20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.util.jar;
27
28 import java.io.*;
29 import java.lang.ref.SoftReference;
30 import java.net.URL;
31 import java.util.*;
32 import java.util.stream.Stream;
33 import java.util.stream.StreamSupport;
34 import java.util.zip.*;
35 import java.security.CodeSigner;
36 import java.security.cert.Certificate;
37 import java.security.AccessController;
38 import java.security.CodeSource;
39 import jdk.internal.misc.SharedSecrets;
40 import sun.misc.IOUtils;
41 import sun.security.action.GetPropertyAction;
42 import sun.security.util.ManifestEntryVerifier;
43 import sun.security.util.SignatureFileVerifier;
44
45 /**
46 * The {@code JarFile} class is used to read the contents of a jar file
47 * from any file that can be opened with {@code java.io.RandomAccessFile}.
48 * It extends the class {@code java.util.zip.ZipFile} with support
49 * for reading an optional {@code Manifest} entry. The
50 * {@code Manifest} can be used to specify meta-information about the
51 * jar file and its entries.
52 *
53 * <p> Unless otherwise noted, passing a {@code null} argument to a constructor
54 * or method in this class will cause a {@link NullPointerException} to be
55 * thrown.
56 *
57 * If the verify flag is on when opening a signed jar file, the content of the
58 * file is verified against its signature embedded inside the file. Please note
59 * that the verification process does not include validating the signer's
60 * certificate. A caller should inspect the return value of
421 if (JarVerifier.debug != null) {
422 JarVerifier.debug.println("done with meta!");
423 }
424
425 if (jv.nothingToVerify()) {
426 if (JarVerifier.debug != null) {
427 JarVerifier.debug.println("nothing to verify!");
428 }
429 jv = null;
430 verify = false;
431 }
432 }
433 }
434
435 /*
436 * Reads all the bytes for a given entry. Used to process the
437 * META-INF files.
438 */
439 private byte[] getBytes(ZipEntry ze) throws IOException {
440 try (InputStream is = super.getInputStream(ze)) {
441 return IOUtils.readFully(is, (int)ze.getSize(), true);
442 }
443 }
444
445 /**
446 * Returns an input stream for reading the contents of the specified
447 * zip file entry.
448 * @param ze the zip file entry
449 * @return an input stream for reading the contents of the specified
450 * zip file entry
451 * @throws ZipException if a zip file format error has occurred
452 * @throws IOException if an I/O error has occurred
453 * @throws SecurityException if any of the jar file entries
454 * are incorrectly signed.
455 * @throws IllegalStateException
456 * may be thrown if the jar file has been closed
457 */
458 public synchronized InputStream getInputStream(ZipEntry ze)
459 throws IOException
460 {
461 maybeInstantiateVerifier();
|
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package java.util.jar;
27
28 import java.io.*;
29 import java.lang.ref.SoftReference;
30 import java.net.URL;
31 import java.util.*;
32 import java.util.stream.Stream;
33 import java.util.stream.StreamSupport;
34 import java.util.zip.*;
35 import java.security.CodeSigner;
36 import java.security.cert.Certificate;
37 import java.security.AccessController;
38 import java.security.CodeSource;
39 import jdk.internal.misc.SharedSecrets;
40 import sun.security.action.GetPropertyAction;
41 import sun.security.util.ManifestEntryVerifier;
42 import sun.security.util.SignatureFileVerifier;
43
44 /**
45 * The {@code JarFile} class is used to read the contents of a jar file
46 * from any file that can be opened with {@code java.io.RandomAccessFile}.
47 * It extends the class {@code java.util.zip.ZipFile} with support
48 * for reading an optional {@code Manifest} entry. The
49 * {@code Manifest} can be used to specify meta-information about the
50 * jar file and its entries.
51 *
52 * <p> Unless otherwise noted, passing a {@code null} argument to a constructor
53 * or method in this class will cause a {@link NullPointerException} to be
54 * thrown.
55 *
56 * If the verify flag is on when opening a signed jar file, the content of the
57 * file is verified against its signature embedded inside the file. Please note
58 * that the verification process does not include validating the signer's
59 * certificate. A caller should inspect the return value of
420 if (JarVerifier.debug != null) {
421 JarVerifier.debug.println("done with meta!");
422 }
423
424 if (jv.nothingToVerify()) {
425 if (JarVerifier.debug != null) {
426 JarVerifier.debug.println("nothing to verify!");
427 }
428 jv = null;
429 verify = false;
430 }
431 }
432 }
433
434 /*
435 * Reads all the bytes for a given entry. Used to process the
436 * META-INF files.
437 */
438 private byte[] getBytes(ZipEntry ze) throws IOException {
439 try (InputStream is = super.getInputStream(ze)) {
440 int len = (int)ze.getSize();
441 byte[] b = is.readAllBytes();
442 if (len != -1 && b.length != len)
443 throw new EOFException("Expected:" + len + ", read:" + b.length);
444
445 return b;
446 }
447 }
448
449 /**
450 * Returns an input stream for reading the contents of the specified
451 * zip file entry.
452 * @param ze the zip file entry
453 * @return an input stream for reading the contents of the specified
454 * zip file entry
455 * @throws ZipException if a zip file format error has occurred
456 * @throws IOException if an I/O error has occurred
457 * @throws SecurityException if any of the jar file entries
458 * are incorrectly signed.
459 * @throws IllegalStateException
460 * may be thrown if the jar file has been closed
461 */
462 public synchronized InputStream getInputStream(ZipEntry ze)
463 throws IOException
464 {
465 maybeInstantiateVerifier();
|