For platforms using Java < 1.8.0_133, MD5 is still enabled for JAR
signatures. Its just too painful to manage all this, so support this
in the tests.
--- /dev/null
+
+import java.security.Security;
+import java.util.Locale;
+
+public class IsMD5Disabled {
+ public static void main(String[] args) throws Exception {
+ String daString = Security.getProperty("jdk.jar.disabledAlgorithms");
+ String[] algorithms = daString.trim().split(",");
+ boolean isMD5Disabled = true;
+ for (String alg : algorithms) {
+ if (alg.trim().toLowerCase(Locale.US).startsWith("md5")) {
+ isMD5Disabled = false;
+ }
+ }
+ if (isMD5Disabled) {
+ System.out.println("MD5 in jdk.jar.disabledAlgorithms: " + daString);
+ } else {
+ System.out.println("MD5 allowed for JAR signatures: " + daString);
+ System.exit(1);
+ }
+ }
+}
python3 -c "import sys; from distutils.version import LooseVersion as V; sys.exit(V(sys.argv[3]) < V('2.3'))" `git --version`
}
+is_MD5_disabled() {
+ javac $WORKSPACE/tests/IsMD5Disabled.java && java -cp $WORKSPACE/tests IsMD5Disabled
+ return $?
+}
+
#------------------------------------------------------------------------------#
# "main"