Code review request: 7163483 JarSigner -verify -verbose does not format date string according to locale

Weijun Wang weijun.wang at oracle.com
Wed Apr 25 02:12:00 PDT 2012



On 04/25/2012 03:28 PM, Jonathan Lu wrote:
> Hi Weijun,
>
> Thanks for your time, I've updated the webrev, could you please take a
> look?
> http://cr.openjdk.java.net/~luchsh/7163483_2/
>
> On 04/24/2012 03:06 PM, Weijun Wang wrote:
>> Hi Jonathan
>>
>> Some comments:
>>
>> 1. Can you be sure that the new format always has the same length?
>> jarsigner tries to output in a tabular style and each column should be
>> aligned.
>
> I'm not sure of that, so the test case was updated to compare the first
> several tokens to determine whether there's any differences in the
> expression of date time.

Sorry, I didn't make myself clear last time, I was mainly afraid of 
unaligned lines that make the output ugly.

For example:

smk       76 Nov 10, 2009 8:57:54 AM bin/vbin/go
smk     1149 Apr 8, 2012 4:03:20 PM bin/vbin/netbeans
smk      170 Nov 20, 2009 4:47:42 PM bin/vbin/syncdown
smk      671 Feb 8, 2012 8:11:22 PM bin/vbin/ssh.desktop
smk      187 Nov 20, 2009 4:47:34 PM bin/vbin/syncsf

Thanks
Max

>
>>
>> 2. You might need to reformat the modified line to make it fit into 80
>> characters width.
>>
>> 3. Why not include the test inside the changeset?
> 2, 3 were done in the new patch
>>
>> Thanks
>> Max
>>
>>
>> On 04/23/2012 05:46 PM, Jonathan Lu wrote:
>>> Hello security-dev,
>>>
>>> Here's a patch for bug 7163483, could anybody please help to take a
>>> look?
>>> http://cr.openjdk.java.net/~luchsh/7163483/
>>>
>>> The problem is that command "jarsigner -verify -verbose my.jar" does not
>>> format date string according to current locale. following simple test
>>> case can be used to disclose this problem.
>>>
>>> /*
>>> * Copyright (c) 2012 Oracle and/or its affiliates. All rights reserved.
>>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>> *
>>> * This code is free software; you can redistribute it and/or modify it
>>> * under the terms of the GNU General Public License version 2 only, as
>>> * published by the Free Software Foundation.
>>> *
>>> * This code is distributed in the hope that it will be useful, but
>>> WITHOUT
>>> * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
>>> * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
>>> * version 2 for more details (a copy is included in the LICENSE file
>>> that
>>> * accompanied this code).
>>> *
>>> * You should have received a copy of the GNU General Public License
>>> version
>>> * 2 along with this work; if not, write to the Free Software Foundation,
>>> * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
>>> *
>>> * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065
>>> USA
>>> * or visit www.oracle.com if you need additional information or have any
>>> * questions.
>>> */
>>>
>>> /*
>>> * Portions Copyright (c) 2012 IBM Corporation
>>> */
>>>
>>>
>>> import java.io.ByteArrayOutputStream;
>>> import java.io.PrintStream;
>>> import java.util.Locale;
>>> import sun.security.tools.JarSigner;
>>>
>>> public class bug7163483 {
>>>
>>> public static void main(String[] args) throws Exception {
>>> final String[] arg = { "-verify", "-verbose",
>>> System.getProperty("java.home")+"/lib/jce.jar"};
>>>
>>> ByteArrayOutputStream stream = new ByteArrayOutputStream(1024*64);
>>> PrintStream out = new PrintStream(stream);
>>> System.setOut(out);
>>>
>>> Locale.setDefault(Locale.GERMAN);
>>> JarSigner js = new JarSigner();
>>> js.run(arg);
>>>
>>> out.flush();
>>> String s1 = stream.toString();
>>> s1 = s1.substring(0, s1.length()/2);
>>> stream.reset();
>>>
>>> Locale.setDefault(Locale.FRANCE);
>>> js = new JarSigner();
>>> js.run(arg);
>>>
>>> out.flush();
>>> String s2 = stream.toString();
>>> s2 = s2.substring(0, s2.length()/2);
>>>
>>> if (s1.equals(s2)) {
>>> System.err.println("Header output for GERMAN locale is:"+s1);
>>> System.err.println("Header output for FRANCE locale is:"+s2);
>>> throw new RuntimeException(
>>> "JarSigner verbose outputs are the same after setting locale!!");
>>> } else {
>>> System.err.println("Header output for GERMAN locale is:"+s1);
>>> System.err.println("Header output for FRANCE locale is:"+s2);
>>> System.err.println("Test passed!");
>>> }
>>> }
>>> }
>>>
>>> Thanks and best regards!
>>> - Jonathan Lu
>>>
>>
>
> Best regards!
> - Jonathan
>



More information about the security-dev mailing list