Time format in jar and jarsigner output (was Re: Code review request: 7163483 JarSigner -verify -verbose does not format date string according to locale)

Jonathan Lu luchsh at linux.vnet.ibm.com
Tue Jul 10 23:07:25 PDT 2012


Hello Max,

Thanks a lot for review, here's the updated patch,

http://cr.openjdk.java.net/~luchsh/7163483_5/

On 07/10/2012 08:54 AM, Weijun Wang wrote:
> Hi Jonathon
>
> This is better. Two minor comments, you can decide what to do or we 
> can see what core-lib-devs think:

I was proposing my solution for this issue and I'd like to hear more 
from core-lib-devs list. :)

>
> 1. Current output uses "zzz" for timezones, you're using "ZZZ". It 
> might be more of an ISO flavor.

Changed to "zzz" format which seems to be more readable for me.

>
> 2. The DateFormat.format(Date,StringBuffer,FilePosition) is quite 
> advanced. If it's me, I'll use the simpler format(Data) method.

Updated in the new patch.

>
> Since the jar command also uses the same output format, can you also 
> make the same change there (that's sun.tools.jar.Main) and ask 
> core-libs-dev at openjdk.java.net for a review? Sherman 
> (xueming.shen at oracle.com) owns the jar tool.
I've included sun.tools.jar.Main in the latest patch and CCed Sherman.

Could you please help to take another look?

Many thanks

Jonathan

>
> Thanks
> Max
>
>
> On 07/09/2012 03:24 PM, Jonathan Lu wrote:
>> Hi Max,
>>
>> Thanks for reviewing.
>>
>> On 07/06/2012 06:27 PM, Weijun Wang wrote:
>>> Hi Jonathan
>>>
>>> I have these questions:
>>>
>>> 1. Why always CAPITAL letters for month and weekday?
>>
>> This is a fault of the patch, which can be easily fixed by updating the
>> format string.
>>
>>>
>>> 2. Why always "dd HH:mm:ss zzz yyyy" for the rest? Some locales uses
>>> "." instead of ":" as times delimiters.
>>> 3. Why always dd after MMM? Some locales prefer dd before MMM.
>>
>> For question #2 and #3, I was just trying to follow the original format
>> of Date.toString().
>>
>>>
>>> Well, if you really think the current "Fri Jul" output is too English,
>>> instead of localizing the string, how about we de-localize it totally
>>> and choose a neutral format?
>>>
>>> There are several flavors of ISO date/time format at
>>>
>>>   http://www.w3.org/TR/NOTE-datetime
>>>
>>> or we can just choose
>>>
>>>   YYYY-MM-dd HH:mm:ss zzz
>>
>> Good idea, how about a patch in this way?
>> http://cr.openjdk.java.net/~luchsh/7163483_4/
>>
>> And I prefer to your format since it looks more readable to me.
>>
>> Thanks and best regards!
>> Jonathan
>>
>>>
>>> BTW, the jar command is using the same format, therefore I'm adding
>>> core-libs-dev.
>>>
>>> Thanks
>>> Max
>>>
>>>
>>> On 07/06/2012 05:16 PM, Jonathan Lu wrote:
>>>> Hello Max,
>>>>
>>>> I's been a long time since my last mail, I did some investigation and
>>>> had some discussion with i18n developers,  but still did not see a 
>>>> nice
>>>> solution for the alignment problem. There does not seem be an existing
>>>> API to do this job in JDK scope. So I implemented a simple format
>>>> function, and use it to format under different locales.
>>>>
>>>> http://cr.openjdk.java.net/~luchsh/7163483_3/
>>>>
>>>> The patch is trying to format the code in the same way as
>>>> java.util.Date.toString() in the format of "EEE MMM dd HH:mm:ss zzz
>>>> yyyy", except for using names of month and DOW in localized format. So
>>>> far, it works good for me under all supported locales.
>>>>
>>>> Here's a test case to verify the vertical alignment, which I has been
>>>> posted to i18n mailing list before,
>>>> http://cr.openjdk.java.net/~luchsh/VerticalAlignmentTest.java
>>>>
>>>> It may still fail under "vi_VN" locale with this solution due to test
>>>> case limit, but I do not think it is a real failure since the result
>>>> fields still get aligned except for multiple words in one field.
>>>>
>>>> Could you please take a look at the patch?
>>>>
>>>> Many thanks & best regards
>>>> Jonathan
>>>>
>>>> On 04/25/2012 07:48 PM, Weijun Wang wrote:
>>>>> Hi Jonathan
>>>>>
>>>>> I'm using English.
>>>>>
>>>>> In your test all the files have a similar modified time so you cannot
>>>>> see the difference. However, in my example, you can see that the
>>>>> widths for date and hour are not zero-padded so the width can be
>>>>> either 1 or 2.
>>>>>
>>>>> French is even worse
>>>>>
>>>>> smk       76 10 nov. 2009 08:57:54 bin/vbin/go
>>>>> smk     1149 8 avr. 2012 16:03:20 bin/vbin/netbeans
>>>>> smk      170 20 nov. 2009 16:47:42 bin/vbin/syncdown
>>>>> smk      671 8 févr. 2012 20:11:22 bin/vbin/ssh.desktop
>>>>> smk      187 20 nov. 2009 16:47:34 bin/vbin/syncsf
>>>>>
>>>>> So here even the width of month abbr can be different.
>>>>>
>>>>> Thanks
>>>>> Max
>>>>>
>>>>>
>>>>> On 04/25/2012 07:09 PM, Jonathan Lu wrote:
>>>>>> Hello Max,
>>>>>>
>>>>>> Terribly sorry for my misunderstanding!
>>>>>>
>>>>>> On 04/25/2012 05:39 PM, Weijun Wang wrote:
>>>>>>>
>>>>>>>
>>>>>>> On 04/25/2012 05:23 PM, Jonathan Lu wrote:
>>>>>>>> Hi Max,
>>>>>>>>
>>>>>>>> On 04/25/2012 05:12 PM, Weijun Wang wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 04/25/2012 03:28 PM, Jonathan Lu wrote:
>>>>>>>>>> Hi Weijun,
>>>>>>>>>>
>>>>>>>>>> Thanks for your time, I've updated the webrev, could you please
>>>>>>>>>> take a
>>>>>>>>>> look?
>>>>>>>>>> http://cr.openjdk.java.net/~luchsh/7163483_2/
>>>>>>>>>>
>>>>>>>>>> On 04/24/2012 03:06 PM, Weijun Wang wrote:
>>>>>>>>>>> Hi Jonathan
>>>>>>>>>>>
>>>>>>>>>>> Some comments:
>>>>>>>>>>>
>>>>>>>>>>> 1. Can you be sure that the new format always has the same
>>>>>>>>>>> length?
>>>>>>>>>>> jarsigner tries to output in a tabular style and each column
>>>>>>>>>>> should be
>>>>>>>>>>> aligned.
>>>>>>>>>>
>>>>>>>>>> I'm not sure of that, so the test case was updated to compare 
>>>>>>>>>> the
>>>>>>>>>> first
>>>>>>>>>> several tokens to determine whether there's any differences 
>>>>>>>>>> in the
>>>>>>>>>> expression of date time.
>>>>>>>>>
>>>>>>>>> Sorry, I didn't make myself clear last time, I was mainly 
>>>>>>>>> afraid of
>>>>>>>>> unaligned lines that make the output ugly.
>>>>>>>>>
>>>>>>>>> For example:
>>>>>>>>>
>>>>>>>>> smk 76 Nov 10, 2009 8:57:54 AM bin/vbin/go
>>>>>>>>> smk 1149 Apr 8, 2012 4:03:20 PM bin/vbin/netbeans
>>>>>>>>> smk 170 Nov 20, 2009 4:47:42 PM bin/vbin/syncdown
>>>>>>>>> smk 671 Feb 8, 2012 8:11:22 PM bin/vbin/ssh.desktop
>>>>>>>>> smk 187 Nov 20, 2009 4:47:34 PM bin/vbin/syncsf
>>>>>>>>>
>>>>>>>>
>>>>>>>> I think that would not be a problem in the new test case which
>>>>>>>> compares
>>>>>>>> tokenized strings splited by blank spaces instead of 
>>>>>>>> String#equals.
>>>>>>>> Does
>>>>>>>> that make sense?
>>>>>>>
>>>>>>> I'm not talking about the test. It's the output of jarsigner 
>>>>>>> looking
>>>>>>> ugly.
>>>>>>>
>>>>>>> smk 76 Nov 10, 2009 8:57:54 AM bin/vbin/go
>>>>>>> smk 1149 Apr 8, 2012 4:03:20 PM bin/vbin/netbeans
>>>>>>> smk 170 Nov 20, 2009 4:47:42 PM bin/vbin/syncdown
>>>>>>> smk 671 Feb 8, 2012 8:11:22 PM bin/vbin/ssh.desktop
>>>>>>> smk 187 Nov 20, 2009 4:47:34 PM bin/vbin/syncsf
>>>>>>>
>>>>>>> Compare with the current output:
>>>>>>>
>>>>>>> smk 76 Tue Nov 10 08:57:54 CST 2009 bin/vbin/go
>>>>>>> smk 1149 Sun Apr 08 16:03:20 CST 2012 bin/vbin/netbeans
>>>>>>> smk 170 Fri Nov 20 16:47:42 CST 2009 bin/vbin/syncdown
>>>>>>> smk 671 Wed Feb 08 20:11:22 CST 2012 bin/vbin/ssh.desktop
>>>>>>> smk 187 Fri Nov 20 16:47:34 CST 2009 bin/vbin/syncsf
>>>>>>
>>>>>> I did not see unaligned format in my testing, did you get these
>>>>>> unaligned output after applying the patch? From above lines, I 
>>>>>> see the
>>>>>> starting indices of date string in each line are always the same,
>>>>>> which
>>>>>> is achieved by jarsigner, but the length of the date strings are
>>>>>> not the
>>>>>> same, which locale were you testing on?
>>>>>>
>>>>>>>
>>>>>>> Thanks
>>>>>>> Max
>>>>>>>
>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>> Max
>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> 2. You might need to reformat the modified line to make it fit
>>>>>>>>>>> into 80
>>>>>>>>>>> characters width.
>>>>>>>>>>>
>>>>>>>>>>> 3. Why not include the test inside the changeset?
>>>>>>>>>> 2, 3 were done in the new patch
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>> Max
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 04/23/2012 05:46 PM, Jonathan Lu wrote:
>>>>>>>>>>>> Hello security-dev,
>>>>>>>>>>>>
>>>>>>>>>>>> Here's a patch for bug 7163483, could anybody please help to
>>>>>>>>>>>> take a
>>>>>>>>>>>> look?
>>>>>>>>>>>> http://cr.openjdk.java.net/~luchsh/7163483/
>>>>>>>>>>>>
>>>>>>>>>>>> The problem is that command "jarsigner -verify -verbose 
>>>>>>>>>>>> my.jar"
>>>>>>>>>>>> does not
>>>>>>>>>>>> format date string according to current locale. following 
>>>>>>>>>>>> simple
>>>>>>>>>>>> test
>>>>>>>>>>>> case can be used to disclose this problem.
>>>>>>>>>>>>
>>>>>>>>>>>> /*
>>>>>>>>>>>> * Copyright (c) 2012 Oracle and/or its affiliates. All rights
>>>>>>>>>>>> reserved.
>>>>>>>>>>>> * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE 
>>>>>>>>>>>> HEADER.
>>>>>>>>>>>> *
>>>>>>>>>>>> * This code is free software; you can redistribute it and/or
>>>>>>>>>>>> modify it
>>>>>>>>>>>> * under the terms of the GNU General Public License version 2
>>>>>>>>>>>> only, as
>>>>>>>>>>>> * published by the Free Software Foundation.
>>>>>>>>>>>> *
>>>>>>>>>>>> * This code is distributed in the hope that it will be
>>>>>>>>>>>> useful, but
>>>>>>>>>>>> WITHOUT
>>>>>>>>>>>> * ANY WARRANTY; without even the implied warranty of
>>>>>>>>>>>> MERCHANTABILITY or
>>>>>>>>>>>> * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
>>>>>>>>>>>> License
>>>>>>>>>>>> * version 2 for more details (a copy is included in the 
>>>>>>>>>>>> LICENSE
>>>>>>>>>>>> file
>>>>>>>>>>>> that
>>>>>>>>>>>> * accompanied this code).
>>>>>>>>>>>> *
>>>>>>>>>>>> * You should have received a copy of the GNU General Public
>>>>>>>>>>>> License
>>>>>>>>>>>> version
>>>>>>>>>>>> * 2 along with this work; if not, write to the Free Software
>>>>>>>>>>>> Foundation,
>>>>>>>>>>>> * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 
>>>>>>>>>>>> USA.
>>>>>>>>>>>> *
>>>>>>>>>>>> * Please contact Oracle, 500 Oracle Parkway, Redwood 
>>>>>>>>>>>> Shores, CA
>>>>>>>>>>>> 94065
>>>>>>>>>>>> USA
>>>>>>>>>>>> * or visit www.oracle.com if you need additional 
>>>>>>>>>>>> information or
>>>>>>>>>>>> have any
>>>>>>>>>>>> * questions.
>>>>>>>>>>>> */
>>>>>>>>>>>>
>>>>>>>>>>>> /*
>>>>>>>>>>>> * Portions Copyright (c) 2012 IBM Corporation
>>>>>>>>>>>> */
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> import java.io.ByteArrayOutputStream;
>>>>>>>>>>>> import java.io.PrintStream;
>>>>>>>>>>>> import java.util.Locale;
>>>>>>>>>>>> import sun.security.tools.JarSigner;
>>>>>>>>>>>>
>>>>>>>>>>>> public class bug7163483 {
>>>>>>>>>>>>
>>>>>>>>>>>> public static void main(String[] args) throws Exception {
>>>>>>>>>>>> final String[] arg = { "-verify", "-verbose",
>>>>>>>>>>>> System.getProperty("java.home")+"/lib/jce.jar"};
>>>>>>>>>>>>
>>>>>>>>>>>> ByteArrayOutputStream stream = new
>>>>>>>>>>>> ByteArrayOutputStream(1024*64);
>>>>>>>>>>>> PrintStream out = new PrintStream(stream);
>>>>>>>>>>>> System.setOut(out);
>>>>>>>>>>>>
>>>>>>>>>>>> Locale.setDefault(Locale.GERMAN);
>>>>>>>>>>>> JarSigner js = new JarSigner();
>>>>>>>>>>>> js.run(arg);
>>>>>>>>>>>>
>>>>>>>>>>>> out.flush();
>>>>>>>>>>>> String s1 = stream.toString();
>>>>>>>>>>>> s1 = s1.substring(0, s1.length()/2);
>>>>>>>>>>>> stream.reset();
>>>>>>>>>>>>
>>>>>>>>>>>> Locale.setDefault(Locale.FRANCE);
>>>>>>>>>>>> js = new JarSigner();
>>>>>>>>>>>> js.run(arg);
>>>>>>>>>>>>
>>>>>>>>>>>> out.flush();
>>>>>>>>>>>> String s2 = stream.toString();
>>>>>>>>>>>> s2 = s2.substring(0, s2.length()/2);
>>>>>>>>>>>>
>>>>>>>>>>>> if (s1.equals(s2)) {
>>>>>>>>>>>> System.err.println("Header output for GERMAN locale is:"+s1);
>>>>>>>>>>>> System.err.println("Header output for FRANCE locale is:"+s2);
>>>>>>>>>>>> throw new RuntimeException(
>>>>>>>>>>>> "JarSigner verbose outputs are the same after setting
>>>>>>>>>>>> locale!!");
>>>>>>>>>>>> } else {
>>>>>>>>>>>> System.err.println("Header output for GERMAN locale is:"+s1);
>>>>>>>>>>>> System.err.println("Header output for FRANCE locale is:"+s2);
>>>>>>>>>>>> System.err.println("Test passed!");
>>>>>>>>>>>> }
>>>>>>>>>>>> }
>>>>>>>>>>>> }
>>>>>>>>>>>>
>>>>>>>>>>>> Thanks and best regards!
>>>>>>>>>>>> - Jonathan Lu
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Best regards!
>>>>>>>>>> - Jonathan
>>>>>>>>>>
>>>>>>>>>
>>>>>>>> Thanks & regards!
>>>>>>>> - Jonathan
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Thanks
>>>>>> - Jonathan
>>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>>
>





More information about the security-dev mailing list