[ http://issues.apache.org/jira/browse/HARMONY-295?page=comments#action_12373215 ] Richard Liang commented on HARMONY-295: --------------------------------------- Hello George, Looks fine. Please close this issue. Thanks a lot. > java.util.jar.JarInputStream does not throw Security Exception according to Java 5.0 Spec > ----------------------------------------------------------------------------------------- > > Key: HARMONY-295 > URL: http://issues.apache.org/jira/browse/HARMONY-295 > Project: Harmony > Type: Bug > Components: Classlib > Reporter: Richard Liang > Assignee: George Harley > Priority: Minor > Attachments: Harmony295.zip, Modified_Manifest_MainAttributes.jar > > According to the new feature in JAR File Specification for java 5.0, .SF signature file which verifies the manifest has a new algorithm. If the main attributes are tampered, harmony will not throw security exception while RI 5.0 will. > Here is the test code to demo this issue: > public void test_JarInputStream_Modified_Manifest_MainAttributes() > throws IOException { > String path = URLDecoder.decode(this.getClass().getResource(".") > .getPath(), "UTF-8"); > FileInputStream fin = new FileInputStream(path > + "/Modified_Manifest_MainAttributes.jar"); > ZipEntry zipEntry = null; > JarInputStream jin = new JarInputStream(fin, true); > final int indexofDSA = 2; > final int totalEntries = 4; > int count = 0; > while (count == 0 || zipEntry != null) { > count++; > try { > zipEntry = jin.getNextEntry(); > if (count == indexofDSA + 1) > fail("Should throw Security Exception"); > } catch (SecurityException e) { > if (count != indexofDSA + 1) > throw e; > } > } > assertEquals(totalEntries + 2, count); > jin.close(); > fin.close(); > } -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira