Hello Max,
Terribly sorry for my misunderstanding!
On 04/25/2012 05:39 PM, Weijun Wang wrote:
On 04/25/2012 05:23 PM, Jonathan Lu wrote:
Hi Max,
On 04/25/2012 05:12 PM, Weijun Wang wrote:
On 04/25/2012 03:28 PM, Jonathan Lu wrote:
Hi Weijun,
Thanks for your time, I've updated the webrev, could you please take a
look?
http://cr.openjdk.java.net/~luchsh/7163483_2/
On 04/24/2012 03:06 PM, Weijun Wang wrote:
Hi Jonathan
Some comments:
1. Can you be sure that the new format always has the same length?
jarsigner tries to output in a tabular style and each column
should be
aligned.
I'm not sure of that, so the test case was updated to compare the
first
several tokens to determine whether there's any differences in the
expression of date time.
Sorry, I didn't make myself clear last time, I was mainly afraid of
unaligned lines that make the output ugly.
For example:
smk 76 Nov 10, 2009 8:57:54 AM bin/vbin/go
smk 1149 Apr 8, 2012 4:03:20 PM bin/vbin/netbeans
smk 170 Nov 20, 2009 4:47:42 PM bin/vbin/syncdown
smk 671 Feb 8, 2012 8:11:22 PM bin/vbin/ssh.desktop
smk 187 Nov 20, 2009 4:47:34 PM bin/vbin/syncsf
I think that would not be a problem in the new test case which compares
tokenized strings splited by blank spaces instead of String#equals. Does
that make sense?
I'm not talking about the test. It's the output of jarsigner looking
ugly.
smk 76 Nov 10, 2009 8:57:54 AM bin/vbin/go
smk 1149 Apr 8, 2012 4:03:20 PM bin/vbin/netbeans
smk 170 Nov 20, 2009 4:47:42 PM bin/vbin/syncdown
smk 671 Feb 8, 2012 8:11:22 PM bin/vbin/ssh.desktop
smk 187 Nov 20, 2009 4:47:34 PM bin/vbin/syncsf
Compare with the current output:
smk 76 Tue Nov 10 08:57:54 CST 2009 bin/vbin/go
smk 1149 Sun Apr 08 16:03:20 CST 2012 bin/vbin/netbeans
smk 170 Fri Nov 20 16:47:42 CST 2009 bin/vbin/syncdown
smk 671 Wed Feb 08 20:11:22 CST 2012 bin/vbin/ssh.desktop
smk 187 Fri Nov 20 16:47:34 CST 2009 bin/vbin/syncsf
I did not see unaligned format in my testing, did you get these
unaligned output after applying the patch? From above lines, I see the
starting indices of date string in each line are always the same, which
is achieved by jarsigner, but the length of the date strings are not the
same, which locale were you testing on?
Thanks
Max
Thanks
Max
2. You might need to reformat the modified line to make it fit
into 80
characters width.
3. Why not include the test inside the changeset?
2, 3 were done in the new patch
Thanks
Max
On 04/23/2012 05:46 PM, Jonathan Lu wrote:
Hello security-dev,
Here's a patch for bug 7163483, could anybody please help to take a
look?
http://cr.openjdk.java.net/~luchsh/7163483/
The problem is that command "jarsigner -verify -verbose my.jar"
does not
format date string according to current locale. following simple
test
case can be used to disclose this problem.
/*
* Copyright (c) 2012 Oracle and/or its affiliates. All rights
reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or
modify it
* under the terms of the GNU General Public License version 2
only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but
WITHOUT
* ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License
* version 2 for more details (a copy is included in the LICENSE file
that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License
version
* 2 along with this work; if not, write to the Free Software
Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA
94065
USA
* or visit www.oracle.com if you need additional information or
have any
* questions.
*/
/*
* Portions Copyright (c) 2012 IBM Corporation
*/
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import java.util.Locale;
import sun.security.tools.JarSigner;
public class bug7163483 {
public static void main(String[] args) throws Exception {
final String[] arg = { "-verify", "-verbose",
System.getProperty("java.home")+"/lib/jce.jar"};
ByteArrayOutputStream stream = new ByteArrayOutputStream(1024*64);
PrintStream out = new PrintStream(stream);
System.setOut(out);
Locale.setDefault(Locale.GERMAN);
JarSigner js = new JarSigner();
js.run(arg);
out.flush();
String s1 = stream.toString();
s1 = s1.substring(0, s1.length()/2);
stream.reset();
Locale.setDefault(Locale.FRANCE);
js = new JarSigner();
js.run(arg);
out.flush();
String s2 = stream.toString();
s2 = s2.substring(0, s2.length()/2);
if (s1.equals(s2)) {
System.err.println("Header output for GERMAN locale is:"+s1);
System.err.println("Header output for FRANCE locale is:"+s2);
throw new RuntimeException(
"JarSigner verbose outputs are the same after setting locale!!");
} else {
System.err.println("Header output for GERMAN locale is:"+s1);
System.err.println("Header output for FRANCE locale is:"+s2);
System.err.println("Test passed!");
}
}
}
Thanks and best regards!
- Jonathan Lu
Best regards!
- Jonathan
Thanks & regards!
- Jonathan
Thanks
- Jonathan
