Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8253299

Manifest bytes are read twice when verifying a signed JAR

    XMLWordPrintable

    Details

      Backports

        Description

        When verifying a signed JAR, the bytes of the Manifest are read twice:

        - In JarFile.getManifestFromReference():

                    JarEntry manEntry = getManEntry();

                    // If found then load the manifest
                    if (manEntry != null) {
                        if (verify) {
                            byte[] b = getBytes(manEntry);
                           ...

        and then again in JarFile.initializeVerifier(), when it is being read in this loop:

                    for (String name : names) {
                        JarEntry e = getJarEntry(name);
                        if (e == null) {
                            throw new JarException("corrupted jar file");
                        }
                        if (mev == null) {
                            mev = new ManifestEntryVerifier
                                (getManifestFromReference());
                        }
                        byte[] b = getBytes(e);

        Since the raw bytes were previously stored in the manifestRawBytes field of the Manifest, they could be used above instead of reading them again.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                hchao Haimay Chao
                Reporter:
                mullan Sean Mullan
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: