commit eda6fd1cd89fb7d1343c13300ce3cba09cef7f9e
author David Blevins <david.blevins@gmail.com> Sun Jun 14 14:40:28 2020 -0700
committer David Blevins <david.blevins@gmail.com> Sun Jun 14 14:40:28 2020 -0700
tree 10a4bb50c3fd55058347ae56bd3d3cd27102e8c1
parent 7d443dc3545086ea6e007327cb5c08b082a92ba2

Strip out jar signatures

tomee-patch-core/src/main/java/org/apache/tomee/patch/core/Transformation.java

diff --git a/tomee-patch-core/src/main/java/org/apache/tomee/patch/core/Transformation.java b/tomee-patch-core/src/main/java/org/apache/tomee/patch/core/Transformation.java
index 3448970..12d1480 100644
--- a/tomee-patch-core/src/main/java/org/apache/tomee/patch/core/Transformation.java
+++ b/tomee-patch-core/src/main/java/org/apache/tomee/patch/core/Transformation.java
@@ -81,6 +81,11 @@
                 // TODO: the name may be changed in transformation
                 final String path = updatePath(oldEntry.getName());
 
+                if (skip(path)) {
+                    IO.copy(zipInputStream, skipped);
+                    continue;
+                }
+                
                 /*
                  * If this entry has been patched, skip it
                  * We will add the patched version at the end
@@ -137,6 +142,19 @@
         }
     }
 
+    /**
+     * Skip signed jar public key files.  We most definitely
+     * have tampered with the jar.
+     */
+    private boolean skip(final String name) {
+        if (name.startsWith("META-INF/")) {
+            if (name.endsWith(".SF")) return true;
+            if (name.endsWith(".DSA")) return true;
+            if (name.endsWith(".RSA")) return true;
+        }
+        return false;
+    }
+    
     private String updatePath(final String name) {
         return name.replace("resources/javax.faces","resources/jakarta.faces");
     }