JDK-6883983 : JarVerifier dependency on sun.security.pkcs should be removed
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.util.jar
  • Affected Version: 7
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2009-09-21
  • Updated: 2010-05-09
  • Resolved: 2009-10-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7
7 b75Fixed
Description
java.util.jar.JarVerifier contains the following code:

	    } catch (sun.security.pkcs.ParsingException pe) {
                if (debug != null) debug.println("processEntry caught: "+pe);
                // ignore and treat as unsigned
            } catch (IOException ioe) {
                if (debug != null) debug.println("processEntry caught: "+ioe);
                // ignore and treat as unsigned

This dependency on a provider specific class should be removed.

Comments
EVALUATION This undesirable dependency should be removed.
2009-10-13

SUGGESTED FIX sun.security.pkcs.ParsingException extends java.io.IOException so the catch clause at l.296 of JarVerifier.java can safely be removed.
2009-10-05