jdk-sandbox: comparison jdk/src/share/classes/java/util/jar/JarVerifier.java

equal deleted inserted replaced

-:dfd8edddd85f
+:38a39c748880
 /* Are we debugging ? */
 static final Debug debug = Debug.getInstance("jar");
 /* a table mapping names to code signers, for jar entries that have
 had their actual hashes verified */
-private Hashtable verifiedSigners;
+private Hashtable<String, CodeSigner[]> verifiedSigners;
 /* a table mapping names to code signers, for jar entries that have
 passed the .SF/.DSA/.EC -> MANIFEST check */
-private Hashtable sigFileSigners;
+private Hashtable<String, CodeSigner[]> sigFileSigners;
 /* a hash table to hold .SF bytes */
-private Hashtable sigFileData;
+private Hashtable<String, byte[]> sigFileData;
 /** "queue" of pending PKCS7 blocks that we couldn't parse
 *  until we parsed the .SF file */
-private ArrayList pendingBlocks;
+private ArrayList<SignatureFileVerifier> pendingBlocks;
 /* cache of CodeSigner objects */
-private ArrayList signerCache;
+private ArrayList<CodeSigner[]> signerCache;
 /* Are we parsing a block? */
 private boolean parsingBlockOrSF = false;
 /* Are we done parsing META-INF entries? */
 /** collect -DIGEST-MANIFEST values for blacklist */
 private List<Object> manifestDigests;
 public JarVerifier(byte rawBytes[]) {
 manifestRawBytes = rawBytes;
-sigFileSigners = new Hashtable();
+sigFileSigners = new Hashtable<>();
-verifiedSigners = new Hashtable();
+verifiedSigners = new Hashtable<>();
-sigFileData = new Hashtable(11);
+sigFileData = new Hashtable<>(11);
-pendingBlocks = new ArrayList();
+pendingBlocks = new ArrayList<>();
 baos = new ByteArrayOutputStream();
 manifestDigests = new ArrayList<>();
 }
 /**
 byte bytes[] = baos.toByteArray();
 // add to sigFileData in case future blocks need it
 sigFileData.put(key, bytes);
 // check pending blocks, we can now process
 // anyone waiting for this .SF file
-Iterator it = pendingBlocks.iterator();
+Iterator<SignatureFileVerifier> it = pendingBlocks.iterator();
 while (it.hasNext()) {
-SignatureFileVerifier sfv =
+SignatureFileVerifier sfv = it.next();
-(SignatureFileVerifier) it.next();
 if (sfv.needSignatureFile(key)) {
 if (debug != null) {
 debug.println(
 "processEntry: processing pending block");
 }
 // now we are parsing a signature block file
 String key = uname.substring(0, uname.lastIndexOf("."));
 if (signerCache == null)
-signerCache = new ArrayList();
+signerCache = new ArrayList<>();
 if (manDig == null) {
 synchronized(manifestRawBytes) {
 if (manDig == null) {
 manDig = new ManifestDigester(manifestRawBytes);
 new SignatureFileVerifier(signerCache,
 manDig, uname, baos.toByteArray());
 if (sfv.needSignatureFileBytes()) {
 // see if we have already parsed an external .SF file
-byte[] bytes = (byte[]) sigFileData.get(key);
+byte[] bytes = sigFileData.get(key);
 if (bytes == null) {
 // put this block on queue for later processing
 // since we don't have the .SF bytes yet
 // (uname, block);
 * the given file in the jar. this array is not cloned.
 *
 */
 public CodeSigner[] getCodeSigners(String name)
 {
-return (CodeSigner[])verifiedSigners.get(name);
+return verifiedSigners.get(name);
 }
 public CodeSigner[] getCodeSigners(JarFile jar, JarEntry entry)
 {
 String name = entry.getName();
 */
 private static java.security.cert.Certificate[] mapSignersToCertArray(
 CodeSigner[] signers) {
 if (signers != null) {
-ArrayList certChains = new ArrayList();
+ArrayList<java.security.cert.Certificate> certChains = new ArrayList<>();
 for (int i = 0; i < signers.length; i++) {
 certChains.addAll(
 signers[i].getSignerCertPath().getCertificates());
 }
 // Convert into a Certificate[]
-return (java.security.cert.Certificate[])
+return certChains.toArray(
-certChains.toArray(
 new java.security.cert.Certificate[certChains.size()]);
 }
 return null;
 }
 signerCache = null;
 manDig = null;
 // MANIFEST.MF is always treated as signed and verified,
 // move its signers from sigFileSigners to verifiedSigners.
 if (sigFileSigners.containsKey(JarFile.MANIFEST_NAME)) {
-verifiedSigners.put(JarFile.MANIFEST_NAME,
+CodeSigner[] codeSigners = sigFileSigners.remove(JarFile.MANIFEST_NAME);
-sigFileSigners.remove(JarFile.MANIFEST_NAME));
+verifiedSigners.put(JarFile.MANIFEST_NAME, codeSigners);
 }
 }
 static class VerifierStream extends java.io.InputStream {
 }
 // Extended JavaUtilJarAccess CodeSource API Support
-private Map urlToCodeSourceMap = new HashMap();
+private Map<URL, Map<CodeSigner[], CodeSource>> urlToCodeSourceMap = new HashMap<>();
-private Map signerToCodeSource = new HashMap();
+private Map<CodeSigner[], CodeSource> signerToCodeSource = new HashMap<>();
 private URL lastURL;
-private Map lastURLMap;
+private Map<CodeSigner[], CodeSource> lastURLMap;
 /*
 * Create a unique mapping from codeSigner cache entries to CodeSource.
 * In theory, multiple URLs origins could map to a single locally cached
 * and shared JAR file although in practice there will be a single URL in use.
 */
 private synchronized CodeSource mapSignersToCodeSource(URL url, CodeSigner[] signers) {
-Map map;
+Map<CodeSigner[], CodeSource> map;
 if (url == lastURL) {
 map = lastURLMap;
 } else {
-map = (Map) urlToCodeSourceMap.get(url);
+map = urlToCodeSourceMap.get(url);
 if (map == null) {
-map = new HashMap();
+map = new HashMap<>();
 urlToCodeSourceMap.put(url, map);
 }
 lastURLMap = map;
 lastURL = url;
 }
-CodeSource cs = (CodeSource) map.get(signers);
+CodeSource cs = map.get(signers);
 if (cs == null) {
 cs = new VerifierCodeSource(csdomain, url, signers);
 signerToCodeSource.put(signers, cs);
 }
 return cs;
 }
-private CodeSource[] mapSignersToCodeSources(URL url, List signers, boolean unsigned) {
+private CodeSource[] mapSignersToCodeSources(URL url, List<CodeSigner[]> signers, boolean unsigned) {
-List sources = new ArrayList();
+List<CodeSource> sources = new ArrayList<>();
 for (int i = 0; i < signers.size(); i++) {
-sources.add(mapSignersToCodeSource(url, (CodeSigner[]) signers.get(i)));
+sources.add(mapSignersToCodeSource(url, signers.get(i)));
 }
 if (unsigned) {
 sources.add(mapSignersToCodeSource(url, null));
 }
-return (CodeSource[]) sources.toArray(new CodeSource[sources.size()]);
+return sources.toArray(new CodeSource[sources.size()]);
 }
 private CodeSigner[] emptySigner = new CodeSigner[0];
 /*
 * Match CodeSource to a CodeSigner[] in the signer cache.
 /*
 * In practice signers should always be optimized above
 * but this handles a CodeSource of any type, just in case.
 */
 CodeSource[] sources = mapSignersToCodeSources(cs.getLocation(), getJarCodeSigners(), true);
-List sourceList = new ArrayList();
+List<CodeSource> sourceList = new ArrayList<>();
 for (int i = 0; i < sources.length; i++) {
 sourceList.add(sources[i]);
 }
 int j = sourceList.indexOf(cs);
 if (j != -1) {
 /*
 * Instances of this class hold uncopied references to internal
 * signing data that can be compared by object reference identity.
 */
 private static class VerifierCodeSource extends CodeSource {
+private static final long serialVersionUID = -9047366145967768825L;
 URL vlocation;
 CodeSigner[] vsigners;
 java.security.cert.Certificate[] vcerts;
 Object csdomain;
 private java.security.cert.Certificate[] getPrivateCertificates() {
 return vcerts;
 }
 }
-private Map signerMap;
+private Map<String, CodeSigner[]> signerMap;
-private synchronized Map signerMap() {
+private synchronized Map<String, CodeSigner[]> signerMap() {
 if (signerMap == null) {
 /*
 * Snapshot signer state so it doesn't change on us. We care
 * only about the asserted signatures. Verification of
 * signature validity happens via the JarEntry apis.
 */
-signerMap = new HashMap(verifiedSigners.size() + sigFileSigners.size());
+signerMap = new HashMap<>(verifiedSigners.size() + sigFileSigners.size());
 signerMap.putAll(verifiedSigners);
 signerMap.putAll(sigFileSigners);
 }
 return signerMap;
 }
 public synchronized Enumeration<String> entryNames(JarFile jar, final CodeSource[] cs) {
-final Map map = signerMap();
+final Map<String, CodeSigner[]> map = signerMap();
-final Iterator itor = map.entrySet().iterator();
+final Iterator<Map.Entry<String, CodeSigner[]>> itor = map.entrySet().iterator();
 boolean matchUnsigned = false;
 /*
 * Grab a single copy of the CodeSigner arrays. Check
 * to see if we can optimize CodeSigner equality test.
 */
-List req = new ArrayList(cs.length);
+List<CodeSigner[]> req = new ArrayList<>(cs.length);
 for (int i = 0; i < cs.length; i++) {
 CodeSigner[] match = findMatchingSigners(cs[i]);
 if (match != null) {
 if (match.length > 0) {
 req.add(match);
 matchUnsigned = true;
 }
 }
 }
-final List signersReq = req;
+final List<CodeSigner[]> signersReq = req;
-final Enumeration enum2 = (matchUnsigned) ? unsignedEntryNames(jar) : emptyEnumeration;
+final Enumeration<String> enum2 = (matchUnsigned) ? unsignedEntryNames(jar) : emptyEnumeration;
 return new Enumeration<String>() {
 String name;
 if (name != null) {
 return true;
 }
 while (itor.hasNext()) {
-Map.Entry e = (Map.Entry) itor.next();
+Map.Entry<String, CodeSigner[]> e = itor.next();
-if (signersReq.contains((CodeSigner[]) e.getValue())) {
+if (signersReq.contains(e.getValue())) {
-name = (String) e.getKey();
+name = e.getKey();
 return true;
 }
 }
 while (enum2.hasMoreElements()) {
-name = (String) enum2.nextElement();
+name = enum2.nextElement();
 return true;
 }
 return false;
 }
 /*
 * Like entries() but screens out internal JAR mechanism entries
 * and includes signed entries with no ZIP data.
 */
-public Enumeration<JarEntry> entries2(final JarFile jar, Enumeration e) {
+public Enumeration<JarEntry> entries2(final JarFile jar, Enumeration<? extends ZipEntry> e) {
-final Map map = new HashMap();
+final Map<String, CodeSigner[]> map = new HashMap<>();
 map.putAll(signerMap());
-final Enumeration enum_ = e;
+final Enumeration<? extends ZipEntry> enum_ = e;
 return new Enumeration<JarEntry>() {
-Enumeration signers = null;
+Enumeration<String> signers = null;
 JarEntry entry;
 public boolean hasMoreElements() {
 if (entry != null) {
 return true;
 }
 while (enum_.hasMoreElements()) {
-ZipEntry ze = (ZipEntry) enum_.nextElement();
+ZipEntry ze = enum_.nextElement();
 if (JarVerifier.isSigningRelated(ze.getName())) {
 continue;
 }
 entry = jar.newEntry(ze);
 return true;
 }
 if (signers == null) {
 signers = Collections.enumeration(map.keySet());
 }
 while (signers.hasMoreElements()) {
-String name = (String) signers.nextElement();
+String name = signers.nextElement();
 entry = jar.newEntry(new ZipEntry(name));
 return true;
 }
 // Any map entries left?
 }
 throw new NoSuchElementException();
 }
 };
 }
-private Enumeration emptyEnumeration = new Enumeration<String>() {
+private Enumeration<String> emptyEnumeration = new Enumeration<String>() {
 public boolean hasMoreElements() {
 return false;
 }
 }
 return false;
 }
 private Enumeration<String> unsignedEntryNames(JarFile jar) {
-final Map map = signerMap();
+final Map<String, CodeSigner[]> map = signerMap();
-final Enumeration entries = jar.entries();
+final Enumeration<JarEntry> entries = jar.entries();
 return new Enumeration<String>() {
 String name;
 /*
 if (name != null) {
 return true;
 }
 while (entries.hasMoreElements()) {
 String value;
-ZipEntry e = (ZipEntry) entries.nextElement();
+ZipEntry e = entries.nextElement();
 value = e.getName();
 if (e.isDirectory() || isSigningRelated(value)) {
 continue;
 }
 if (map.get(value) == null) {
 }
 throw new NoSuchElementException();
 }
 };
 }
-private List jarCodeSigners;
+private List<CodeSigner[]> jarCodeSigners;
-private synchronized List getJarCodeSigners() {
+private synchronized List<CodeSigner[]> getJarCodeSigners() {
 CodeSigner[] signers;
 if (jarCodeSigners == null) {
-HashSet set = new HashSet();
+HashSet<CodeSigner[]> set = new HashSet<>();
 set.addAll(signerMap().values());
-jarCodeSigners = new ArrayList();
+jarCodeSigners = new ArrayList<>();
 jarCodeSigners.addAll(set);
 }
 return jarCodeSigners;
 }
 }
 public CodeSource getCodeSource(URL url, String name) {
 CodeSigner[] signers;
-signers = (CodeSigner[]) signerMap().get(name);
+signers = signerMap().get(name);
 return mapSignersToCodeSource(url, signers);
 }
 public CodeSource getCodeSource(URL url, JarFile jar, JarEntry je) {
 CodeSigner[] signers;

changeset 11841	38a39c748880
parent 11119	6ff03c1202ce
child 13795	73850c397272