RFR: 8215788: Clarify JarInputStream Manifest access [v2]
Weijun Wang
weijun at openjdk.org
Wed Sep 14 02:25:42 UTC 2022
On Wed, 14 Sep 2022 01:42:20 GMT, Lance Andersen <lancea at openjdk.org> wrote:
>> Please review this PR which updates the JarInputStream class description to clarify when the Manifest is accessible via JarInputStream::getManifest and JarInputStream::get[Jar]Entry.
>>
>> It is worth noting that with this update, we are finally documenting behavior that dates back to when this class was added to JDK 1.2
>>
>>
>> Best,
>> Lance
>
> Lance Andersen has updated the pull request incrementally with one additional commit since the last revision:
>
> changed linkplain to link and updated note wording
Only tiny comments for the last paragraph.
That said, I have some questions on the other parts of this file:
1. In `getNextEntry`, the method spec says "If verification has been enabled, any invalid signature detected while positioning the stream for the next entry will result in an exception." What does this mean?
2. In `getManifest`, the method spec says "or null if none". Do we need to say "if not found"?
src/java.base/share/classes/java/util/jar/JarInputStream.java line 76:
> 74: * the signers.
> 75: * <p>
> 76: * <b>Note:</b>If a {@code JarEntry} is modified after the Jar file is signed,
Add a space before `If`. Capitalize `Jar`.
-------------
PR: https://git.openjdk.org/jdk/pull/10045
More information about the security-dev
mailing list