P4
ADDITIONAL SYSTEM INFORMATION :
Windows 10
Java 20.0.1
Java 17.0.7
Java 11.0.18
A DESCRIPTION OF THE PROBLEM :
When reading a jar file with ZipInputStream, if the jar has been signed with jarsigner, ZipEntry.getSize() only reports a size of -1 for all files.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Read an unsigned jar entry-by-entry, invoking getSize() for each entry.
Sign the jar and repeat.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Both should report sizes for files that have sizes. For files added/modified by the signing process, the two may differ.
ACTUAL -
In the run against the unsigned jar, all files in the jar report a size.
In the run against the signed jar, no files in the jar report a size.
---------- BEGIN SOURCE ----------
package testpackage;
import java.io.IOException;
import java.net.URL;
import java.security.CodeSource;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
public class Launcher
{
public static void main(String[] args)
{
CodeSource codeSource = Launcher.class.getProtectionDomain().getCodeSource();
URL jarUrl = codeSource.getLocation();
try( ZipInputStream zip = new ZipInputStream(jarUrl.openStream()))
{
while(true)
{
ZipEntry e = zip.getNextEntry();
if (e == null)
break;
System.out.print("Inspecting Zip Entry for " + e);
if(e.isDirectory()) System.out.println(" (Directory)");
System.out.println(" size/cSize: " + e.getSize() + "/" + e.getCompressedSize());
}
} catch (IOException err)
{
err.printStackTrace();
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Don't use sizes from signed jars (This implies that if you actually require the size, you can't sign the jar).
FREQUENCY : always
Windows 10
Java 20.0.1
Java 17.0.7
Java 11.0.18
A DESCRIPTION OF THE PROBLEM :
When reading a jar file with ZipInputStream, if the jar has been signed with jarsigner, ZipEntry.getSize() only reports a size of -1 for all files.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Read an unsigned jar entry-by-entry, invoking getSize() for each entry.
Sign the jar and repeat.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Both should report sizes for files that have sizes. For files added/modified by the signing process, the two may differ.
ACTUAL -
In the run against the unsigned jar, all files in the jar report a size.
In the run against the signed jar, no files in the jar report a size.
---------- BEGIN SOURCE ----------
package testpackage;
import java.io.IOException;
import java.net.URL;
import java.security.CodeSource;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
public class Launcher
{
public static void main(String[] args)
{
CodeSource codeSource = Launcher.class.getProtectionDomain().getCodeSource();
URL jarUrl = codeSource.getLocation();
try( ZipInputStream zip = new ZipInputStream(jarUrl.openStream()))
{
while(true)
{
ZipEntry e = zip.getNextEntry();
if (e == null)
break;
System.out.print("Inspecting Zip Entry for " + e);
if(e.isDirectory()) System.out.println(" (Directory)");
System.out.println(" size/cSize: " + e.getSize() + "/" + e.getCompressedSize());
}
} catch (IOException err)
{
err.printStackTrace();
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
Don't use sizes from signed jars (This implies that if you actually require the size, you can't sign the jar).
FREQUENCY : always