Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8066658

pack200 --repack leading to signature verification failure

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Duplicate
    • Affects Version/s: 7u71
    • Fix Version/s: None
    • Component/s: deploy
    • Labels:
    • CPU:
      x86
    • OS:
      windows_8

      Description

      FULL PRODUCT VERSION :
      java version "1.6.0_45"
      Java(TM) SE Runtime Environment (build 1.6.0_45-b06)
      Java HotSpot(TM) Client VM (build 20.45-b01, mixed mode, sharing)

      runtime version: 1.7.0_71

      ADDITIONAL OS VERSION INFORMATION :
      Windows 8

      A DESCRIPTION OF THE PROBLEM :
      I started noticing since Java 1.70 that one of my jar files is failing signature verification after the following sequence

      pack200 --repack a.jar
      jarsigner a.jar ... ..
      pack200 a.jar.pack.gz a.jar


      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      pack200 --repack a.jar
      jarsigner a.jar ... ..
      pack200 a.jar.pack.gz a.jar

      I use the following methods to check for the validity of the signature for the jar file and the pack.gz file:

      1.
      jarsigner -verify a.jar // this always succeeds

      jar verified.

      2.

      unpack200 a.jar.pack.gz temp.jar
      jarsigner -verify temp.jar // this fails for a particular jar file

      jarsigner: java.lang.SecurityException: SHA1 digest error for xyz.class


      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      Signature verification should succeed after the pack.gz file is unpacked.
      ACTUAL -
      Signature verification fails. This makes the pack.gz file unsuitable for an applet.

      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      jarsigner: java.lang.SecurityException: SHA1 digest error for xyz.class

      REPRODUCIBILITY :
      This bug can be reproduced always.

      ---------- BEGIN SOURCE ----------
      Please download the jar file to reproduce this bug from: www.subsystems.com/zip/oracle/tej22.jar
      ---------- END SOURCE ----------

      CUSTOMER SUBMITTED WORKAROUND :
      as a work-around, I am using the segment-limit of 2.

      pack200 --segment-limit=2 -r tej22.jar

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              van Vivi An (Inactive)
              Reporter:
              webbuggrp Webbug Group
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: