On Tue, 2 Dec 2025 20:28:50 GMT, Koushik Muthukrishnan Thirupattur <[email protected]> wrote:
> The implementation of JarEntry.getCodeSigners() and getCertificates() both > return a copy of the original array. However, the documentation of these 2 > methods currently doesn't specify this. There are a lot of APIs that return an array. Some of them use an array internally and so need to make a defensive copy/clone to return. Jai may be able to say more on the motivation for JDK-8370688. Maybe a concern with code uses identity to check equality, or maybe the concern was that the caller could modify the JarEntry's certs/signers by modifying the array? I don't think the proposed change addresses either concern. We could potentially change the `@return` description to say that it returns a new array, which makes it a testable assertion. There are many other methods that return arrays, including other methods that return arrays of certs and code signers so we might want to change these at the same time. @seanjmullan @wangweij Do you know if there has been any discussion about deprecating getCertificates? Developers have been re-directed to use getCodeSigners since JDK 5. ------------- PR Comment: https://git.openjdk.org/jdk/pull/28615#issuecomment-3605690364
