On Wed, 25 Jan 2023 17:38:13 GMT, Eirik Bjorsnos <[email protected]> wrote:
> This PR resurrects VerifySignedJar which currently tests nothing. > > VerifySignedJar currently verifies a binary JAR which was signed with SHA-1 > back in April 2000. Because SHA-1 signed JARs has been disabled for a while, > the JAR is treated as unsigned so the test doesn't really test anything as of > now. > > The test is updated in the following ways: > > - The JAR used for verification is now created and signed with SHA-256 by the > test itself > - The test is updated to check that the JAR is actually signed and with the > expected certificate > - JarEntry InputStreams are now read fully to ensure verification of all > entries > - Objects.requireNonNull is used to check that entries returned by getEntry, > getJarEntry are non-null > - The existing binary JAR is retired This pull request has now been integrated. Changeset: 05ea083b Author: Eirik Bjorsnos <[email protected]> Committer: Weijun Wang <[email protected]> URL: https://git.openjdk.org/jdk/commit/05ea083b0563ddacf3e38dc329ba00dc4bac9b29 Stats: 110 lines in 2 files changed: 84 ins; 12 del; 14 mod 8301167: Update VerifySignedJar to actually exercise and test verification Reviewed-by: weijun ------------- PR: https://git.openjdk.org/jdk/pull/12206
