harmony-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard Liang (JIRA)" <j...@apache.org>
Subject [jira] Created: (HARMONY-295) java.util.jar.JarInputStream does not throw Security Exception according to Java 5.0 Spec
Date Mon, 03 Apr 2006 09:28:43 GMT
java.util.jar.JarInputStream does not throw Security Exception according to Java 5.0 Spec
-----------------------------------------------------------------------------------------

         Key: HARMONY-295
         URL: http://issues.apache.org/jira/browse/HARMONY-295
     Project: Harmony
        Type: Bug

  Components: Classlib  
    Reporter: Richard Liang
    Priority: Minor


According to the new feature in JAR File Specification for java 5.0, .SF signature file which
verifies the manifest has a new algorithm. If the main attributes are tampered, harmony will
not throw security exception while RI 5.0 will.

Here is the test code to demo this issue:

    public void test_JarInputStream_Modified_Manifest_MainAttributes()
            throws IOException {
        String path = URLDecoder.decode(this.getClass().getResource(".")
                .getPath(), "UTF-8");
        FileInputStream fin = new FileInputStream(path
                + "/Modified_Manifest_MainAttributes.jar");
        ZipEntry zipEntry = null;
        JarInputStream jin = new JarInputStream(fin, true);
        final int indexofDSA = 2;
        final int totalEntries = 4;
        int count = 0;
        while (count == 0 || zipEntry != null) {
            count++;
            try {
                zipEntry = jin.getNextEntry();
                if (count == indexofDSA + 1)
                    fail("Should throw Security Exception");
            } catch (SecurityException e) {
                if (count != indexofDSA + 1)
                    throw e;
            }
        }
        assertEquals(totalEntries + 2, count);
        jin.close();
        fin.close();
    }

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message