Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4199921

java.util.jar.JarFile.JarFile() spec does not explain verification

    • sparc
    • solaris_2.5



      Name: ksC84122 Date: 12/25/98


      JavaDoc for constructors
      java.util.jar.JarFile.JarFile(File file, boolean verify),
      java.util.jar.JarFile.JarFile(String name, boolean verify),
      java.util.jar.JarInputStream(InputStream in, boolean verify)
      does not specify how actually verification is performed and provides
      no links, which can explain verification process.

      JavaDoc only states the following about verification:

      ----------- JarFile()
      Parameters:
      ....
      verify - whether or not to verify the JarFile if it is signed.
      -----------
      or:
      ----------- JarInputStream()
      ...If a manifest is present and verify is true, also attempts to verify
           the signatures if the JarInputStream is signed....
      Parameters:
      ....
      verify - whether or not to verify the JarInputStream if it is signed.
      -----------

      JarFile source code (in JDK-1.2-V) shows that the constructor just assigns true
      to
      private boolean verify variable, which is used by other methods. It is not clear
      how the verification mechanism works. In case of JarInputStream constructor,
      JarVerifier object is created. Again, verification mechanism is not clear.

      For JarInputStream constructor also refer to bug N 4193255.

      ======================================================================

            asommere Alan Sommerer (Inactive)
            ksoshals Kirill Soshalskiy (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: