[jdk21u-dev] RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC
Francisco Ferrari Bihurriet
fferrari at openjdk.org
Thu Sep 18 21:38:16 UTC 2025
Hi, this is a backport of openjdk/jdk at bbd5b174c50346152a624317b6bd76ec48f7e551. The backport is not clean because of the following reasons.
##### Internationalization files
21u doesn't have [JDK-8345940: Migrate security-related resources from Java classes to properties files](https://bugs.openjdk.org/browse/JDK-8345940) (openjdk/jdk at 9a49418138b93bc8ed8879be5c9b9b9c85ef47e1), so changes from `resources/jarsigner.properties`, were applied to `Resources.java`.
Also, internationalized messages were added later, so they have been recovered from [JDK-8359761: JDK 25 RDP1 L10n resource files update](https://bugs.openjdk.org/browse/JDK-8359761) (openjdk/jdk at da7080fffb2389465dc9afca6d02e9085fe15302):
* New messages in `resources/jarsigner_de.properties` were applied to `Resources_de.java`
* New messages in `resources/jarsigner_ja.properties` were applied to `Resources_ja.java`
* New messages in `resources/jarsigner_zh_CN.properties` were applied to `Resources_zh_CN.java`
To convert these messages, I created the [PropertiesToResources.java](https://github.com/user-attachments/files/22413901/PropertiesToResources.java) small program.
##### Man pages
21u doesn't have [JDK-8344056: Use markdown format for man pages](https://bugs.openjdk.org/browse/JDK-8344056) (openjdk/jdk at 475feb064bb6b9dfd34fc52762e3e0ab825254ec), so changes from `jarsigner.md`, were applied to `jarsigner.1`.
#### Related issues ("relates to" Jira issue links)
[JDK-8353299](https://bugs.openjdk.org/browse/JDK-8353299 "VerifyJarEntryName.java test fails") (openjdk/jdk at acd4da49a01760599ec4c325ff6c56f53ba5cc9c) and [JDK-8367782](https://bugs.openjdk.org/browse/JDK-8367782 "VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName") (openjdk/jdk at TBD) were also included as part of this backport. They are test-only changes that improve the reliability and coverage of `VerifyJarEntryName.java`.
Since `test/hotspot/jtreg/runtime/cds/appcds/SignedJar.java` is not failing after the backport, [JDK-8353330](https://bugs.openjdk.org/browse/JDK-8353330 "Test runtime/cds/appcds/SignedJar.java fails in CDSHeapVerifier") was not included.
#### Testing
* Besides the `tier1` run from the [GitHub actions](https://github.com/franferrax/jdk21u-dev/actions/runs/17832391518) (all passed), I ran a regression using the following categories and individual tests:
* `test/hotspot/jtreg/runtime/cds/appcds/SignedJar.java`
* `test/jdk/java/security/SignedJar`
* `test/jdk/java/util/jar`
* `test/jdk/jdk/security/jarsigner`
* `test/jdk/sun/security/pkcs/pkcs7`
* `test/jdk/sun/security/tools/jarsigner`
* Includes `VerifyJarEntryName.java`, created for this issue
* `test/jdk/sun/security/tools/keytool`
No regressions were found against the current `master` branch (10df11a53aa01ac15386f072dd45fddc3bb03c17).
-------------
Commit messages:
- Backport 8353299 & 8367782
- Backport bbd5b174c50346152a624317b6bd76ec48f7e551
Changes: https://git.openjdk.org/jdk21u-dev/pull/2235/files
Webrev: https://webrevs.openjdk.org/?repo=jdk21u-dev&pr=2235&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8339280
Stats: 407 lines in 7 files changed: 407 ins; 0 del; 0 mod
Patch: https://git.openjdk.org/jdk21u-dev/pull/2235.diff
Fetch: git fetch https://git.openjdk.org/jdk21u-dev.git pull/2235/head:pull/2235
PR: https://git.openjdk.org/jdk21u-dev/pull/2235
More information about the jdk-updates-dev
mailing list