JDK-8015414 : Signature verification fails after pack200
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.util.jar
  • Affected Version: 7u9
  • Priority: P4
  • Status: Open
  • Resolution: Unresolved
  • Submitted: 2013-03-20
  • Updated: 2018-10-12
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
tbdUnresolved
Related Reports
Relates :  
Relates :  
Relates :  
Description
FULL PRODUCT VERSION :
java version  " 1.7.0_09 " 
Java(TM) SE Runtime Environment (build 1.7.0_09-b05)
Java HotSpot(TM) Client VM (build 23.5-b02, mixed mode, sharing)

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]

EXTRA RELEVANT SYSTEM CONFIGURATION :
also present in the beta of 1.7.0 update 10

A DESCRIPTION OF THE PROBLEM :
signature verification fails on ~4m (uncompressed) jar file after running pack200 compression.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
create 4-5 MB jar.
Sign it .
verify signature
compress with pack200 -effort=9
verify signature

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
signature verification should be successful
ACTUAL -
verification fails

ERROR MESSAGES/STACK TRACES THAT OCCUR :
something with SHA-256 signature ..

REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
workaround is to use --segment-limit=-1