JDK-8078534 : DRS 1.2: checksum algorithm needs to be restricted to SHA-256
  • Type: Bug
  • Component: deploy
  • Affected Version: 8u60
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2015-04-23
  • Updated: 2015-09-29
  • Resolved: 2015-05-01
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u60 b15Fixed 9Fixed
Related Reports
Relates :  
JDK-8079677 - fix to JDK-8078534 removed part of fix to JDK-8076220
Description
DRS 1.2 implements checksum type rule for unsigned jars.
The AMC interface passes checksum and checksum algorythm to deploy in CodeRef constructor in order to prevent deploy code from trying to download the jar and calculate the checksum itself.  If a DRS ruleset could contain different checksum rules with different algorithms, then this would be thwarted,  and  deploy would try to download the jar to calculate the checksum in the other algorithm.

We could solve this by changing the interface to pass in array of checksums and algorithms, and AMC would have to compute the checksums in all possible algorithms.

It would be easier at this time to just restrict the possible algorithms to just SHA-256, and at this time we see no pressing need to support any other algorithm.

DRS 1.2 will be modified to allow only SHA-256 as the algorithm used for checksum element.
Comments
release note text: see "release notes" section in wiki: https://wiki.se.oracle.com/display/JPGC/DRS+1.2
20-07-2015
crucible review: https://java.se.oracle.com/code/cru/CR-JDK9CLIENT-989
29-04-2015
The current code treats an unknown attribute as a warning (not a fatal error) so it should be consistent. (In this case we have an unchecked Trace statement and the unknown attribute is ignored) If a value for checksum hash is other null or SHA-256 we will have an unchecked Trace statement: "Warning: Unexpected value "XXX" for algorithm attribute in element "checksum" found when processing the Deployment Rule Set." and we will ignore the attribute. (which will cause SHA-256 to be used as if the attribute were not specified) The DRS 1.2 wiki, https://wiki.se.oracle.com/display/JPGC/DRS+1.2 , has been updated with a note to reflect this.
28-04-2015