From 19860a51fed03c650c2a3b04710e1cd69c78172f Mon Sep 17 00:00:00 2001
From: weijun <unknown>
Date: Thu, 19 Sep 2013 10:41:29 +0800
Subject: [PATCH] 8024659: Clarify JarFile API Reviewed-by: mullan, ahgross

---
 src/share/classes/java/util/jar/JarFile.java | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/share/classes/java/util/jar/JarFile.java b/src/share/classes/java/util/jar/JarFile.java
index 2d5d5861d..9aac6a10c 100644
--- a/src/share/classes/java/util/jar/JarFile.java
+++ b/src/share/classes/java/util/jar/JarFile.java
@@ -53,6 +53,13 @@ import sun.misc.SharedSecrets;
  * or method in this class will cause a {@link NullPointerException} to be
  * thrown.
  *
+ * If the verify flag is on when opening a signed jar file, the content of the
+ * file is verified against its signature embedded inside the file. Please note
+ * that the verification process does not include validating the signer's
+ * certificate. A caller should inspect the return value of
+ * {@link JarEntry#getCodeSigners()} to further determine if the signature
+ * can be trusted.
+ *
  * @author  David Connelly
  * @see     Manifest
  * @see     java.util.zip.ZipFile
-- 
GitLab