[jdk8u-dev] RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC
Francisco Ferrari Bihurriet
fferrari at openjdk.org
Fri Sep 19 10:28:56 UTC 2025
Hi, this is a backport of openjdk/jdk11u-dev#3098. The backport isn't clean, because of the following:
* File paths that require adjustment for 8u
* In `Main.java`, trivial context differences and code that needs adjustment from 11u to 8u:
* `java.nio.file.Path.of()` ⟶ `java.nio.file.Paths.get()`
* `InputStream::transferTo(OutputStream.nullOutputStream())` ⟶ [original code before a review suggestion](https://github.com/openjdk/jdk/pull/23532/commits/ef546f4b778e8a1f43dbedc56a79bb53d169a1e7#diff-7083af3b8473a092987afa0bbb4d1694664649534bac716f6b9cd3c3b9833219L1185-L1186)
* In the test (`VerifyJarEntryName.java`), code that needs adjustment from 11u to 8u:
* `@library /test/lib` ⟶ `@library /lib/testlibrary`
* JUnit 5 ⟶ JUnit 4
* `org.junit.jupiter.api.BeforeAll` ⟶ `org.junit.BeforeClass`
* `org.junit.jupiter.api.BeforeEach` ⟶ `org.junit.Before`
* `org.junit.jupiter.api.Test` ⟶ `org.junit.Test`
* `java.nio.file.Path.of()` ⟶ `java.nio.file.Paths.get()`
* `@BeforeClass`, `@Before` and `@Test` methods must be public
* Can't use `var`
* `Arrays.equals(a, start, end, b, 0, b.length)` ⟶ `Arrays.equals(Arrays.copyOfRange(a, start, end), b)` (`Arrays::equals` with offsets not present in 8u)
* NOTE: for the Japanese manpages translation approach, please refer to openjdk/jdk11u-dev#3098
* I updated `jdk/src/linux/doc/man/ja/jarsigner.1` and `jdk/src/solaris/doc/sun/man/man1/ja/jarsigner.1` (identical), and left `dk/src/bsd/doc/man/ja/jarsigner.1` untouched (doesn't have any content besides the headers)
#### Related issues ("relates to" Jira issue links)
[JDK-8353299](https://bugs.openjdk.org/browse/JDK-8353299 "VerifyJarEntryName.java test fails") (openjdk/jdk at acd4da49a01760599ec4c325ff6c56f53ba5cc9c) and [JDK-8367782](https://bugs.openjdk.org/browse/JDK-8367782 "VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName") (openjdk/jdk at TBD) were also included as part of this backport. They are test-only changes that improve the reliability and coverage of `VerifyJarEntryName.java`.
Since `test/hotspot/jtreg/runtime/appcds/SignedJar.java` is not present in 8u, [JDK-8353330](https://bugs.openjdk.org/browse/JDK-8353330 "Test runtime/cds/appcds/SignedJar.java fails in CDSHeapVerifier") was not included.
#### Testing
* Besides the `tier1` run from the [GitHub actions](https://github.com/franferrax/jdk8u-dev/actions/runs/17843526748) (similar results as the [current `master` run](https://github.com/kvergizova/jdk8u-dev/actions/runs/17378479373/job/49331554816)), I ran a regression using the following categories and individual tests:
* `jdk/test/com/sun/jarsigner`
* `jdk/test/java/security/SignedJar`
* `jdk/test/java/util/jar`
* `jdk/test/sun/security/pkcs/pkcs7`
* `jdk/test/sun/security/tools/jarsigner`
* Includes `VerifyJarEntryName.java`, created for this issue
* `jdk/test/sun/security/tools/keytool`
No regressions were found against the current `master` branch (9a4bc2d205c9b8b5f743f16a2ea8b85d6cb6924b).
-------------
Commit messages:
- Backport 8353299 & 8367782
- Backport bbd5b174c50346152a624317b6bd76ec48f7e551
Changes: https://git.openjdk.org/jdk8u-dev/pull/699/files
Webrev: https://webrevs.openjdk.org/?repo=jdk8u-dev&pr=699&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8339280
Stats: 401 lines in 10 files changed: 401 ins; 0 del; 0 mod
Patch: https://git.openjdk.org/jdk8u-dev/pull/699.diff
Fetch: git fetch https://git.openjdk.org/jdk8u-dev.git pull/699/head:pull/699
PR: https://git.openjdk.org/jdk8u-dev/pull/699
More information about the jdk8u-dev
mailing list