Everything looks fine, except a very tiny issue:
1332 private String verifyWithWeak(PublicKey key) {
1333 if (DISABLED_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
1334 if (LEGACY_CHECK.permits(SIG_PRIMITIVE_SET, key)) {
1335 int kLen = KeyUtil.getKeySize(key);
1336 if (kLen >= 0) {
1337 return String.format(rb.getString("key.bit"), kLen);
1338 } else {
1339 return rb.getString("unknown.size");
1340 }
1341 } else {
1342 weakPublicKey = key;
1343 legacyAlg |= 8;
1344 return String.format(rb.getString("key.bit.weak"),
KeyUtil.getKeySize(key));
1345 }
1346 } else {
1347 disabledAlgFound = true;
1348 return String.format(rb.getString("key.bit.disabled"),
KeyUtil.getKeySize(key));
1349 }
1350 }
You can move line 1335 before line 1334 since the size is also used in the else
block on lines 1342-1344.
Thanks,
Max
> On Apr 6, 2020, at 12:51 AM, Hai-May Chao <[email protected]> wrote:
>
> Here is the webrev:
>
> http://cr.openjdk.java.net/~weijun/8172404/webrev.00/
>
> Thanks,
> Hai-May
>
>
>> On Apr 4, 2020, at 11:41 PM, Hai-May Chao <[email protected]> wrote:
>>
>> Hi,
>>
>> I'd like to request a review for:
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8172404
>> CSR: https://bugs.openjdk.java.net/browse/JDK-8238640
>>
>> It’d be useful to start warning users that certain algorithms and key
>> lengths are becoming weak, so that users could begin transition away from
>> them before they are actually disabled. A new security property named
>> jdk.security.legacyAlgorithms is added to the java.security file to list the
>> legacy algorithms. The keytool and jarsigner tools are enhanced to enforce
>> the new property and to emit the warning messages when legacy algorithms are
>> used.
>>
>> Thanks,
>> Hai-May
>
