| package org.apache.maven.shared.jarsigner; |
| |
| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| |
| import org.apache.maven.shared.utils.io.FileUtils; |
| import org.apache.maven.shared.utils.io.IOUtil; |
| |
| import java.io.BufferedInputStream; |
| import java.io.BufferedOutputStream; |
| import java.io.File; |
| import java.io.FileInputStream; |
| import java.io.FileOutputStream; |
| import java.io.IOException; |
| import java.util.Map; |
| import java.util.jar.Attributes; |
| import java.util.jar.Manifest; |
| import java.util.zip.ZipEntry; |
| import java.util.zip.ZipInputStream; |
| import java.util.zip.ZipOutputStream; |
| |
| /** |
| * Useful methods. |
| * |
| * @author Tony Chemit |
| * @since 1.0 |
| */ |
| public class JarSignerUtil |
| { |
| |
| private JarSignerUtil() |
| { |
| // static class |
| } |
| |
| /** |
| * Checks whether the specified file is a JAR file. For our purposes, a ZIP file is a ZIP stream with at least one |
| * entry. |
| * |
| * @param file The file to check, must not be <code>null</code>. |
| * @return <code>true</code> if the file looks like a ZIP file, <code>false</code> otherwise. |
| */ |
| public static boolean isZipFile( final File file ) |
| { |
| boolean result = false; |
| |
| try ( ZipInputStream zis = new ZipInputStream( new FileInputStream( file ) ) ) |
| { |
| result = zis.getNextEntry() != null; |
| } |
| catch ( Exception e ) |
| { |
| // ignore, will fail below |
| } |
| |
| return result; |
| } |
| |
| /** |
| * Removes any existing signatures from the specified JAR file. We will stream from the input JAR directly to the |
| * output JAR to retain as much metadata from the original JAR as possible. |
| * |
| * @param jarFile The JAR file to unsign, must not be <code>null</code>. |
| * @throws IOException when error occurs during processing the file |
| */ |
| public static void unsignArchive( File jarFile ) |
| throws IOException |
| { |
| |
| File unsignedFile = new File( jarFile.getAbsolutePath() + ".unsigned" ); |
| |
| try ( ZipInputStream zis = new ZipInputStream( new BufferedInputStream( new FileInputStream( jarFile ) ) ); |
| ZipOutputStream zos = |
| new ZipOutputStream( new BufferedOutputStream( new FileOutputStream( unsignedFile ) ) ) ) |
| { |
| for ( ZipEntry ze = zis.getNextEntry(); ze != null; ze = zis.getNextEntry() ) |
| { |
| if ( isSignatureFile( ze.getName() ) ) |
| { |
| continue; |
| } |
| |
| zos.putNextEntry( new ZipEntry( ze.getName() ) ); |
| |
| if ( isManifestFile( ze.getName() ) ) |
| { |
| |
| // build a new manifest while removing all digest entries |
| // see https://jira.codehaus.org/browse/MSHARED-314 |
| Manifest oldManifest = new Manifest( zis ); |
| Manifest newManifest = buildUnsignedManifest( oldManifest ); |
| newManifest.write( zos ); |
| |
| continue; |
| } |
| |
| IOUtil.copy( zis, zos ); |
| } |
| |
| } |
| |
| FileUtils.rename( unsignedFile, jarFile ); |
| |
| } |
| |
| /** |
| * Build a new manifest from the given one, removing any signing information inside it. |
| * |
| * This is done by removing any attributes containing some digest information. |
| * If an entry has then no more attributes, then it will not be written in the result manifest. |
| * |
| * @param manifest manifest to clean |
| * @return the build manifest with no digest attributes |
| * @since 1.3 |
| */ |
| protected static Manifest buildUnsignedManifest( Manifest manifest ) |
| { |
| Manifest result = new Manifest( manifest ); |
| result.getEntries().clear(); |
| |
| for ( Map.Entry<String, Attributes> manifestEntry : manifest.getEntries().entrySet() ) |
| { |
| Attributes oldAttributes = manifestEntry.getValue(); |
| Attributes newAttributes = new Attributes(); |
| |
| for ( Map.Entry<Object, Object> attributesEntry : oldAttributes.entrySet() ) |
| { |
| String attributeKey = String.valueOf( attributesEntry.getKey() ); |
| if ( !attributeKey.endsWith( "-Digest" ) ) |
| { |
| // can add this attribute |
| newAttributes.put( attributesEntry.getKey(), attributesEntry.getValue() ); |
| } |
| } |
| |
| if ( !newAttributes.isEmpty() ) |
| { |
| // can add this entry |
| result.getEntries().put( manifestEntry.getKey(), newAttributes ); |
| } |
| } |
| |
| return result; |
| } |
| |
| /** |
| * Scans an archive for existing signatures. |
| * |
| * @param jarFile The archive to scan, must not be <code>null</code>. |
| * @return <code>true</code>, if the archive contains at least one signature file; <code>false</code>, if the |
| * archive does not contain any signature files. |
| * @throws IOException if scanning <code>jarFile</code> fails. |
| */ |
| public static boolean isArchiveSigned( final File jarFile ) |
| throws IOException |
| { |
| if ( jarFile == null ) |
| { |
| throw new NullPointerException( "jarFile" ); |
| } |
| |
| try ( ZipInputStream in = new ZipInputStream( new BufferedInputStream( new FileInputStream( jarFile ) ) ) ) |
| { |
| boolean signed = false; |
| |
| for ( ZipEntry ze = in.getNextEntry(); ze != null; ze = in.getNextEntry() ) |
| { |
| if ( isSignatureFile( ze.getName() ) ) |
| { |
| signed = true; |
| break; |
| } |
| } |
| |
| return signed; |
| } |
| } |
| |
| /** |
| * Checks whether the specified JAR file entry denotes a signature-related file, i.e. matches |
| * <code>META-INF/*.SF</code>, <code>META-INF/*.DSA</code>, <code>META-INF/*.RSA</code> or |
| * <code>META-INF/*.EC</code>. |
| * |
| * @param entryName The name of the JAR file entry to check, must not be <code>null</code>. |
| * @return <code>true</code> if the entry is related to a signature, <code>false</code> otherwise. |
| */ |
| protected static boolean isSignatureFile( String entryName ) |
| { |
| if ( entryName.regionMatches( true, 0, "META-INF", 0, 8 ) ) |
| { |
| entryName = entryName.replace( '\\', '/' ); |
| |
| if ( entryName.indexOf( '/' ) == 8 && entryName.lastIndexOf( '/' ) == 8 ) |
| { |
| return endsWithIgnoreCase( entryName, ".SF" ) || endsWithIgnoreCase( entryName, ".DSA" ) |
| || endsWithIgnoreCase( entryName, ".RSA" ) || endsWithIgnoreCase( entryName, ".EC" ); |
| } |
| } |
| return false; |
| } |
| |
| protected static boolean isManifestFile( String entryName ) |
| { |
| if ( entryName.regionMatches( true, 0, "META-INF", 0, 8 ) ) |
| { |
| entryName = entryName.replace( '\\', '/' ); |
| |
| if ( entryName.indexOf( '/' ) == 8 && entryName.lastIndexOf( '/' ) == 8 ) |
| { |
| return endsWithIgnoreCase( entryName, "/MANIFEST.MF" ); |
| } |
| } |
| return false; |
| } |
| |
| private static boolean endsWithIgnoreCase( String str, String searchStr ) |
| { |
| return str.regionMatches( true, str.length() - searchStr.length(), searchStr, 0, searchStr.length() ); |
| } |
| } |