RFR 8022761: SQE test regression on wrongly signed indexed jar file

Weijun Wang weijun.wang at oracle.com
Mon Aug 26 08:08:43 UTC 2013


Ping again.

On 8/19/13 9:11 PM, Weijun Wang wrote:
> Hi Sherman
>
> I try out "jar i" after signing and it puts INDEX.LIST at the very
> beginning of the file. Does this mean INDEX.LIST was actually an
> exception? Or it just "jari" bug?
>
> Anyway, I think I should update the fix for 8021788 and here is the webrev:
>
>    http://cr.openjdk.java.net/~weijun/8022761/webrev.00/
>
> Now it also skips INDEX.LIST, i.e. update line 142 to
>
>    if (uname.equals(JarFile.MANIFEST_NAME) ||
>            uname.equals(JarIndex.INDEX_NAME) ) {
>
> After this change, if INDEX.LIST appears before the MANIFEST and
> signature-related files, it will not be treated as signed. This should
> usually be true because it only happens when you call "jar i" after
> signing a jar which means INDEX.LIST *is* unsigned.
>
> Thanks
> Max
>
> On 8/12/13 12:18 PM, Weijun Wang wrote:
>> Hi Sherman
>>
>> SQE observes a regression in their test suite and
>> the reason is my recent fix for 8021788 at
>>
>>    http://hg.openjdk.java.net/jdk8/tl/jdk/rev/758e3117899c
>>
>> The jar file mentioned contains
>>
>>      66 Mon Jun 04 15:42:18 CST 2007 META-INF/INDEX.LIST
>>     323 Sat Apr 01 15:47:28 CST 2000 META-INF/MANIFEST.MF
>>     376 Mon Jun 04 15:41:00 CST 2007 META-INF/MYKEY.SF
>>     972 Sat Apr 01 15:47:38 CST 2000 META-INF/MYKEY.DSA
>>       0 Sat Apr 01 15:46:58 CST 2000 META-INF/
>>       0 Sat Apr 01 15:45:16 CST 2000 test/
>>      21 Sat Apr 01 15:46:24 CST 2000 test/test0
>>      21 Sat Apr 01 15:46:18 CST 2000 test/test1
>>      21 Sat Apr 01 15:46:04 CST 2000 test/test2
>>      21 Sat Apr 01 15:46:10 CST 2000 test/test3
>>
>> After JDK-8021788, the file is regarded as an unsigned jar because the
>> updated JarVerifier goes thru all signature-related files and treats all
>> others not. Here the first one is not signature-related so none is.
>>
>> Is fix for JDK-8021788 wrong? Inside JarVerifier.java, we have
>>
>>    * Assumptions:
>>    * 1. The manifest should be the first entry in the META-INF directory.
>>    * 2. The .SF/.DSA/.EC files follow the manifest, before any normal
>> entries
>>
>> Is this INDEX.LIST an exception?
>>
>> Thanks
>> Max



More information about the security-dev mailing list