JDK-6901143 : TEST_BUG sun/security/tools/jarsigner/emptymanifest.sh use illegal key -strict for jarsigner
  • Type: Bug
  • Component: other-libs
  • Sub-Component: other
  • Affected Version: 5.0u23-rev
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: solaris_10
  • CPU: sparc
  • Submitted: 2009-11-13
  • Updated: 2012-08-06
  • Resolved: 2009-12-09
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
5.0u23 b01Fixed
Related Reports
Relates :  
JDK-6712755 - jarsigner fails to sign itextasian.jar since 1.5.0_b14, it works with 1.5.0_13
Description
Testsuite name: regression 5u23b90
JDK/JRE tested: 5u23b90
OS/architecture: solaris10 sparc
Reproducible: Always
Reproducible on machine: stt-21.russia, stt-20.russia
[If sometimes] Also reproducible on machine:
Is it a platform specific regression: N
Is it a Regression: N
This test is for CR 6712755
It's a test bug, test fails due to it uses "-strict" key for jarsigner
---------------------TEST SOURCE---------------------------
 ...
JARSIGNER=$TESTJAVA${FS}bin${FS}jarsigner
 ...
$JARSIGNER -keystore $KS -storepass changeit $JFILE a || exit 1
$JARSIGNER -keystore $KS -verify -debug -strict $JFILE || exit 2
 ...
-----------------------------------------------------------

So it produce on run:
------------------------jtr--------------------------------
----------System.out:(43/1397)----------
  adding: META-INF/MANIFEST.MF (stored 0%)
  adding: A (stored 0%)
  adding: B (stored 0%)
Usage: jarsigner [options] jar-file alias
       jarsigner -verify [options] jar-file

[-keystore <url>]           keystore location

[-storepass <password>]     password for keystore integrity

[-storetype <type>]         keystore type

[-keypass <password>]       password for private key (if different)

[-sigfile <file>]           name of .SF/.DSA file

[-signedjar <file>]         name of signed JAR file

[-verify]                   verify a signed JAR file

[-verbose]                  verbose output when signing/verifying

[-certs]                    display certificates when verbose and verifying

[-tsa <url>]                location of the Timestamping Authority

[-tsacert <alias>]          public key certificate for Timestamping Authority

[-altsigner <class>]        class name of an alternative signing mechanism

[-altsignerpath <pathlist>] location of an alternative signing mechanism

[-internalsf]               include the .SF file inside the signature block

[-sectionsonly]             don't compute hash of entire manifest

[-protected]                keystore has protected authentication path

[-providerName <name>]      provider name

[-providerClass <class>     name of cryptographic service provider's
  [-providerArg <arg>]] ... master class file and constructor argument

----------System.err:(3/103)----------

-----------------------------------------------------------
So test ends with :

Failed. Execution failed: exit code 2

But I try to run it without "-strict" and so test passed successfully. So there is diff of my changes:

-------------------------------diff emptymanifest.sh emptymanifest_.sh------------------
42c42
< $JARSIGNER -keystore $KS -verify -debug -strict $JFILE || exit 2
---
> $JARSIGNER -keystore $KS -verify -debug $JFILE || exit 2
-----------------------------------------------------------------------------------------
So it may be a way to solve this problem - to remove "-strict" if it had not some special meaning for testing.

Because such jdk has not such key to jarsigner:
--------------------------------------------------------------------------------------------
jdk1.5.0_23/bin/jarsigner
Usage: jarsigner [options] jar-file alias
       jarsigner -verify [options] jar-file

[-keystore <url>]           keystore location

[-storepass <password>]     password for keystore integrity

[-storetype <type>]         keystore type

[-keypass <password>]       password for private key (if different)

[-sigfile <file>]           name of .SF/.DSA file

[-signedjar <file>]         name of signed JAR file

[-verify]                   verify a signed JAR file

[-verbose]                  verbose output when signing/verifying

[-certs]                    display certificates when verbose and verifying

[-tsa <url>]                location of the Timestamping Authority

[-tsacert <alias>]          public key certificate for Timestamping Authority

[-altsigner <class>]        class name of an alternative signing mechanism

[-altsignerpath <pathlist>] location of an alternative signing mechanism

[-internalsf]               include the .SF file inside the signature block

[-sectionsonly]             don't compute hash of entire manifest

[-protected]                keystore has protected authentication path

[-providerName <name>]      provider name

[-providerClass <class>     name of cryptographic service provider's
  [-providerArg <arg>]] ... master class file and constructor argument

--------------------------------------------------------------------------------------------------

Test run log location:

Steps to reproduce:
Comments
EVALUATION Need to remove the -strict option.
24-11-2009