[icedtea-web] RFC: Patch to fix signature verification on OpenJDK7

[Dr Andrew John Hughes]

On 14:03 Wed 03 Aug     , Deepak Bhole wrote:
> * Dr Andrew John Hughes <ahughes at redhat.com> [2011-08-03 13:55]:
> > On 13:45 Wed 03 Aug     , Deepak Bhole wrote:
> > > Hi,
> > > 
> > > OpenJDK7 reports MANIFEST.MF as a signed entry even when it is not. This
> > > causes the signature verification code in icedtea-web to throw an error
> > > as it is not expecting MANIFEST.MF to be signed.
> > > 
> > > Attached patch makes it so that entries with signature are tracked iff
> > > the entry is expected to be signed. This ensures that icedtea-web will
> > > work with 6 and 7.
> > > 
> > > Okay for HEAD and backport to 1.1/1.0?
> > > 
> > > ChangeLog:
> > > 
> > > 2011-08-03  Deepak Bhole <dbhole at redhat.com>
> > > 
> > >     * netx/net/sourceforge/jnlp/tools/JarSigner.java (verifyJar): Put
> > > 	entry in cert hashtable only if the entry is expected to be signed.
> > > 
> > > Thanks,
> > > Deepak
> > 
> > Do you think this is a bug in 7? Or the right behaviour?
> > 
> 
> The change was on purpose. This message has an explanation of why:
> http://mail.openjdk.java.net/pipermail/security-dev/2010-December/002460.html
>

Ah ok.  One wonders if he should have include something that says
'Sun Confidential: Internal only' on it :-)
 
> Cheers,
> Deepak
> 
> > -- 
> > Andrew :)
> > 
> > Free Java Software Engineer
> > Red Hat, Inc. (http://www.redhat.com)
> > 
> > Support Free Java!
> > Contribute to GNU Classpath and IcedTea
> > http://www.gnu.org/software/classpath
> > http://icedtea.classpath.org
> > PGP Key: F5862A37 (https://keys.indymedia.org/)
> > Fingerprint = EA30 D855 D50F 90CD F54D  0698 0713 C3ED F586 2A37

-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

Support Free Java!
Contribute to GNU Classpath and IcedTea
http://www.gnu.org/software/classpath
http://icedtea.classpath.org
PGP Key: F5862A37 (https://keys.indymedia.org/)
Fingerprint = EA30 D855 D50F 90CD F54D  0698 0713 C3ED F586 2A37