Code review request: 7163483 JarSigner -verify -verbose does not format date string according to locale

Weijun Wang weijun.wang at oracle.com
Wed Apr 25 02:39:35 PDT 2012



On 04/25/2012 05:23 PM, Jonathan Lu wrote:
> Hi Max,
>
> On 04/25/2012 05:12 PM, Weijun Wang wrote:
>>
>>
>> On 04/25/2012 03:28 PM, Jonathan Lu wrote:
>>> Hi Weijun,
>>>
>>> Thanks for your time, I've updated the webrev, could you please take a
>>> look?
>>> http://cr.openjdk.java.net/~luchsh/7163483_2/
>>>
>>> On 04/24/2012 03:06 PM, Weijun Wang wrote:
>>>> Hi Jonathan
>>>>
>>>> Some comments:
>>>>
>>>> 1. Can you be sure that the new format always has the same length?
>>>> jarsigner tries to output in a tabular style and each column should be
>>>> aligned.
>>>
>>> I'm not sure of that, so the test case was updated to compare the first
>>> several tokens to determine whether there's any differences in the
>>> expression of date time.
>>
>> Sorry, I didn't make myself clear last time, I was mainly afraid of
>> unaligned lines that make the output ugly.
>>
>> For example:
>>
>> smk 76 Nov 10, 2009 8:57:54 AM bin/vbin/go
>> smk 1149 Apr 8, 2012 4:03:20 PM bin/vbin/netbeans
>> smk 170 Nov 20, 2009 4:47:42 PM bin/vbin/syncdown
>> smk 671 Feb 8, 2012 8:11:22 PM bin/vbin/ssh.desktop
>> smk 187 Nov 20, 2009 4:47:34 PM bin/vbin/syncsf
>>
>
> I think that would not be a problem in the new test case which compares
> tokenized strings splited by blank spaces instead of String#equals. Does
> that make sense?

I'm not talking about the test. It's the output of jarsigner looking ugly.

smk       76 Nov 10, 2009 8:57:54 AM bin/vbin/go
smk     1149 Apr 8, 2012 4:03:20 PM bin/vbin/netbeans
smk      170 Nov 20, 2009 4:47:42 PM bin/vbin/syncdown
smk      671 Feb 8, 2012 8:11:22 PM bin/vbin/ssh.desktop
smk      187 Nov 20, 2009 4:47:34 PM bin/vbin/syncsf

Compare with the current output:

smk       76 Tue Nov 10 08:57:54 CST 2009 bin/vbin/go
smk     1149 Sun Apr 08 16:03:20 CST 2012 bin/vbin/netbeans
smk      170 Fri Nov 20 16:47:42 CST 2009 bin/vbin/syncdown
smk      671 Wed Feb 08 20:11:22 CST 2012 bin/vbin/ssh.desktop
smk      187 Fri Nov 20 16:47:34 CST 2009 bin/vbin/syncsf

Thanks
Max

>
>> Thanks
>> Max
>>
>>>
>>>>
>>>> 2. You might need to reformat the modified line to make it fit into 80
>>>> characters width.
>>>>
>>>> 3. Why not include the test inside the changeset?
>>> 2, 3 were done in the new patch
>>>>
>>>> Thanks
>>>> Max
>>>>
>>>>
>>>> On 04/23/2012 05:46 PM, Jonathan Lu wrote:
>>>>> Hello security-dev,
>>>>>
>>>>> Here's a patch for bug 7163483, could anybody please help to take a
>>>>> look?
>>>>> http://cr.openjdk.java.net/~luchsh/7163483/
>>>>>
>>>>> The problem is that command "jarsigner -verify -verbose my.jar"
>>>>> does not
>>>>> format date string according to current locale. following simple test
>>>>> case can be used to disclose this problem.
>>>>>
>>>>> /*
>>>>> * Copyright (c) 2012 Oracle and/or its affiliates. All rights
>>>>> reserved.
>>>>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>>>> *
>>>>> * This code is free software; you can redistribute it and/or modify it
>>>>> * under the terms of the GNU General Public License version 2 only, as
>>>>> * published by the Free Software Foundation.
>>>>> *
>>>>> * This code is distributed in the hope that it will be useful, but
>>>>> WITHOUT
>>>>> * ANY WARRANTY; without even the implied warranty of
>>>>> MERCHANTABILITY or
>>>>> * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
>>>>> * version 2 for more details (a copy is included in the LICENSE file
>>>>> that
>>>>> * accompanied this code).
>>>>> *
>>>>> * You should have received a copy of the GNU General Public License
>>>>> version
>>>>> * 2 along with this work; if not, write to the Free Software
>>>>> Foundation,
>>>>> * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
>>>>> *
>>>>> * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065
>>>>> USA
>>>>> * or visit www.oracle.com if you need additional information or
>>>>> have any
>>>>> * questions.
>>>>> */
>>>>>
>>>>> /*
>>>>> * Portions Copyright (c) 2012 IBM Corporation
>>>>> */
>>>>>
>>>>>
>>>>> import java.io.ByteArrayOutputStream;
>>>>> import java.io.PrintStream;
>>>>> import java.util.Locale;
>>>>> import sun.security.tools.JarSigner;
>>>>>
>>>>> public class bug7163483 {
>>>>>
>>>>> public static void main(String[] args) throws Exception {
>>>>> final String[] arg = { "-verify", "-verbose",
>>>>> System.getProperty("java.home")+"/lib/jce.jar"};
>>>>>
>>>>> ByteArrayOutputStream stream = new ByteArrayOutputStream(1024*64);
>>>>> PrintStream out = new PrintStream(stream);
>>>>> System.setOut(out);
>>>>>
>>>>> Locale.setDefault(Locale.GERMAN);
>>>>> JarSigner js = new JarSigner();
>>>>> js.run(arg);
>>>>>
>>>>> out.flush();
>>>>> String s1 = stream.toString();
>>>>> s1 = s1.substring(0, s1.length()/2);
>>>>> stream.reset();
>>>>>
>>>>> Locale.setDefault(Locale.FRANCE);
>>>>> js = new JarSigner();
>>>>> js.run(arg);
>>>>>
>>>>> out.flush();
>>>>> String s2 = stream.toString();
>>>>> s2 = s2.substring(0, s2.length()/2);
>>>>>
>>>>> if (s1.equals(s2)) {
>>>>> System.err.println("Header output for GERMAN locale is:"+s1);
>>>>> System.err.println("Header output for FRANCE locale is:"+s2);
>>>>> throw new RuntimeException(
>>>>> "JarSigner verbose outputs are the same after setting locale!!");
>>>>> } else {
>>>>> System.err.println("Header output for GERMAN locale is:"+s1);
>>>>> System.err.println("Header output for FRANCE locale is:"+s2);
>>>>> System.err.println("Test passed!");
>>>>> }
>>>>> }
>>>>> }
>>>>>
>>>>> Thanks and best regards!
>>>>> - Jonathan Lu
>>>>>
>>>>
>>>
>>> Best regards!
>>> - Jonathan
>>>
>>
> Thanks & regards!
> - Jonathan
>



More information about the security-dev mailing list