Mail.openjdk.java.ne

Popular Threads From Mail.openjdk.java.ne:

Project Jigsaw goals and requirements

Code Review Request: running signed modules with SecurityManager

Module-info.class spec and attributes

Jpkg enhancements to create signed modules

Code review request for SecurityManager changes

List Statistics

Total Threads: 594
Total Posts: 513

Phrases Used to Find This Thread

jpkg format

Page 1 of 1

10-05-2010 05:47 PM

Mail.openjdk.java.ne member admin is online now

User

10-05-2010 07:40 PM

Mail.openjdk.java.ne member admin is online now

User

11-05-2010 12:30 PM

Mail.openjdk.java.ne member admin is online now

User

11-05-2010 01:15 PM

Mail.openjdk.java.ne member admin is online now

User

11-05-2010 03:09 PM

Mail.openjdk.java.ne member admin is online now

User

11-05-2010 03:56 PM

Mail.openjdk.java.ne member admin is online now

User

11-05-2010 05:17 PM

Mail.openjdk.java.ne member admin is online now

User

11-05-2010 07:53 PM

Mail.openjdk.java.ne member admin is online now

User

11-05-2010 08:18 PM

Mail.openjdk.java.ne member admin is online now

User

#10

11-05-2010 08:28 PM

Mail.openjdk.java.ne member admin is online now

User

Hello,

Please review these code changes to support the creation of signed modules:

http://cr.openjdk.java.net/~vinnie/6951048/webrev.00/webrev/

It adds the following new options to the jpkg tool:

-S, --signer : module signer's identifier
-k, --keystore : module signer's keystore location
-t, --storetype : module signer's keystore type
--nosign : do not sign the module
--nopassword : do not prompt for a keystore password

Appropriate default values are supported and keystore passwords may be
supplied to jpkg by redirecting standard input.

This is just one of a number of changes to support signed modules throughout
jigsaw.

Please send me your comments as I'm hoping to address any issues and integrate
these changes by the end of this week.

Thanks.
) Vinnie discovered a small issue with the signed module file format [1] while
implementing.

The module header in the module file format [2] includes a field named csize
which holds the size of the module file. The value of this field is not known
until the contents of the module file has been written. The csize also includes
the size of the signature section, but the signature cannot be written until all
of the hashes have been generated. Two of those hashes (the module header hash
and the whole file hash) are over content containing the csize field. Thus there
is a circular dependency issue.

The current implementation works around this by first writing a dummy signature
and then later replacing it with the real signature once the overall size of the
signature is known.

However, this is not an optimal solution.

The simplest fix would be to not include csize in the hashes. Another
possibility is to not sign the module header, as most of the information
contained in the header is part of initializing the processing of the file
itself, and any modifications would likely lead to an error before the signature
is validated anyway.

Comments?

[1]: http://cr.openjdk.java.net/~mullan/jigsaw/signed-module-file-format
[2]: http://cr.openjdk.java.net/~mr/jigsaw/notes/module-file-format/

On 5/10/10 12:47 PM, Vincent Ryan wrote:
> Hello,
>
> Please review these code changes to support the creation of signed modules:
>
> http://cr.openjdk.java.net/~vinnie/6951048/webrev.00/webrev/
>
> It adds the following new options to the jpkg tool:
>
> -S, --signer : module signer's identifier
> -k, --keystore : module signer's keystore location
> -t, --storetype : module signer's keystore type
> --nosign : do not sign the module
> --nopassword : do not prompt for a keystore password
>
> Appropriate default values are supported and keystore passwords may be
> supplied to jpkg by redirecting standard input.
>
>
> This is just one of a number of changes to support signed modules throughout
> jigsaw.
>
> Please send me your comments as I'm hoping to address any issues and integrate
> these changes by the end of this week.
>
> Thanks.
) What's critical inside the module header? The version numbers might be used
for conpatibility check. Can usize be altered to exhaust precious memory?

Maybe the header can be divided into 2 parts?

Thanks
Max

------- Original message -------
> From: Sean Mullan <>
> To: jigsaw-
> Sent: 11.5.'10, 2:39
>
> Vinnie discovered a small issue with the signed module file format [1]
> while implementing.
>
> The module header in the module file format [2] includes a field named
> csize which holds the size of the module file. The value of this field is
> not known until the contents of the module file has been written. The
> csize also includes the size of the signature section, but the signature
> cannot be written until all of the hashes have been generated. Two of
> those hashes (the module header hash and the whole file hash) are over
> content containing the csize field. Thus there is a circular dependency
> issue.
>
> The current implementation works around this by first writing a dummy
> signature and then later replacing it with the real signature once the
> overall size of the signature is known.
>
> However, this is not an optimal solution.
>
> The simplest fix would be to not include csize in the hashes. Another
> possibility is to not sign the module header, as most of the information
> contained in the header is part of initializing the processing of the file
> itself, and any modifications would likely lead to an error before the
> signature is validated anyway.
>
> Comments?
>
> [1]: http://cr.openjdk.java.net/~mullan/jigsaw/signed-module-file-format
> [2]: http://cr.openjdk.java.net/~mr/jigsaw/notes/module-file-format/
>
>
> On 5/10/10 12:47 PM, Vincent Ryan wrote:
>> Hello,
>>
>> Please review these code changes to support the creation of signed
>> modules:
>>
>> http://cr.openjdk.java.net/~vinnie/6951048/webrev.00/webrev/
>>
>> It adds the following new options to the jpkg tool:
>>
>> -S, --signer : module signer's identifier
>> -k, --keystore : module signer's keystore location
>> -t, --storetype : module signer's keystore type
>> --nosign : do not sign the module
>> --nopassword : do not prompt for a keystore password
>>
>> Appropriate default values are supported and keystore passwords may be
>> supplied to jpkg by redirecting standard input.
>>
>>
>> This is just one of a number of changes to support signed modules
>> throughout
>> jigsaw.
>>
>> Please send me your comments as I'm hoping to address any issues and
>> integrate
>> these changes by the end of this week.
>>
>> Thanks.

) Simple ones first.

ContentInfo:
HexDumpEncoder.encodeBuffer(*) is preferred.

Packager:
1. --nosign and --signer etc can be combinated quite freely. Is there an
illegal combination?
2. We used to specify NONE for PKCS #11 keystore name. Although it's not
recommended now, is it allowed?
3. What if user specifies a non-JKS type but hasn't provided keystore name?
4. The char[] returned by Password.readPassword() is not zeroed.
5. Do we have SHA256withDSA now?
6. We've added CRL into signed jars recently. Any plan for it in signed
modules? You might embed it in PKCS #7 block or create a supplementary
module section (Is this possible?)

ModuleFileFormat:
hashtype is hardcoded to SHA256?

Thanks
Max

------- Original message -------
> From: Vincent Ryan <>
> To: jigsaw-
> Sent: 11.5.'10, 0:46
>
> Hello,
>
> Please review these code changes to support the creation of signed
> modules:
>
> http://cr.openjdk.java.net/~vinnie/6951048/webrev.00/webrev/
>
> It adds the following new options to the jpkg tool:
>
> -S, --signer : module signer's identifier
> -k, --keystore : module signer's keystore location
> -t, --storetype : module signer's keystore type
> --nosign : do not sign the module
> --nopassword : do not prompt for a keystore password
>
> Appropriate default values are supported and keystore passwords may be
> supplied to jpkg by redirecting standard input.
>
>
> This is just one of a number of changes to support signed modules
> throughout
> jigsaw.
>
> Please send me your comments as I'm hoping to address any issues and
> integrate
> these changes by the end of this week.
>
> Thanks.

) Thanks for your comments Max.

On 11/05/2010 13:15, **** Weijun wrote:
> Simple ones first.
>
> ContentInfo:
> HexDumpEncoder.encodeBuffer(*) is preferred.

Done.

>
> Packager:
> 1. --nosign and --signer etc can be combinated quite freely. Is there an
> illegal combination?

Now it throws an exception when --nosign is supplied with any of --signer
--keystore --storetype.

> 2. We used to specify NONE for PKCS #11 keystore name. Although it's not
> recommended now, is it allowed?

Now supported.

> 3. What if user specifies a non-JKS type but hasn't provided keystore name?

That's allowed, for example, PKCS11 and Windows-MY

> 4. The char[] returned by Password.readPassword() is not zeroed.

Done.

> 5. Do we have SHA256withDSA now?

That's a problem. Will investigate.

> 6. We've added CRL into signed jars recently. Any plan for it in signed
> modules? You might embed it in PKCS #7 block or create a supplementary
> module section (Is this possible?)

No plans to support this yet.

>
> ModuleFileFormat:
> hashtype is hardcoded to SHA256?

Yes.

>
> Thanks
> Max
>
>
> ------- Original message -------
>> From: Vincent Ryan <>
>> To: jigsaw-
>> Sent: 11.5.'10, 0:46
>>
>> Hello,
>>
>> Please review these code changes to support the creation of signed
>> modules:
>>
>> http://cr.openjdk.java.net/~vinnie/6951048/webrev.00/webrev/
>>
>> It adds the following new options to the jpkg tool:
>>
>> -S, --signer : module signer's identifier
>> -k, --keystore : module signer's keystore location
>> -t, --storetype : module signer's keystore type
>> --nosign : do not sign the module
>> --nopassword : do not prompt for a keystore password
>>
>> Appropriate default values are supported and keystore passwords may be
>> supplied to jpkg by redirecting standard input.
>>
>>
>> This is just one of a number of changes to support signed modules
>> throughout
>> jigsaw.
>>
>> Please send me your comments as I'm hoping to address any issues and
>> integrate
>> these changes by the end of this week.
>>
>> Thanks.
>

) >> 3. What if user specifies a non-JKS type but hasn't provided keystore
>> name?
>
> That's allowed, for example, PKCS11 and Windows-MY
>
>

What about pkcs12 and jceks?
) On 11/05/2010 15:56, **** Weijun wrote:
>>> 3. What if user specifies a non-JKS type but hasn't provided keystore
>>> name?
>>
>> That's allowed, for example, PKCS11 and Windows-MY
>>
>>
>
> What about pkcs12 and jceks?

An exception will be thrown. For example,

% jpkg --storetype PKCS12 --signer mykey jmod mymodule
Enter password for PKCS12 keystore:
java.security.KeyStoreException: Signer key not found in PKCS12 keystore

)
> Date: Mon, 10 May 2010 17:47:53 +0100
> From:

> Please review these code changes to support the creation of signed modules:
>
> http://cr.openjdk.java.net/~vinnie/6951048/webrev.00/webrev/
>
> It adds the following new options to the jpkg tool:
>
> -S, --signer : module signer's identifier
> -k, --keystore : module signer's keystore location
> -t, --storetype : module signer's keystore type
> --nosign : do not sign the module
> --nopassword : do not prompt for a keystore password
>
> Appropriate default values are supported and keystore passwords may be
> supplied to jpkg by redirecting standard input.

Thanks; this is a good start. Some comments:

FileConstants.java

[156] We might support XML_DSIG or PGP someday, but we have no
immediate plans for those, so please remove these elements from the
SignatureType enum.

ModuleFileFormat.java

Please use "//" rather than "/* .. */" for all non-javadoc comments.

[486, and elsewhere] Indent non-initial lines of a long argument list,
and put the following brace on its own line:

public void setSignatureMechanism(ModuleFileSigner mechanism,
ModuleFileSigner.Parameters parameters)
{

[545] Having to shift the whole file here seems unfortunate. Is there
no way to predict the size of the signature in advance? Does it depend
upon anything other than the number of section hashes?

Packager.java

Why is the --nosign option needed? Not signing a module should be the
default; signing should be done only when requested.

[137, 140] Variables named "nofoo" are confusing, and lead to clunky
double-negative constructions such as "!nofoo". Please change these
variables to their positive forms.

[200] The new signing code makes this method way too long to be
readable. Please refactor it into one or more subsidiary methods.

Finally, you'll need a unit test for all this new functionality.

- Mark
) > Date: Mon, 10 May 2010 14:40:03 -0400

> Vinnie discovered a small issue with the signed module file format [1] while
> implementing.
>
> The module header in the module file format [2] includes a field named csize
> which holds the size of the module file. The value of this field is not known
> until the contents of the module file has been written. The csize also includes
> the size of the signature section, but the signature cannot be written until
> all of the hashes have been generated. Two of those hashes (the module header
> hash and the whole file hash) are over content containing the csize field. Thus
> there is a circular dependency issue.
>
> The current implementation works around this by first writing a dummy signature
> and then later replacing it with the real signature once the overall size of
> the signature is known.

Won't it still be necessary to write a dummy signature even if the csize
field is omitted?

> However, this is not an optimal solution.
>
> The simplest fix would be to not include csize in the hashes. Another
> possibility is to not sign the module header, as most of the information
> contained in the header is part of initializing the processing of the file
> itself, and any modifications would likely lead to an error before the
> signature is validated anyway.

Yet another solution is simply to remove the csize field from module-file
headers.

It's read by the module-repository code when publishing a module, but the
compressed size of a module can just as easily be determined by asking
the filesystem.

Unless someone sees a need for this field, let's remove it.

- Mark
) On 05/10/10 09:47, Vincent Ryan wrote:
> Hello,
>
> Please review these code changes to support the creation of signed modules:
>
> http://cr.openjdk.java.net/~vinnie/6951048/webrev.00/webrev/
>
> It adds the following new options to the jpkg tool:
>
> -S, --signer : module signer's identifier
> -k, --keystore : module signer's keystore location
> -t, --storetype : module signer's keystore type
> --nosign : do not sign the module
> --nopassword : do not prompt for a keystore password
>
> Appropriate default values are supported and keystore passwords may be
> supplied to jpkg by redirecting standard input.
>
>
> This is just one of a number of changes to support signed modules throughout
> jigsaw.
>
> Please send me your comments as I'm hoping to address any issues and integrate
> these changes by the end of this week
Hi Vinnie,

Just a couple of questions for now and will do a detailed review
in your new version.

Packager.java
line 224, 267:
- Does this message ("Enter password") need to be localized? If so,
it should get from a resource bundle. The jigsaw tools have yet to
support L10N. Perhaps we can start with this message.

Does this change introduce new dependency to the jdk.boot module?
You can check the module-info.java from the build directory:
build/linux-i586/tmp/modules/src/jdk.boot/module-info.java

jdk.boot is the minimal module that doesn't depend on any
other module.

jpkg is preinstalled in the jdk-base-module in the modules build.
You can run build/linux-i586/jdk-base-module/bin/jpkg
to verify if it causes unexpected dependencies (not found by
the static analysis done by the class analyzer).

Mandy
)

#11

11-05-2010 09:59 PM

Mail.openjdk.java.ne member admin is online now

User

#12

12-05-2010 12:22 AM

Mail.openjdk.java.ne member admin is online now

User

#13

12-05-2010 11:19 AM

Mail.openjdk.java.ne member admin is online now

User

#14

12-05-2010 02:53 PM

Mail.openjdk.java.ne member admin is online now

User

#15

12-05-2010 06:26 PM

Mail.openjdk.java.ne member admin is online now

User

Page 1 of 1

NewsArc Lists | Culture Pages | Computing Archive | Media-Pages

Link to this page on your blog or website by copying the HTML code below and pasting it into your site:

Next Thread »