Code review request: 7163483 JarSigner -verify -verbose does not format date string according to locale

Jonathan Lu luchsh at linux.vnet.ibm.com
Wed Apr 25 00:28:32 PDT 2012


Hi Weijun,

Thanks for your time, I've updated the webrev, could you please take a look?
http://cr.openjdk.java.net/~luchsh/7163483_2/

On 04/24/2012 03:06 PM, Weijun Wang wrote:
> Hi Jonathan
>
> Some comments:
>
> 1. Can you be sure that the new format always has the same length? 
> jarsigner tries to output in a tabular style and each column should be 
> aligned.

I'm not sure of that, so the test case was updated to compare the first 
several tokens to determine whether there's any differences in the 
expression of date time.

>
> 2. You might need to reformat the modified line to make it fit into 80 
> characters width.
>
> 3. Why not include the test inside the changeset?
2, 3 were done in the new patch
>
> Thanks
> Max
>
>
> On 04/23/2012 05:46 PM, Jonathan Lu wrote:
>> Hello security-dev,
>>
>> Here's a patch for bug 7163483, could anybody please help to take a 
>> look?
>> http://cr.openjdk.java.net/~luchsh/7163483/
>>
>> The problem is that command "jarsigner -verify -verbose my.jar" does not
>> format date string according to current locale. following simple test
>> case can be used to disclose this problem.
>>
>> /*
>> * Copyright (c) 2012 Oracle and/or its affiliates. All rights reserved.
>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>> *
>> * This code is free software; you can redistribute it and/or modify it
>> * under the terms of the GNU General Public License version 2 only, as
>> * published by the Free Software Foundation.
>> *
>> * This code is distributed in the hope that it will be useful, but 
>> WITHOUT
>> * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
>> * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
>> * version 2 for more details (a copy is included in the LICENSE file 
>> that
>> * accompanied this code).
>> *
>> * You should have received a copy of the GNU General Public License 
>> version
>> * 2 along with this work; if not, write to the Free Software Foundation,
>> * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
>> *
>> * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 
>> USA
>> * or visit www.oracle.com if you need additional information or have any
>> * questions.
>> */
>>
>> /*
>> * Portions Copyright (c) 2012 IBM Corporation
>> */
>>
>>
>> import java.io.ByteArrayOutputStream;
>> import java.io.PrintStream;
>> import java.util.Locale;
>> import sun.security.tools.JarSigner;
>>
>> public class bug7163483 {
>>
>> public static void main(String[] args) throws Exception {
>> final String[] arg = { "-verify", "-verbose",
>> System.getProperty("java.home")+"/lib/jce.jar"};
>>
>> ByteArrayOutputStream stream = new ByteArrayOutputStream(1024*64);
>> PrintStream out = new PrintStream(stream);
>> System.setOut(out);
>>
>> Locale.setDefault(Locale.GERMAN);
>> JarSigner js = new JarSigner();
>> js.run(arg);
>>
>> out.flush();
>> String s1 = stream.toString();
>> s1 = s1.substring(0, s1.length()/2);
>> stream.reset();
>>
>> Locale.setDefault(Locale.FRANCE);
>> js = new JarSigner();
>> js.run(arg);
>>
>> out.flush();
>> String s2 = stream.toString();
>> s2 = s2.substring(0, s2.length()/2);
>>
>> if (s1.equals(s2)) {
>> System.err.println("Header output for GERMAN locale is:"+s1);
>> System.err.println("Header output for FRANCE locale is:"+s2);
>> throw new RuntimeException(
>> "JarSigner verbose outputs are the same after setting locale!!");
>> } else {
>> System.err.println("Header output for GERMAN locale is:"+s1);
>> System.err.println("Header output for FRANCE locale is:"+s2);
>> System.err.println("Test passed!");
>> }
>> }
>> }
>>
>> Thanks and best regards!
>> - Jonathan Lu
>>
>

Best regards!
- Jonathan




More information about the security-dev mailing list