Code Review Request : signed module digest verification
Mandy Chung
mandy.chung at oracle.com
Wed Mar 9 23:01:22 PST 2011
On 3/9/11 6:55 AM, Sean Mullan wrote:
> See webrev:
> http://cr.openjdk.java.net/~mullan/jigsaw/webrevs/digest-verification/webrev.00/
>
ModuleFileFormat.java
line 1727: better to catch specific exception rather than all types.
IOException and CertificateException, any other?
line 1786: read() may not read hashLength number of bytes.
should you use readFully() instead?
line 1795: looks like verifyHashes is not used. This method is for
one phase verification?
line 1804: should it do the sanity check on expectedHashes? Perhaps
do the check when parseSignedData returns.
line 1823: the space in the argument type "byte []" can be removed.
ModuleFileVerifier.java
line 74: The verifyHashes method is for the future?
line 87: Would be better to name this method with what's being
verified. What about verifyModuleMetaDataHashes?
Other than that, looks good to me.
Mandy
> With this change, signed module [1,2] digests are now verified as part
> of the signed module installation and verification. This does not
> address the ModuleFileFormat.Reader issues I previously raised [3];
> those will be addressed in a subsequent webrev.
>
> Thanks,
> Sean
>
> [1]: http://cr.openjdk.java.net/~mullan/jigsaw/signed-module-file-format
> [2]:
> http://cr.openjdk.java.net/~mullan/jigsaw/signed-module-functional-spec
> [3]:
> http://mail.openjdk.java.net/pipermail/jigsaw-dev/2011-March/001185.html
More information about the jigsaw-dev
mailing list