On Thu, 15 Oct 2020 20:42:30 GMT, Valerie Peng <valer...@openjdk.org> wrote:
>> Weijun Wang has updated the pull request incrementally with one additional >> commit since the last revision: >> >> signing time, jarsigner -directsign, and digest algorithm check > > src/java.base/share/classes/sun/security/pkcs/SignerInfo.java line 549: > >> 547: return encAlg; >> 548: default: >> 549: String digAlg = digAlgId.getName().replace("-", ""); > > This may be incorrect if the digest algorithm is in the SHA3 family. Maybe we > should check and apply this conversion > only when digest algorithm starts with "SHA-". Good suggestion. I'll also try some tests. ------------- PR: https://git.openjdk.java.net/jdk/pull/322