1 /* 2 * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.util.jar; 27 28 import java.io.*; 29 import java.lang.ref.SoftReference; 30 import java.net.URL; 31 import java.util.*; 32 import java.util.stream.Stream; 33 import java.util.stream.StreamSupport; 34 import java.util.zip.*; 35 import java.security.CodeSigner; 36 import java.security.cert.Certificate; 37 import java.security.CodeSource; 38 import jdk.internal.misc.SharedSecrets; 39 import sun.security.action.GetPropertyAction; 40 import sun.security.util.ManifestEntryVerifier; 41 import sun.security.util.SignatureFileVerifier; 42 43 /** 44 * The {@code JarFile} class is used to read the contents of a jar file 45 * from any file that can be opened with {@code java.io.RandomAccessFile}. 46 * It extends the class {@code java.util.zip.ZipFile} with support 47 * for reading an optional {@code Manifest} entry, and support for 48 * processing multi-release jar files. The {@code Manifest} can be used 49 * to specify meta-information about the jar file and its entries. 50 * 51 * <p><a name="multirelease">A multi-release jar file</a> is a jar file that 52 * contains a manifest with a main attribute named "Multi-Release", 53 * a set of "base" entries, some of which are public classes with public 54 * or protected methods that comprise the public interface of the jar file, 55 * and a set of "versioned" entries contained in subdirectories of the 56 * "META-INF/versions" directory. The versioned entries are partitioned by the 57 * major version of the Java platform. A versioned entry, with a version 58 * {@code n}, {@code 8 < n}, in the "META-INF/versions/{n}" directory overrides 59 * the base entry as well as any entry with a version number {@code i} where 60 * {@code 8 < i < n}. 61 * 62 * <p>By default, a {@code JarFile} for a multi-release jar file is configured 63 * to process the multi-release jar file as if it were a plain (unversioned) jar 64 * file, and as such an entry name is associated with at most one base entry. 65 * The {@code JarFile} may be configured to process a multi-release jar file by 66 * creating the {@code JarFile} with the 67 * {@link JarFile#JarFile(File, boolean, int, Runtime.Version)} constructor. The 68 * {@code Runtime.Version} object sets a maximum version used when searching for 69 * versioned entries. When so configured, an entry name 70 * can correspond with at most one base entry and zero or more versioned 71 * entries. A search is required to associate the entry name with the latest 72 * versioned entry whose version is less than or equal to the maximum version 73 * (see {@link #getEntry(String)}). 74 * 75 * <p>Class loaders that utilize {@code JarFile} to load classes from the 76 * contents of {@code JarFile} entries should construct the {@code JarFile} 77 * by invoking the {@link JarFile#JarFile(File, boolean, int, Runtime.Version)} 78 * constructor with the value {@code Runtime.version()} assigned to the last 79 * argument. This assures that classes compatible with the major 80 * version of the running JVM are loaded from multi-release jar files. 81 * 82 * <p>If the verify flag is on when opening a signed jar file, the content of 83 * the file is verified against its signature embedded inside the file. Please 84 * note that the verification process does not include validating the signer's 85 * certificate. A caller should inspect the return value of 86 * {@link JarEntry#getCodeSigners()} to further determine if the signature 87 * can be trusted. 88 * 89 * <p> Unless otherwise noted, passing a {@code null} argument to a constructor 90 * or method in this class will cause a {@link NullPointerException} to be 91 * thrown. 92 * 93 * @implNote 94 * <div class="block"> 95 * If the API can not be used to configure a {@code JarFile} (e.g. to override 96 * the configuration of a compiled application or library), two {@code System} 97 * properties are available. 98 * <ul> 99 * <li> 100 * {@code jdk.util.jar.version} can be assigned a value that is the 101 * {@code String} representation of a non-negative integer 102 * {@code <= Runtime.version().major()}. The value is used to set the effective 103 * runtime version to something other than the default value obtained by 104 * evaluating {@code Runtime.version().major()}. The effective runtime version 105 * is the version that the {@link JarFile#JarFile(File, boolean, int, Runtime.Version)} 106 * constructor uses when the value of the last argument is 107 * {@code JarFile.runtimeVersion()}. 108 * </li> 109 * <li> 110 * {@code jdk.util.jar.enableMultiRelease} can be assigned one of the three 111 * {@code String} values <em>true</em>, <em>false</em>, or <em>force</em>. The 112 * value <em>true</em>, the default value, enables multi-release jar file 113 * processing. The value <em>false</em> disables multi-release jar processing, 114 * ignoring the "Multi-Release" manifest attribute, and the versioned 115 * directories in a multi-release jar file if they exist. Furthermore, 116 * the method {@link JarFile#isMultiRelease()} returns <em>false</em>. The value 117 * <em>force</em> causes the {@code JarFile} to be initialized to runtime 118 * versioning after construction. It effectively does the same as this code: 119 * {@code (new JarFile(File, boolean, int, JarFile.runtimeVersion())}. 120 * </li> 121 * </ul> 122 * </div> 123 * 124 * @author David Connelly 125 * @see Manifest 126 * @see java.util.zip.ZipFile 127 * @see java.util.jar.JarEntry 128 * @since 1.2 129 */ 130 public 131 class JarFile extends ZipFile { 132 private final static Runtime.Version BASE_VERSION; 133 private final static int BASE_VERSION_MAJOR; 134 private final static Runtime.Version RUNTIME_VERSION; 135 private final static boolean MULTI_RELEASE_ENABLED; 136 private final static boolean MULTI_RELEASE_FORCED; 137 private SoftReference<Manifest> manRef; 138 private JarEntry manEntry; 139 private JarVerifier jv; 140 private boolean jvInitialized; 141 private boolean verify; 142 private final Runtime.Version version; // current version 143 private final int versionMajor; // version.major() 144 private boolean isMultiRelease; // is jar multi-release? 145 146 // indicates if Class-Path attribute present 147 private boolean hasClassPathAttribute; 148 // true if manifest checked for special attributes 149 private volatile boolean hasCheckedSpecialAttributes; 150 151 static { 152 // Set up JavaUtilJarAccess in SharedSecrets 153 SharedSecrets.setJavaUtilJarAccess(new JavaUtilJarAccessImpl()); 154 // multi-release jar file versions >= 9 155 BASE_VERSION = Runtime.Version.parse(Integer.toString(8)); 156 BASE_VERSION_MAJOR = BASE_VERSION.major(); 157 String jarVersion = GetPropertyAction.privilegedGetProperty("jdk.util.jar.version"); 158 int runtimeVersion = Runtime.version().major(); 159 if (jarVersion != null) { 160 int jarVer = Integer.parseInt(jarVersion); 161 runtimeVersion = (jarVer > runtimeVersion) 162 ? runtimeVersion 163 : Math.max(jarVer, BASE_VERSION_MAJOR); 164 } 165 RUNTIME_VERSION = Runtime.Version.parse(Integer.toString(runtimeVersion)); 166 String enableMultiRelease = GetPropertyAction 167 .privilegedGetProperty("jdk.util.jar.enableMultiRelease", "true"); 168 switch (enableMultiRelease) { 169 case "true": 170 default: 171 MULTI_RELEASE_ENABLED = true; 172 MULTI_RELEASE_FORCED = false; 173 break; 174 case "false": 175 MULTI_RELEASE_ENABLED = false; 176 MULTI_RELEASE_FORCED = false; 177 break; 178 case "force": 179 MULTI_RELEASE_ENABLED = true; 180 MULTI_RELEASE_FORCED = true; 181 break; 182 } 183 } 184 185 private static final String META_INF = "META-INF/"; 186 187 private static final String META_INF_VERSIONS = META_INF + "versions/"; 188 189 /** 190 * The JAR manifest file name. 191 */ 192 public static final String MANIFEST_NAME = META_INF + "MANIFEST.MF"; 193 194 /** 195 * Returns the version that represents the unversioned configuration of a 196 * multi-release jar file. 197 * 198 * @return the version that represents the unversioned configuration 199 * 200 * @since 9 201 */ 202 public static Runtime.Version baseVersion() { 203 return BASE_VERSION; 204 } 205 206 /** 207 * Returns the version that represents the effective runtime versioned 208 * configuration of a multi-release jar file. 209 * <p> 210 * By default the major version number of the returned {@code Version} will 211 * be equal to the major version number of {@code Runtime.version()}. 212 * However, if the {@code jdk.util.jar.version} property is set, the 213 * returned {@code Version} is derived from that property and major version 214 * numbers may not be equal. 215 * 216 * @return the version that represents the runtime versioned configuration 217 * 218 * @since 9 219 */ 220 public static Runtime.Version runtimeVersion() { 221 return RUNTIME_VERSION; 222 } 223 224 /** 225 * Creates a new {@code JarFile} to read from the specified 226 * file {@code name}. The {@code JarFile} will be verified if 227 * it is signed. 228 * @param name the name of the jar file to be opened for reading 229 * @throws IOException if an I/O error has occurred 230 * @throws SecurityException if access to the file is denied 231 * by the SecurityManager 232 */ 233 public JarFile(String name) throws IOException { 234 this(new File(name), true, ZipFile.OPEN_READ); 235 } 236 237 /** 238 * Creates a new {@code JarFile} to read from the specified 239 * file {@code name}. 240 * @param name the name of the jar file to be opened for reading 241 * @param verify whether or not to verify the jar file if 242 * it is signed. 243 * @throws IOException if an I/O error has occurred 244 * @throws SecurityException if access to the file is denied 245 * by the SecurityManager 246 */ 247 public JarFile(String name, boolean verify) throws IOException { 248 this(new File(name), verify, ZipFile.OPEN_READ); 249 } 250 251 /** 252 * Creates a new {@code JarFile} to read from the specified 253 * {@code File} object. The {@code JarFile} will be verified if 254 * it is signed. 255 * @param file the jar file to be opened for reading 256 * @throws IOException if an I/O error has occurred 257 * @throws SecurityException if access to the file is denied 258 * by the SecurityManager 259 */ 260 public JarFile(File file) throws IOException { 261 this(file, true, ZipFile.OPEN_READ); 262 } 263 264 /** 265 * Creates a new {@code JarFile} to read from the specified 266 * {@code File} object. 267 * @param file the jar file to be opened for reading 268 * @param verify whether or not to verify the jar file if 269 * it is signed. 270 * @throws IOException if an I/O error has occurred 271 * @throws SecurityException if access to the file is denied 272 * by the SecurityManager. 273 */ 274 public JarFile(File file, boolean verify) throws IOException { 275 this(file, verify, ZipFile.OPEN_READ); 276 } 277 278 /** 279 * Creates a new {@code JarFile} to read from the specified 280 * {@code File} object in the specified mode. The mode argument 281 * must be either {@code OPEN_READ} or {@code OPEN_READ | OPEN_DELETE}. 282 * 283 * @param file the jar file to be opened for reading 284 * @param verify whether or not to verify the jar file if 285 * it is signed. 286 * @param mode the mode in which the file is to be opened 287 * @throws IOException if an I/O error has occurred 288 * @throws IllegalArgumentException 289 * if the {@code mode} argument is invalid 290 * @throws SecurityException if access to the file is denied 291 * by the SecurityManager 292 * @since 1.3 293 */ 294 public JarFile(File file, boolean verify, int mode) throws IOException { 295 this(file, verify, mode, BASE_VERSION); 296 } 297 298 /** 299 * Creates a new {@code JarFile} to read from the specified 300 * {@code File} object in the specified mode. The mode argument 301 * must be either {@code OPEN_READ} or {@code OPEN_READ | OPEN_DELETE}. 302 * The version argument, after being converted to a canonical form, is 303 * used to configure the {@code JarFile} for processing 304 * multi-release jar files. 305 * <p> 306 * The canonical form derived from the version parameter is 307 * {@code Runtime.Version.parse(Integer.toString(n))} where {@code n} is 308 * {@code Math.max(version.major(), JarFile.baseVersion().major())}. 309 * 310 * @param file the jar file to be opened for reading 311 * @param verify whether or not to verify the jar file if 312 * it is signed. 313 * @param mode the mode in which the file is to be opened 314 * @param version specifies the release version for a multi-release jar file 315 * @throws IOException if an I/O error has occurred 316 * @throws IllegalArgumentException 317 * if the {@code mode} argument is invalid 318 * @throws SecurityException if access to the file is denied 319 * by the SecurityManager 320 * @throws NullPointerException if {@code version} is {@code null} 321 * @since 9 322 */ 323 public JarFile(File file, boolean verify, int mode, Runtime.Version version) throws IOException { 324 super(file, mode); 325 this.verify = verify; 326 Objects.requireNonNull(version); 327 if (MULTI_RELEASE_FORCED || version.major() == RUNTIME_VERSION.major()) { 328 // This deals with the common case where the value from JarFile.runtimeVersion() is passed 329 this.version = RUNTIME_VERSION; 330 } else if (version.major() <= BASE_VERSION_MAJOR) { 331 // This also deals with the common case where the value from JarFile.baseVersion() is passed 332 this.version = BASE_VERSION; 333 } else { 334 // Canonicalize 335 this.version = Runtime.Version.parse(Integer.toString(version.major())); 336 } 337 this.versionMajor = this.version.major(); 338 } 339 340 /** 341 * Returns the maximum version used when searching for versioned entries. 342 * <p> 343 * If this {@code JarFile} is not a multi-release jar file or is not 344 * configured to be processed as such, then the version returned will be the 345 * same as that returned from {@link #baseVersion()}. 346 * 347 * @return the maximum version 348 * @since 9 349 */ 350 public final Runtime.Version getVersion() { 351 return isMultiRelease() ? this.version : BASE_VERSION; 352 } 353 354 /** 355 * Indicates whether or not this jar file is a multi-release jar file. 356 * 357 * @return true if this JarFile is a multi-release jar file 358 * @since 9 359 */ 360 public final boolean isMultiRelease() { 361 if (isMultiRelease) { 362 return true; 363 } 364 if (MULTI_RELEASE_ENABLED) { 365 try { 366 checkForSpecialAttributes(); 367 } catch (IOException io) { 368 isMultiRelease = false; 369 } 370 } 371 return isMultiRelease; 372 } 373 374 /** 375 * Returns the jar file manifest, or {@code null} if none. 376 * 377 * @return the jar file manifest, or {@code null} if none 378 * 379 * @throws IllegalStateException 380 * may be thrown if the jar file has been closed 381 * @throws IOException if an I/O error has occurred 382 */ 383 public Manifest getManifest() throws IOException { 384 return getManifestFromReference(); 385 } 386 387 private Manifest getManifestFromReference() throws IOException { 388 Manifest man = manRef != null ? manRef.get() : null; 389 390 if (man == null) { 391 392 JarEntry manEntry = getManEntry(); 393 394 // If found then load the manifest 395 if (manEntry != null) { 396 if (verify) { 397 byte[] b = getBytes(manEntry); 398 man = new Manifest(new ByteArrayInputStream(b)); 399 if (!jvInitialized) { 400 jv = new JarVerifier(b); 401 } 402 } else { 403 man = new Manifest(super.getInputStream(manEntry)); 404 } 405 manRef = new SoftReference<>(man); 406 } 407 } 408 return man; 409 } 410 411 private String[] getMetaInfEntryNames() { 412 return jdk.internal.misc.SharedSecrets.getJavaUtilZipFileAccess() 413 .getMetaInfEntryNames((ZipFile)this); 414 } 415 416 /** 417 * Returns the {@code JarEntry} for the given base entry name or 418 * {@code null} if not found. 419 * 420 * <p>If this {@code JarFile} is a multi-release jar file and is configured 421 * to be processed as such, then a search is performed to find and return 422 * a {@code JarEntry} that is the latest versioned entry associated with the 423 * given entry name. The returned {@code JarEntry} is the versioned entry 424 * corresponding to the given base entry name prefixed with the string 425 * {@code "META-INF/versions/{n}/"}, for the largest value of {@code n} for 426 * which an entry exists. If such a versioned entry does not exist, then 427 * the {@code JarEntry} for the base entry is returned, otherwise 428 * {@code null} is returned if no entries are found. The initial value for 429 * the version {@code n} is the maximum version as returned by the method 430 * {@link JarFile#getVersion()}. 431 * 432 * @param name the jar file entry name 433 * @return the {@code JarEntry} for the given entry name, or 434 * the versioned entry name, or {@code null} if not found 435 * 436 * @throws IllegalStateException 437 * may be thrown if the jar file has been closed 438 * 439 * @see java.util.jar.JarEntry 440 * 441 * @implSpec 442 * <div class="block"> 443 * This implementation invokes {@link JarFile#getEntry(String)}. 444 * </div> 445 */ 446 public JarEntry getJarEntry(String name) { 447 return (JarEntry)getEntry(name); 448 } 449 450 /** 451 * Returns the {@code ZipEntry} for the given base entry name or 452 * {@code null} if not found. 453 * 454 * <p>If this {@code JarFile} is a multi-release jar file and is configured 455 * to be processed as such, then a search is performed to find and return 456 * a {@code ZipEntry} that is the latest versioned entry associated with the 457 * given entry name. The returned {@code ZipEntry} is the versioned entry 458 * corresponding to the given base entry name prefixed with the string 459 * {@code "META-INF/versions/{n}/"}, for the largest value of {@code n} for 460 * which an entry exists. If such a versioned entry does not exist, then 461 * the {@code ZipEntry} for the base entry is returned, otherwise 462 * {@code null} is returned if no entries are found. The initial value for 463 * the version {@code n} is the maximum version as returned by the method 464 * {@link JarFile#getVersion()}. 465 * 466 * @param name the jar file entry name 467 * @return the {@code ZipEntry} for the given entry name or 468 * the versioned entry name or {@code null} if not found 469 * 470 * @throws IllegalStateException 471 * may be thrown if the jar file has been closed 472 * 473 * @see java.util.zip.ZipEntry 474 * 475 * @implSpec 476 * <div class="block"> 477 * This implementation may return a versioned entry for the requested name 478 * even if there is not a corresponding base entry. This can occur 479 * if there is a private or package-private versioned entry that matches. 480 * If a subclass overrides this method, assure that the override method 481 * invokes {@code super.getEntry(name)} to obtain all versioned entries. 482 * </div> 483 */ 484 public ZipEntry getEntry(String name) { 485 ZipEntry ze = super.getEntry(name); 486 if (ze != null) { 487 return new JarFileEntry(ze); 488 } 489 // no matching base entry, but maybe there is a versioned entry, 490 // like a new private class 491 if (isMultiRelease()) { 492 ze = new ZipEntry(name); 493 ZipEntry vze = getVersionedEntry(ze); 494 if (ze != vze) { 495 return new JarFileEntry(name, vze); 496 } 497 } 498 return null; 499 } 500 501 private class JarEntryIterator implements Enumeration<JarEntry>, 502 Iterator<JarEntry> 503 { 504 final Enumeration<? extends ZipEntry> e = JarFile.super.entries(); 505 506 public boolean hasNext() { 507 return e.hasMoreElements(); 508 } 509 510 public JarEntry next() { 511 ZipEntry ze = e.nextElement(); 512 return new JarFileEntry(ze.getName(), ze); 513 } 514 515 public boolean hasMoreElements() { 516 return hasNext(); 517 } 518 519 public JarEntry nextElement() { 520 return next(); 521 } 522 523 public Iterator<JarEntry> asIterator() { 524 return this; 525 } 526 } 527 528 /** 529 * Returns an enumeration of the jar file entries. 530 * 531 * @return an enumeration of the jar file entries 532 * @throws IllegalStateException 533 * may be thrown if the jar file has been closed 534 */ 535 public Enumeration<JarEntry> entries() { 536 return new JarEntryIterator(); 537 } 538 539 /** 540 * Returns an ordered {@code Stream} over the jar file entries. 541 * Entries appear in the {@code Stream} in the order they appear in 542 * the central directory of the jar file. 543 * 544 * @return an ordered {@code Stream} of entries in this jar file 545 * @throws IllegalStateException if the jar file has been closed 546 * @since 1.8 547 */ 548 public Stream<JarEntry> stream() { 549 return StreamSupport.stream(Spliterators.spliterator( 550 new JarEntryIterator(), size(), 551 Spliterator.ORDERED | Spliterator.DISTINCT | 552 Spliterator.IMMUTABLE | Spliterator.NONNULL), false); 553 } 554 555 private ZipEntry searchForVersionedEntry(final int version, String name) { 556 ZipEntry vze = null; 557 String sname = "/" + name; 558 int i = version; 559 while (i > BASE_VERSION_MAJOR) { 560 vze = super.getEntry(META_INF_VERSIONS + i + sname); 561 if (vze != null) break; 562 i--; 563 } 564 return vze; 565 } 566 567 private ZipEntry getVersionedEntry(ZipEntry ze) { 568 ZipEntry vze = null; 569 if (BASE_VERSION_MAJOR < versionMajor) { 570 String name = ze.getName(); 571 if (!name.startsWith(META_INF)) { 572 vze = searchForVersionedEntry(versionMajor, name); 573 } 574 } 575 return vze == null ? ze : vze; 576 } 577 578 /** 579 * Returns the real name of a {@code JarEntry}. If this {@code JarFile} is 580 * a multi-release jar file and is configured to be processed as such, the 581 * name returned by this method is the path name of the versioned entry 582 * that the {@code JarEntry} represents, rather than the path name of the 583 * base entry that {@link JarEntry#getName()} returns. If the 584 * {@code JarEntry} does not represent a versioned entry, or the 585 * jar file is not a multi-release jar file or {@code JarFile} is not 586 * configured for processing a multi-release jar file, this method returns 587 * the same name that {@link JarEntry#getName()} returns. 588 * 589 * @param entry the JarEntry 590 * @return the real name of the JarEntry 591 * @since 9 592 */ 593 String getRealName(JarEntry entry) { 594 if (entry instanceof JarFileEntry) { 595 return ((JarFileEntry)entry).realName(); 596 } 597 return entry.getName(); 598 } 599 600 private class JarFileEntry extends JarEntry { 601 final private String name; 602 603 JarFileEntry(ZipEntry ze) { 604 super(isMultiRelease() ? getVersionedEntry(ze) : ze); 605 this.name = ze.getName(); 606 } 607 JarFileEntry(String name, ZipEntry vze) { 608 super(vze); 609 this.name = name; 610 } 611 public Attributes getAttributes() throws IOException { 612 Manifest man = JarFile.this.getManifest(); 613 if (man != null) { 614 return man.getAttributes(super.getName()); 615 } else { 616 return null; 617 } 618 } 619 public Certificate[] getCertificates() { 620 try { 621 maybeInstantiateVerifier(); 622 } catch (IOException e) { 623 throw new RuntimeException(e); 624 } 625 if (certs == null && jv != null) { 626 certs = jv.getCerts(JarFile.this, realEntry()); 627 } 628 return certs == null ? null : certs.clone(); 629 } 630 public CodeSigner[] getCodeSigners() { 631 try { 632 maybeInstantiateVerifier(); 633 } catch (IOException e) { 634 throw new RuntimeException(e); 635 } 636 if (signers == null && jv != null) { 637 signers = jv.getCodeSigners(JarFile.this, realEntry()); 638 } 639 return signers == null ? null : signers.clone(); 640 } 641 JarFileEntry realEntry() { 642 if (isMultiRelease() && versionMajor != BASE_VERSION_MAJOR) { 643 String entryName = super.getName(); 644 return entryName.equals(this.name) ? this : new JarFileEntry(entryName, this); 645 } 646 return this; 647 } 648 String realName() { 649 return super.getName(); 650 } 651 652 @Override 653 public String getName() { 654 return name; 655 } 656 } 657 658 /* 659 * Ensures that the JarVerifier has been created if one is 660 * necessary (i.e., the jar appears to be signed.) This is done as 661 * a quick check to avoid processing of the manifest for unsigned 662 * jars. 663 */ 664 private void maybeInstantiateVerifier() throws IOException { 665 if (jv != null) { 666 return; 667 } 668 669 if (verify) { 670 String[] names = getMetaInfEntryNames(); 671 if (names != null) { 672 for (String nameLower : names) { 673 String name = nameLower.toUpperCase(Locale.ENGLISH); 674 if (name.endsWith(".DSA") || 675 name.endsWith(".RSA") || 676 name.endsWith(".EC") || 677 name.endsWith(".SF")) { 678 // Assume since we found a signature-related file 679 // that the jar is signed and that we therefore 680 // need a JarVerifier and Manifest 681 getManifest(); 682 return; 683 } 684 } 685 } 686 // No signature-related files; don't instantiate a 687 // verifier 688 verify = false; 689 } 690 } 691 692 693 /* 694 * Initializes the verifier object by reading all the manifest 695 * entries and passing them to the verifier. 696 */ 697 private void initializeVerifier() { 698 ManifestEntryVerifier mev = null; 699 700 // Verify "META-INF/" entries... 701 try { 702 String[] names = getMetaInfEntryNames(); 703 if (names != null) { 704 for (String name : names) { 705 String uname = name.toUpperCase(Locale.ENGLISH); 706 if (MANIFEST_NAME.equals(uname) 707 || SignatureFileVerifier.isBlockOrSF(uname)) { 708 JarEntry e = getJarEntry(name); 709 if (e == null) { 710 throw new JarException("corrupted jar file"); 711 } 712 if (mev == null) { 713 mev = new ManifestEntryVerifier 714 (getManifestFromReference()); 715 } 716 byte[] b = getBytes(e); 717 if (b != null && b.length > 0) { 718 jv.beginEntry(e, mev); 719 jv.update(b.length, b, 0, b.length, mev); 720 jv.update(-1, null, 0, 0, mev); 721 } 722 } 723 } 724 } 725 } catch (IOException ex) { 726 // if we had an error parsing any blocks, just 727 // treat the jar file as being unsigned 728 jv = null; 729 verify = false; 730 if (JarVerifier.debug != null) { 731 JarVerifier.debug.println("jarfile parsing error!"); 732 ex.printStackTrace(); 733 } 734 } 735 736 // if after initializing the verifier we have nothing 737 // signed, we null it out. 738 739 if (jv != null) { 740 741 jv.doneWithMeta(); 742 if (JarVerifier.debug != null) { 743 JarVerifier.debug.println("done with meta!"); 744 } 745 746 if (jv.nothingToVerify()) { 747 if (JarVerifier.debug != null) { 748 JarVerifier.debug.println("nothing to verify!"); 749 } 750 jv = null; 751 verify = false; 752 } 753 } 754 } 755 756 /* 757 * Reads all the bytes for a given entry. Used to process the 758 * META-INF files. 759 */ 760 private byte[] getBytes(ZipEntry ze) throws IOException { 761 try (InputStream is = super.getInputStream(ze)) { 762 int len = (int)ze.getSize(); 763 int bytesRead; 764 byte[] b; 765 // trust specified entry sizes when reasonably small 766 if (len != -1 && len <= 65535) { 767 b = new byte[len]; 768 bytesRead = is.readNBytes(b, 0, len); 769 } else { 770 b = is.readAllBytes(); 771 bytesRead = b.length; 772 } 773 if (len != -1 && len != bytesRead) { 774 throw new EOFException("Expected:" + len + ", read:" + bytesRead); 775 } 776 return b; 777 } 778 } 779 780 /** 781 * Returns an input stream for reading the contents of the specified 782 * zip file entry. 783 * @param ze the zip file entry 784 * @return an input stream for reading the contents of the specified 785 * zip file entry 786 * @throws ZipException if a zip file format error has occurred 787 * @throws IOException if an I/O error has occurred 788 * @throws SecurityException if any of the jar file entries 789 * are incorrectly signed. 790 * @throws IllegalStateException 791 * may be thrown if the jar file has been closed 792 */ 793 public synchronized InputStream getInputStream(ZipEntry ze) 794 throws IOException 795 { 796 maybeInstantiateVerifier(); 797 if (jv == null) { 798 return super.getInputStream(ze); 799 } 800 if (!jvInitialized) { 801 initializeVerifier(); 802 jvInitialized = true; 803 // could be set to null after a call to 804 // initializeVerifier if we have nothing to 805 // verify 806 if (jv == null) 807 return super.getInputStream(ze); 808 } 809 810 // wrap a verifier stream around the real stream 811 return new JarVerifier.VerifierStream( 812 getManifestFromReference(), 813 verifiableEntry(ze), 814 super.getInputStream(ze), 815 jv); 816 } 817 818 private JarEntry verifiableEntry(ZipEntry ze) { 819 if (ze instanceof JarFileEntry) { 820 // assure the name and entry match for verification 821 return ((JarFileEntry)ze).realEntry(); 822 } 823 ze = getJarEntry(ze.getName()); 824 if (ze instanceof JarFileEntry) { 825 return ((JarFileEntry)ze).realEntry(); 826 } 827 return (JarEntry)ze; 828 } 829 830 // Statics for hand-coded Boyer-Moore search 831 private static final byte[] CLASSPATH_CHARS = 832 {'C','L','A','S','S','-','P','A','T','H', ':', ' '}; 833 834 // The bad character shift for "class-path: " 835 private static final byte[] CLASSPATH_LASTOCC; 836 837 // The good suffix shift for "class-path: " 838 private static final byte[] CLASSPATH_OPTOSFT; 839 840 private static final byte[] MULTIRELEASE_CHARS = 841 {'M','U','L','T','I','-','R','E','L','E', 'A', 'S', 'E', ':', 842 ' ', 'T', 'R', 'U', 'E'}; 843 844 // The bad character shift for "multi-release: true" 845 private static final byte[] MULTIRELEASE_LASTOCC; 846 847 // The good suffix shift for "multi-release: true" 848 private static final byte[] MULTIRELEASE_OPTOSFT; 849 850 static { 851 CLASSPATH_LASTOCC = new byte[64]; 852 CLASSPATH_OPTOSFT = new byte[12]; 853 CLASSPATH_LASTOCC[(int)'C' - 32] = 1; 854 CLASSPATH_LASTOCC[(int)'L' - 32] = 2; 855 CLASSPATH_LASTOCC[(int)'S' - 32] = 5; 856 CLASSPATH_LASTOCC[(int)'-' - 32] = 6; 857 CLASSPATH_LASTOCC[(int)'P' - 32] = 7; 858 CLASSPATH_LASTOCC[(int)'A' - 32] = 8; 859 CLASSPATH_LASTOCC[(int)'T' - 32] = 9; 860 CLASSPATH_LASTOCC[(int)'H' - 32] = 10; 861 CLASSPATH_LASTOCC[(int)':' - 32] = 11; 862 CLASSPATH_LASTOCC[(int)' ' - 32] = 12; 863 for (int i = 0; i < 11; i++) { 864 CLASSPATH_OPTOSFT[i] = 12; 865 } 866 CLASSPATH_OPTOSFT[11] = 1; 867 868 MULTIRELEASE_LASTOCC = new byte[64]; 869 MULTIRELEASE_OPTOSFT = new byte[19]; 870 MULTIRELEASE_LASTOCC[(int)'M' - 32] = 1; 871 MULTIRELEASE_LASTOCC[(int)'I' - 32] = 5; 872 MULTIRELEASE_LASTOCC[(int)'-' - 32] = 6; 873 MULTIRELEASE_LASTOCC[(int)'L' - 32] = 9; 874 MULTIRELEASE_LASTOCC[(int)'A' - 32] = 11; 875 MULTIRELEASE_LASTOCC[(int)'S' - 32] = 12; 876 MULTIRELEASE_LASTOCC[(int)':' - 32] = 14; 877 MULTIRELEASE_LASTOCC[(int)' ' - 32] = 15; 878 MULTIRELEASE_LASTOCC[(int)'T' - 32] = 16; 879 MULTIRELEASE_LASTOCC[(int)'R' - 32] = 17; 880 MULTIRELEASE_LASTOCC[(int)'U' - 32] = 18; 881 MULTIRELEASE_LASTOCC[(int)'E' - 32] = 19; 882 for (int i = 0; i < 17; i++) { 883 MULTIRELEASE_OPTOSFT[i] = 19; 884 } 885 MULTIRELEASE_OPTOSFT[17] = 6; 886 MULTIRELEASE_OPTOSFT[18] = 1; 887 } 888 889 private JarEntry getManEntry() { 890 if (manEntry == null) { 891 // First look up manifest entry using standard name 892 ZipEntry manEntry = super.getEntry(MANIFEST_NAME); 893 if (manEntry == null) { 894 // If not found, then iterate through all the "META-INF/" 895 // entries to find a match. 896 String[] names = getMetaInfEntryNames(); 897 if (names != null) { 898 for (String name : names) { 899 if (MANIFEST_NAME.equals(name.toUpperCase(Locale.ENGLISH))) { 900 manEntry = super.getEntry(name); 901 break; 902 } 903 } 904 } 905 } 906 this.manEntry = (manEntry == null) 907 ? null 908 : new JarFileEntry(manEntry.getName(), manEntry); 909 } 910 return manEntry; 911 } 912 913 /** 914 * Returns {@code true} iff this JAR file has a manifest with the 915 * Class-Path attribute 916 */ 917 boolean hasClassPathAttribute() throws IOException { 918 checkForSpecialAttributes(); 919 return hasClassPathAttribute; 920 } 921 922 /** 923 * Returns true if the pattern {@code src} is found in {@code b}. 924 * The {@code lastOcc} array is the precomputed bad character shifts. 925 * Since there are no repeated substring in our search strings, 926 * the good suffix shifts can be replaced with a comparison. 927 */ 928 private int match(byte[] src, byte[] b, byte[] lastOcc, byte[] optoSft) { 929 int len = src.length; 930 int last = b.length - len; 931 int i = 0; 932 next: 933 while (i <= last) { 934 for (int j = (len - 1); j >= 0; j--) { 935 byte c = b[i + j]; 936 if (c >= ' ' && c <= 'z') { 937 if (c >= 'a') c -= 32; // Canonicalize 938 939 if (c != src[j]) { 940 // no match 941 int badShift = lastOcc[c - 32]; 942 i += Math.max(j + 1 - badShift, optoSft[j]); 943 continue next; 944 } 945 } else { 946 // no match, character not valid for name 947 i += len; 948 continue next; 949 } 950 } 951 return i; 952 } 953 return -1; 954 } 955 956 /** 957 * On first invocation, check if the JAR file has the Class-Path 958 * and the Multi-Release attribute. A no-op on subsequent calls. 959 */ 960 private void checkForSpecialAttributes() throws IOException { 961 if (hasCheckedSpecialAttributes) { 962 return; 963 } 964 synchronized (this) { 965 if (hasCheckedSpecialAttributes) { 966 return; 967 } 968 JarEntry manEntry = getManEntry(); 969 if (manEntry != null) { 970 byte[] b = getBytes(manEntry); 971 hasClassPathAttribute = match(CLASSPATH_CHARS, b, 972 CLASSPATH_LASTOCC, CLASSPATH_OPTOSFT) != -1; 973 // is this a multi-release jar file 974 if (MULTI_RELEASE_ENABLED) { 975 int i = match(MULTIRELEASE_CHARS, b, MULTIRELEASE_LASTOCC, 976 MULTIRELEASE_OPTOSFT); 977 if (i != -1) { 978 i += MULTIRELEASE_CHARS.length; 979 if (i < b.length) { 980 byte c = b[i++]; 981 // Check that the value is followed by a newline 982 // and does not have a continuation 983 if (c == '\n' && 984 (i == b.length || b[i] != ' ')) { 985 isMultiRelease = true; 986 } else if (c == '\r') { 987 if (i == b.length) { 988 isMultiRelease = true; 989 } else { 990 c = b[i++]; 991 if (c == '\n') { 992 if (i == b.length || b[i] != ' ') { 993 isMultiRelease = true; 994 } 995 } else if (c != ' ') { 996 isMultiRelease = true; 997 } 998 } 999 } 1000 } 1001 } 1002 } 1003 } 1004 hasCheckedSpecialAttributes = true; 1005 } 1006 } 1007 1008 private synchronized void ensureInitialization() { 1009 try { 1010 maybeInstantiateVerifier(); 1011 } catch (IOException e) { 1012 throw new RuntimeException(e); 1013 } 1014 if (jv != null && !jvInitialized) { 1015 initializeVerifier(); 1016 jvInitialized = true; 1017 } 1018 } 1019 1020 JarEntry newEntry(ZipEntry ze) { 1021 return new JarFileEntry(ze); 1022 } 1023 1024 Enumeration<String> entryNames(CodeSource[] cs) { 1025 ensureInitialization(); 1026 if (jv != null) { 1027 return jv.entryNames(this, cs); 1028 } 1029 1030 /* 1031 * JAR file has no signed content. Is there a non-signing 1032 * code source? 1033 */ 1034 boolean includeUnsigned = false; 1035 for (CodeSource c : cs) { 1036 if (c.getCodeSigners() == null) { 1037 includeUnsigned = true; 1038 break; 1039 } 1040 } 1041 if (includeUnsigned) { 1042 return unsignedEntryNames(); 1043 } else { 1044 return new Enumeration<>() { 1045 1046 public boolean hasMoreElements() { 1047 return false; 1048 } 1049 1050 public String nextElement() { 1051 throw new NoSuchElementException(); 1052 } 1053 }; 1054 } 1055 } 1056 1057 /** 1058 * Returns an enumeration of the zip file entries 1059 * excluding internal JAR mechanism entries and including 1060 * signed entries missing from the ZIP directory. 1061 */ 1062 Enumeration<JarEntry> entries2() { 1063 ensureInitialization(); 1064 if (jv != null) { 1065 return jv.entries2(this, super.entries()); 1066 } 1067 1068 // screen out entries which are never signed 1069 final Enumeration<? extends ZipEntry> enum_ = super.entries(); 1070 return new Enumeration<>() { 1071 1072 ZipEntry entry; 1073 1074 public boolean hasMoreElements() { 1075 if (entry != null) { 1076 return true; 1077 } 1078 while (enum_.hasMoreElements()) { 1079 ZipEntry ze = enum_.nextElement(); 1080 if (JarVerifier.isSigningRelated(ze.getName())) { 1081 continue; 1082 } 1083 entry = ze; 1084 return true; 1085 } 1086 return false; 1087 } 1088 1089 public JarFileEntry nextElement() { 1090 if (hasMoreElements()) { 1091 ZipEntry ze = entry; 1092 entry = null; 1093 return new JarFileEntry(ze); 1094 } 1095 throw new NoSuchElementException(); 1096 } 1097 }; 1098 } 1099 1100 CodeSource[] getCodeSources(URL url) { 1101 ensureInitialization(); 1102 if (jv != null) { 1103 return jv.getCodeSources(this, url); 1104 } 1105 1106 /* 1107 * JAR file has no signed content. Is there a non-signing 1108 * code source? 1109 */ 1110 Enumeration<String> unsigned = unsignedEntryNames(); 1111 if (unsigned.hasMoreElements()) { 1112 return new CodeSource[]{JarVerifier.getUnsignedCS(url)}; 1113 } else { 1114 return null; 1115 } 1116 } 1117 1118 private Enumeration<String> unsignedEntryNames() { 1119 final Enumeration<JarEntry> entries = entries(); 1120 return new Enumeration<>() { 1121 1122 String name; 1123 1124 /* 1125 * Grab entries from ZIP directory but screen out 1126 * metadata. 1127 */ 1128 public boolean hasMoreElements() { 1129 if (name != null) { 1130 return true; 1131 } 1132 while (entries.hasMoreElements()) { 1133 String value; 1134 ZipEntry e = entries.nextElement(); 1135 value = e.getName(); 1136 if (e.isDirectory() || JarVerifier.isSigningRelated(value)) { 1137 continue; 1138 } 1139 name = value; 1140 return true; 1141 } 1142 return false; 1143 } 1144 1145 public String nextElement() { 1146 if (hasMoreElements()) { 1147 String value = name; 1148 name = null; 1149 return value; 1150 } 1151 throw new NoSuchElementException(); 1152 } 1153 }; 1154 } 1155 1156 CodeSource getCodeSource(URL url, String name) { 1157 ensureInitialization(); 1158 if (jv != null) { 1159 if (jv.eagerValidation) { 1160 CodeSource cs = null; 1161 JarEntry je = getJarEntry(name); 1162 if (je != null) { 1163 cs = jv.getCodeSource(url, this, je); 1164 } else { 1165 cs = jv.getCodeSource(url, name); 1166 } 1167 return cs; 1168 } else { 1169 return jv.getCodeSource(url, name); 1170 } 1171 } 1172 1173 return JarVerifier.getUnsignedCS(url); 1174 } 1175 1176 void setEagerValidation(boolean eager) { 1177 try { 1178 maybeInstantiateVerifier(); 1179 } catch (IOException e) { 1180 throw new RuntimeException(e); 1181 } 1182 if (jv != null) { 1183 jv.setEagerValidation(eager); 1184 } 1185 } 1186 1187 List<Object> getManifestDigests() { 1188 ensureInitialization(); 1189 if (jv != null) { 1190 return jv.getManifestDigests(); 1191 } 1192 return new ArrayList<>(); 1193 } 1194 }