2000. Because SHA-1 signed JARs has been disabled for a while, >> the JAR is treated as unsigned so the test doesn't really test anything as >> of now. >> >> The test is updated in the following ways: >> >> - The JAR used for verification is now created and signed with SHA-256 by >> the test itself >> - The test is updated to check that the JAR is actually signed and with the >> expected certificate >> - JarEntry InputStreams are now read fully to ensure verification of all >> entries >> - Objects.requireNonNull is used to check that entries returned by >> getEntry, getJarEntry are non-null >> - The existing binary JAR is retired > > Eirik Bjorsnos has updated the pull request with a new target base due to a > merge or a rebase. The incremental webrev excludes the unrelated changes > brought in by the merge/rebase. The pull request contains six additional > commits since the last revision: > > - Merge remote-tracking branch 'eirbjo/verify-signed-jar' into > verify-signed-jar > - Add whitespace after "if" > > Co-authored-by: Andrey Turbanov <turban...@gmail.com> > - Remove unused local variables, replace Unreached/catch with > runAndCheckException > - Merge branch 'master' into verify-signed-jar > - Simplify checkSignedBy by using JarEntry.getCertificates() instead of > JarEntry.getCodeSigners() > - o Update VerifySignedJar test to create and sign a JAR file instead of > reading a binary JAR from version control. > o Make sure that verification is actually triggered by reading the entire > file contents of each entry > o Check that entries are signed with the expected certificate. > o Use Objects.requireNonNull to check that entries returned by getEntry, > getJarEntry are non-null > o Retire the now unused binary test JAR "thawjar.jar" Looks good. Thanks. ------------- Marked as reviewed by weijun (Reviewer). PR: https://git.openjdk.org/jdk/pull/12206
