JDK-7096008 : treating signed files as files even if not ALL files in the jar are signed
  • Type: Bug
  • Component: tools
  • Sub-Component: jar
  • Affected Version: 6u26
  • Priority: P4
  • Status: Open
  • Resolution: Unresolved
  • OS: linux
  • CPU: x86
  • Submitted: 2011-09-28
  • Updated: 2012-07-23
Description
FULL PRODUCT VERSION :


ADDITIONAL OS VERSION INFORMATION :
(not really relevant) 2.6.35.14-96.fc14.x86_64

A DESCRIPTION OF THE PROBLEM :
Additional details are at
https://bugzilla.redhat.com/show_bug.cgi?id=738814
where it is suggested that I file a bug report here.
The original issue was that an old jarsigner failed to sign the supposedly optional INDEX.LIST file
and this causes all of the other contents of the jar to be rejected.  Given that the individual files are signed, I don't understand why they are not trusted and used.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
regression: I believe this does work in older versions of java


REPRODUCIBILITY :
This bug can be reproduced always.