|
1 /* |
|
2 * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. Oracle designates this |
|
8 * particular file as subject to the "Classpath" exception as provided |
|
9 * by Oracle in the LICENSE file that accompanied this code. |
|
10 * |
|
11 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 * version 2 for more details (a copy is included in the LICENSE file that |
|
15 * accompanied this code). |
|
16 * |
|
17 * You should have received a copy of the GNU General Public License version |
|
18 * 2 along with this work; if not, write to the Free Software Foundation, |
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 * |
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 * or visit www.oracle.com if you need additional information or have any |
|
23 * questions. |
|
24 */ |
|
25 |
|
26 package java.util.jar; |
|
27 |
|
28 import java.io.*; |
|
29 import java.lang.ref.SoftReference; |
|
30 import java.net.URL; |
|
31 import java.util.*; |
|
32 import java.util.stream.Stream; |
|
33 import java.util.stream.StreamSupport; |
|
34 import java.util.zip.*; |
|
35 import java.security.CodeSigner; |
|
36 import java.security.cert.Certificate; |
|
37 import java.security.AccessController; |
|
38 import java.security.CodeSource; |
|
39 import sun.misc.IOUtils; |
|
40 import sun.security.action.GetPropertyAction; |
|
41 import sun.security.util.ManifestEntryVerifier; |
|
42 import sun.misc.SharedSecrets; |
|
43 import sun.security.util.SignatureFileVerifier; |
|
44 |
|
45 /** |
|
46 * The <code>JarFile</code> class is used to read the contents of a jar file |
|
47 * from any file that can be opened with <code>java.io.RandomAccessFile</code>. |
|
48 * It extends the class <code>java.util.zip.ZipFile</code> with support |
|
49 * for reading an optional <code>Manifest</code> entry. The |
|
50 * <code>Manifest</code> can be used to specify meta-information about the |
|
51 * jar file and its entries. |
|
52 * |
|
53 * <p> Unless otherwise noted, passing a <tt>null</tt> argument to a constructor |
|
54 * or method in this class will cause a {@link NullPointerException} to be |
|
55 * thrown. |
|
56 * |
|
57 * If the verify flag is on when opening a signed jar file, the content of the |
|
58 * file is verified against its signature embedded inside the file. Please note |
|
59 * that the verification process does not include validating the signer's |
|
60 * certificate. A caller should inspect the return value of |
|
61 * {@link JarEntry#getCodeSigners()} to further determine if the signature |
|
62 * can be trusted. |
|
63 * |
|
64 * @author David Connelly |
|
65 * @see Manifest |
|
66 * @see java.util.zip.ZipFile |
|
67 * @see java.util.jar.JarEntry |
|
68 * @since 1.2 |
|
69 */ |
|
70 public |
|
71 class JarFile extends ZipFile { |
|
72 private SoftReference<Manifest> manRef; |
|
73 private JarEntry manEntry; |
|
74 private JarVerifier jv; |
|
75 private boolean jvInitialized; |
|
76 private boolean verify; |
|
77 |
|
78 // indicates if Class-Path attribute present (only valid if hasCheckedSpecialAttributes true) |
|
79 private boolean hasClassPathAttribute; |
|
80 // true if manifest checked for special attributes |
|
81 private volatile boolean hasCheckedSpecialAttributes; |
|
82 |
|
83 // Set up JavaUtilJarAccess in SharedSecrets |
|
84 static { |
|
85 SharedSecrets.setJavaUtilJarAccess(new JavaUtilJarAccessImpl()); |
|
86 } |
|
87 |
|
88 /** |
|
89 * The JAR manifest file name. |
|
90 */ |
|
91 public static final String MANIFEST_NAME = "META-INF/MANIFEST.MF"; |
|
92 |
|
93 /** |
|
94 * Creates a new <code>JarFile</code> to read from the specified |
|
95 * file <code>name</code>. The <code>JarFile</code> will be verified if |
|
96 * it is signed. |
|
97 * @param name the name of the jar file to be opened for reading |
|
98 * @throws IOException if an I/O error has occurred |
|
99 * @throws SecurityException if access to the file is denied |
|
100 * by the SecurityManager |
|
101 */ |
|
102 public JarFile(String name) throws IOException { |
|
103 this(new File(name), true, ZipFile.OPEN_READ); |
|
104 } |
|
105 |
|
106 /** |
|
107 * Creates a new <code>JarFile</code> to read from the specified |
|
108 * file <code>name</code>. |
|
109 * @param name the name of the jar file to be opened for reading |
|
110 * @param verify whether or not to verify the jar file if |
|
111 * it is signed. |
|
112 * @throws IOException if an I/O error has occurred |
|
113 * @throws SecurityException if access to the file is denied |
|
114 * by the SecurityManager |
|
115 */ |
|
116 public JarFile(String name, boolean verify) throws IOException { |
|
117 this(new File(name), verify, ZipFile.OPEN_READ); |
|
118 } |
|
119 |
|
120 /** |
|
121 * Creates a new <code>JarFile</code> to read from the specified |
|
122 * <code>File</code> object. The <code>JarFile</code> will be verified if |
|
123 * it is signed. |
|
124 * @param file the jar file to be opened for reading |
|
125 * @throws IOException if an I/O error has occurred |
|
126 * @throws SecurityException if access to the file is denied |
|
127 * by the SecurityManager |
|
128 */ |
|
129 public JarFile(File file) throws IOException { |
|
130 this(file, true, ZipFile.OPEN_READ); |
|
131 } |
|
132 |
|
133 |
|
134 /** |
|
135 * Creates a new <code>JarFile</code> to read from the specified |
|
136 * <code>File</code> object. |
|
137 * @param file the jar file to be opened for reading |
|
138 * @param verify whether or not to verify the jar file if |
|
139 * it is signed. |
|
140 * @throws IOException if an I/O error has occurred |
|
141 * @throws SecurityException if access to the file is denied |
|
142 * by the SecurityManager. |
|
143 */ |
|
144 public JarFile(File file, boolean verify) throws IOException { |
|
145 this(file, verify, ZipFile.OPEN_READ); |
|
146 } |
|
147 |
|
148 |
|
149 /** |
|
150 * Creates a new <code>JarFile</code> to read from the specified |
|
151 * <code>File</code> object in the specified mode. The mode argument |
|
152 * must be either <tt>OPEN_READ</tt> or <tt>OPEN_READ | OPEN_DELETE</tt>. |
|
153 * |
|
154 * @param file the jar file to be opened for reading |
|
155 * @param verify whether or not to verify the jar file if |
|
156 * it is signed. |
|
157 * @param mode the mode in which the file is to be opened |
|
158 * @throws IOException if an I/O error has occurred |
|
159 * @throws IllegalArgumentException |
|
160 * if the <tt>mode</tt> argument is invalid |
|
161 * @throws SecurityException if access to the file is denied |
|
162 * by the SecurityManager |
|
163 * @since 1.3 |
|
164 */ |
|
165 public JarFile(File file, boolean verify, int mode) throws IOException { |
|
166 super(file, mode); |
|
167 this.verify = verify; |
|
168 } |
|
169 |
|
170 /** |
|
171 * Returns the jar file manifest, or <code>null</code> if none. |
|
172 * |
|
173 * @return the jar file manifest, or <code>null</code> if none |
|
174 * |
|
175 * @throws IllegalStateException |
|
176 * may be thrown if the jar file has been closed |
|
177 * @throws IOException if an I/O error has occurred |
|
178 */ |
|
179 public Manifest getManifest() throws IOException { |
|
180 return getManifestFromReference(); |
|
181 } |
|
182 |
|
183 private Manifest getManifestFromReference() throws IOException { |
|
184 Manifest man = manRef != null ? manRef.get() : null; |
|
185 |
|
186 if (man == null) { |
|
187 |
|
188 JarEntry manEntry = getManEntry(); |
|
189 |
|
190 // If found then load the manifest |
|
191 if (manEntry != null) { |
|
192 if (verify) { |
|
193 byte[] b = getBytes(manEntry); |
|
194 man = new Manifest(new ByteArrayInputStream(b)); |
|
195 if (!jvInitialized) { |
|
196 jv = new JarVerifier(b); |
|
197 } |
|
198 } else { |
|
199 man = new Manifest(super.getInputStream(manEntry)); |
|
200 } |
|
201 manRef = new SoftReference<>(man); |
|
202 } |
|
203 } |
|
204 return man; |
|
205 } |
|
206 |
|
207 private native String[] getMetaInfEntryNames(); |
|
208 |
|
209 /** |
|
210 * Returns the <code>JarEntry</code> for the given entry name or |
|
211 * <code>null</code> if not found. |
|
212 * |
|
213 * @param name the jar file entry name |
|
214 * @return the <code>JarEntry</code> for the given entry name or |
|
215 * <code>null</code> if not found. |
|
216 * |
|
217 * @throws IllegalStateException |
|
218 * may be thrown if the jar file has been closed |
|
219 * |
|
220 * @see java.util.jar.JarEntry |
|
221 */ |
|
222 public JarEntry getJarEntry(String name) { |
|
223 return (JarEntry)getEntry(name); |
|
224 } |
|
225 |
|
226 /** |
|
227 * Returns the <code>ZipEntry</code> for the given entry name or |
|
228 * <code>null</code> if not found. |
|
229 * |
|
230 * @param name the jar file entry name |
|
231 * @return the <code>ZipEntry</code> for the given entry name or |
|
232 * <code>null</code> if not found |
|
233 * |
|
234 * @throws IllegalStateException |
|
235 * may be thrown if the jar file has been closed |
|
236 * |
|
237 * @see java.util.zip.ZipEntry |
|
238 */ |
|
239 public ZipEntry getEntry(String name) { |
|
240 ZipEntry ze = super.getEntry(name); |
|
241 if (ze != null) { |
|
242 return new JarFileEntry(ze); |
|
243 } |
|
244 return null; |
|
245 } |
|
246 |
|
247 private class JarEntryIterator implements Enumeration<JarEntry>, |
|
248 Iterator<JarEntry> |
|
249 { |
|
250 final Enumeration<? extends ZipEntry> e = JarFile.super.entries(); |
|
251 |
|
252 public boolean hasNext() { |
|
253 return e.hasMoreElements(); |
|
254 } |
|
255 |
|
256 public JarEntry next() { |
|
257 ZipEntry ze = e.nextElement(); |
|
258 return new JarFileEntry(ze); |
|
259 } |
|
260 |
|
261 public boolean hasMoreElements() { |
|
262 return hasNext(); |
|
263 } |
|
264 |
|
265 public JarEntry nextElement() { |
|
266 return next(); |
|
267 } |
|
268 } |
|
269 |
|
270 /** |
|
271 * Returns an enumeration of the zip file entries. |
|
272 */ |
|
273 public Enumeration<JarEntry> entries() { |
|
274 return new JarEntryIterator(); |
|
275 } |
|
276 |
|
277 @Override |
|
278 public Stream<JarEntry> stream() { |
|
279 return StreamSupport.stream(Spliterators.spliterator( |
|
280 new JarEntryIterator(), size(), |
|
281 Spliterator.ORDERED | Spliterator.DISTINCT | |
|
282 Spliterator.IMMUTABLE | Spliterator.NONNULL), false); |
|
283 } |
|
284 |
|
285 private class JarFileEntry extends JarEntry { |
|
286 JarFileEntry(ZipEntry ze) { |
|
287 super(ze); |
|
288 } |
|
289 public Attributes getAttributes() throws IOException { |
|
290 Manifest man = JarFile.this.getManifest(); |
|
291 if (man != null) { |
|
292 return man.getAttributes(getName()); |
|
293 } else { |
|
294 return null; |
|
295 } |
|
296 } |
|
297 public Certificate[] getCertificates() { |
|
298 try { |
|
299 maybeInstantiateVerifier(); |
|
300 } catch (IOException e) { |
|
301 throw new RuntimeException(e); |
|
302 } |
|
303 if (certs == null && jv != null) { |
|
304 certs = jv.getCerts(JarFile.this, this); |
|
305 } |
|
306 return certs == null ? null : certs.clone(); |
|
307 } |
|
308 public CodeSigner[] getCodeSigners() { |
|
309 try { |
|
310 maybeInstantiateVerifier(); |
|
311 } catch (IOException e) { |
|
312 throw new RuntimeException(e); |
|
313 } |
|
314 if (signers == null && jv != null) { |
|
315 signers = jv.getCodeSigners(JarFile.this, this); |
|
316 } |
|
317 return signers == null ? null : signers.clone(); |
|
318 } |
|
319 } |
|
320 |
|
321 /* |
|
322 * Ensures that the JarVerifier has been created if one is |
|
323 * necessary (i.e., the jar appears to be signed.) This is done as |
|
324 * a quick check to avoid processing of the manifest for unsigned |
|
325 * jars. |
|
326 */ |
|
327 private void maybeInstantiateVerifier() throws IOException { |
|
328 if (jv != null) { |
|
329 return; |
|
330 } |
|
331 |
|
332 if (verify) { |
|
333 String[] names = getMetaInfEntryNames(); |
|
334 if (names != null) { |
|
335 for (String nameLower : names) { |
|
336 String name = nameLower.toUpperCase(Locale.ENGLISH); |
|
337 if (name.endsWith(".DSA") || |
|
338 name.endsWith(".RSA") || |
|
339 name.endsWith(".EC") || |
|
340 name.endsWith(".SF")) { |
|
341 // Assume since we found a signature-related file |
|
342 // that the jar is signed and that we therefore |
|
343 // need a JarVerifier and Manifest |
|
344 getManifest(); |
|
345 return; |
|
346 } |
|
347 } |
|
348 } |
|
349 // No signature-related files; don't instantiate a |
|
350 // verifier |
|
351 verify = false; |
|
352 } |
|
353 } |
|
354 |
|
355 |
|
356 /* |
|
357 * Initializes the verifier object by reading all the manifest |
|
358 * entries and passing them to the verifier. |
|
359 */ |
|
360 private void initializeVerifier() { |
|
361 ManifestEntryVerifier mev = null; |
|
362 |
|
363 // Verify "META-INF/" entries... |
|
364 try { |
|
365 String[] names = getMetaInfEntryNames(); |
|
366 if (names != null) { |
|
367 for (String name : names) { |
|
368 String uname = name.toUpperCase(Locale.ENGLISH); |
|
369 if (MANIFEST_NAME.equals(uname) |
|
370 || SignatureFileVerifier.isBlockOrSF(uname)) { |
|
371 JarEntry e = getJarEntry(name); |
|
372 if (e == null) { |
|
373 throw new JarException("corrupted jar file"); |
|
374 } |
|
375 if (mev == null) { |
|
376 mev = new ManifestEntryVerifier |
|
377 (getManifestFromReference()); |
|
378 } |
|
379 byte[] b = getBytes(e); |
|
380 if (b != null && b.length > 0) { |
|
381 jv.beginEntry(e, mev); |
|
382 jv.update(b.length, b, 0, b.length, mev); |
|
383 jv.update(-1, null, 0, 0, mev); |
|
384 } |
|
385 } |
|
386 } |
|
387 } |
|
388 } catch (IOException ex) { |
|
389 // if we had an error parsing any blocks, just |
|
390 // treat the jar file as being unsigned |
|
391 jv = null; |
|
392 verify = false; |
|
393 if (JarVerifier.debug != null) { |
|
394 JarVerifier.debug.println("jarfile parsing error!"); |
|
395 ex.printStackTrace(); |
|
396 } |
|
397 } |
|
398 |
|
399 // if after initializing the verifier we have nothing |
|
400 // signed, we null it out. |
|
401 |
|
402 if (jv != null) { |
|
403 |
|
404 jv.doneWithMeta(); |
|
405 if (JarVerifier.debug != null) { |
|
406 JarVerifier.debug.println("done with meta!"); |
|
407 } |
|
408 |
|
409 if (jv.nothingToVerify()) { |
|
410 if (JarVerifier.debug != null) { |
|
411 JarVerifier.debug.println("nothing to verify!"); |
|
412 } |
|
413 jv = null; |
|
414 verify = false; |
|
415 } |
|
416 } |
|
417 } |
|
418 |
|
419 /* |
|
420 * Reads all the bytes for a given entry. Used to process the |
|
421 * META-INF files. |
|
422 */ |
|
423 private byte[] getBytes(ZipEntry ze) throws IOException { |
|
424 try (InputStream is = super.getInputStream(ze)) { |
|
425 return IOUtils.readFully(is, (int)ze.getSize(), true); |
|
426 } |
|
427 } |
|
428 |
|
429 /** |
|
430 * Returns an input stream for reading the contents of the specified |
|
431 * zip file entry. |
|
432 * @param ze the zip file entry |
|
433 * @return an input stream for reading the contents of the specified |
|
434 * zip file entry |
|
435 * @throws ZipException if a zip file format error has occurred |
|
436 * @throws IOException if an I/O error has occurred |
|
437 * @throws SecurityException if any of the jar file entries |
|
438 * are incorrectly signed. |
|
439 * @throws IllegalStateException |
|
440 * may be thrown if the jar file has been closed |
|
441 */ |
|
442 public synchronized InputStream getInputStream(ZipEntry ze) |
|
443 throws IOException |
|
444 { |
|
445 maybeInstantiateVerifier(); |
|
446 if (jv == null) { |
|
447 return super.getInputStream(ze); |
|
448 } |
|
449 if (!jvInitialized) { |
|
450 initializeVerifier(); |
|
451 jvInitialized = true; |
|
452 // could be set to null after a call to |
|
453 // initializeVerifier if we have nothing to |
|
454 // verify |
|
455 if (jv == null) |
|
456 return super.getInputStream(ze); |
|
457 } |
|
458 |
|
459 // wrap a verifier stream around the real stream |
|
460 return new JarVerifier.VerifierStream( |
|
461 getManifestFromReference(), |
|
462 ze instanceof JarFileEntry ? |
|
463 (JarEntry) ze : getJarEntry(ze.getName()), |
|
464 super.getInputStream(ze), |
|
465 jv); |
|
466 } |
|
467 |
|
468 // Statics for hand-coded Boyer-Moore search |
|
469 private static final char[] CLASSPATH_CHARS = {'c','l','a','s','s','-','p','a','t','h'}; |
|
470 // The bad character shift for "class-path" |
|
471 private static final int[] CLASSPATH_LASTOCC; |
|
472 // The good suffix shift for "class-path" |
|
473 private static final int[] CLASSPATH_OPTOSFT; |
|
474 |
|
475 static { |
|
476 CLASSPATH_LASTOCC = new int[128]; |
|
477 CLASSPATH_OPTOSFT = new int[10]; |
|
478 CLASSPATH_LASTOCC[(int)'c'] = 1; |
|
479 CLASSPATH_LASTOCC[(int)'l'] = 2; |
|
480 CLASSPATH_LASTOCC[(int)'s'] = 5; |
|
481 CLASSPATH_LASTOCC[(int)'-'] = 6; |
|
482 CLASSPATH_LASTOCC[(int)'p'] = 7; |
|
483 CLASSPATH_LASTOCC[(int)'a'] = 8; |
|
484 CLASSPATH_LASTOCC[(int)'t'] = 9; |
|
485 CLASSPATH_LASTOCC[(int)'h'] = 10; |
|
486 for (int i=0; i<9; i++) |
|
487 CLASSPATH_OPTOSFT[i] = 10; |
|
488 CLASSPATH_OPTOSFT[9]=1; |
|
489 } |
|
490 |
|
491 private JarEntry getManEntry() { |
|
492 if (manEntry == null) { |
|
493 // First look up manifest entry using standard name |
|
494 manEntry = getJarEntry(MANIFEST_NAME); |
|
495 if (manEntry == null) { |
|
496 // If not found, then iterate through all the "META-INF/" |
|
497 // entries to find a match. |
|
498 String[] names = getMetaInfEntryNames(); |
|
499 if (names != null) { |
|
500 for (String name : names) { |
|
501 if (MANIFEST_NAME.equals(name.toUpperCase(Locale.ENGLISH))) { |
|
502 manEntry = getJarEntry(name); |
|
503 break; |
|
504 } |
|
505 } |
|
506 } |
|
507 } |
|
508 } |
|
509 return manEntry; |
|
510 } |
|
511 |
|
512 /** |
|
513 * Returns {@code true} iff this JAR file has a manifest with the |
|
514 * Class-Path attribute |
|
515 */ |
|
516 boolean hasClassPathAttribute() throws IOException { |
|
517 checkForSpecialAttributes(); |
|
518 return hasClassPathAttribute; |
|
519 } |
|
520 |
|
521 /** |
|
522 * Returns true if the pattern {@code src} is found in {@code b}. |
|
523 * The {@code lastOcc} and {@code optoSft} arrays are the precomputed |
|
524 * bad character and good suffix shifts. |
|
525 */ |
|
526 private boolean match(char[] src, byte[] b, int[] lastOcc, int[] optoSft) { |
|
527 int len = src.length; |
|
528 int last = b.length - len; |
|
529 int i = 0; |
|
530 next: |
|
531 while (i<=last) { |
|
532 for (int j=(len-1); j>=0; j--) { |
|
533 char c = (char) b[i+j]; |
|
534 c = (((c-'A')|('Z'-c)) >= 0) ? (char)(c + 32) : c; |
|
535 if (c != src[j]) { |
|
536 i += Math.max(j + 1 - lastOcc[c&0x7F], optoSft[j]); |
|
537 continue next; |
|
538 } |
|
539 } |
|
540 return true; |
|
541 } |
|
542 return false; |
|
543 } |
|
544 |
|
545 /** |
|
546 * On first invocation, check if the JAR file has the Class-Path |
|
547 * attribute. A no-op on subsequent calls. |
|
548 */ |
|
549 private void checkForSpecialAttributes() throws IOException { |
|
550 if (hasCheckedSpecialAttributes) return; |
|
551 if (!isKnownNotToHaveSpecialAttributes()) { |
|
552 JarEntry manEntry = getManEntry(); |
|
553 if (manEntry != null) { |
|
554 byte[] b = getBytes(manEntry); |
|
555 if (match(CLASSPATH_CHARS, b, CLASSPATH_LASTOCC, CLASSPATH_OPTOSFT)) |
|
556 hasClassPathAttribute = true; |
|
557 } |
|
558 } |
|
559 hasCheckedSpecialAttributes = true; |
|
560 } |
|
561 |
|
562 private static String javaHome; |
|
563 private static volatile String[] jarNames; |
|
564 private boolean isKnownNotToHaveSpecialAttributes() { |
|
565 // Optimize away even scanning of manifest for jar files we |
|
566 // deliver which don't have a class-path attribute. If one of |
|
567 // these jars is changed to include such an attribute this code |
|
568 // must be changed. |
|
569 if (javaHome == null) { |
|
570 javaHome = AccessController.doPrivileged( |
|
571 new GetPropertyAction("java.home")); |
|
572 } |
|
573 if (jarNames == null) { |
|
574 String[] names = new String[11]; |
|
575 String fileSep = File.separator; |
|
576 int i = 0; |
|
577 names[i++] = fileSep + "rt.jar"; |
|
578 names[i++] = fileSep + "jsse.jar"; |
|
579 names[i++] = fileSep + "jce.jar"; |
|
580 names[i++] = fileSep + "charsets.jar"; |
|
581 names[i++] = fileSep + "dnsns.jar"; |
|
582 names[i++] = fileSep + "zipfs.jar"; |
|
583 names[i++] = fileSep + "localedata.jar"; |
|
584 names[i++] = fileSep = "cldrdata.jar"; |
|
585 names[i++] = fileSep + "sunjce_provider.jar"; |
|
586 names[i++] = fileSep + "sunpkcs11.jar"; |
|
587 names[i++] = fileSep + "sunec.jar"; |
|
588 jarNames = names; |
|
589 } |
|
590 |
|
591 String name = getName(); |
|
592 if (name.startsWith(javaHome)) { |
|
593 String[] names = jarNames; |
|
594 for (String jarName : names) { |
|
595 if (name.endsWith(jarName)) { |
|
596 return true; |
|
597 } |
|
598 } |
|
599 } |
|
600 return false; |
|
601 } |
|
602 |
|
603 private synchronized void ensureInitialization() { |
|
604 try { |
|
605 maybeInstantiateVerifier(); |
|
606 } catch (IOException e) { |
|
607 throw new RuntimeException(e); |
|
608 } |
|
609 if (jv != null && !jvInitialized) { |
|
610 initializeVerifier(); |
|
611 jvInitialized = true; |
|
612 } |
|
613 } |
|
614 |
|
615 JarEntry newEntry(ZipEntry ze) { |
|
616 return new JarFileEntry(ze); |
|
617 } |
|
618 |
|
619 Enumeration<String> entryNames(CodeSource[] cs) { |
|
620 ensureInitialization(); |
|
621 if (jv != null) { |
|
622 return jv.entryNames(this, cs); |
|
623 } |
|
624 |
|
625 /* |
|
626 * JAR file has no signed content. Is there a non-signing |
|
627 * code source? |
|
628 */ |
|
629 boolean includeUnsigned = false; |
|
630 for (CodeSource c : cs) { |
|
631 if (c.getCodeSigners() == null) { |
|
632 includeUnsigned = true; |
|
633 break; |
|
634 } |
|
635 } |
|
636 if (includeUnsigned) { |
|
637 return unsignedEntryNames(); |
|
638 } else { |
|
639 return new Enumeration<String>() { |
|
640 |
|
641 public boolean hasMoreElements() { |
|
642 return false; |
|
643 } |
|
644 |
|
645 public String nextElement() { |
|
646 throw new NoSuchElementException(); |
|
647 } |
|
648 }; |
|
649 } |
|
650 } |
|
651 |
|
652 /** |
|
653 * Returns an enumeration of the zip file entries |
|
654 * excluding internal JAR mechanism entries and including |
|
655 * signed entries missing from the ZIP directory. |
|
656 */ |
|
657 Enumeration<JarEntry> entries2() { |
|
658 ensureInitialization(); |
|
659 if (jv != null) { |
|
660 return jv.entries2(this, super.entries()); |
|
661 } |
|
662 |
|
663 // screen out entries which are never signed |
|
664 final Enumeration<? extends ZipEntry> enum_ = super.entries(); |
|
665 return new Enumeration<JarEntry>() { |
|
666 |
|
667 ZipEntry entry; |
|
668 |
|
669 public boolean hasMoreElements() { |
|
670 if (entry != null) { |
|
671 return true; |
|
672 } |
|
673 while (enum_.hasMoreElements()) { |
|
674 ZipEntry ze = enum_.nextElement(); |
|
675 if (JarVerifier.isSigningRelated(ze.getName())) { |
|
676 continue; |
|
677 } |
|
678 entry = ze; |
|
679 return true; |
|
680 } |
|
681 return false; |
|
682 } |
|
683 |
|
684 public JarFileEntry nextElement() { |
|
685 if (hasMoreElements()) { |
|
686 ZipEntry ze = entry; |
|
687 entry = null; |
|
688 return new JarFileEntry(ze); |
|
689 } |
|
690 throw new NoSuchElementException(); |
|
691 } |
|
692 }; |
|
693 } |
|
694 |
|
695 CodeSource[] getCodeSources(URL url) { |
|
696 ensureInitialization(); |
|
697 if (jv != null) { |
|
698 return jv.getCodeSources(this, url); |
|
699 } |
|
700 |
|
701 /* |
|
702 * JAR file has no signed content. Is there a non-signing |
|
703 * code source? |
|
704 */ |
|
705 Enumeration<String> unsigned = unsignedEntryNames(); |
|
706 if (unsigned.hasMoreElements()) { |
|
707 return new CodeSource[]{JarVerifier.getUnsignedCS(url)}; |
|
708 } else { |
|
709 return null; |
|
710 } |
|
711 } |
|
712 |
|
713 private Enumeration<String> unsignedEntryNames() { |
|
714 final Enumeration<JarEntry> entries = entries(); |
|
715 return new Enumeration<String>() { |
|
716 |
|
717 String name; |
|
718 |
|
719 /* |
|
720 * Grab entries from ZIP directory but screen out |
|
721 * metadata. |
|
722 */ |
|
723 public boolean hasMoreElements() { |
|
724 if (name != null) { |
|
725 return true; |
|
726 } |
|
727 while (entries.hasMoreElements()) { |
|
728 String value; |
|
729 ZipEntry e = entries.nextElement(); |
|
730 value = e.getName(); |
|
731 if (e.isDirectory() || JarVerifier.isSigningRelated(value)) { |
|
732 continue; |
|
733 } |
|
734 name = value; |
|
735 return true; |
|
736 } |
|
737 return false; |
|
738 } |
|
739 |
|
740 public String nextElement() { |
|
741 if (hasMoreElements()) { |
|
742 String value = name; |
|
743 name = null; |
|
744 return value; |
|
745 } |
|
746 throw new NoSuchElementException(); |
|
747 } |
|
748 }; |
|
749 } |
|
750 |
|
751 CodeSource getCodeSource(URL url, String name) { |
|
752 ensureInitialization(); |
|
753 if (jv != null) { |
|
754 if (jv.eagerValidation) { |
|
755 CodeSource cs = null; |
|
756 JarEntry je = getJarEntry(name); |
|
757 if (je != null) { |
|
758 cs = jv.getCodeSource(url, this, je); |
|
759 } else { |
|
760 cs = jv.getCodeSource(url, name); |
|
761 } |
|
762 return cs; |
|
763 } else { |
|
764 return jv.getCodeSource(url, name); |
|
765 } |
|
766 } |
|
767 |
|
768 return JarVerifier.getUnsignedCS(url); |
|
769 } |
|
770 |
|
771 void setEagerValidation(boolean eager) { |
|
772 try { |
|
773 maybeInstantiateVerifier(); |
|
774 } catch (IOException e) { |
|
775 throw new RuntimeException(e); |
|
776 } |
|
777 if (jv != null) { |
|
778 jv.setEagerValidation(eager); |
|
779 } |
|
780 } |
|
781 |
|
782 List<Object> getManifestDigests() { |
|
783 ensureInitialization(); |
|
784 if (jv != null) { |
|
785 return jv.getManifestDigests(); |
|
786 } |
|
787 return new ArrayList<>(); |
|
788 } |
|
789 } |