T6 (#813): Remove client main() + repoint per-jar integrity to lib/MANIFEST.MF#821
T6 (#813): Remove client main() + repoint per-jar integrity to lib/MANIFEST.MF#821GOKULRAJ136 wants to merge 3 commits into
Conversation
…ib/MANIFEST.MF Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>
|
Warning Review limit reached
Next review available in: 45 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Repository UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
WalkthroughThe PR moves per-jar integrity data to Changeslib/MANIFEST.MF integrity split and Initialization removal
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@registration/registration-services/src/main/java/io/mosip/registration/update/ClientIntegrityValidator.java`:
- Around line 57-64: The fallback branch in ClientIntegrityValidator should not
treat opening a JarFile with verification enabled as sufficient when
trustedCertificate is missing. Update the logic around verifyIntegrity and the
else path so the client integrity check explicitly reads/verifies signed JarFile
entries (or otherwise fails fast) instead of logging success after constructing
JarFile only. Make sure the missing provider.pem/provider.cer case fails closed
and does not bypass integrity enforcement.
In
`@registration/registration-services/src/main/java/io/mosip/registration/update/ClientSetupValidator.java`:
- Around line 102-109: The same-version validation path is using a stale
constructor-loaded libManifest, so jar checksum checks can miss updates after
the manifest rewrite. Refresh or reload libManifest from the updated jar state
before iterating its entries in ClientSetupValidator, and make sure the checksum
validation logic uses the current per-jar manifest data rather than the original
local copy.
- Around line 160-162: The IOException catch in ClientSetupValidator currently
hides the underlying manifest load failure by throwing a RegBaseCheckedException
without the cause. Update the exception handling in the manifest-loading path to
use the RegBaseCheckedException constructor that accepts the caught IOException,
so the failure reason is preserved for cases like permission or corruption
issues; keep the existing errorCode and label message, but pass e through when
rethrowing.
In
`@registration/registration-services/src/test/java/io/mosip/registration/test/update/ClientIntegrityValidatorTest.java`:
- Around line 55-80: The `ClientIntegrityValidatorTest` methods are sharing the
fixed working-directory `lib/MANIFEST.MF` path, which makes them flaky when test
order changes or when another test like `ManifestCreatorTest` also touches the
same file. Update `verifyClientIntegrityTest` and
`verifyClientIntegrityManifestPresentTest` to save the pre-existing
`lib/MANIFEST.MF` and `lib/` state before modifying them, then restore or clean
up that state in teardown/finally so the tests remain isolated and do not depend
on external filesystem state.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 9d0019ce-11d6-4fc1-befc-9887aaffaebf
📒 Files selected for processing (13)
registration/registration-client/pom.xmlregistration/registration-client/src/main/java/io/mosip/registration/controller/Initialization.javaregistration/registration-client/src/main/java/io/mosip/registration/util/control/FxControl.javaregistration/registration-client/src/main/java/io/mosip/registration/util/control/impl/ButtonFxControl.javaregistration/registration-client/src/main/java/io/mosip/registration/util/control/impl/CheckBoxFxControl.javaregistration/registration-client/src/main/java/io/mosip/registration/util/control/impl/DOBFxControl.javaregistration/registration-client/src/main/java/io/mosip/registration/util/control/impl/DropDownFxControl.javaregistration/registration-services/src/main/java/io/mosip/registration/update/ClientIntegrityValidator.javaregistration/registration-services/src/main/java/io/mosip/registration/update/ClientSetupValidator.javaregistration/registration-services/src/main/java/io/mosip/registration/update/SoftwareUpdateUtil.javaregistration/registration-services/src/test/java/io/mosip/registration/test/update/ClientIntegrityValidatorTest.javaregistration/registration-services/src/test/java/io/mosip/registration/test/update/ClientSetupValidatorTest.javaregistration/registration-services/src/test/java/io/mosip/registration/test/update/ManifestCreatorTest.java
💤 Files with no reviewable changes (7)
- registration/registration-client/src/main/java/io/mosip/registration/util/control/impl/CheckBoxFxControl.java
- registration/registration-client/src/main/java/io/mosip/registration/controller/Initialization.java
- registration/registration-client/src/main/java/io/mosip/registration/util/control/impl/DropDownFxControl.java
- registration/registration-client/src/main/java/io/mosip/registration/util/control/impl/ButtonFxControl.java
- registration/registration-client/src/main/java/io/mosip/registration/util/control/impl/DOBFxControl.java
- registration/registration-client/pom.xml
- registration/registration-client/src/main/java/io/mosip/registration/util/control/FxControl.java
Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
registration/registration-services/src/test/java/io/mosip/registration/test/update/ClientIntegrityValidatorTest.java (1)
81-84: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick winAssert the missing-manifest failure, not just
SecurityException.
verifyClientIntegrity()wraps many failures in the same exception type, so this test can go green for the wrong reason. Check the nested cause/message forlib/MANIFEST.MFto exercise the intended path.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@registration/registration-services/src/test/java/io/mosip/registration/test/update/ClientIntegrityValidatorTest.java` around lines 81 - 84, The verifyClientIntegrityTest currently only asserts SecurityException, which can pass for unrelated failures; update the test around ClientIntegrityValidator.verifyClientIntegrity() to verify the missing-manifest path specifically by asserting the nested cause or message mentions lib/MANIFEST.MF, so the test exercises the intended failure instead of any generic security error.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In
`@registration/registration-services/src/test/java/io/mosip/registration/test/update/ClientIntegrityValidatorTest.java`:
- Around line 60-75: In ClientIntegrityValidatorTest, the setup and teardown
logic around lib/MANIFEST.MF ignores failures from delete() and renameTo(),
which can leave the manifest in an unexpected state. Update the backup/restore
flow in the init/restore methods to fail fast by checking each file operation
result or using checked file move/delete APIs, so test state is reliably
restored via libManifest, libManifestBackup, and restoreLibManifest.
---
Outside diff comments:
In
`@registration/registration-services/src/test/java/io/mosip/registration/test/update/ClientIntegrityValidatorTest.java`:
- Around line 81-84: The verifyClientIntegrityTest currently only asserts
SecurityException, which can pass for unrelated failures; update the test around
ClientIntegrityValidator.verifyClientIntegrity() to verify the missing-manifest
path specifically by asserting the nested cause or message mentions
lib/MANIFEST.MF, so the test exercises the intended failure instead of any
generic security error.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 6179e854-9ee8-4a76-8ee1-6252d2ecd0f2
📒 Files selected for processing (3)
registration/registration-services/src/main/java/io/mosip/registration/update/ClientIntegrityValidator.javaregistration/registration-services/src/main/java/io/mosip/registration/update/ClientSetupValidator.javaregistration/registration-services/src/test/java/io/mosip/registration/test/update/ClientIntegrityValidatorTest.java
Signed-off-by: GOKULRAJ136 <110164849+GOKULRAJ136@users.noreply.github.com>
Refer Story #807
Fixes #813
Summary by CodeRabbit
lib/manifest files in the correct locations.lib/MANIFEST.MFis missing or cannot be loaded.lib/MANIFEST.MFfile or its detached signature.lib/MANIFEST.MFdeterministically, including fail-closed coverage.