Re: RFR: 8352277: java.security documentation: incorrect regex syntax describing "usage" algorithm constraint

2025-03-26 Thread Sean Mullan
On Tue, 25 Mar 2025 14:29:22 GMT, Artur Barashev wrote: > We have an incorrect regex syntax when describing a "usage" algorithm > constraint. Current syntax indicates that usage types are optional while they > are not: at least one usage type should be specified. Marked as reviewed by mullan (

Re: RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC [v14]

2025-03-26 Thread Sean Mullan
On Wed, 26 Mar 2025 12:48:25 GMT, Sean Mullan wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Updated with Sean's comments > > src/jdk.jartool/share/classes/sun/security/tools/jarsigner/resources/jarsigner.properti

Re: RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC [v14]

2025-03-26 Thread Sean Mullan
On Wed, 26 Mar 2025 02:33:02 GMT, Hai-May Chao wrote: >> The jarsigner -verify command currently performs verification by reading >> from JarFile to navigate the central directory (CEN) headers. It is now >> enhanced to include cross-validation of entries between JarFile (CEN-based) >> and Jar

Re: RFR: 8346129: Simplify EdDSA & XDH curve name usage [v6]

2025-03-26 Thread Anthony Scarpino
On Tue, 25 Mar 2025 22:37:19 GMT, Weijun Wang wrote: >> ah.. intellij hid that from me > > You let it show the arg name? intellij put the variable name popup in the method line between the whitespace and the "0", so it wasn't obvious - PR Review Comment: https://git.openjdk.org/jd

Re: RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC [v14]

2025-03-26 Thread Weijun Wang
On Wed, 26 Mar 2025 02:33:02 GMT, Hai-May Chao wrote: >> The jarsigner -verify command currently performs verification by reading >> from JarFile to navigate the central directory (CEN) headers. It is now >> enhanced to include cross-validation of entries between JarFile (CEN-based) >> and Jar

Re: RFR: 8351366: Remove the java.security.debug=scl option [v2]

2025-03-26 Thread Sean Mullan
On Wed, 26 Mar 2025 04:22:50 GMT, Koushik Muthukrishnan Thirupattur wrote: >> This option dumped the permissions that the SecureClassLoader assigns to >> ProtectionDomains, but with the disabling of the Security Manager in JDK 24, >> these permissions are always empty and the debugging has no

Re: RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC [v14]

2025-03-26 Thread Hai-May Chao
On Wed, 26 Mar 2025 14:41:08 GMT, Weijun Wang wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Updated with Sean's comments > > src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line > 1170: > >

Re: RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC [v15]

2025-03-26 Thread Hai-May Chao
> The jarsigner -verify command currently performs verification by reading from > JarFile to navigate the central directory (CEN) headers. It is now enhanced > to include cross-validation of entries between JarFile (CEN-based) and > JarInputStream (stream-based) representations of the JAR. It em

Re: RFR: 8348732: SunJCE and SunPKCS11 have different PBE key encodings [v2]

2025-03-26 Thread Francisco Ferrari Bihurriet
On Tue, 25 Mar 2025 00:22:23 GMT, Valerie Peng wrote: >> As part of [https://bugs.openjdk.org/browse/JDK-8301553](JDK-8301553), >> SunPKCS11 provider added support for PBE SecretKeyFactories for >> `HmacPBESHAxxx` and `PBEWithHmacSHAxxxAndAES_yyy`. These impls produce keys >> whose encoding co

Re: RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC [v7]

2025-03-26 Thread Hai-May Chao
On Wed, 26 Mar 2025 23:23:58 GMT, Weijun Wang wrote: >> Good idea. Updated the code. Thanks. > > Again, shall we return here? Do you want to skip other comparison when the > manifests are not the same? It was suggested that I validate the Manifest and then fast fail if there is an inconsistenc

Re: RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC [v7]

2025-03-26 Thread Weijun Wang
On Wed, 19 Mar 2025 19:22:04 GMT, Hai-May Chao wrote: >> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line >> 1147: >> >>> 1145: Manifest locManifest = jis.getManifest(); >>> 1146: if (!compareManifest(cenManifest, locManifest)) { >>> 1147:

Re: RFR: 8351366: Remove the java.security.debug=scl option [v3]

2025-03-26 Thread Koushik Muthukrishnan Thirupattur
> This option dumped the permissions that the SecureClassLoader assigns to > ProtectionDomains, but with the disabling of the Security Manager in JDK 24, > these permissions are always empty and the debugging has no value. So this > option should be removed. Koushik Muthukrishnan Thirupattur ha

Re: RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC [v15]

2025-03-26 Thread Weijun Wang
On Wed, 26 Mar 2025 22:40:37 GMT, Hai-May Chao wrote: >> The jarsigner -verify command currently performs verification by reading >> from JarFile to navigate the central directory (CEN) headers. It is now >> enhanced to include cross-validation of entries between JarFile (CEN-based) >> and Jar

Re: RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC [v15]

2025-03-26 Thread Hai-May Chao
On Wed, 26 Mar 2025 23:26:12 GMT, Weijun Wang wrote: >> Hai-May Chao has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Update with comments from Sean and Weijun > > src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line

Re: RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC [v16]

2025-03-26 Thread Hai-May Chao
> The jarsigner -verify command currently performs verification by reading from > JarFile to navigate the central directory (CEN) headers. It is now enhanced > to include cross-validation of entries between JarFile (CEN-based) and > JarInputStream (stream-based) representations of the JAR. It em