RFR: 8300140: ZipFile.isSignatureRelated returns true for files in META-INF subdirectories [v3]
Eirik Bjorsnos
duke at openjdk.org
Sun Jan 15 14:40:11 UTC 2023
On Sat, 14 Jan 2023 13:17:32 GMT, Eirik Bjorsnos <duke at openjdk.org> wrote:
>> test/jdk/java/util/jar/JarFile/VerifyUnrelatedSignatureFiles.java line 61:
>>
>>> 59: File j = createJarFile();
>>> 60: File s = signJarFile(j, "signed");
>>> 61: File m = moveSignatureRelated(s);
>>
>> Try sign it again to a different file. Let's see if the moved files are also signed.
>
> Nice, I added a check which verifies that a JAR containing non signature related files is signed as expected
I also added a check verifying that JarSigner does not move unrelated signature files to the beginning of the signed JAR
-------------
PR: https://git.openjdk.org/jdk/pull/11976
More information about the security-dev
mailing list