Mercurial > hg > openjdk > jdk8 > jdk
changeset 9039:f996a185e9a1
8024659: Clarify JarFile API
Reviewed-by: mullan, ahgross
author | weijun |
---|---|
date | Thu, 19 Sep 2013 10:41:29 +0800 |
parents | a90e9b3c99b8 |
children | 1e3216123667 |
files | src/share/classes/java/util/jar/JarFile.java |
diffstat | 1 files changed, 7 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/java/util/jar/JarFile.java Thu Sep 19 10:40:16 2013 +0800 +++ b/src/share/classes/java/util/jar/JarFile.java Thu Sep 19 10:41:29 2013 +0800 @@ -53,6 +53,13 @@ * or method in this class will cause a {@link NullPointerException} to be * thrown. * + * If the verify flag is on when opening a signed jar file, the content of the + * file is verified against its signature embedded inside the file. Please note + * that the verification process does not include validating the signer's + * certificate. A caller should inspect the return value of + * {@link JarEntry#getCodeSigners()} to further determine if the signature + * can be trusted. + * * @author David Connelly * @see Manifest * @see java.util.zip.ZipFile