On Fri, 3 Feb 2023 08:01:21 GMT, Eirik Bjorsnos <[email protected]> wrote:
>> This PR resurrects VerifySignedJar which currently tests nothing. >> >> VerifySignedJar currently verifies a binary JAR which was signed with SHA-1 >> back in April 2000. Because SHA-1 signed JARs has been disabled for a while, >> the JAR is treated as unsigned so the test doesn't really test anything as >> of now. >> >> The test is updated in the following ways: >> >> - The JAR used for verification is now created and signed with SHA-256 by >> the test itself >> - The test is updated to check that the JAR is actually signed and with the >> expected certificate >> - JarEntry InputStreams are now read fully to ensure verification of all >> entries >> - Objects.requireNonNull is used to check that entries returned by >> getEntry, getJarEntry are non-null >> - The existing binary JAR is retired > > Eirik Bjorsnos has updated the pull request incrementally with one additional > commit since the last revision: > > Add whitespace after "if" > > Co-authored-by: Andrey Turbanov <[email protected]> test/jdk/java/util/jar/JarFile/VerifySignedJar.java line 76: > 74: // Read entry by name > 75: ZipEntry ze = > Objects.requireNonNull(jf.getEntry("getprop.class")); > 76: JarEntry je = > Objects.requireNonNull(jf.getJarEntry("getprop.class")); There is no need to store the outputs to variables. Also, for the `Unreached` lines below, we have `jdk.test.lib.Utils::runAndCheckException` which is good at catching exceptions. Utils.runAndCheckException(() -> jf.getEntry(null), NullPointerException.class); Utils.runAndCheckException(() -> jf.getJarEntry(null), NullPointerException.class); Utils.runAndCheckException(() -> jf.getInputStream(null), NullPointerException.class); ------------- PR: https://git.openjdk.org/jdk/pull/12206
