Loading...

XML

Word

Printable

Type: Enhancement
Resolution: Fixed
Priority: P4
Fix Version/s: 25
Affects Version/s: None
Component/s: security-libs
Labels:

Subcomponent:
jdk.security
Resolved In Build:
b17
Verification:
Verified

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8368471	21.0.10	Francisco Ferrari Bihurriet	P4	Resolved	Fixed	master

The jarsigner -verify command currently performs verification by reading from JarFile to navigate the central directory (CEN) headers. It is enhanced to include cross-validation of entries. That is, the verification process now reads from both JarFile (CEN-based) and JarInputStream (stream-based) representations of the JAR.

backported by

JDK-8368471 jarsigner -verify performs cross-checking between CEN and LOC

Resolved

duplicates

JDK-8332311 jarsigner can print a warning if verifying with JarInputStream has different result

Closed

relates to

JDK-8353299 VerifyJarEntryName.java test fails

Resolved

JDK-8367782 VerifyJarEntryName.java: Fix modifyJarEntryName to operate on bytes and re-introduce verifySignatureEntryName

Resolved

JDK-8353330 Test runtime/cds/appcds/SignedJar.java fails in CDSHeapVerifier

Resolved

links to

Commit(master) openjdk/jdk21u-dev/3e41a78d

Commit(master) openjdk/jdk/bbd5b174

Review(master) openjdk/jdk8u-dev/699

Review(master) openjdk/jdk11u-dev/3098

Review(master) openjdk/jdk17u-dev/3954

Review(master) openjdk/jdk21u-dev/2235

Review(master) openjdk/jdk/23532

(7 links to)

Assignee:: Haimay Chao

Reporter:: Weijun Wang

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2024-08-29 12:40

Updated:: 2 days ago 06:12

Resolved:: 2025-03-31 07:59

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates