On Thu, 12 Sep 2024 15:32:44 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> There ~are two~ is one change~s~:
>>
>> 1. In `jarsigner -verify`, check a .SF file contains un-existing entries and
>> print them out as
>>
>> Warning: nonexistent signed entries detected: [a]
>>
>> ~2. In `JarSigner::sign0`, when creating a new .SF file, only include signed
>> file entries.~
>>
>> *Update*: Even when the JAR file is re-signed, the hash entry for the
>> missing file will be in the new .SF file. There is no way to tell if this is
>> for a file entry or a user-defined entry.
>
> Weijun Wang has updated the pull request incrementally with one additional
> commit since the last revision:
>
> test enhancements
src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Resources.java line
167:
> 165: {"history.with.ts", "- Signed by \"%1$s\"\n Digest algorithm:
> %2$s\n Signature algorithm: %3$s, %4$s\n Timestamped by \"%6$s\" on
> %5$tc\n Timestamp digest algorithm: %7$s\n Timestamp signature
> algorithm: %8$s, %9$s"},
> 166: {"history.without.ts", "- Signed by \"%1$s\"\n Digest
> algorithm: %2$s\n Signature algorithm: %3$s, %4$s"},
> 167: {"history.nonexistent.entries", " Warning: nonexistent signed
> entries: "},
Inline with existing warning message, can it be "WARNING: Nonexistent signed
entries: "
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/19599#discussion_r1757164451
