RFR: 8339280: jarsigner -verify performs cross-checking between CEN and LOC [v15]
Sean Mullan
mullan at openjdk.org
Thu Mar 27 13:40:29 UTC 2025
On Thu, 27 Mar 2025 02:18:05 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> src/jdk.jartool/share/classes/sun/security/tools/jarsigner/Main.java line 1215:
>>
>>> 1213: if (!cenEntries2.equals(locEntries)) {
>>> 1214: crossChkWarnings.add(rb.getString(
>>> 1215: "entries.mismatch.when.comparing.jarfile.and.jarinputstream"));
>>
>> Do we still need this warning? The meaning is not clear to me. Since we have already compared in both ways, does this only mean the orders are different?
>
> This step checks content and order. As the order does matter, I have this step to explicitly warn about ordering issue.
But they are Sets now, so the order could have changed simply by adding them to the Set. I think this check can be removed.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/23532#discussion_r2016594597
More information about the security-dev
mailing list