On Tue, 24 Jan 2023 12:18:10 GMT, Eirik Bjorsnos <[email protected]> wrote:
>> This PR attempts to make JarWithOneNonDisabledDigestAlg a little easier to
>> read.
>>
>> Some changes are made in the choice of algorithms and naming. The intent
>> here is to reduce confusion and make the purpose of the test clearer:
>>
>> - Updated the **enabled** digestAlgorithm in use from SHA1 to SHA256. The
>> use of SHA1 here seems just a bit confusing, since it has been considered
>> weak for a while
>> - The two different signer aliases are now named SIGNER1, SIGNER2 instead of
>> the somewhat confusing SHA1, SHA256
>> - Both signing keys are now generated with -sigalg SHA256withRSA since the
>> sigalg of the keys does not seem to matter for this test
>>
>> There are also some general code cleanups:
>>
>> - Moved loading of the key store into the new method loadKeyStore
>> - Updated checkThatJarIsSigned to take a parameter Map<String, Integer>
>> representing the expected signer counts for each path in the JAR. This
>> provides a cleaner separation between expectiations and the enforcement of
>> expectations.
>> - Introduced Path constants for various file names used throughout the test,
>> reducing a number of redundant Path.of calls which seemed to clutter the
>> code a bit
>> - Updated IO code to use new APIs, such as Files.newOutputStream,
>> Files.newInputStream, InputStream.transferTo and
>> OutputStream.nullOutputStream.
>> - Added/updated some comments where appropriate
>
> Eirik Bjorsnos has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Add whitespace between if and left parenthesis
test/jdk/jdk/security/jarsigner/JarWithOneNonDisabledDigestAlg.java line 109:
> 107: try {
> 108: jarConstraints.permits("MD5", cp, false);
> 109: throw new Exception("This test assumes that MD5 is
> disabled");
It might be clearer to say something like "This test requires MD5 to be
disabled but it is enabled."
Same for the SHA256 check below.
-------------
PR: https://git.openjdk.org/jdk/pull/11997
