[security-dev 01301]: Re: Need reviewer for 6883983: JarVerifier dependency on sun.security.pkcs should be removed

Brad Wetmore Bradford.Wetmore at Sun.COM
Wed Oct 14 12:56:08 PDT 2009


Looks good.  You could mention that class in a comment to make it clear 
what might show up here.

     } catch (IOException ioe) {
         // e.g. sun.security.pkcs.ParsingException
         if (debug != null) debug.println("processEntry caught:

Brad


Alan Bateman wrote:
> I need a reviewer for this trivial change to the JAR verification code. 
> In the JAR verification code it catches 
> sun.security.pkcs.ParsingException (it's been there forever). As the 
> code also catches IOException (and ParsingException is an IOException) 
> it looks like this dependency can be safely removed.
> 
> Thanks,
> 
> Alan.
> 
> --- a/src/share/classes/java/util/jar/JarVerifier.java
> +++ b/src/share/classes/java/util/jar/JarVerifier.java
> @@ -293,9 +293,6 @@ class JarVerifier {
>                 }
>                 sfv.process(sigFileSigners);
> 
> -            } catch (sun.security.pkcs.ParsingException pe) {
> -                if (debug != null) debug.println("processEntry caught: 
> "+pe);
> -                // ignore and treat as unsigned
>             } catch (IOException ioe) {
>                 if (debug != null) debug.println("processEntry caught: 
> "+ioe);
>                 // ignore and treat as unsigned
> 



More information about the security-dev mailing list