[security-dev 01301]: Re: Need reviewer for 6883983: JarVerifier dependency on sun.security.pkcs should be removed
Brad Wetmore
Bradford.Wetmore at Sun.COM
Wed Oct 14 19:56:08 UTC 2009
Looks good. You could mention that class in a comment to make it clear
what might show up here.
} catch (IOException ioe) {
// e.g. sun.security.pkcs.ParsingException
if (debug != null) debug.println("processEntry caught:
Brad
Alan Bateman wrote:
> I need a reviewer for this trivial change to the JAR verification code.
> In the JAR verification code it catches
> sun.security.pkcs.ParsingException (it's been there forever). As the
> code also catches IOException (and ParsingException is an IOException)
> it looks like this dependency can be safely removed.
>
> Thanks,
>
> Alan.
>
> --- a/src/share/classes/java/util/jar/JarVerifier.java
> +++ b/src/share/classes/java/util/jar/JarVerifier.java
> @@ -293,9 +293,6 @@ class JarVerifier {
> }
> sfv.process(sigFileSigners);
>
> - } catch (sun.security.pkcs.ParsingException pe) {
> - if (debug != null) debug.println("processEntry caught:
> "+pe);
> - // ignore and treat as unsigned
> } catch (IOException ioe) {
> if (debug != null) debug.println("processEntry caught:
> "+ioe);
> // ignore and treat as unsigned
>
More information about the security-dev
mailing list