-
Bug
-
Resolution: Not an Issue
-
P4
-
None
-
1.2.0
-
sparc
-
solaris_2.5
Name: ksC84122 Date: 12/25/98
JavaDoc for constructors
java.util.jar.JarFile.JarFile(File file, boolean verify),
java.util.jar.JarFile.JarFile(String name, boolean verify),
java.util.jar.JarInputStream(InputStream in, boolean verify)
does not specify how actually verification is performed and provides
no links, which can explain verification process.
JavaDoc only states the following about verification:
----------- JarFile()
Parameters:
....
verify - whether or not to verify the JarFile if it is signed.
-----------
or:
----------- JarInputStream()
...If a manifest is present and verify is true, also attempts to verify
the signatures if the JarInputStream is signed....
Parameters:
....
verify - whether or not to verify the JarInputStream if it is signed.
-----------
JarFile source code (in JDK-1.2-V) shows that the constructor just assigns true
to
private boolean verify variable, which is used by other methods. It is not clear
how the verification mechanism works. In case of JarInputStream constructor,
JarVerifier object is created. Again, verification mechanism is not clear.
For JarInputStream constructor also refer to bug N 4193255.
======================================================================