This is an automated email from the ASF dual-hosted git repository.
fschumacher pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat-jakartaee-migration.git
The following commit(s) were added to refs/heads/master by this push:
new b379249 Drop cryptographic signatures from converted JAR files
b379249 is described below
commit b379249200d71272fa5a726181f9a979321dd73c
Author: Felix Schumacher <felix.schumac...@internetallee.de>
AuthorDate: Sun Feb 9 11:55:38 2020 +0100
Drop cryptographic signatures from converted JAR files
When we change the classes in the JAR files, the cryptographic
signatures will no longer be valid. Deployment of WAR files that
contain those JAR files will fail.
Therefore drop the signatures of any JAR file that is contained
in the WAR.
All dropped signatures and signature files will be logged at leve FINE.
Maybe we should log a warning at the end of the conversion, if signatures
where dropped, to raise more awareness for these kind of modification.
---
.../org/apache/tomcat/jakartaee/Migration.java | 42 ++++++++++++++++++++++
.../tomcat/jakartaee/LocalStrings.properties | 2 ++
2 files changed, 44 insertions(+)
diff --git a/src/main/java/org/apache/tomcat/jakartaee/Migration.java
b/src/main/java/org/apache/tomcat/jakartaee/Migration.java
index 04e073a..f2eed3f 100644
--- a/src/main/java/org/apache/tomcat/jakartaee/Migration.java
+++ b/src/main/java/org/apache/tomcat/jakartaee/Migration.java
@@ -24,6 +24,8 @@ import java.io.InputStream;
import java.io.OutputStream;
import java.util.ArrayList;
import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
import java.util.concurrent.TimeUnit;
import java.util.jar.Attributes;
import java.util.jar.JarEntry;
@@ -133,7 +135,11 @@ public class Migration {
JarOutputStream jarOs = new JarOutputStream(new
NonClosingOutputStream(dest))) {
Manifest manifest = jarIs.getManifest();
if (manifest != null) {
+ // Make a safe copy to leave original manifest untouched.
+ // Otherwise messing with signatures will fail
+ manifest = new Manifest(manifest);
updateVersion(manifest);
+ removeSignatures(manifest);
JarEntry manifestEntry = new JarEntry(JarFile.MANIFEST_NAME);
jarOs.putNextEntry(manifestEntry);
manifest.write(jarOs);
@@ -142,6 +148,10 @@ public class Migration {
while ((jarEntry = jarIs.getNextJarEntry()) != null) {
String sourceName = jarEntry.getName();
logger.log(Level.FINE, sm.getString("migration.entry",
sourceName));
+ if (isSignatureFile(sourceName)) {
+ logger.log(Level.FINE,
sm.getString("migration.skipSignatureFile", sourceName));
+ continue;
+ }
String destName = Util.convert(sourceName);
JarEntry destEntry = new JarEntry(destName);
jarOs.putNextEntry(destEntry);
@@ -152,6 +162,12 @@ public class Migration {
}
+ private boolean isSignatureFile(String sourceName) {
+ return sourceName.startsWith("META-INF/")
+ && (sourceName.endsWith(".SF") || sourceName.endsWith(".RSA")
|| sourceName.endsWith(".DSA"));
+ }
+
+
private boolean migrateStream(String name, InputStream src, OutputStream
dest) throws IOException {
if (isArchive(name)) {
logger.log(Level.INFO, sm.getString("migration.archive", name));
@@ -169,6 +185,32 @@ public class Migration {
}
+ private void removeSignatures(Manifest manifest) {
+ manifest.getMainAttributes().remove(Attributes.Name.SIGNATURE_VERSION);
+ List<String> signatureEntries = new ArrayList<>();
+ Map<String, Attributes> manifestAttributeEntries =
manifest.getEntries();
+ for (Entry<String, Attributes> entry :
manifestAttributeEntries.entrySet()) {
+ if (isCryptoSignatureEntry(entry.getValue())) {
+ String entryName = entry.getKey();
+ signatureEntries.add(entryName);
+ logger.log(Level.FINE,
sm.getString("migration.removeSignature", entryName));
+ }
+ }
+ signatureEntries.stream()
+ .forEach(manifestAttributeEntries::remove);
+ }
+
+
+ private boolean isCryptoSignatureEntry(Attributes attributes) {
+ for (Object attributeKey : attributes.keySet()) {
+ if (attributeKey.toString().endsWith("-Digest")) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+
private void updateVersion(Manifest manifest) {
updateVersion(manifest.getMainAttributes());
for (Attributes attributes : manifest.getEntries().values()) {
diff --git
a/src/main/resources/org/apache/tomcat/jakartaee/LocalStrings.properties
b/src/main/resources/org/apache/tomcat/jakartaee/LocalStrings.properties
index fdfe379..2f9560d 100644
--- a/src/main/resources/org/apache/tomcat/jakartaee/LocalStrings.properties
+++ b/src/main/resources/org/apache/tomcat/jakartaee/LocalStrings.properties
@@ -20,5 +20,7 @@ migration.entry=Migrating Jar entry [{0}]
migration.error=Error performing migration
migration.execute=Performing migration from source [{0}] to destination [{1}]
migration.mkdirError=Error creating destination directory [{0}]
+migration.removeSignature=Remove cryptographic signature for [{0}]
+migration.skipSignatureFile=Drop cryptographic signature file [{0}]
migration.stream=Migrating stream [{0}]
migration.usage=Usage: Migration <source> <destination>
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
