Code review request: 7163483 JarSigner -verify -verbose does not format date string according to locale

Jonathan Lu luchsh at linux.vnet.ibm.com
Fri Jul 6 02:16:39 PDT 2012 

Hello Max,

I's been a long time since my last mail, I did some investigation and 
had some discussion with i18n developers,  but still did not see a nice 
solution for the alignment problem. There does not seem be an existing 
API to do this job in JDK scope. So I implemented a simple format 
function, and use it to format under different locales.

http://cr.openjdk.java.net/~luchsh/7163483_3/

The patch is trying to format the code in the same way as 
java.util.Date.toString() in the format of "EEE MMM dd HH:mm:ss zzz 
yyyy", except for using names of month and DOW in localized format. So 
far, it works good for me under all supported locales.

Here's a test case to verify the vertical alignment, which I has been 
posted to i18n mailing list before,
http://cr.openjdk.java.net/~luchsh/VerticalAlignmentTest.java

It may still fail under "vi_VN" locale with this solution due to test 
case limit, but I do not think it is a real failure since the result 
fields still get aligned except for multiple words in one field.

Could you please take a look at the patch?

Many thanks & best regards
Jonathan

On 04/25/2012 07:48 PM, Weijun Wang wrote:
> Hi Jonathan
>
> I'm using English.
>
> In your test all the files have a similar modified time so you cannot 
> see the difference. However, in my example, you can see that the 
> widths for date and hour are not zero-padded so the width can be 
> either 1 or 2.
>
> French is even worse
>
> smk       76 10 nov. 2009 08:57:54 bin/vbin/go
> smk     1149 8 avr. 2012 16:03:20 bin/vbin/netbeans
> smk      170 20 nov. 2009 16:47:42 bin/vbin/syncdown
> smk      671 8 févr. 2012 20:11:22 bin/vbin/ssh.desktop
> smk      187 20 nov. 2009 16:47:34 bin/vbin/syncsf
>
> So here even the width of month abbr can be different.
>
> Thanks
> Max
>
>
> On 04/25/2012 07:09 PM, Jonathan Lu wrote:
>> Hello Max,
>>
>> Terribly sorry for my misunderstanding!
>>
>> On 04/25/2012 05:39 PM, Weijun Wang wrote:
>>>
>>>
>>> On 04/25/2012 05:23 PM, Jonathan Lu wrote:
>>>> Hi Max,
>>>>
>>>> On 04/25/2012 05:12 PM, Weijun Wang wrote:
>>>>>
>>>>>
>>>>> On 04/25/2012 03:28 PM, Jonathan Lu wrote:
>>>>>> Hi Weijun,
>>>>>>
>>>>>> Thanks for your time, I've updated the webrev, could you please 
>>>>>> take a
>>>>>> look?
>>>>>> http://cr.openjdk.java.net/~luchsh/7163483_2/
>>>>>>
>>>>>> On 04/24/2012 03:06 PM, Weijun Wang wrote:
>>>>>>> Hi Jonathan
>>>>>>>
>>>>>>> Some comments:
>>>>>>>
>>>>>>> 1. Can you be sure that the new format always has the same length?
>>>>>>> jarsigner tries to output in a tabular style and each column
>>>>>>> should be
>>>>>>> aligned.
>>>>>>
>>>>>> I'm not sure of that, so the test case was updated to compare the
>>>>>> first
>>>>>> several tokens to determine whether there's any differences in the
>>>>>> expression of date time.
>>>>>
>>>>> Sorry, I didn't make myself clear last time, I was mainly afraid of
>>>>> unaligned lines that make the output ugly.
>>>>>
>>>>> For example:
>>>>>
>>>>> smk 76 Nov 10, 2009 8:57:54 AM bin/vbin/go
>>>>> smk 1149 Apr 8, 2012 4:03:20 PM bin/vbin/netbeans
>>>>> smk 170 Nov 20, 2009 4:47:42 PM bin/vbin/syncdown
>>>>> smk 671 Feb 8, 2012 8:11:22 PM bin/vbin/ssh.desktop
>>>>> smk 187 Nov 20, 2009 4:47:34 PM bin/vbin/syncsf
>>>>>
>>>>
>>>> I think that would not be a problem in the new test case which 
>>>> compares
>>>> tokenized strings splited by blank spaces instead of String#equals. 
>>>> Does
>>>> that make sense?
>>>
>>> I'm not talking about the test. It's the output of jarsigner looking
>>> ugly.
>>>
>>> smk 76 Nov 10, 2009 8:57:54 AM bin/vbin/go
>>> smk 1149 Apr 8, 2012 4:03:20 PM bin/vbin/netbeans
>>> smk 170 Nov 20, 2009 4:47:42 PM bin/vbin/syncdown
>>> smk 671 Feb 8, 2012 8:11:22 PM bin/vbin/ssh.desktop
>>> smk 187 Nov 20, 2009 4:47:34 PM bin/vbin/syncsf
>>>
>>> Compare with the current output:
>>>
>>> smk 76 Tue Nov 10 08:57:54 CST 2009 bin/vbin/go
>>> smk 1149 Sun Apr 08 16:03:20 CST 2012 bin/vbin/netbeans
>>> smk 170 Fri Nov 20 16:47:42 CST 2009 bin/vbin/syncdown
>>> smk 671 Wed Feb 08 20:11:22 CST 2012 bin/vbin/ssh.desktop
>>> smk 187 Fri Nov 20 16:47:34 CST 2009 bin/vbin/syncsf
>>
>> I did not see unaligned format in my testing, did you get these
>> unaligned output after applying the patch? From above lines, I see the
>> starting indices of date string in each line are always the same, which
>> is achieved by jarsigner, but the length of the date strings are not the
>> same, which locale were you testing on?
>>
>>>
>>> Thanks
>>> Max
>>>
>>>>
>>>>> Thanks
>>>>> Max
>>>>>
>>>>>>
>>>>>>>
>>>>>>> 2. You might need to reformat the modified line to make it fit
>>>>>>> into 80
>>>>>>> characters width.
>>>>>>>
>>>>>>> 3. Why not include the test inside the changeset?
>>>>>> 2, 3 were done in the new patch
>>>>>>>
>>>>>>> Thanks
>>>>>>> Max
>>>>>>>
>>>>>>>
>>>>>>> On 04/23/2012 05:46 PM, Jonathan Lu wrote:
>>>>>>>> Hello security-dev,
>>>>>>>>
>>>>>>>> Here's a patch for bug 7163483, could anybody please help to 
>>>>>>>> take a
>>>>>>>> look?
>>>>>>>> http://cr.openjdk.java.net/~luchsh/7163483/
>>>>>>>>
>>>>>>>> The problem is that command "jarsigner -verify -verbose my.jar"
>>>>>>>> does not
>>>>>>>> format date string according to current locale. following simple
>>>>>>>> test
>>>>>>>> case can be used to disclose this problem.
>>>>>>>>
>>>>>>>> /*
>>>>>>>> * Copyright (c) 2012 Oracle and/or its affiliates. All rights
>>>>>>>> reserved.
>>>>>>>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>>>>>>> *
>>>>>>>> * This code is free software; you can redistribute it and/or
>>>>>>>> modify it
>>>>>>>> * under the terms of the GNU General Public License version 2
>>>>>>>> only, as
>>>>>>>> * published by the Free Software Foundation.
>>>>>>>> *
>>>>>>>> * This code is distributed in the hope that it will be useful, but
>>>>>>>> WITHOUT
>>>>>>>> * ANY WARRANTY; without even the implied warranty of
>>>>>>>> MERCHANTABILITY or
>>>>>>>> * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
>>>>>>>> License
>>>>>>>> * version 2 for more details (a copy is included in the LICENSE 
>>>>>>>> file
>>>>>>>> that
>>>>>>>> * accompanied this code).
>>>>>>>> *
>>>>>>>> * You should have received a copy of the GNU General Public 
>>>>>>>> License
>>>>>>>> version
>>>>>>>> * 2 along with this work; if not, write to the Free Software
>>>>>>>> Foundation,
>>>>>>>> * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
>>>>>>>> *
>>>>>>>> * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA
>>>>>>>> 94065
>>>>>>>> USA
>>>>>>>> * or visit www.oracle.com if you need additional information or
>>>>>>>> have any
>>>>>>>> * questions.
>>>>>>>> */
>>>>>>>>
>>>>>>>> /*
>>>>>>>> * Portions Copyright (c) 2012 IBM Corporation
>>>>>>>> */
>>>>>>>>
>>>>>>>>
>>>>>>>> import java.io.ByteArrayOutputStream;
>>>>>>>> import java.io.PrintStream;
>>>>>>>> import java.util.Locale;
>>>>>>>> import sun.security.tools.JarSigner;
>>>>>>>>
>>>>>>>> public class bug7163483 {
>>>>>>>>
>>>>>>>> public static void main(String[] args) throws Exception {
>>>>>>>> final String[] arg = { "-verify", "-verbose",
>>>>>>>> System.getProperty("java.home")+"/lib/jce.jar"};
>>>>>>>>
>>>>>>>> ByteArrayOutputStream stream = new ByteArrayOutputStream(1024*64);
>>>>>>>> PrintStream out = new PrintStream(stream);
>>>>>>>> System.setOut(out);
>>>>>>>>
>>>>>>>> Locale.setDefault(Locale.GERMAN);
>>>>>>>> JarSigner js = new JarSigner();
>>>>>>>> js.run(arg);
>>>>>>>>
>>>>>>>> out.flush();
>>>>>>>> String s1 = stream.toString();
>>>>>>>> s1 = s1.substring(0, s1.length()/2);
>>>>>>>> stream.reset();
>>>>>>>>
>>>>>>>> Locale.setDefault(Locale.FRANCE);
>>>>>>>> js = new JarSigner();
>>>>>>>> js.run(arg);
>>>>>>>>
>>>>>>>> out.flush();
>>>>>>>> String s2 = stream.toString();
>>>>>>>> s2 = s2.substring(0, s2.length()/2);
>>>>>>>>
>>>>>>>> if (s1.equals(s2)) {
>>>>>>>> System.err.println("Header output for GERMAN locale is:"+s1);
>>>>>>>> System.err.println("Header output for FRANCE locale is:"+s2);
>>>>>>>> throw new RuntimeException(
>>>>>>>> "JarSigner verbose outputs are the same after setting locale!!");
>>>>>>>> } else {
>>>>>>>> System.err.println("Header output for GERMAN locale is:"+s1);
>>>>>>>> System.err.println("Header output for FRANCE locale is:"+s2);
>>>>>>>> System.err.println("Test passed!");
>>>>>>>> }
>>>>>>>> }
>>>>>>>> }
>>>>>>>>
>>>>>>>> Thanks and best regards!
>>>>>>>> - Jonathan Lu
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Best regards!
>>>>>> - Jonathan
>>>>>>
>>>>>
>>>> Thanks & regards!
>>>> - Jonathan
>>>>
>>>
>>
>> Thanks
>> - Jonathan
>>
>

More information about the security-dev mailing list