RFR: 8253299: Manifest bytes are read twice when verifying a signed JAR

Claes Redestad redestad at openjdk.java.net
Thu Nov 19 00:12:04 UTC 2020


On Wed, 18 Nov 2020 21:59:01 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

> Small change to retrieve the raw bytes of manifest during verifying signed JAR.

This seems like a good optimization.

I think comparing the manifest name case insensitively might be preferable - e.g. using String.equalsIgnoreCase - but if the worst that can happen is that a non-conventionally cased is read twice then I think what you have here is good.

-------------

Marked as reviewed by redestad (Reviewer).

PR: https://git.openjdk.java.net/jdk/pull/1299



More information about the security-dev mailing list