You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@harmony.apache.org by "Richard Liang (JIRA)" <ji...@apache.org> on 2006/04/05 04:44:51 UTC

[jira] Commented: (HARMONY-295) java.util.jar.JarInputStream does not throw Security Exception according to Java 5.0 Spec

    [ http://issues.apache.org/jira/browse/HARMONY-295?page=comments#action_12373215 ] 

Richard Liang commented on HARMONY-295:
---------------------------------------

Hello George,

Looks fine. Please close this issue. Thanks a lot.

> java.util.jar.JarInputStream does not throw Security Exception according to Java 5.0 Spec
> -----------------------------------------------------------------------------------------
>
>          Key: HARMONY-295
>          URL: http://issues.apache.org/jira/browse/HARMONY-295
>      Project: Harmony
>         Type: Bug

>   Components: Classlib
>     Reporter: Richard Liang
>     Assignee: George Harley
>     Priority: Minor
>  Attachments: Harmony295.zip, Modified_Manifest_MainAttributes.jar
>
> According to the new feature in JAR File Specification for java 5.0, .SF signature file which verifies the manifest has a new algorithm. If the main attributes are tampered, harmony will not throw security exception while RI 5.0 will.
> Here is the test code to demo this issue:
>     public void test_JarInputStream_Modified_Manifest_MainAttributes()
>             throws IOException {
>         String path = URLDecoder.decode(this.getClass().getResource(".")
>                 .getPath(), "UTF-8");
>         FileInputStream fin = new FileInputStream(path
>                 + "/Modified_Manifest_MainAttributes.jar");
>         ZipEntry zipEntry = null;
>         JarInputStream jin = new JarInputStream(fin, true);
>         final int indexofDSA = 2;
>         final int totalEntries = 4;
>         int count = 0;
>         while (count == 0 || zipEntry != null) {
>             count++;
>             try {
>                 zipEntry = jin.getNextEntry();
>                 if (count == indexofDSA + 1)
>                     fail("Should throw Security Exception");
>             } catch (SecurityException e) {
>                 if (count != indexofDSA + 1)
>                     throw e;
>             }
>         }
>         assertEquals(totalEntries + 2, count);
>         jin.close();
>         fin.close();
>     }

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira