Time format in jar and jarsigner output (was Re: Code review request: 7163483 JarSigner -verify -verbose does not format date string according to locale)

Weijun Wang weijun.wang at oracle.com
Mon Jul 9 17:54:28 PDT 2012


Hi Jonathon

This is better. Two minor comments, you can decide what to do or we can 
see what core-lib-devs think:

1. Current output uses "zzz" for timezones, you're using "ZZZ". It might 
be more of an ISO flavor.

2. The DateFormat.format(Date,StringBuffer,FilePosition) is quite 
advanced. If it's me, I'll use the simpler format(Data) method.

Since the jar command also uses the same output format, can you also 
make the same change there (that's sun.tools.jar.Main) and ask 
core-libs-dev at openjdk.java.net for a review? Sherman 
(xueming.shen at oracle.com) owns the jar tool.

Thanks
Max


On 07/09/2012 03:24 PM, Jonathan Lu wrote:
> Hi Max,
>
> Thanks for reviewing.
>
> On 07/06/2012 06:27 PM, Weijun Wang wrote:
>> Hi Jonathan
>>
>> I have these questions:
>>
>> 1. Why always CAPITAL letters for month and weekday?
>
> This is a fault of the patch, which can be easily fixed by updating the
> format string.
>
>>
>> 2. Why always "dd HH:mm:ss zzz yyyy" for the rest? Some locales uses
>> "." instead of ":" as times delimiters.
>> 3. Why always dd after MMM? Some locales prefer dd before MMM.
>
> For question #2 and #3, I was just trying to follow the original format
> of Date.toString().
>
>>
>> Well, if you really think the current "Fri Jul" output is too English,
>> instead of localizing the string, how about we de-localize it totally
>> and choose a neutral format?
>>
>> There are several flavors of ISO date/time format at
>>
>>   http://www.w3.org/TR/NOTE-datetime
>>
>> or we can just choose
>>
>>   YYYY-MM-dd HH:mm:ss zzz
>
> Good idea, how about a patch in this way?
> http://cr.openjdk.java.net/~luchsh/7163483_4/
>
> And I prefer to your format since it looks more readable to me.
>
> Thanks and best regards!
> Jonathan
>
>>
>> BTW, the jar command is using the same format, therefore I'm adding
>> core-libs-dev.
>>
>> Thanks
>> Max
>>
>>
>> On 07/06/2012 05:16 PM, Jonathan Lu wrote:
>>> Hello Max,
>>>
>>> I's been a long time since my last mail, I did some investigation and
>>> had some discussion with i18n developers,  but still did not see a nice
>>> solution for the alignment problem. There does not seem be an existing
>>> API to do this job in JDK scope. So I implemented a simple format
>>> function, and use it to format under different locales.
>>>
>>> http://cr.openjdk.java.net/~luchsh/7163483_3/
>>>
>>> The patch is trying to format the code in the same way as
>>> java.util.Date.toString() in the format of "EEE MMM dd HH:mm:ss zzz
>>> yyyy", except for using names of month and DOW in localized format. So
>>> far, it works good for me under all supported locales.
>>>
>>> Here's a test case to verify the vertical alignment, which I has been
>>> posted to i18n mailing list before,
>>> http://cr.openjdk.java.net/~luchsh/VerticalAlignmentTest.java
>>>
>>> It may still fail under "vi_VN" locale with this solution due to test
>>> case limit, but I do not think it is a real failure since the result
>>> fields still get aligned except for multiple words in one field.
>>>
>>> Could you please take a look at the patch?
>>>
>>> Many thanks & best regards
>>> Jonathan
>>>
>>> On 04/25/2012 07:48 PM, Weijun Wang wrote:
>>>> Hi Jonathan
>>>>
>>>> I'm using English.
>>>>
>>>> In your test all the files have a similar modified time so you cannot
>>>> see the difference. However, in my example, you can see that the
>>>> widths for date and hour are not zero-padded so the width can be
>>>> either 1 or 2.
>>>>
>>>> French is even worse
>>>>
>>>> smk       76 10 nov. 2009 08:57:54 bin/vbin/go
>>>> smk     1149 8 avr. 2012 16:03:20 bin/vbin/netbeans
>>>> smk      170 20 nov. 2009 16:47:42 bin/vbin/syncdown
>>>> smk      671 8 févr. 2012 20:11:22 bin/vbin/ssh.desktop
>>>> smk      187 20 nov. 2009 16:47:34 bin/vbin/syncsf
>>>>
>>>> So here even the width of month abbr can be different.
>>>>
>>>> Thanks
>>>> Max
>>>>
>>>>
>>>> On 04/25/2012 07:09 PM, Jonathan Lu wrote:
>>>>> Hello Max,
>>>>>
>>>>> Terribly sorry for my misunderstanding!
>>>>>
>>>>> On 04/25/2012 05:39 PM, Weijun Wang wrote:
>>>>>>
>>>>>>
>>>>>> On 04/25/2012 05:23 PM, Jonathan Lu wrote:
>>>>>>> Hi Max,
>>>>>>>
>>>>>>> On 04/25/2012 05:12 PM, Weijun Wang wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>> On 04/25/2012 03:28 PM, Jonathan Lu wrote:
>>>>>>>>> Hi Weijun,
>>>>>>>>>
>>>>>>>>> Thanks for your time, I've updated the webrev, could you please
>>>>>>>>> take a
>>>>>>>>> look?
>>>>>>>>> http://cr.openjdk.java.net/~luchsh/7163483_2/
>>>>>>>>>
>>>>>>>>> On 04/24/2012 03:06 PM, Weijun Wang wrote:
>>>>>>>>>> Hi Jonathan
>>>>>>>>>>
>>>>>>>>>> Some comments:
>>>>>>>>>>
>>>>>>>>>> 1. Can you be sure that the new format always has the same
>>>>>>>>>> length?
>>>>>>>>>> jarsigner tries to output in a tabular style and each column
>>>>>>>>>> should be
>>>>>>>>>> aligned.
>>>>>>>>>
>>>>>>>>> I'm not sure of that, so the test case was updated to compare the
>>>>>>>>> first
>>>>>>>>> several tokens to determine whether there's any differences in the
>>>>>>>>> expression of date time.
>>>>>>>>
>>>>>>>> Sorry, I didn't make myself clear last time, I was mainly afraid of
>>>>>>>> unaligned lines that make the output ugly.
>>>>>>>>
>>>>>>>> For example:
>>>>>>>>
>>>>>>>> smk 76 Nov 10, 2009 8:57:54 AM bin/vbin/go
>>>>>>>> smk 1149 Apr 8, 2012 4:03:20 PM bin/vbin/netbeans
>>>>>>>> smk 170 Nov 20, 2009 4:47:42 PM bin/vbin/syncdown
>>>>>>>> smk 671 Feb 8, 2012 8:11:22 PM bin/vbin/ssh.desktop
>>>>>>>> smk 187 Nov 20, 2009 4:47:34 PM bin/vbin/syncsf
>>>>>>>>
>>>>>>>
>>>>>>> I think that would not be a problem in the new test case which
>>>>>>> compares
>>>>>>> tokenized strings splited by blank spaces instead of String#equals.
>>>>>>> Does
>>>>>>> that make sense?
>>>>>>
>>>>>> I'm not talking about the test. It's the output of jarsigner looking
>>>>>> ugly.
>>>>>>
>>>>>> smk 76 Nov 10, 2009 8:57:54 AM bin/vbin/go
>>>>>> smk 1149 Apr 8, 2012 4:03:20 PM bin/vbin/netbeans
>>>>>> smk 170 Nov 20, 2009 4:47:42 PM bin/vbin/syncdown
>>>>>> smk 671 Feb 8, 2012 8:11:22 PM bin/vbin/ssh.desktop
>>>>>> smk 187 Nov 20, 2009 4:47:34 PM bin/vbin/syncsf
>>>>>>
>>>>>> Compare with the current output:
>>>>>>
>>>>>> smk 76 Tue Nov 10 08:57:54 CST 2009 bin/vbin/go
>>>>>> smk 1149 Sun Apr 08 16:03:20 CST 2012 bin/vbin/netbeans
>>>>>> smk 170 Fri Nov 20 16:47:42 CST 2009 bin/vbin/syncdown
>>>>>> smk 671 Wed Feb 08 20:11:22 CST 2012 bin/vbin/ssh.desktop
>>>>>> smk 187 Fri Nov 20 16:47:34 CST 2009 bin/vbin/syncsf
>>>>>
>>>>> I did not see unaligned format in my testing, did you get these
>>>>> unaligned output after applying the patch? From above lines, I see the
>>>>> starting indices of date string in each line are always the same,
>>>>> which
>>>>> is achieved by jarsigner, but the length of the date strings are
>>>>> not the
>>>>> same, which locale were you testing on?
>>>>>
>>>>>>
>>>>>> Thanks
>>>>>> Max
>>>>>>
>>>>>>>
>>>>>>>> Thanks
>>>>>>>> Max
>>>>>>>>
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> 2. You might need to reformat the modified line to make it fit
>>>>>>>>>> into 80
>>>>>>>>>> characters width.
>>>>>>>>>>
>>>>>>>>>> 3. Why not include the test inside the changeset?
>>>>>>>>> 2, 3 were done in the new patch
>>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>> Max
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 04/23/2012 05:46 PM, Jonathan Lu wrote:
>>>>>>>>>>> Hello security-dev,
>>>>>>>>>>>
>>>>>>>>>>> Here's a patch for bug 7163483, could anybody please help to
>>>>>>>>>>> take a
>>>>>>>>>>> look?
>>>>>>>>>>> http://cr.openjdk.java.net/~luchsh/7163483/
>>>>>>>>>>>
>>>>>>>>>>> The problem is that command "jarsigner -verify -verbose my.jar"
>>>>>>>>>>> does not
>>>>>>>>>>> format date string according to current locale. following simple
>>>>>>>>>>> test
>>>>>>>>>>> case can be used to disclose this problem.
>>>>>>>>>>>
>>>>>>>>>>> /*
>>>>>>>>>>> * Copyright (c) 2012 Oracle and/or its affiliates. All rights
>>>>>>>>>>> reserved.
>>>>>>>>>>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
>>>>>>>>>>> *
>>>>>>>>>>> * This code is free software; you can redistribute it and/or
>>>>>>>>>>> modify it
>>>>>>>>>>> * under the terms of the GNU General Public License version 2
>>>>>>>>>>> only, as
>>>>>>>>>>> * published by the Free Software Foundation.
>>>>>>>>>>> *
>>>>>>>>>>> * This code is distributed in the hope that it will be
>>>>>>>>>>> useful, but
>>>>>>>>>>> WITHOUT
>>>>>>>>>>> * ANY WARRANTY; without even the implied warranty of
>>>>>>>>>>> MERCHANTABILITY or
>>>>>>>>>>> * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
>>>>>>>>>>> License
>>>>>>>>>>> * version 2 for more details (a copy is included in the LICENSE
>>>>>>>>>>> file
>>>>>>>>>>> that
>>>>>>>>>>> * accompanied this code).
>>>>>>>>>>> *
>>>>>>>>>>> * You should have received a copy of the GNU General Public
>>>>>>>>>>> License
>>>>>>>>>>> version
>>>>>>>>>>> * 2 along with this work; if not, write to the Free Software
>>>>>>>>>>> Foundation,
>>>>>>>>>>> * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
>>>>>>>>>>> *
>>>>>>>>>>> * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA
>>>>>>>>>>> 94065
>>>>>>>>>>> USA
>>>>>>>>>>> * or visit www.oracle.com if you need additional information or
>>>>>>>>>>> have any
>>>>>>>>>>> * questions.
>>>>>>>>>>> */
>>>>>>>>>>>
>>>>>>>>>>> /*
>>>>>>>>>>> * Portions Copyright (c) 2012 IBM Corporation
>>>>>>>>>>> */
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> import java.io.ByteArrayOutputStream;
>>>>>>>>>>> import java.io.PrintStream;
>>>>>>>>>>> import java.util.Locale;
>>>>>>>>>>> import sun.security.tools.JarSigner;
>>>>>>>>>>>
>>>>>>>>>>> public class bug7163483 {
>>>>>>>>>>>
>>>>>>>>>>> public static void main(String[] args) throws Exception {
>>>>>>>>>>> final String[] arg = { "-verify", "-verbose",
>>>>>>>>>>> System.getProperty("java.home")+"/lib/jce.jar"};
>>>>>>>>>>>
>>>>>>>>>>> ByteArrayOutputStream stream = new
>>>>>>>>>>> ByteArrayOutputStream(1024*64);
>>>>>>>>>>> PrintStream out = new PrintStream(stream);
>>>>>>>>>>> System.setOut(out);
>>>>>>>>>>>
>>>>>>>>>>> Locale.setDefault(Locale.GERMAN);
>>>>>>>>>>> JarSigner js = new JarSigner();
>>>>>>>>>>> js.run(arg);
>>>>>>>>>>>
>>>>>>>>>>> out.flush();
>>>>>>>>>>> String s1 = stream.toString();
>>>>>>>>>>> s1 = s1.substring(0, s1.length()/2);
>>>>>>>>>>> stream.reset();
>>>>>>>>>>>
>>>>>>>>>>> Locale.setDefault(Locale.FRANCE);
>>>>>>>>>>> js = new JarSigner();
>>>>>>>>>>> js.run(arg);
>>>>>>>>>>>
>>>>>>>>>>> out.flush();
>>>>>>>>>>> String s2 = stream.toString();
>>>>>>>>>>> s2 = s2.substring(0, s2.length()/2);
>>>>>>>>>>>
>>>>>>>>>>> if (s1.equals(s2)) {
>>>>>>>>>>> System.err.println("Header output for GERMAN locale is:"+s1);
>>>>>>>>>>> System.err.println("Header output for FRANCE locale is:"+s2);
>>>>>>>>>>> throw new RuntimeException(
>>>>>>>>>>> "JarSigner verbose outputs are the same after setting
>>>>>>>>>>> locale!!");
>>>>>>>>>>> } else {
>>>>>>>>>>> System.err.println("Header output for GERMAN locale is:"+s1);
>>>>>>>>>>> System.err.println("Header output for FRANCE locale is:"+s2);
>>>>>>>>>>> System.err.println("Test passed!");
>>>>>>>>>>> }
>>>>>>>>>>> }
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>> Thanks and best regards!
>>>>>>>>>>> - Jonathan Lu
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Best regards!
>>>>>>>>> - Jonathan
>>>>>>>>>
>>>>>>>>
>>>>>>> Thanks & regards!
>>>>>>> - Jonathan
>>>>>>>
>>>>>>
>>>>>
>>>>> Thanks
>>>>> - Jonathan
>>>>>
>>>>
>>>
>>>
>>
>
>




More information about the security-dev mailing list