Code review request: 7163483 JarSigner -verify -verbose does not format date string according to locale

Jonathan Lu luchsh at linux.vnet.ibm.com
Wed Apr 25 02:23:41 PDT 2012


Hi Max,

On 04/25/2012 05:12 PM, Weijun Wang wrote:
>
>
> On 04/25/2012 03:28 PM, Jonathan Lu wrote:
>> Hi Weijun,
>>
>> Thanks for your time, I've updated the webrev, could you please take a
>> look?
>> http://cr.openjdk.java.net/~luchsh/7163483_2/
>>
>> On 04/24/2012 03:06 PM, Weijun Wang wrote:
>>> Hi Jonathan
>>>
>>> Some comments:
>>>
>>> 1. Can you be sure that the new format always has the same length?
>>> jarsigner tries to output in a tabular style and each column should be
>>> aligned.
>>
>> I'm not sure of that, so the test case was updated to compare the first
>> several tokens to determine whether there's any differences in the
>> expression of date time.
>
> Sorry, I didn't make myself clear last time, I was mainly afraid of 
> unaligned lines that make the output ugly.
>
> For example:
>
> smk       76 Nov 10, 2009 8:57:54 AM bin/vbin/go
> smk     1149 Apr 8, 2012 4:03:20 PM bin/vbin/netbeans
> smk      170 Nov 20, 2009 4:47:42 PM bin/vbin/syncdown
> smk      671 Feb 8, 2012 8:11:22 PM bin/vbin/ssh.desktop
> smk      187 Nov 20, 2009 4:47:34 PM bin/vbin/syncsf
>

I think that would not be a problem in the new test case which compares 
tokenized strings splited by blank spaces instead of String#equals. Does 
that make sense?

> Thanks
> Max
>
>>
>>>
>>> 2. You might need to reformat the modified line to make it fit into 80
>>> characters width.
>>>
>>> 3. Why not include the test inside the changeset?
>> 2, 3 were done in the new patch
>>>
>>> Thanks
>>> Max
>>>
>>>
>>> On 04/23/2012 05:46 PM, Jonathan Lu wrote:
>>>> Hello security-dev,
>>>>
>>>> Here's a patch for bug 7163483, could anybody please help to take a
>>>> look?
>>>> http://cr.openjdk.java.net/~luchsh/7163483/
>>>>
>>>> The problem is that command "jarsigner -verify -verbose my.jar" 
>>>> does not
>>>> format date string according to current locale. following simple test
>>>> case can be used to disclose this problem.
>>>>
>>>> /*
>>>> * Copyright (c) 2012 Oracle and/or its affiliates. All rights 
>>>> reserved.
>>>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>>> *
>>>> * This code is free software; you can redistribute it and/or modify it
>>>> * under the terms of the GNU General Public License version 2 only, as
>>>> * published by the Free Software Foundation.
>>>> *
>>>> * This code is distributed in the hope that it will be useful, but
>>>> WITHOUT
>>>> * ANY WARRANTY; without even the implied warranty of 
>>>> MERCHANTABILITY or
>>>> * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
>>>> * version 2 for more details (a copy is included in the LICENSE file
>>>> that
>>>> * accompanied this code).
>>>> *
>>>> * You should have received a copy of the GNU General Public License
>>>> version
>>>> * 2 along with this work; if not, write to the Free Software 
>>>> Foundation,
>>>> * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
>>>> *
>>>> * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065
>>>> USA
>>>> * or visit www.oracle.com if you need additional information or 
>>>> have any
>>>> * questions.
>>>> */
>>>>
>>>> /*
>>>> * Portions Copyright (c) 2012 IBM Corporation
>>>> */
>>>>
>>>>
>>>> import java.io.ByteArrayOutputStream;
>>>> import java.io.PrintStream;
>>>> import java.util.Locale;
>>>> import sun.security.tools.JarSigner;
>>>>
>>>> public class bug7163483 {
>>>>
>>>> public static void main(String[] args) throws Exception {
>>>> final String[] arg = { "-verify", "-verbose",
>>>> System.getProperty("java.home")+"/lib/jce.jar"};
>>>>
>>>> ByteArrayOutputStream stream = new ByteArrayOutputStream(1024*64);
>>>> PrintStream out = new PrintStream(stream);
>>>> System.setOut(out);
>>>>
>>>> Locale.setDefault(Locale.GERMAN);
>>>> JarSigner js = new JarSigner();
>>>> js.run(arg);
>>>>
>>>> out.flush();
>>>> String s1 = stream.toString();
>>>> s1 = s1.substring(0, s1.length()/2);
>>>> stream.reset();
>>>>
>>>> Locale.setDefault(Locale.FRANCE);
>>>> js = new JarSigner();
>>>> js.run(arg);
>>>>
>>>> out.flush();
>>>> String s2 = stream.toString();
>>>> s2 = s2.substring(0, s2.length()/2);
>>>>
>>>> if (s1.equals(s2)) {
>>>> System.err.println("Header output for GERMAN locale is:"+s1);
>>>> System.err.println("Header output for FRANCE locale is:"+s2);
>>>> throw new RuntimeException(
>>>> "JarSigner verbose outputs are the same after setting locale!!");
>>>> } else {
>>>> System.err.println("Header output for GERMAN locale is:"+s1);
>>>> System.err.println("Header output for FRANCE locale is:"+s2);
>>>> System.err.println("Test passed!");
>>>> }
>>>> }
>>>> }
>>>>
>>>> Thanks and best regards!
>>>> - Jonathan Lu
>>>>
>>>
>>
>> Best regards!
>> - Jonathan
>>
>
Thanks & regards!
- Jonathan




More information about the security-dev mailing list