On Thu, 18 Nov 2021 15:03:33 GMT, Sean Mullan wrote:
>> We should, but the problem is that jarsigner needs to individually test each
>> algorithm, so it can properly display which algorithm is restricted. So, I
>> think it will need to parse the RSSASSA params itself, and then call the
>>
On Tue, 16 Nov 2021 18:10:04 GMT, Sean Mullan wrote:
>> When a signature/digest algorithm was being checked, the algorithm
>> constraints checked both the signature/digest algorithm and the key to see
>> if they were restricted. This caused duplicate checks and was also
>> problematic for
On Tue, 16 Nov 2021 17:53:16 GMT, Sean Mullan wrote:
>> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line
>> 1491:
>>
>>> 1489: private static String checkWeakAlg(String alg,
>>> CertPathConstraintsParameters cpcp) {
>>> 1490: try {
>>> 1491:
> When a signature/digest algorithm was being checked, the algorithm
> constraints checked both the signature/digest algorithm and the key to see if
> they were restricted. This caused duplicate checks and was also problematic
> for `jarsigner` (and `keytool`) which need to distinguish these