Probs with checking certificates from JarInputStream

[Chris Gray <ch...@kiffer.be>]

Hi,

We've started adopting Harmony classes for the core APIs of the Mika VM,
currently on a somewhat ad-hoc basis (taking a small group of classes at a
time and manually downgrading them to 1.4 level) Mostly we're very happy with
the results but occasionally we run into problems which I'd like to report here.

Attached SignatureTest2 class is based on an application which wants to check
that a jar file was signed by a recognised principal. For this it creates a
JarInputStream and walks through it using getNextEntry(), calling
getCertificates() on each entry. This code works on RI 1.4 and 1.6, but fails
(getCertificates() returns null) on Harmony, Classpath (at least on the one
from Debian 4) and RI 1.5 - the last is the subject of a bug report no.
6284489. So Harmony is in good company here, but the customer would prefer to
be in the more select company of those who get it right. :-)

It looks to me as if the problem arises because method readCertificates() of
JarVerifier is called when only the manifest has been read, so no signatures
are found in the metaEntries map. However my efforts to fix this so far have
not met with success, maybe someone who knows the code better will have an
idea how to fix it?

Best regards

Chris Gray      /k/ Embedded Java Solutions

_________________________________________
Scarlet says goodbye to download limits!
ADSL20 NO LIMIT, only € 29,95
Go to www.scarlet.be for more info!

Re: Probs with checking certificates from JarInputStream

[Tim Ellison <t....@gmail.com>]

Alexei Fedotov wrote:
> Which code actually does not work?

Chris, can you send us a code snippet illustrating the problem (put into
a JIRA issue ideally).

I'm looking at the JarInputStream(InputStream stream, boolean verify)
method, and it does seem to read the Manifest so a further clue would be
helpful.

Regards,
Tim

Re: Probs with checking certificates from JarInputStream

[Alexei Fedotov <al...@gmail.com>]

Hello Chris,
Which code actually does not work?




On Fri, May 8, 2009 at 5:22 PM, Chris Gray <ch...@kiffer.be> wrote:

> Hi,
>
> We've started adopting Harmony classes for the core APIs of the Mika VM,
> currently on a somewhat ad-hoc basis (taking a small group of classes at a
> time and manually downgrading them to 1.4 level) Mostly we're very happy
> with
> the results but occasionally we run into problems which I'd like to report
> here.
>
> Attached SignatureTest2 class is based on an application which wants to
> check
> that a jar file was signed by a recognised principal. For this it creates a
> JarInputStream and walks through it using getNextEntry(), calling
> getCertificates() on each entry. This code works on RI 1.4 and 1.6, but
> fails
> (getCertificates() returns null) on Harmony, Classpath (at least on the one
> from Debian 4) and RI 1.5 - the last is the subject of a bug report no.
> 6284489. So Harmony is in good company here, but the customer would prefer
> to
> be in the more select company of those who get it right. :-)
>
> It looks to me as if the problem arises because method readCertificates()
> of
> JarVerifier is called when only the manifest has been read, so no
> signatures
> are found in the metaEntries map. However my efforts to fix this so far
> have
> not met with success, maybe someone who knows the code better will have an
> idea how to fix it?
>
> Best regards
>
> Chris Gray      /k/ Embedded Java Solutions
>
> _________________________________________
> Scarlet says goodbye to download limits!
> ADSL20 NO LIMIT, only EURO 29,95
> Go to www.scarlet.be for more info!




-- 
With best regards / с наилучшими пожеланиями,
Alexei Fedotov / Алексей Федотов,
http://www.telecom-express.ru/
http://people.apache.org/~aaf/
http://harmony.apache.org/
http://code.google.com/p/openmeetings/

Re: Probs with checking certificates from JarInputStream

[Tim Ellison <t....@gmail.com>]

Chris Gray wrote:
> Attached SignatureTest2 class ...

Did you attach the wrong file Chris?  I see testbundle/Activator and its
manifest.

Regards,
Tim