Re: RFR: 8266225: jarsigner is using incorrect security property to show weakness of certs [v2]
On Fri, 7 May 2021 14:10:14 GMT, Weijun Wang wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Test with new java.security file > > Marked as reviewed by weijun (Reviewer). @wangweij @seanjmullan Thanks for the review. - PR: https://git.openjdk.java.net/jdk/pull/3905
Re: RFR: 8266225: jarsigner is using incorrect security property to show weakness of certs [v2]
On Thu, 6 May 2021 20:57:13 GMT, Hai-May Chao wrote: >> Please review the change to jarsigner so it uses certpath security property >> in order to properly display the weakness of the certificate algorithms. > > Hai-May Chao has updated the pull request incrementally with one additional > commit since the last revision: > > Test with new java.security file Marked as reviewed by mullan (Reviewer). - PR: https://git.openjdk.java.net/jdk/pull/3905
Re: RFR: 8266225: jarsigner is using incorrect security property to show weakness of certs [v2]
On Thu, 6 May 2021 20:57:13 GMT, Hai-May Chao wrote: >> Please review the change to jarsigner so it uses certpath security property >> in order to properly display the weakness of the certificate algorithms. > > Hai-May Chao has updated the pull request incrementally with one additional > commit since the last revision: > > Test with new java.security file Marked as reviewed by weijun (Reviewer). - PR: https://git.openjdk.java.net/jdk/pull/3905
Re: RFR: 8266225: jarsigner is using incorrect security property to show weakness of certs [v2]
On Thu, 6 May 2021 18:08:40 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Test with new java.security file
>
> test/jdk/sun/security/tools/jarsigner/CheckSignerCertChain.java line 90:
>
>> 88: // key, but not for its SHA1withRSA algorithm.
>> 89: .shouldContain("Signature algorithm: SHA1withRSA,
>> 1024-bit key (weak)")
>> 90: .shouldHaveExitValue(0);
>
> What does the test show before this fix?
>
> I don't see `Security.setProperty` called or a new `java.security` file is
> used. If `jdk.jar.dA` and `jdk.certpath.dA` are the same, then there's no way
> to find out if the new code works.
Added test using new java.security with different disabledAlgorithms for
certpath and jar.
-
PR: https://git.openjdk.java.net/jdk/pull/3905
Re: RFR: 8266225: jarsigner is using incorrect security property to show weakness of certs [v2]
> Please review the change to jarsigner so it uses certpath security property > in order to properly display the weakness of the certificate algorithms. Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision: Test with new java.security file - Changes: - all: https://git.openjdk.java.net/jdk/pull/3905/files - new: https://git.openjdk.java.net/jdk/pull/3905/files/1d37f99e..533a7fed Webrevs: - full: https://webrevs.openjdk.java.net/?repo=jdk=3905=01 - incr: https://webrevs.openjdk.java.net/?repo=jdk=3905=00-01 Stats: 27 lines in 1 file changed: 26 ins; 0 del; 1 mod Patch: https://git.openjdk.java.net/jdk/pull/3905.diff Fetch: git fetch https://git.openjdk.java.net/jdk pull/3905/head:pull/3905 PR: https://git.openjdk.java.net/jdk/pull/3905
