RFR 8163304: jarsigner -verbose -verify should print the algorithms used to sign the jar

Sean Mullan sean.mullan at oracle.com
Wed Oct 19 20:13:24 UTC 2016


* Main.java

   98     private static final DisabledAlgorithmConstraints SIGN_CHECK =
   99             new DisabledAlgorithmConstraints(
  100 
DisabledAlgorithmConstraints.PROPERTY_CERTPATH_DISABLED_ALGS);

This should be changed to PROPERTY_JAR_DISABLED_ALGS now that the fix 
for 8167594 is in 9.

* Resources.java

150                 "The jar will be treated as unsigned, because it is 
signed with a weak algorithm that is now disabled.\n\nRe-run jarsigner 
with the -verbose option for more details."},

Should this also have "WARNING:" at the beginning like the other 2 
unsigned warning messages?

* JarUtils.java

45      * a new jar entry will be created with the file name itself the 
content.
70      * with the file name itself the content.

These 2 lines would be more understandable if you changed "itself the 
content" to "itself as the content".

* TimestampCheck.java

You will need to update this test based on the new MD5 restrictions 
added in 8167594.

--Sean

On 10/19/2016 03:36 AM, Wang Weijun wrote:
> Please review the code change at
>
>    http://cr.openjdk.java.net/~weijun/8163304/webrev.01/
>
> With this change, "jarsigner -verify -verbose" will print out how a jar was signed.
>
> For example, a jar which was signed and timestamped with many weak algorithms will show
>
> - Signed by "CN=old"
>     Digest algorithm: MD2 (weak)
>     Signature algorithm: MD2withRSA (weak), 2048-bit key
>   Timestamped by "CN=tsbad1" on Wed Oct 19 07:32:22 UTC 2016
>     Timestamp digest algorithm: MD2 (weak)
>     Timestamp signature algorithm: SHA1withRSA, 512-bit key (weak)
>
> WARNING: The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled by the security property:
>
>   jdk.jar.disabledAlgorithms=MD2, RSA keySize < 1024, DSA keySize < 1024
>
> Thanks
> Max
>


More information about the security-dev mailing list