On Wed, 5 Nov 2025 14:32:51 GMT, Weijun Wang <[email protected]> wrote:
>> Add support for ML-DSA signing of JAR files. >> >> ~Note: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-ml-dsa/ is not >> finalized.~ >> >> Update: it is published as https://datatracker.ietf.org/doc/rfc9882/. > > Weijun Wang has updated the pull request incrementally with two additional > commits since the last revision: > > - rename DataFecther to RepositoryFileReader > - more comments for DataFetcher test/jdk/sun/security/pkcs/pkcs7/DigestConformance.java line 47: > 45: import java.util.Map; > 46: > 47: public class DigestConformance { Maybe call this `MLDSADigestConformance` or are you thinking you will enhance it to support EdDSA, etc? test/jdk/sun/security/provider/pqc/ML_DSA_CMS.java line 50: > 48: // See https://datatracker.ietf.org/doc/html/rfc9882#name-examples > 49: try (var cmsReader = RepositoryFileReader.of(CMS_ML_DSA.class, > 50: "cms-ml-dsa-draft-ietf-lamps-cms-ml-dsa-07/"); Can we call this "RFC9882" instead? test/jdk/sun/security/provider/pqc/ML_DSA_CMS.java line 52: > 50: "cms-ml-dsa-draft-ietf-lamps-cms-ml-dsa-07/"); > 51: var dsaReader = > RepositoryFileReader.of(DILITHIUM_CERTIFICATES.class, > 52: > "dilithium-certificates-draft-ietf-lamps-dilithium-certificates-13/")) { Similarly, can we call this "RFC9881"? test/jdk/sun/security/tools/jarsigner/ML_DSA.java line 81: > 79: jf.getInputStream(je).readAllBytes(); > 80: Asserts.assertEquals(1, je.getCertificates().length); > 81: checkDigestAlgorithm(jf, signer, KnownOIDs.SHA_512); So there is currently no way to specify a different digest algorithm? ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/26563#discussion_r2500494559 PR Review Comment: https://git.openjdk.org/jdk/pull/26563#discussion_r2500459775 PR Review Comment: https://git.openjdk.org/jdk/pull/26563#discussion_r2500464197 PR Review Comment: https://git.openjdk.org/jdk/pull/26563#discussion_r2500534760
