-
Bug
-
Resolution: Fixed
-
P4
-
5.0
-
b24
-
generic
-
generic
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8056775 | emb-9 | Unassigned | P4 | Resolved | Fixed | b24 |
Look at
http://java.sun.com/j2se/1.4.2/docs/api/java/security/SignedObject.html#verify(java.security.PublicKey, java.security.Signature)
It is saying that
" Returns:
true if the signature is valid, false otherwise
Throws:
SignatureException - if signature verification failed. "
Which seems to be saying that
either "a false would be return" or "SignatureException would be threw" if
the signature verification failed (signature is invalid)
-- which give too much room to API implementer (vendor) who, therefore, could
implement this API in different way (one of two options).
Hence this spec cause confusion in the customer side who don't know what
to expect really when the signature verification failed
http://java.sun.com/j2se/1.4.2/docs/api/java/security/SignedObject.html#verify(java.security.PublicKey, java.security.Signature)
It is saying that
" Returns:
true if the signature is valid, false otherwise
Throws:
SignatureException - if signature verification failed. "
Which seems to be saying that
either "a false would be return" or "SignatureException would be threw" if
the signature verification failed (signature is invalid)
-- which give too much room to API implementer (vendor) who, therefore, could
implement this API in different way (one of two options).
Hence this spec cause confusion in the customer side who don't know what
to expect really when the signature verification failed
- backported by
-
JDK-8056775 Clarify the return value/exception for java.security.SignedObject.verify
-
- Resolved
-