RFR 8044755: Add a test for algorithm constraints check in jarsigner

Xuelei Fan xuelei.fan at oracle.com
Wed Jun 4 09:11:18 UTC 2014


Ok.

> Oh, my habit is to always keeping them so that if anything goes
> wrong ...

Ok.

Xuelei

On 6/4/2014 4:26 PM, Wang Weijun wrote:
> Oh, I was just updating the webrev to
> 
>   http://cr.openjdk.java.net/~weijun/8044755/webrev.01/
> 
> As we've just discussed offline, the reason the 2nd jarsigner call fails is a double weakness, not only the signer's key is 512 bit, but also signer's cert is signed by a 512 key (of CA).
> 
> Therefore I update the test to use a weak signature alg -- MD2withRSA. This time I believe the weakness of CA's cert won't infect the its signature when signing signer.
> 
> Thanks
> Max
> 
> On Jun 4, 2014, at 16:20, Xuelei Fan <xuelei.fan at oracle.com> wrote:
> 
>> Looks fine to me.
>>
>> FYI, I'd like to remove the temporary files (a.jar, ks, etc) after a
>> testing.
>>
>> Xuelei
>>
>> On 6/4/2014 2:21 PM, Wang Weijun wrote:
>>> Please review a new test at
>>>
>>>  http://cr.openjdk.java.net/~weijun/8044755/webrev.00/
>>>
>>> It makes sure the CertPath validation check in jarsigner matches the algorithm constraints check on key sizes.
>>>
>>> Thanks
>>> Max
>>>
>>
> 



More information about the security-dev mailing list