[security-dev 01295]: Need reviewer for 6883983: JarVerifier dependency on sun.security.pkcs should be removed

Alan Bateman Alan.Bateman at Sun.COM
Tue Oct 13 13:40:46 UTC 2009


I need a reviewer for this trivial change to the JAR verification code. 
In the JAR verification code it catches 
sun.security.pkcs.ParsingException (it's been there forever). As the 
code also catches IOException (and ParsingException is an IOException) 
it looks like this dependency can be safely removed.

Thanks,

Alan.

--- a/src/share/classes/java/util/jar/JarVerifier.java
+++ b/src/share/classes/java/util/jar/JarVerifier.java
@@ -293,9 +293,6 @@ class JarVerifier {
                 }
                 sfv.process(sigFileSigners);

-            } catch (sun.security.pkcs.ParsingException pe) {
-                if (debug != null) debug.println("processEntry caught: 
"+pe);
-                // ignore and treat as unsigned
             } catch (IOException ioe) {
                 if (debug != null) debug.println("processEntry caught: 
"+ioe);
                 // ignore and treat as unsigned




More information about the security-dev mailing list