Bug ID: JDK-8292704 sun/security/tools/jarsigner/compatibility/Compatibility.java use wrong key size for EC

Type: Bug
Component: security-libs
Sub-Component: java.security
Affected Version: 19,20,21

Priority: P3
Status: Resolved
Resolution: Fixed

Submitted: 2022-08-22
Updated: 2025-01-10
Resolved: 2023-06-22

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 11	JDK 17	JDK 21	JDK 22
11.0.27-oracleFixed	17.0.15-oracleFixed	21Fixed	22 b04Fixed

Test: sun/security/tools/jarsigner/compatibility/Compatibility.java

The Test is using wrong key size for EC Line:462
return new int[] { 384, 571, 0 }; // 0 is no keysize specified
It should be 521 instead of 571.

Also there are few Test output pattern mismatch exist which marks the Passed testcase to Failed.
Ex: The Test failed with message 
java.lang.RuntimeException: The line '    Signature algorithm: SHA384withRSA, 3072-bit key' does not match pattern '^  (  Signature algorithm: DEFAULTwithRSA, 3072-bit key)|(  Digest algorithm: SHA-512)$'

Here it looks like the Test expected pattern message has been modified in jarsigner output which cause the mismatch and it need correction in Test file.

Fix request [17u] I backport this for parity with 17.0.15-oracle. No risk, only a test change. Simple resolve needed. Test passes. SAP nightly testing passed.
09-01-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk17u-dev/pull/3191 Date: 2025-01-08 09:57:48 +0000
08-01-2025
JDK-8267319 increased key sizes, making this test fail with older jdks that use small key sizes.
08-01-2025
A pull request was submitted for review. URL: https://git.openjdk.org/jdk21/pull/74 Date: 2023-06-27 20:44:01 +0000
27-06-2023
Changeset: 130a9f13 Author: Matthew Donovan <mdonovan@openjdk.org> Date: 2023-06-22 18:43:27 +0000 URL: https://git.openjdk.org/jdk/commit/130a9f138759c2f8504a83a6f3a93b1f219f0a42
22-06-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/14602 Date: 2023-06-21 18:46:41 +0000
21-06-2023

Duplicate :	JDK-8310894 - Remove sun/security/tools/jarsigner/compatibility/Compatibility.java as source 7 compatibility was removed
Relates :	JDK-8267319 - Use Larger Default Key Sizes and Algorithms Based on CNSA 1.0