-
Type:
Enhancement
-
Resolution: Won't Fix
-
Priority:
P3
-
None
-
Affects Version/s: 9
-
Component/s: security-libs
-
None
From the beginning, the jar file has an “undocumented” assumption that the MANIFEST.MF file and signature-related files (block and SF) should appear at the beginning (except for directory entries, say, META-INF/). Otherwise, depending on if we open the file as a JarFile or as a JarInputStream, a file can be treated sometimes as signed and sometimes not (JDK-8021788). We need to clarify this in the javadoc.
Precisely, if opened as JarFile, we will support any entries order (JDK-8031572). If opened as JarInputStream, MANIFEST.MF must be at the beginning, and supported signature-related files follow (one exception, META-INF/). Otherwise, the behavior is not defined.
An @implNote should be added to JarInputStream documenting the constraints.
Precisely, if opened as JarFile, we will support any entries order (
An @implNote should be added to JarInputStream documenting the constraints.
- relates to
-
JDK-8031572 jarsigner -verify exits with 0 when a jar file is not properly signed
-
- Closed
-
-
-
- Closed
-