You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@harmony.apache.org by "George Harley (JIRA)" <ji...@apache.org> on 2006/04/04 19:21:45 UTC

[jira] Resolved: (HARMONY-295) java.util.jar.JarInputStream does not throw Security Exception according to Java 5.0 Spec

     [ http://issues.apache.org/jira/browse/HARMONY-295?page=all ]
     
George Harley resolved HARMONY-295:
-----------------------------------

    Resolution: Fixed

Hi Richard, 

Changes applied to SVN in revision 391368. New tests pass fine against 5.0 RI and Harmony. 

Please could you verify that the patch has been applied as expected. 

Thanks very much for this patch.

Best regards, 
George

> java.util.jar.JarInputStream does not throw Security Exception according to Java 5.0 Spec
> -----------------------------------------------------------------------------------------
>
>          Key: HARMONY-295
>          URL: http://issues.apache.org/jira/browse/HARMONY-295
>      Project: Harmony
>         Type: Bug

>   Components: Classlib
>     Reporter: Richard Liang
>     Assignee: George Harley
>     Priority: Minor
>  Attachments: Harmony295.zip, Modified_Manifest_MainAttributes.jar
>
> According to the new feature in JAR File Specification for java 5.0, .SF signature file which verifies the manifest has a new algorithm. If the main attributes are tampered, harmony will not throw security exception while RI 5.0 will.
> Here is the test code to demo this issue:
>     public void test_JarInputStream_Modified_Manifest_MainAttributes()
>             throws IOException {
>         String path = URLDecoder.decode(this.getClass().getResource(".")
>                 .getPath(), "UTF-8");
>         FileInputStream fin = new FileInputStream(path
>                 + "/Modified_Manifest_MainAttributes.jar");
>         ZipEntry zipEntry = null;
>         JarInputStream jin = new JarInputStream(fin, true);
>         final int indexofDSA = 2;
>         final int totalEntries = 4;
>         int count = 0;
>         while (count == 0 || zipEntry != null) {
>             count++;
>             try {
>                 zipEntry = jin.getNextEntry();
>                 if (count == indexofDSA + 1)
>                     fail("Should throw Security Exception");
>             } catch (SecurityException e) {
>                 if (count != indexofDSA + 1)
>                     throw e;
>             }
>         }
>         assertEquals(totalEntries + 2, count);
>         jin.close();
>         fin.close();
>     }

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira