Oh, I was just updating the webrev to http://cr.openjdk.java.net/~weijun/8044755/webrev.01/
As we've just discussed offline, the reason the 2nd jarsigner call fails is a double weakness, not only the signer's key is 512 bit, but also signer's cert is signed by a 512 key (of CA). Therefore I update the test to use a weak signature alg -- MD2withRSA. This time I believe the weakness of CA's cert won't infect the its signature when signing signer. Thanks Max On Jun 4, 2014, at 16:20, Xuelei Fan <[email protected]> wrote: > Looks fine to me. > > FYI, I'd like to remove the temporary files (a.jar, ks, etc) after a > testing. > > Xuelei > > On 6/4/2014 2:21 PM, Wang Weijun wrote: >> Please review a new test at >> >> http://cr.openjdk.java.net/~weijun/8044755/webrev.00/ >> >> It makes sure the CertPath validation check in jarsigner matches the >> algorithm constraints check on key sizes. >> >> Thanks >> Max >> >
