Re: RFR: 8378291: Test vector in test/jdk/java/util/jar/JarEntry/GetMethodsReturnClones.java is effectively unsigned [v3]

Wed, 08 Apr 2026 21:51:24 -0700 

On Wed, 8 Apr 2026 10:22:32 GMT, Jaikiran Pai <[email protected]> wrote:

>> Can I please get a review of this test-only change which updates the 
>> `test/jdk/java/util/jar/JarEntry/GetMethodsReturnClones.java` test to use a 
>> dynamically generated signed JAR file to run its tests? This addresses 
>> https://bugs.openjdk.org/browse/JDK-8378291.
>> 
>> This test exercises the `JarEntry.getCertificates()` and 
>> `JarEntry.getCodeSigners()` method to verify that those methods return a 
>> copy of the original array thus preventing any updates to the returned array 
>> from being propagated to the original array. This test was using a 
>> pre-generated `test.jar` file which was signed using a (now) weak key and 
>> the JAR was being treated as unsigned:
>> 
>> 
>> jarsigner -certs  -verbose -verify test/jdk/java/util/jar/JarEntry/test.jar 
>> 
>>          140 Sun Feb 08 17:22:36 IST 2004 META-INF/MANIFEST.MF
>>          202 Sun Feb 08 17:22:36 IST 2004 META-INF/TEST.SF
>>         1595 Sun Feb 08 17:22:36 IST 2004 META-INF/TEST.RSA
>>            0 Tue Sep 17 13:07:14 IST 2002 META-INF/
>>  m  ?   1770 Tue Sep 17 13:04:40 IST 2002 WriteFileTest.class
>> 
>>   s = signature was verified 
>>   m = entry is listed in manifest
>>   k = at least one certificate was found in keystore
>>   ? = unsigned entry
>> 
>> ...
>> WARNING: The jar will be treated as unsigned, because it is signed with a 
>> weak algorithm that is now disabled by the security property:
>> 
>>   jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 
>> 1024, SHA1 denyAfter 2019-01-01
>> 
>> 
>> The test has now been updated to dynamically generate the JAR file and 
>> verify these methods. Existing tests in `test/jdk/java/util/jar` continue to 
>> pass and tier1 testing is currently in progress.
>
> Jaikiran Pai has updated the pull request incrementally with one additional 
> commit since the last revision:
> 
>   rename test method

@jaikiran Yes indeed, I think all my questions and comments were taken care of. 
Thanks!

-------------

Marked as reviewed by eirbjo (Committer).

PR Review: https://git.openjdk.org/jdk/pull/30602#pullrequestreview-4079751176

Reply via email to