1 /* 2 * Copyright (c) 1997, 2020, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.util.jar; 27 28 import jdk.internal.access.SharedSecrets; 29 import jdk.internal.access.JavaUtilZipFileAccess; 30 import sun.security.action.GetPropertyAction; 31 import sun.security.util.ManifestEntryVerifier; 32 import sun.security.util.SignatureFileVerifier; 33 34 import java.io.ByteArrayInputStream; 35 import java.io.EOFException; 36 import java.io.File; 37 import java.io.IOException; 38 import java.io.InputStream; 39 import java.lang.ref.SoftReference; 40 import java.net.URL; 41 import java.security.CodeSigner; 42 import java.security.CodeSource; 43 import java.security.cert.Certificate; 44 import java.util.ArrayList; 45 import java.util.Collections; 46 import java.util.Enumeration; 47 import java.util.List; 48 import java.util.Locale; 49 import java.util.NoSuchElementException; 50 import java.util.Objects; 51 import java.util.function.Function; 52 import java.util.stream.Stream; 53 import java.util.zip.ZipEntry; 54 import java.util.zip.ZipException; 55 import java.util.zip.ZipFile; 56 57 /** 58 * The {@code JarFile} class is used to read the contents of a jar file 59 * from any file that can be opened with {@code java.io.RandomAccessFile}. 60 * It extends the class {@code java.util.zip.ZipFile} with support 61 * for reading an optional {@code Manifest} entry, and support for 62 * processing multi-release jar files. The {@code Manifest} can be used 63 * to specify meta-information about the jar file and its entries. 64 * 65 * <p><a id="multirelease">A multi-release jar file</a> is a jar file that 66 * contains a manifest with a main attribute named "Multi-Release", 67 * a set of "base" entries, some of which are public classes with public 68 * or protected methods that comprise the public interface of the jar file, 69 * and a set of "versioned" entries contained in subdirectories of the 70 * "META-INF/versions" directory. The versioned entries are partitioned by the 71 * major version of the Java platform. A versioned entry, with a version 72 * {@code n}, {@code 8 < n}, in the "META-INF/versions/{n}" directory overrides 73 * the base entry as well as any entry with a version number {@code i} where 74 * {@code 8 < i < n}. 75 * 76 * <p>By default, a {@code JarFile} for a multi-release jar file is configured 77 * to process the multi-release jar file as if it were a plain (unversioned) jar 78 * file, and as such an entry name is associated with at most one base entry. 79 * The {@code JarFile} may be configured to process a multi-release jar file by 80 * creating the {@code JarFile} with the 81 * {@link JarFile#JarFile(File, boolean, int, Runtime.Version)} constructor. The 82 * {@code Runtime.Version} object sets a maximum version used when searching for 83 * versioned entries. When so configured, an entry name 84 * can correspond with at most one base entry and zero or more versioned 85 * entries. A search is required to associate the entry name with the latest 86 * versioned entry whose version is less than or equal to the maximum version 87 * (see {@link #getEntry(String)}). 88 * 89 * <p>Class loaders that utilize {@code JarFile} to load classes from the 90 * contents of {@code JarFile} entries should construct the {@code JarFile} 91 * by invoking the {@link JarFile#JarFile(File, boolean, int, Runtime.Version)} 92 * constructor with the value {@code Runtime.version()} assigned to the last 93 * argument. This assures that classes compatible with the major 94 * version of the running JVM are loaded from multi-release jar files. 95 * 96 * <p> If the {@code verify} flag is on when opening a signed jar file, the content 97 * of the jar entry is verified against the signature embedded inside the manifest 98 * that is associated with its {@link JarEntry#getRealName() path name}. For a 99 * multi-release jar file, the content of a versioned entry is verfieid against 100 * its own signature and {@link JarEntry#getCodeSigners()} returns its own signers. 101 * 102 * Please note that the verification process does not include validating the 103 * signer's certificate. A caller should inspect the return value of 104 * {@link JarEntry#getCodeSigners()} to further determine if the signature 105 * can be trusted. 106 * 107 * <p> Unless otherwise noted, passing a {@code null} argument to a constructor 108 * or method in this class will cause a {@link NullPointerException} to be 109 * thrown. 110 * 111 * @implNote 112 * <div class="block"> 113 * If the API can not be used to configure a {@code JarFile} (e.g. to override 114 * the configuration of a compiled application or library), two {@code System} 115 * properties are available. 116 * <ul> 117 * <li> 118 * {@code jdk.util.jar.version} can be assigned a value that is the 119 * {@code String} representation of a non-negative integer 120 * {@code <= Runtime.version().feature()}. The value is used to set the effective 121 * runtime version to something other than the default value obtained by 122 * evaluating {@code Runtime.version().feature()}. The effective runtime version 123 * is the version that the {@link JarFile#JarFile(File, boolean, int, Runtime.Version)} 124 * constructor uses when the value of the last argument is 125 * {@code JarFile.runtimeVersion()}. 126 * </li> 127 * <li> 128 * {@code jdk.util.jar.enableMultiRelease} can be assigned one of the three 129 * {@code String} values <em>true</em>, <em>false</em>, or <em>force</em>. The 130 * value <em>true</em>, the default value, enables multi-release jar file 131 * processing. The value <em>false</em> disables multi-release jar processing, 132 * ignoring the "Multi-Release" manifest attribute, and the versioned 133 * directories in a multi-release jar file if they exist. Furthermore, 134 * the method {@link JarFile#isMultiRelease()} returns <em>false</em>. The value 135 * <em>force</em> causes the {@code JarFile} to be initialized to runtime 136 * versioning after construction. It effectively does the same as this code: 137 * {@code (new JarFile(File, boolean, int, JarFile.runtimeVersion())}. 138 * </li> 139 * </ul> 140 * </div> 141 * 142 * @author David Connelly 143 * @see Manifest 144 * @see java.util.zip.ZipFile 145 * @see java.util.jar.JarEntry 146 * @since 1.2 147 */ 148 public class JarFile extends ZipFile { 149 private static final Runtime.Version BASE_VERSION; 150 private static final int BASE_VERSION_FEATURE; 151 private static final Runtime.Version RUNTIME_VERSION; 152 private static final boolean MULTI_RELEASE_ENABLED; 153 private static final boolean MULTI_RELEASE_FORCED; 154 private static final ThreadLocal<Boolean> isInitializing = new ThreadLocal<>(); 155 156 private SoftReference<Manifest> manRef; 157 private JarEntry manEntry; 158 private JarVerifier jv; 159 private boolean jvInitialized; 160 private boolean verify; 161 private final Runtime.Version version; // current version 162 private final int versionFeature; // version.feature() 163 private boolean isMultiRelease; // is jar multi-release? 164 165 // indicates if Class-Path attribute present 166 private boolean hasClassPathAttribute; 167 // true if manifest checked for special attributes 168 private volatile boolean hasCheckedSpecialAttributes; 169 170 private static final JavaUtilZipFileAccess JUZFA; 171 172 static { 173 // Set up JavaUtilJarAccess in SharedSecrets 174 SharedSecrets.setJavaUtilJarAccess(new JavaUtilJarAccessImpl()); 175 // Get JavaUtilZipFileAccess from SharedSecrets 176 JUZFA = SharedSecrets.getJavaUtilZipFileAccess(); 177 // multi-release jar file versions >= 9 178 BASE_VERSION = Runtime.Version.parse(Integer.toString(8)); 179 BASE_VERSION_FEATURE = BASE_VERSION.feature(); 180 String jarVersion = GetPropertyAction.privilegedGetProperty("jdk.util.jar.version"); 181 int runtimeVersion = Runtime.version().feature(); 182 if (jarVersion != null) { 183 int jarVer = Integer.parseInt(jarVersion); 184 runtimeVersion = (jarVer > runtimeVersion) 185 ? runtimeVersion 186 : Math.max(jarVer, BASE_VERSION_FEATURE); 187 } 188 RUNTIME_VERSION = Runtime.Version.parse(Integer.toString(runtimeVersion)); 189 String enableMultiRelease = GetPropertyAction 190 .privilegedGetProperty("jdk.util.jar.enableMultiRelease", "true"); 191 switch (enableMultiRelease) { 192 case "true": 193 default: 194 MULTI_RELEASE_ENABLED = true; 195 MULTI_RELEASE_FORCED = false; 196 break; 197 case "false": 198 MULTI_RELEASE_ENABLED = false; 199 MULTI_RELEASE_FORCED = false; 200 break; 201 case "force": 202 MULTI_RELEASE_ENABLED = true; 203 MULTI_RELEASE_FORCED = true; 204 break; 205 } 206 } 207 208 private static final String META_INF = "META-INF/"; 209 210 private static final String META_INF_VERSIONS = META_INF + "versions/"; 211 212 /** 213 * The JAR manifest file name. 214 */ 215 public static final String MANIFEST_NAME = META_INF + "MANIFEST.MF"; 216 217 /** 218 * Returns the version that represents the unversioned configuration of a 219 * multi-release jar file. 220 * 221 * @return the version that represents the unversioned configuration 222 * 223 * @since 9 224 */ 225 public static Runtime.Version baseVersion() { 226 return BASE_VERSION; 227 } 228 229 /** 230 * Returns the version that represents the effective runtime versioned 231 * configuration of a multi-release jar file. 232 * <p> 233 * By default the feature version number of the returned {@code Version} will 234 * be equal to the feature version number of {@code Runtime.version()}. 235 * However, if the {@code jdk.util.jar.version} property is set, the 236 * returned {@code Version} is derived from that property and feature version 237 * numbers may not be equal. 238 * 239 * @return the version that represents the runtime versioned configuration 240 * 241 * @since 9 242 */ 243 public static Runtime.Version runtimeVersion() { 244 return RUNTIME_VERSION; 245 } 246 247 /** 248 * Creates a new {@code JarFile} to read from the specified 249 * file {@code name}. The {@code JarFile} will be verified if 250 * it is signed. 251 * @param name the name of the jar file to be opened for reading 252 * @throws IOException if an I/O error has occurred 253 * @throws SecurityException if access to the file is denied 254 * by the SecurityManager 255 */ 256 public JarFile(String name) throws IOException { 257 this(new File(name), true, ZipFile.OPEN_READ); 258 } 259 260 /** 261 * Creates a new {@code JarFile} to read from the specified 262 * file {@code name}. 263 * @param name the name of the jar file to be opened for reading 264 * @param verify whether or not to verify the jar file if 265 * it is signed. 266 * @throws IOException if an I/O error has occurred 267 * @throws SecurityException if access to the file is denied 268 * by the SecurityManager 269 */ 270 public JarFile(String name, boolean verify) throws IOException { 271 this(new File(name), verify, ZipFile.OPEN_READ); 272 } 273 274 /** 275 * Creates a new {@code JarFile} to read from the specified 276 * {@code File} object. The {@code JarFile} will be verified if 277 * it is signed. 278 * @param file the jar file to be opened for reading 279 * @throws IOException if an I/O error has occurred 280 * @throws SecurityException if access to the file is denied 281 * by the SecurityManager 282 */ 283 public JarFile(File file) throws IOException { 284 this(file, true, ZipFile.OPEN_READ); 285 } 286 287 /** 288 * Creates a new {@code JarFile} to read from the specified 289 * {@code File} object. 290 * @param file the jar file to be opened for reading 291 * @param verify whether or not to verify the jar file if 292 * it is signed. 293 * @throws IOException if an I/O error has occurred 294 * @throws SecurityException if access to the file is denied 295 * by the SecurityManager. 296 */ 297 public JarFile(File file, boolean verify) throws IOException { 298 this(file, verify, ZipFile.OPEN_READ); 299 } 300 301 /** 302 * Creates a new {@code JarFile} to read from the specified 303 * {@code File} object in the specified mode. The mode argument 304 * must be either {@code OPEN_READ} or {@code OPEN_READ | OPEN_DELETE}. 305 * 306 * @param file the jar file to be opened for reading 307 * @param verify whether or not to verify the jar file if 308 * it is signed. 309 * @param mode the mode in which the file is to be opened 310 * @throws IOException if an I/O error has occurred 311 * @throws IllegalArgumentException 312 * if the {@code mode} argument is invalid 313 * @throws SecurityException if access to the file is denied 314 * by the SecurityManager 315 * @since 1.3 316 */ 317 public JarFile(File file, boolean verify, int mode) throws IOException { 318 this(file, verify, mode, BASE_VERSION); 319 } 320 321 /** 322 * Creates a new {@code JarFile} to read from the specified 323 * {@code File} object in the specified mode. The mode argument 324 * must be either {@code OPEN_READ} or {@code OPEN_READ | OPEN_DELETE}. 325 * The version argument, after being converted to a canonical form, is 326 * used to configure the {@code JarFile} for processing 327 * multi-release jar files. 328 * <p> 329 * The canonical form derived from the version parameter is 330 * {@code Runtime.Version.parse(Integer.toString(n))} where {@code n} is 331 * {@code Math.max(version.feature(), JarFile.baseVersion().feature())}. 332 * 333 * @param file the jar file to be opened for reading 334 * @param verify whether or not to verify the jar file if 335 * it is signed. 336 * @param mode the mode in which the file is to be opened 337 * @param version specifies the release version for a multi-release jar file 338 * @throws IOException if an I/O error has occurred 339 * @throws IllegalArgumentException 340 * if the {@code mode} argument is invalid 341 * @throws SecurityException if access to the file is denied 342 * by the SecurityManager 343 * @throws NullPointerException if {@code version} is {@code null} 344 * @since 9 345 */ 346 public JarFile(File file, boolean verify, int mode, Runtime.Version version) throws IOException { 347 super(file, mode); 348 this.verify = verify; 349 Objects.requireNonNull(version); 350 if (MULTI_RELEASE_FORCED || version.feature() == RUNTIME_VERSION.feature()) { 351 // This deals with the common case where the value from JarFile.runtimeVersion() is passed 352 this.version = RUNTIME_VERSION; 353 } else if (version.feature() <= BASE_VERSION_FEATURE) { 354 // This also deals with the common case where the value from JarFile.baseVersion() is passed 355 this.version = BASE_VERSION; 356 } else { 357 // Canonicalize 358 this.version = Runtime.Version.parse(Integer.toString(version.feature())); 359 } 360 this.versionFeature = this.version.feature(); 361 } 362 363 /** 364 * Returns the maximum version used when searching for versioned entries. 365 * <p> 366 * If this {@code JarFile} is not a multi-release jar file or is not 367 * configured to be processed as such, then the version returned will be the 368 * same as that returned from {@link #baseVersion()}. 369 * 370 * @return the maximum version 371 * @since 9 372 */ 373 public final Runtime.Version getVersion() { 374 return isMultiRelease() ? this.version : BASE_VERSION; 375 } 376 377 /** 378 * Indicates whether or not this jar file is a multi-release jar file. 379 * 380 * @return true if this JarFile is a multi-release jar file 381 * @since 9 382 */ 383 public final boolean isMultiRelease() { 384 if (isMultiRelease) { 385 return true; 386 } 387 if (MULTI_RELEASE_ENABLED) { 388 try { 389 checkForSpecialAttributes(); 390 } catch (IOException io) { 391 isMultiRelease = false; 392 } 393 } 394 return isMultiRelease; 395 } 396 397 /** 398 * Returns the jar file manifest, or {@code null} if none. 399 * 400 * @return the jar file manifest, or {@code null} if none 401 * 402 * @throws IllegalStateException 403 * may be thrown if the jar file has been closed 404 * @throws IOException if an I/O error has occurred 405 */ 406 public Manifest getManifest() throws IOException { 407 return getManifestFromReference(); 408 } 409 410 private Manifest getManifestFromReference() throws IOException { 411 Manifest man = manRef != null ? manRef.get() : null; 412 413 if (man == null) { 414 415 JarEntry manEntry = getManEntry(); 416 417 // If found then load the manifest 418 if (manEntry != null) { 419 if (verify) { 420 byte[] b = getBytes(manEntry); 421 if (!jvInitialized) { 422 jv = new JarVerifier(b); 423 } 424 man = new Manifest(jv, new ByteArrayInputStream(b), getName()); 425 } else { 426 man = new Manifest(super.getInputStream(manEntry), getName()); 427 } 428 manRef = new SoftReference<>(man); 429 } 430 } 431 return man; 432 } 433 434 /** 435 * Returns the {@code JarEntry} for the given base entry name or 436 * {@code null} if not found. 437 * 438 * <p>If this {@code JarFile} is a multi-release jar file and is configured 439 * to be processed as such, then a search is performed to find and return 440 * a {@code JarEntry} that is the latest versioned entry associated with the 441 * given entry name. The returned {@code JarEntry} is the versioned entry 442 * corresponding to the given base entry name prefixed with the string 443 * {@code "META-INF/versions/{n}/"}, for the largest value of {@code n} for 444 * which an entry exists. If such a versioned entry does not exist, then 445 * the {@code JarEntry} for the base entry is returned, otherwise 446 * {@code null} is returned if no entries are found. The initial value for 447 * the version {@code n} is the maximum version as returned by the method 448 * {@link JarFile#getVersion()}. 449 * 450 * @param name the jar file entry name 451 * @return the {@code JarEntry} for the given entry name, or 452 * the versioned entry name, or {@code null} if not found 453 * 454 * @throws IllegalStateException 455 * may be thrown if the jar file has been closed 456 * 457 * @see java.util.jar.JarEntry 458 * 459 * @implSpec 460 * <div class="block"> 461 * This implementation invokes {@link JarFile#getEntry(String)}. 462 * </div> 463 */ 464 public JarEntry getJarEntry(String name) { 465 return (JarEntry)getEntry(name); 466 } 467 468 /** 469 * Returns the {@code ZipEntry} for the given base entry name or 470 * {@code null} if not found. 471 * 472 * <p>If this {@code JarFile} is a multi-release jar file and is configured 473 * to be processed as such, then a search is performed to find and return 474 * a {@code ZipEntry} that is the latest versioned entry associated with the 475 * given entry name. The returned {@code ZipEntry} is the versioned entry 476 * corresponding to the given base entry name prefixed with the string 477 * {@code "META-INF/versions/{n}/"}, for the largest value of {@code n} for 478 * which an entry exists. If such a versioned entry does not exist, then 479 * the {@code ZipEntry} for the base entry is returned, otherwise 480 * {@code null} is returned if no entries are found. The initial value for 481 * the version {@code n} is the maximum version as returned by the method 482 * {@link JarFile#getVersion()}. 483 * 484 * @param name the jar file entry name 485 * @return the {@code ZipEntry} for the given entry name or 486 * the versioned entry name or {@code null} if not found 487 * 488 * @throws IllegalStateException 489 * may be thrown if the jar file has been closed 490 * 491 * @see java.util.zip.ZipEntry 492 * 493 * @implSpec 494 * <div class="block"> 495 * This implementation may return a versioned entry for the requested name 496 * even if there is not a corresponding base entry. This can occur 497 * if there is a private or package-private versioned entry that matches. 498 * If a subclass overrides this method, assure that the override method 499 * invokes {@code super.getEntry(name)} to obtain all versioned entries. 500 * </div> 501 */ 502 public ZipEntry getEntry(String name) { 503 if (isMultiRelease()) { 504 JarEntry je = getVersionedEntry(name, null); 505 if (je == null) { 506 je = getEntry0(name); 507 } 508 return je; 509 } else { 510 return getEntry0(name); 511 } 512 } 513 514 /** 515 * Returns an enumeration of the jar file entries. 516 * 517 * @return an enumeration of the jar file entries 518 * @throws IllegalStateException 519 * may be thrown if the jar file has been closed 520 */ 521 public Enumeration<JarEntry> entries() { 522 return JUZFA.entries(this, JarFileEntry::new); 523 } 524 525 /** 526 * Returns an ordered {@code Stream} over the jar file entries. 527 * Entries appear in the {@code Stream} in the order they appear in 528 * the central directory of the jar file. 529 * 530 * @return an ordered {@code Stream} of entries in this jar file 531 * @throws IllegalStateException if the jar file has been closed 532 * @since 1.8 533 */ 534 public Stream<JarEntry> stream() { 535 return JUZFA.stream(this, JarFileEntry::new); 536 } 537 538 /** 539 * Returns a {@code Stream} of the versioned jar file entries. 540 * 541 * <p>If this {@code JarFile} is a multi-release jar file and is configured to 542 * be processed as such, then an entry in the stream is the latest versioned entry 543 * associated with the corresponding base entry name. The maximum version of the 544 * latest versioned entry is the version returned by {@link #getVersion()}. 545 * The returned stream may include an entry that only exists as a versioned entry. 546 * 547 * If the jar file is not a multi-release jar file or the {@code JarFile} is not 548 * configured for processing a multi-release jar file, this method returns the 549 * same stream that {@link #stream()} returns. 550 * 551 * @return stream of versioned entries 552 * @since 10 553 */ 554 public Stream<JarEntry> versionedStream() { 555 556 if (isMultiRelease()) { 557 return JUZFA.entryNameStream(this).map(this::getBasename) 558 .filter(Objects::nonNull) 559 .distinct() 560 .map(this::getJarEntry) 561 .filter(Objects::nonNull); 562 } 563 return stream(); 564 } 565 566 /* 567 * Invokes {@ZipFile}'s getEntry to Return a {@code JarFileEntry} for the 568 * given entry name or {@code null} if not found. 569 */ 570 private JarFileEntry getEntry0(String name) { 571 // Not using a lambda/method reference here to optimize startup time 572 Function<String, JarEntry> newJarFileEntryFn = new Function<>() { 573 @Override 574 public JarEntry apply(String name) { 575 return new JarFileEntry(name); 576 } 577 }; 578 return (JarFileEntry)JUZFA.getEntry(this, name, newJarFileEntryFn); 579 } 580 581 private String getBasename(String name) { 582 if (name.startsWith(META_INF_VERSIONS)) { 583 int off = META_INF_VERSIONS.length(); 584 int index = name.indexOf('/', off); 585 try { 586 // filter out dir META-INF/versions/ and META-INF/versions/*/ 587 // and any entry with version > 'version' 588 if (index == -1 || index == (name.length() - 1) || 589 Integer.parseInt(name, off, index, 10) > versionFeature) { 590 return null; 591 } 592 } catch (NumberFormatException x) { 593 return null; // remove malformed entries silently 594 } 595 // map to its base name 596 return name.substring(index + 1); 597 } 598 return name; 599 } 600 601 private JarEntry getVersionedEntry(String name, JarEntry defaultEntry) { 602 if (!name.startsWith(META_INF)) { 603 int[] versions = JUZFA.getMetaInfVersions(this); 604 if (BASE_VERSION_FEATURE < versionFeature && versions.length > 0) { 605 // search for versioned entry 606 for (int i = versions.length - 1; i >= 0; i--) { 607 int version = versions[i]; 608 // skip versions above versionFeature 609 if (version > versionFeature) { 610 continue; 611 } 612 // skip versions below base version 613 if (version < BASE_VERSION_FEATURE) { 614 break; 615 } 616 JarFileEntry vje = getEntry0(META_INF_VERSIONS + version + "/" + name); 617 if (vje != null) { 618 return vje.withBasename(name); 619 } 620 } 621 } 622 } 623 return defaultEntry; 624 } 625 626 // placeholder for now 627 String getRealName(JarEntry entry) { 628 return entry.getRealName(); 629 } 630 631 private class JarFileEntry extends JarEntry { 632 private String basename; 633 634 JarFileEntry(String name) { 635 super(name); 636 this.basename = name; 637 } 638 639 JarFileEntry(String name, ZipEntry vze) { 640 super(vze); 641 this.basename = name; 642 } 643 644 @Override 645 public Attributes getAttributes() throws IOException { 646 Manifest man = JarFile.this.getManifest(); 647 if (man != null) { 648 return man.getAttributes(super.getName()); 649 } else { 650 return null; 651 } 652 } 653 654 @Override 655 public Certificate[] getCertificates() { 656 try { 657 maybeInstantiateVerifier(); 658 } catch (IOException e) { 659 throw new RuntimeException(e); 660 } 661 if (certs == null && jv != null) { 662 certs = jv.getCerts(JarFile.this, realEntry()); 663 } 664 return certs == null ? null : certs.clone(); 665 } 666 667 @Override 668 public CodeSigner[] getCodeSigners() { 669 try { 670 maybeInstantiateVerifier(); 671 } catch (IOException e) { 672 throw new RuntimeException(e); 673 } 674 if (signers == null && jv != null) { 675 signers = jv.getCodeSigners(JarFile.this, realEntry()); 676 } 677 return signers == null ? null : signers.clone(); 678 } 679 680 @Override 681 public String getRealName() { 682 return super.getName(); 683 } 684 685 @Override 686 public String getName() { 687 return basename; 688 } 689 690 JarFileEntry realEntry() { 691 if (isMultiRelease() && versionFeature != BASE_VERSION_FEATURE) { 692 String entryName = super.getName(); 693 return entryName == basename || entryName.equals(basename) ? 694 this : new JarFileEntry(entryName, this); 695 } 696 return this; 697 } 698 699 // changes the basename, returns "this" 700 JarFileEntry withBasename(String name) { 701 basename = name; 702 return this; 703 } 704 } 705 706 /* 707 * Ensures that the JarVerifier has been created if one is 708 * necessary (i.e., the jar appears to be signed.) This is done as 709 * a quick check to avoid processing of the manifest for unsigned 710 * jars. 711 */ 712 private void maybeInstantiateVerifier() throws IOException { 713 if (jv != null) { 714 return; 715 } 716 717 if (verify) { 718 String[] names = JUZFA.getMetaInfEntryNames(this); 719 if (names != null) { 720 for (String nameLower : names) { 721 String name = nameLower.toUpperCase(Locale.ENGLISH); 722 if (name.endsWith(".DSA") || 723 name.endsWith(".RSA") || 724 name.endsWith(".EC") || 725 name.endsWith(".SF")) { 726 // Assume since we found a signature-related file 727 // that the jar is signed and that we therefore 728 // need a JarVerifier and Manifest 729 getManifest(); 730 return; 731 } 732 } 733 } 734 // No signature-related files; don't instantiate a 735 // verifier 736 verify = false; 737 } 738 } 739 740 /* 741 * Initializes the verifier object by reading all the manifest 742 * entries and passing them to the verifier. 743 */ 744 private void initializeVerifier() { 745 ManifestEntryVerifier mev = null; 746 747 // Verify "META-INF/" entries... 748 try { 749 String[] names = JUZFA.getMetaInfEntryNames(this); 750 if (names != null) { 751 for (String name : names) { 752 String uname = name.toUpperCase(Locale.ENGLISH); 753 if (MANIFEST_NAME.equals(uname) 754 || SignatureFileVerifier.isBlockOrSF(uname)) { 755 JarEntry e = getJarEntry(name); 756 if (e == null) { 757 throw new JarException("corrupted jar file"); 758 } 759 if (mev == null) { 760 mev = new ManifestEntryVerifier 761 (getManifestFromReference()); 762 } 763 byte[] b = getBytes(e); 764 if (b != null && b.length > 0) { 765 jv.beginEntry(e, mev); 766 jv.update(b.length, b, 0, b.length, mev); 767 jv.update(-1, null, 0, 0, mev); 768 } 769 } 770 } 771 } 772 } catch (IOException ex) { 773 // if we had an error parsing any blocks, just 774 // treat the jar file as being unsigned 775 jv = null; 776 verify = false; 777 if (JarVerifier.debug != null) { 778 JarVerifier.debug.println("jarfile parsing error!"); 779 ex.printStackTrace(); 780 } 781 } 782 783 // if after initializing the verifier we have nothing 784 // signed, we null it out. 785 786 if (jv != null) { 787 788 jv.doneWithMeta(); 789 if (JarVerifier.debug != null) { 790 JarVerifier.debug.println("done with meta!"); 791 } 792 793 if (jv.nothingToVerify()) { 794 if (JarVerifier.debug != null) { 795 JarVerifier.debug.println("nothing to verify!"); 796 } 797 jv = null; 798 verify = false; 799 } 800 } 801 } 802 803 /* 804 * Reads all the bytes for a given entry. Used to process the 805 * META-INF files. 806 */ 807 private byte[] getBytes(ZipEntry ze) throws IOException { 808 try (InputStream is = super.getInputStream(ze)) { 809 int len = (int)ze.getSize(); 810 int bytesRead; 811 byte[] b; 812 // trust specified entry sizes when reasonably small 813 if (len != -1 && len <= 65535) { 814 b = new byte[len]; 815 bytesRead = is.readNBytes(b, 0, len); 816 } else { 817 b = is.readAllBytes(); 818 bytesRead = b.length; 819 } 820 if (len != -1 && len != bytesRead) { 821 throw new EOFException("Expected:" + len + ", read:" + bytesRead); 822 } 823 return b; 824 } 825 } 826 827 /** 828 * Returns an input stream for reading the contents of the specified 829 * zip file entry. 830 * @param ze the zip file entry 831 * @return an input stream for reading the contents of the specified 832 * zip file entry 833 * @throws ZipException if a zip file format error has occurred 834 * @throws IOException if an I/O error has occurred 835 * @throws SecurityException if any of the jar file entries 836 * are incorrectly signed. 837 * @throws IllegalStateException 838 * may be thrown if the jar file has been closed 839 */ 840 public synchronized InputStream getInputStream(ZipEntry ze) 841 throws IOException 842 { 843 maybeInstantiateVerifier(); 844 if (jv == null) { 845 return super.getInputStream(ze); 846 } 847 if (!jvInitialized) { 848 initializeVerifier(); 849 jvInitialized = true; 850 // could be set to null after a call to 851 // initializeVerifier if we have nothing to 852 // verify 853 if (jv == null) 854 return super.getInputStream(ze); 855 } 856 857 // wrap a verifier stream around the real stream 858 return new JarVerifier.VerifierStream( 859 getManifestFromReference(), 860 verifiableEntry(ze), 861 super.getInputStream(ze), 862 jv); 863 } 864 865 private JarEntry verifiableEntry(ZipEntry ze) { 866 if (ze instanceof JarFileEntry) { 867 // assure the name and entry match for verification 868 return ((JarFileEntry)ze).realEntry(); 869 } 870 ze = getJarEntry(ze.getName()); 871 if (ze instanceof JarFileEntry) { 872 return ((JarFileEntry)ze).realEntry(); 873 } 874 return (JarEntry)ze; 875 } 876 877 // Statics for hand-coded Boyer-Moore search 878 private static final byte[] CLASSPATH_CHARS = 879 {'C','L','A','S','S','-','P','A','T','H', ':', ' '}; 880 881 // The bad character shift for "class-path: " 882 private static final byte[] CLASSPATH_LASTOCC; 883 884 // The good suffix shift for "class-path: " 885 private static final byte[] CLASSPATH_OPTOSFT; 886 887 private static final byte[] MULTIRELEASE_CHARS = 888 {'M','U','L','T','I','-','R','E','L','E', 'A', 'S', 'E', ':', 889 ' ', 'T', 'R', 'U', 'E'}; 890 891 // The bad character shift for "multi-release: true" 892 private static final byte[] MULTIRELEASE_LASTOCC; 893 894 // The good suffix shift for "multi-release: true" 895 private static final byte[] MULTIRELEASE_OPTOSFT; 896 897 static { 898 CLASSPATH_LASTOCC = new byte[65]; 899 CLASSPATH_OPTOSFT = new byte[12]; 900 CLASSPATH_LASTOCC[(int)'C' - 32] = 1; 901 CLASSPATH_LASTOCC[(int)'L' - 32] = 2; 902 CLASSPATH_LASTOCC[(int)'S' - 32] = 5; 903 CLASSPATH_LASTOCC[(int)'-' - 32] = 6; 904 CLASSPATH_LASTOCC[(int)'P' - 32] = 7; 905 CLASSPATH_LASTOCC[(int)'A' - 32] = 8; 906 CLASSPATH_LASTOCC[(int)'T' - 32] = 9; 907 CLASSPATH_LASTOCC[(int)'H' - 32] = 10; 908 CLASSPATH_LASTOCC[(int)':' - 32] = 11; 909 CLASSPATH_LASTOCC[(int)' ' - 32] = 12; 910 for (int i = 0; i < 11; i++) { 911 CLASSPATH_OPTOSFT[i] = 12; 912 } 913 CLASSPATH_OPTOSFT[11] = 1; 914 915 MULTIRELEASE_LASTOCC = new byte[65]; 916 MULTIRELEASE_OPTOSFT = new byte[19]; 917 MULTIRELEASE_LASTOCC[(int)'M' - 32] = 1; 918 MULTIRELEASE_LASTOCC[(int)'I' - 32] = 5; 919 MULTIRELEASE_LASTOCC[(int)'-' - 32] = 6; 920 MULTIRELEASE_LASTOCC[(int)'L' - 32] = 9; 921 MULTIRELEASE_LASTOCC[(int)'A' - 32] = 11; 922 MULTIRELEASE_LASTOCC[(int)'S' - 32] = 12; 923 MULTIRELEASE_LASTOCC[(int)':' - 32] = 14; 924 MULTIRELEASE_LASTOCC[(int)' ' - 32] = 15; 925 MULTIRELEASE_LASTOCC[(int)'T' - 32] = 16; 926 MULTIRELEASE_LASTOCC[(int)'R' - 32] = 17; 927 MULTIRELEASE_LASTOCC[(int)'U' - 32] = 18; 928 MULTIRELEASE_LASTOCC[(int)'E' - 32] = 19; 929 for (int i = 0; i < 17; i++) { 930 MULTIRELEASE_OPTOSFT[i] = 19; 931 } 932 MULTIRELEASE_OPTOSFT[17] = 6; 933 MULTIRELEASE_OPTOSFT[18] = 1; 934 } 935 936 private JarEntry getManEntry() { 937 if (manEntry == null) { 938 // First look up manifest entry using standard name 939 JarEntry manEntry = getEntry0(MANIFEST_NAME); 940 if (manEntry == null) { 941 // If not found, then iterate through all the "META-INF/" 942 // entries to find a match. 943 String[] names = JUZFA.getMetaInfEntryNames(this); 944 if (names != null) { 945 for (String name : names) { 946 if (MANIFEST_NAME.equals(name.toUpperCase(Locale.ENGLISH))) { 947 manEntry = getEntry0(name); 948 break; 949 } 950 } 951 } 952 } 953 this.manEntry = manEntry; 954 } 955 return manEntry; 956 } 957 958 /** 959 * Returns {@code true} iff this JAR file has a manifest with the 960 * Class-Path attribute 961 */ 962 boolean hasClassPathAttribute() throws IOException { 963 checkForSpecialAttributes(); 964 return hasClassPathAttribute; 965 } 966 967 /** 968 * Returns true if the pattern {@code src} is found in {@code b}. 969 * The {@code lastOcc} array is the precomputed bad character shifts. 970 * Since there are no repeated substring in our search strings, 971 * the good suffix shifts can be replaced with a comparison. 972 */ 973 private int match(byte[] src, byte[] b, byte[] lastOcc, byte[] optoSft) { 974 int len = src.length; 975 int last = b.length - len; 976 int i = 0; 977 next: 978 while (i <= last) { 979 for (int j = (len - 1); j >= 0; j--) { 980 byte c = b[i + j]; 981 if (c >= ' ' && c <= 'z') { 982 if (c >= 'a') c -= 32; // Canonicalize 983 984 if (c != src[j]) { 985 // no match 986 int badShift = lastOcc[c - 32]; 987 i += Math.max(j + 1 - badShift, optoSft[j]); 988 continue next; 989 } 990 } else { 991 // no match, character not valid for name 992 i += len; 993 continue next; 994 } 995 } 996 return i; 997 } 998 return -1; 999 } 1000 1001 /** 1002 * On first invocation, check if the JAR file has the Class-Path 1003 * and the Multi-Release attribute. A no-op on subsequent calls. 1004 */ 1005 private void checkForSpecialAttributes() throws IOException { 1006 if (hasCheckedSpecialAttributes) { 1007 return; 1008 } 1009 synchronized (this) { 1010 if (hasCheckedSpecialAttributes) { 1011 return; 1012 } 1013 JarEntry manEntry = getManEntry(); 1014 if (manEntry != null) { 1015 byte[] b = getBytes(manEntry); 1016 hasClassPathAttribute = match(CLASSPATH_CHARS, b, 1017 CLASSPATH_LASTOCC, CLASSPATH_OPTOSFT) != -1; 1018 // is this a multi-release jar file 1019 if (MULTI_RELEASE_ENABLED) { 1020 int i = match(MULTIRELEASE_CHARS, b, MULTIRELEASE_LASTOCC, 1021 MULTIRELEASE_OPTOSFT); 1022 if (i != -1) { 1023 // Read the main attributes of the manifest 1024 byte[] lbuf = new byte[512]; 1025 Attributes attr = new Attributes(); 1026 attr.read(new Manifest.FastInputStream( 1027 new ByteArrayInputStream(b)), lbuf); 1028 isMultiRelease = Boolean.parseBoolean( 1029 attr.getValue(Attributes.Name.MULTI_RELEASE)); 1030 } 1031 } 1032 } 1033 hasCheckedSpecialAttributes = true; 1034 } 1035 } 1036 1037 synchronized void ensureInitialization() { 1038 try { 1039 maybeInstantiateVerifier(); 1040 } catch (IOException e) { 1041 throw new RuntimeException(e); 1042 } 1043 if (jv != null && !jvInitialized) { 1044 isInitializing.set(Boolean.TRUE); 1045 try { 1046 initializeVerifier(); 1047 jvInitialized = true; 1048 } finally { 1049 isInitializing.set(Boolean.FALSE); 1050 } 1051 } 1052 } 1053 1054 static boolean isInitializing() { 1055 Boolean value = isInitializing.get(); 1056 return (value == null) ? false : value; 1057 } 1058 1059 /* 1060 * Returns a versioned {@code JarFileEntry} for the given entry, 1061 * if there is one. Otherwise returns the original entry. This 1062 * is invoked by the {@code entries2} for verifier. 1063 */ 1064 JarEntry newEntry(JarEntry je) { 1065 if (isMultiRelease()) { 1066 return getVersionedEntry(je.getName(), je); 1067 } 1068 return je; 1069 } 1070 1071 /* 1072 * Returns a versioned {@code JarFileEntry} for the given entry 1073 * name, if there is one. Otherwise returns a {@code JarFileEntry} 1074 * with the given name. It is invoked from JarVerifier's entries2 1075 * for {@code singers}. 1076 */ 1077 JarEntry newEntry(String name) { 1078 if (isMultiRelease()) { 1079 JarEntry vje = getVersionedEntry(name, null); 1080 if (vje != null) { 1081 return vje; 1082 } 1083 } 1084 return new JarFileEntry(name); 1085 } 1086 1087 Enumeration<String> entryNames(CodeSource[] cs) { 1088 ensureInitialization(); 1089 if (jv != null) { 1090 return jv.entryNames(this, cs); 1091 } 1092 1093 /* 1094 * JAR file has no signed content. Is there a non-signing 1095 * code source? 1096 */ 1097 boolean includeUnsigned = false; 1098 for (CodeSource c : cs) { 1099 if (c.getCodeSigners() == null) { 1100 includeUnsigned = true; 1101 break; 1102 } 1103 } 1104 if (includeUnsigned) { 1105 return unsignedEntryNames(); 1106 } else { 1107 return Collections.emptyEnumeration(); 1108 } 1109 } 1110 1111 /** 1112 * Returns an enumeration of the zip file entries 1113 * excluding internal JAR mechanism entries and including 1114 * signed entries missing from the ZIP directory. 1115 */ 1116 Enumeration<JarEntry> entries2() { 1117 ensureInitialization(); 1118 if (jv != null) { 1119 return jv.entries2(this, JUZFA.entries(JarFile.this, 1120 JarFileEntry::new)); 1121 } 1122 1123 // screen out entries which are never signed 1124 final var unfilteredEntries = JUZFA.entries(JarFile.this, JarFileEntry::new); 1125 1126 return new Enumeration<>() { 1127 1128 JarEntry entry; 1129 1130 public boolean hasMoreElements() { 1131 if (entry != null) { 1132 return true; 1133 } 1134 while (unfilteredEntries.hasMoreElements()) { 1135 JarEntry je = unfilteredEntries.nextElement(); 1136 if (JarVerifier.isSigningRelated(je.getName())) { 1137 continue; 1138 } 1139 entry = je; 1140 return true; 1141 } 1142 return false; 1143 } 1144 1145 public JarEntry nextElement() { 1146 if (hasMoreElements()) { 1147 JarEntry je = entry; 1148 entry = null; 1149 return newEntry(je); 1150 } 1151 throw new NoSuchElementException(); 1152 } 1153 }; 1154 } 1155 1156 CodeSource[] getCodeSources(URL url) { 1157 ensureInitialization(); 1158 if (jv != null) { 1159 return jv.getCodeSources(this, url); 1160 } 1161 1162 /* 1163 * JAR file has no signed content. Is there a non-signing 1164 * code source? 1165 */ 1166 Enumeration<String> unsigned = unsignedEntryNames(); 1167 if (unsigned.hasMoreElements()) { 1168 return new CodeSource[]{JarVerifier.getUnsignedCS(url)}; 1169 } else { 1170 return null; 1171 } 1172 } 1173 1174 private Enumeration<String> unsignedEntryNames() { 1175 final Enumeration<JarEntry> entries = entries(); 1176 return new Enumeration<>() { 1177 1178 String name; 1179 1180 /* 1181 * Grab entries from ZIP directory but screen out 1182 * metadata. 1183 */ 1184 public boolean hasMoreElements() { 1185 if (name != null) { 1186 return true; 1187 } 1188 while (entries.hasMoreElements()) { 1189 String value; 1190 ZipEntry e = entries.nextElement(); 1191 value = e.getName(); 1192 if (e.isDirectory() || JarVerifier.isSigningRelated(value)) { 1193 continue; 1194 } 1195 name = value; 1196 return true; 1197 } 1198 return false; 1199 } 1200 1201 public String nextElement() { 1202 if (hasMoreElements()) { 1203 String value = name; 1204 name = null; 1205 return value; 1206 } 1207 throw new NoSuchElementException(); 1208 } 1209 }; 1210 } 1211 1212 CodeSource getCodeSource(URL url, String name) { 1213 ensureInitialization(); 1214 if (jv != null) { 1215 if (jv.eagerValidation) { 1216 CodeSource cs = null; 1217 JarEntry je = getJarEntry(name); 1218 if (je != null) { 1219 cs = jv.getCodeSource(url, this, je); 1220 } else { 1221 cs = jv.getCodeSource(url, name); 1222 } 1223 return cs; 1224 } else { 1225 return jv.getCodeSource(url, name); 1226 } 1227 } 1228 1229 return JarVerifier.getUnsignedCS(url); 1230 } 1231 1232 void setEagerValidation(boolean eager) { 1233 try { 1234 maybeInstantiateVerifier(); 1235 } catch (IOException e) { 1236 throw new RuntimeException(e); 1237 } 1238 if (jv != null) { 1239 jv.setEagerValidation(eager); 1240 } 1241 } 1242 1243 List<Object> getManifestDigests() { 1244 ensureInitialization(); 1245 if (jv != null) { 1246 return jv.getManifestDigests(); 1247 } 1248 return new ArrayList<>(); 1249 } 1250 }