On Tue, 25 Mar 2025 14:29:22 GMT, Artur Barashev wrote:
> We have an incorrect regex syntax when describing a "usage" algorithm
> constraint. Current syntax indicates that usage types are optional while they
> are not: at least one usage type should be specified.
Marked as reviewed by mullan (
On Wed, 26 Mar 2025 12:48:25 GMT, Sean Mullan wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Updated with Sean's comments
>
> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/resources/jarsigner.properti
On Wed, 26 Mar 2025 02:33:02 GMT, Hai-May Chao wrote:
>> The jarsigner -verify command currently performs verification by reading
>> from JarFile to navigate the central directory (CEN) headers. It is now
>> enhanced to include cross-validation of entries between JarFile (CEN-based)
>> and Jar
On Tue, 25 Mar 2025 22:37:19 GMT, Weijun Wang wrote:
>> ah.. intellij hid that from me
>
> You let it show the arg name?
intellij put the variable name popup in the method line between the whitespace
and the "0", so it wasn't obvious
-
PR Review Comment: https://git.openjdk.org/jd
On Wed, 26 Mar 2025 02:33:02 GMT, Hai-May Chao wrote:
>> The jarsigner -verify command currently performs verification by reading
>> from JarFile to navigate the central directory (CEN) headers. It is now
>> enhanced to include cross-validation of entries between JarFile (CEN-based)
>> and Jar
On Wed, 26 Mar 2025 04:22:50 GMT, Koushik Muthukrishnan Thirupattur
wrote:
>> This option dumped the permissions that the SecureClassLoader assigns to
>> ProtectionDomains, but with the disabling of the Security Manager in JDK 24,
>> these permissions are always empty and the debugging has no
On Wed, 26 Mar 2025 14:41:08 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Updated with Sean's comments
>
> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line
> 1170:
>
>
> The jarsigner -verify command currently performs verification by reading from
> JarFile to navigate the central directory (CEN) headers. It is now enhanced
> to include cross-validation of entries between JarFile (CEN-based) and
> JarInputStream (stream-based) representations of the JAR. It em
On Tue, 25 Mar 2025 00:22:23 GMT, Valerie Peng wrote:
>> As part of [https://bugs.openjdk.org/browse/JDK-8301553](JDK-8301553),
>> SunPKCS11 provider added support for PBE SecretKeyFactories for
>> `HmacPBESHAxxx` and `PBEWithHmacSHAxxxAndAES_yyy`. These impls produce keys
>> whose encoding co
On Wed, 26 Mar 2025 23:23:58 GMT, Weijun Wang wrote:
>> Good idea. Updated the code. Thanks.
>
> Again, shall we return here? Do you want to skip other comparison when the
> manifests are not the same?
It was suggested that I validate the Manifest and then fast fail if there is an
inconsistenc
On Wed, 19 Mar 2025 19:22:04 GMT, Hai-May Chao wrote:
>> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line
>> 1147:
>>
>>> 1145: Manifest locManifest = jis.getManifest();
>>> 1146: if (!compareManifest(cenManifest, locManifest)) {
>>> 1147:
> This option dumped the permissions that the SecureClassLoader assigns to
> ProtectionDomains, but with the disabling of the Security Manager in JDK 24,
> these permissions are always empty and the debugging has no value. So this
> option should be removed.
Koushik Muthukrishnan Thirupattur ha
On Wed, 26 Mar 2025 22:40:37 GMT, Hai-May Chao wrote:
>> The jarsigner -verify command currently performs verification by reading
>> from JarFile to navigate the central directory (CEN) headers. It is now
>> enhanced to include cross-validation of entries between JarFile (CEN-based)
>> and Jar
On Wed, 26 Mar 2025 23:26:12 GMT, Weijun Wang wrote:
>> Hai-May Chao has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Update with comments from Sean and Weijun
>
> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line
> The jarsigner -verify command currently performs verification by reading from
> JarFile to navigate the central directory (CEN) headers. It is now enhanced
> to include cross-validation of entries between JarFile (CEN-based) and
> JarInputStream (stream-based) representations of the JAR. It em
15 matches
Mail list logo