7004035: signed jar with only META-INF/* inside is not verifiable

Reviewed-by: mullan
2026-04-05 04:31:36 +00:00 · 2010-12-06 10:46:18 +08:00 · 2010-12-06 10:46:18 +08:00 · 1d7abe0313
commit 1d7abe0313
parent 0ebf8df623
6 changed files with 97 additions and 19 deletions
--- a/jdk/src/share/classes/sun/security/tools/JarSigner.java
+++ b/jdk/src/share/classes/sun/security/tools/JarSigner.java
@ -723,7 +723,7 @@ public class JarSigner {
                        if (signatureRelated(name)) {
                            // Entries inside META-INF and other unsigned
                            // entries are grouped separately.
-                            label = "-" + label.substring(1);
+                            label = "-" + label;
                        }

                        // The label finally contains 2 parts separated by '|':
@ -752,7 +752,7 @@ public class JarSigner {
                    List<String> files = s.getValue();
                    String key = s.getKey();
                    if (key.charAt(0) == '-') { // the signature-related group
-                        key = ' ' + key.substring(1);
+                        key = key.substring(1);
                    }
                    int pipe = key.indexOf('|');
                    if (verbose.equals("all")) {
--- a/jdk/src/share/classes/sun/security/util/ManifestEntryVerifier.java
+++ b/jdk/src/share/classes/sun/security/util/ManifestEntryVerifier.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2010, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -185,7 +185,10 @@ public class ManifestEntryVerifier {
                Hashtable<String, CodeSigner[]> sigFileSigners)
        throws JarException
    {
-        if (skip) return null;
+        // MANIFEST.MF should not be skipped. It has signers.
+        if (skip && !entry.getName().equals(JarFile.MANIFEST_NAME)) {
+            return null;
+        }

        if (signers != null)
            return signers;
--- a/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java
+++ b/jdk/src/share/classes/sun/security/util/SignatureFileVerifier.java
@ -265,6 +265,9 @@ public class SignatureFileVerifier {
                debug.println("processSignature unsigned name = "+name);
            }
        }
+
+        // MANIFEST.MF is always regarded as signed
+        updateSigners(newSigners, signers, JarFile.MANIFEST_NAME);
    }

    /**
--- a/jdk/test/sun/security/tools/jarsigner/JarSigningNonAscii.java
+++ b/jdk/test/sun/security/tools/jarsigner/JarSigningNonAscii.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -113,7 +113,7 @@ public class JarSigningNonAscii {
            }
        }

-        if (isSignedCount != 3) {
+        if (isSignedCount != 4) {
            throw new SecurityException("error signing JAR file");
        }

--- a/jdk/test/sun/security/tools/jarsigner/concise_jarsigner.sh
+++ b/jdk/test/sun/security/tools/jarsigner/concise_jarsigner.sh
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 #
 # This code is free software; you can redistribute it and/or modify it
@ -103,27 +103,31 @@ LINES=`$JARSIGNER -verify a.jar -verbose | grep $YEAR | wc -l`
 LINES=`$JARSIGNER -verify a.jar -verbose:grouped | grep $YEAR | wc -l`
 [ $LINES = 12 ] || exit $LINENO

-# 3 groups: unrelated, signed, unsigned
+# 4 groups: MANIFST, unrelated, signed, unsigned
 LINES=`$JARSIGNER -verify a.jar -verbose:summary | grep $YEAR | wc -l`
-[ $LINES = 3 ] || exit $LINENO
-
-# 4 groups: unrelated, signed by a1/a2, signed by a2, unsigned
-LINES=`$JARSIGNER -verify a.jar -verbose:summary -certs | grep $YEAR | wc -l`
 [ $LINES = 4 ] || exit $LINENO

-# 2*2 for A1/A2, 2 for A3/A4
+# still 4 groups, but MANIFEST group has no other file
+LINES=`$JARSIGNER -verify a.jar -verbose:summary | grep "more)" | wc -l`
+[ $LINES = 3 ] || exit $LINENO
+
+# 5 groups: MANIFEST, unrelated, signed by a1/a2, signed by a2, unsigned
+LINES=`$JARSIGNER -verify a.jar -verbose:summary -certs | grep $YEAR | wc -l`
+[ $LINES = 5 ] || exit $LINENO
+
+# 2 for MANIFEST, 2*2 for A1/A2, 2 for A3/A4
 LINES=`$JARSIGNER -verify a.jar -verbose -certs | grep "\[certificate" | wc -l`
-[ $LINES = 6 ] || exit $LINENO
+[ $LINES = 8 ] || exit $LINENO

-# a1,a2 for A1/A2, a2 for A3/A4
+# a1,a2 for MANIFEST, a1,a2 for A1/A2, a2 for A3/A4
 LINES=`$JARSIGNER -verify a.jar -verbose:grouped -certs | grep "\[certificate" | wc -l`
-[ $LINES = 3 ] || exit $LINENO
+[ $LINES = 5 ] || exit $LINENO

-# a1,a2 for A1/A2, a2 for A3/A4
+# a1,a2 for MANIFEST, a1,a2 for A1/A2, a2 for A3/A4
 LINES=`$JARSIGNER -verify a.jar -verbose:summary -certs | grep "\[certificate" | wc -l`
-[ $LINES = 3 ] || exit $LINENO
+[ $LINES = 5 ] || exit $LINENO

-# 4 groups
+# still 5 groups, but MANIFEST group has no other file
 LINES=`$JARSIGNER -verify a.jar -verbose:summary -certs | grep "more)" | wc -l`
 [ $LINES = 4 ] || exit $LINENO

--- a/jdk/test/sun/security/tools/jarsigner/onlymanifest.sh
+++ b/jdk/test/sun/security/tools/jarsigner/onlymanifest.sh
@ -0,0 +1,68 @@
+#
+# Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
+# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+#
+# This code is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License version 2 only, as
+# published by the Free Software Foundation.
+#
+# This code is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+# version 2 for more details (a copy is included in the LICENSE file that
+# accompanied this code).
+#
+# You should have received a copy of the GNU General Public License version
+# 2 along with this work; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+# or visit www.oracle.com if you need additional information or have any
+# questions.
+#
+
+# @test
+# @bug 7004035
+# @summary signed jar with only META-INF/* inside is not verifiable
+#
+
+if [ "${TESTJAVA}" = "" ] ; then
+  JAVAC_CMD=`which javac`
+  TESTJAVA=`dirname $JAVAC_CMD`/..
+fi
+
+# set platform-dependent variables
+OS=`uname -s`
+case "$OS" in
+  Windows_* )
+    FS="\\"
+    ;;
+  * )
+    FS="/"
+    ;;
+esac
+
+KS=onlymanifest.jks
+JFILE=onlymanifest.jar
+
+KT="$TESTJAVA${FS}bin${FS}keytool -storepass changeit -keypass changeit \
+        -keystore $KS"
+JAR=$TESTJAVA${FS}bin${FS}jar
+JARSIGNER=$TESTJAVA${FS}bin${FS}jarsigner
+
+rm $KS $JFILE 2> /dev/null
+
+# Create an empty jar file with only MANIFEST.MF
+
+echo "Key: Value" > manifest
+$JAR cvfm $JFILE manifest
+
+$KT -alias a -dname CN=a -genkey -validity 300 || exit 1
+$JARSIGNER -keystore $KS -storepass changeit $JFILE a -debug -strict || exit 2
+$JARSIGNER -keystore $KS -storepass changeit -verify $JFILE a -debug -strict \
+        > onlymanifest.out || exit 3
+
+grep unsigned onlymanifest.out && exit 4
+
+exit 0
+