RFR: 8031572: jarsigner -verify exits with 0 when a jar file is not properly signed

Wang Weijun weijun.wang at oracle.com
Tue Jan 21 23:01:18 PST 2014


Hi All

Please take a look at the webrev at

   http://cr.openjdk.java.net/~weijun/8031572/8/webrev.00/

JarVerifier has a flag that separates parsing signatures and verifying other entries. The fix makes sure only signature-related files are processed in the beginning so JarVerifier does not enter the second stage prematurely. Please note that JarInputStream always feeds JarVerifier by natural order so once a non-signatued-related file is processed it goes into verification stage and will not parse a signature anymore.

Maybe a smarter solution is to be *always on alert*, which means at anytime an incoming entry can be anything, so that even if signature-related files appear at the middle of a file, at least those come after them can be treated as signed when opening with a JarInputStream. This will be a huge change to the JarVerifier class and IMHO does not really help much. Also I don’t want to consider it at this final time of JDK 8.

You can also find webrevs for jdk9 and jdk7u at

   http://cr.openjdk.java.net/~weijun/8031572/webrev.00/

and

   http://cr.openjdk.java.net/~weijun/8031572/7/webrev.00/

There are some tiny differences. For 9, the JarVerifier fix needs to be rebased on a language style changeset.  For 7u, there are some differences in the test because of class name change, implicit final, and default method.

Thanks
Max



More information about the security-dev mailing list