You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@harmony.apache.org by "George Harley (JIRA)" <ji...@apache.org> on 2006/04/04 14:38:43 UTC
[jira] Assigned: (HARMONY-295) java.util.jar.JarInputStream does
not throw Security Exception according to Java 5.0 Spec
[ http://issues.apache.org/jira/browse/HARMONY-295?page=all ]
George Harley reassigned HARMONY-295:
-------------------------------------
Assign To: George Harley
> java.util.jar.JarInputStream does not throw Security Exception according to Java 5.0 Spec
> -----------------------------------------------------------------------------------------
>
> Key: HARMONY-295
> URL: http://issues.apache.org/jira/browse/HARMONY-295
> Project: Harmony
> Type: Bug
> Components: Classlib
> Reporter: Richard Liang
> Assignee: George Harley
> Priority: Minor
> Attachments: Harmony295.zip, Modified_Manifest_MainAttributes.jar
>
> According to the new feature in JAR File Specification for java 5.0, .SF signature file which verifies the manifest has a new algorithm. If the main attributes are tampered, harmony will not throw security exception while RI 5.0 will.
> Here is the test code to demo this issue:
> public void test_JarInputStream_Modified_Manifest_MainAttributes()
> throws IOException {
> String path = URLDecoder.decode(this.getClass().getResource(".")
> .getPath(), "UTF-8");
> FileInputStream fin = new FileInputStream(path
> + "/Modified_Manifest_MainAttributes.jar");
> ZipEntry zipEntry = null;
> JarInputStream jin = new JarInputStream(fin, true);
> final int indexofDSA = 2;
> final int totalEntries = 4;
> int count = 0;
> while (count == 0 || zipEntry != null) {
> count++;
> try {
> zipEntry = jin.getNextEntry();
> if (count == indexofDSA + 1)
> fail("Should throw Security Exception");
> } catch (SecurityException e) {
> if (count != indexofDSA + 1)
> throw e;
> }
> }
> assertEquals(totalEntries + 2, count);
> jin.close();
> fin.close();
> }
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira