https://issues.apache.org/bugzilla/show_bug.cgi?id=52344
--- Comment #4 from Wang Weijun <[email protected]> 2011-12-19 06:58:49 UTC --- 1. Sure, the field can be made private. 2. The two options are only for the signing side, they are not provided on the verify side, so has better stay inside SignJar. 3. What would "isSigned" be used for? The jarsigner does not care if a jar was signed or not. 4. Sorry, I'm not familiar with AntUnit tests. Besides the XML file, are there codes behind? For this patch, you need to check if the output signed jar does use the new algorithms. As far as I know, digestalg can be checked by looking into the content of JarFile::getManifest::getEntries(). I cannot think of a good way to check for sigalg except for checking the .RSA file in raw bytes. 5. Sure, from the jarsigner --help output, we have sigalg: name of signature algorithm digestalg: name of digest algorithm and an example can be <signjar destDir="signed" alias="testonly" keystore="testkeystore" storepass="apacheant" sigalg="MD5withRSA"> digestalg="SHA1" <path> <fileset dir="dist" includes="**/*.jar" /> </path> <flattenmapper /> </signjar> Sign all the JAR files in dist/**/*.jar using the digest algorithm SHA1 and the signature algorithm MD5withRSA. This is especially useful when you want to use the JDK 7 jarsigner (which uses SHA256 and SHA256withRSA as default) to create signed jars that will be deployed on platforms not supporting SHA256 and SHA256withRSA. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
