Please review this trivial fix at
http://cr.openjdk.java.net/~weijun/8185934/webrev.00/ KeyUtil.getSize() are also called elsewhere when they key is weak, where key length is not 1. Noregtrivial. Thanks Max 
I don't think we should warn at all if the keysize cannot be determined
or is inaccessible. The corresponding algorithm constraints checks don't restrict keys whose size cannot be determined, so keytool and jarsigner should be consistent. Sean On 8/8/17 1:49 AM, Weijun Wang wrote: > Please review this trivial fix at > > http://cr.openjdk.java.net/~weijun/8185934/webrev.00/ > > KeyUtil.getSize() are also called elsewhere when they key is weak, where key length is not 1. > > Noregtrivial. > > Thanks > Max > 
On Aug 8, 2017, at 8:22 PM, Sean Mullan <[hidden email]> wrote: This code change is not related to weak warnings. For jarsigner, it's the signing history:  Signed by "CN=a" For keytool, it's the keytool list v output: Alias name: a In fact, whenever the key size appears in a weak warning, as you said, it's always a positive value that fails a constraint check. This is why I said I haven't touched those KeyUtil.getSize() outputs. Max

Ok, I got it now. The method name "withWeak" threw me off a bit.
Fix looks good to me. Sean On 8/8/17 9:00 AM, Weijun Wang wrote: > >> On Aug 8, 2017, at 8:22 PM, Sean Mullan <[hidden email]> wrote: >> >> I don't think we should warn at all if the keysize cannot be >> determined or is inaccessible. The corresponding algorithm constraints >> checks don't restrict keys whose size cannot be determined, so keytool >> and jarsigner should be consistent. > > This code change is not related to weak warnings. For jarsigner, it's > the signing history: > >>  Signed by "CN=a" >> Digest algorithm: SHA256 >> Signature algorithm: SHA256withECDSA, 1bit key > > For keytool, it's the keytool list v output: > >> Alias name: a >> ... >> Signature algorithm name: SHA256withECDSA >> Subject Public Key Algorithm: 1bit EC key >> Version: 3 > > In fact, whenever the key size appears in a weak warning, as you said, > it's always a positive value that fails a constraint check. This is why > I said I haven't touched those KeyUtil.getSize() outputs. > > Max > >> >> Sean >> >> On 8/8/17 1:49 AM, Weijun Wang wrote: >>> Please review this trivial fix at >>> http://cr.openjdk.java.net/~weijun/8185934/webrev.00/ >>> KeyUtil.getSize() are also called elsewhere when they key is weak, >>> where key length is not 1. >>> Noregtrivial. >>> Thanks >>> Max > 
> On Aug 8, 2017, at 9:17 PM, Sean Mullan <[hidden email]> wrote: > > Ok, I got it now. The method name "withWeak" threw me off a bit. Maybe it should be toStringWithPerhapsWeakLabel. Max 
Free forum by Nabble  Edit this page 