Fix missing jar entry certificates

philwebb · philwebb · commit e0030094e281 · 2020-09-15T08:42:58.000-07:00
Ensure that the source jar entry is closed before reading certificates and code signers from the entry. gh-19041
diff --git a/spring-boot-project/spring-boot-tools/spring-boot-loader/src/main/java/org/springframework/boot/loader/jar/JarFileEntries.java b/spring-boot-project/spring-boot-tools/spring-boot-loader/src/main/java/org/springframework/boot/loader/jar/JarFileEntries.java
@@ -353,11 +353,12 @@ JarEntryCertification getCertification(JarEntry entry) throws IOException {
 			try (JarInputStream certifiedJarStream = new JarInputStream(this.jarFile.getData().getInputStream())) {
 				java.util.jar.JarEntry certifiedEntry = null;
 				while ((certifiedEntry = certifiedJarStream.getNextJarEntry()) != null) {
+					// Entry must be closed to trigger a read and set entry certificates
+					certifiedJarStream.closeEntry();
 					int index = getEntryIndex(certifiedEntry.getName());
 					if (index != -1) {
 						certifications[index] = JarEntryCertification.from(certifiedEntry);
 					}
-					certifiedJarStream.closeEntry();
 				}
 			}
 			this.certifications = certifications;
diff --git a/spring-boot-project/spring-boot-tools/spring-boot-loader/src/test/java/org/springframework/boot/loader/jar/JarFileTests.java b/spring-boot-project/spring-boot-tools/spring-boot-loader/src/test/java/org/springframework/boot/loader/jar/JarFileTests.java
@@ -385,10 +385,13 @@ public void verifySignedJar() throws Exception {
 				while (actualEntries.hasMoreElements()) {
 					JarEntry actualEntry = actualEntries.nextElement();
 					java.util.jar.JarEntry expectedEntry = expected.getJarEntry(actualEntry.getName());
-					assertThat(actualEntry.getCertificates()).as(actualEntry.getName())
-							.isEqualTo(expectedEntry.getCertificates());
-					assertThat(actualEntry.getCodeSigners()).as(actualEntry.getName())
-							.isEqualTo(expectedEntry.getCodeSigners());
+					StreamUtils.drain(expected.getInputStream(expectedEntry));
+					if (!actualEntry.getName().equals("META-INF/MANIFEST.MF")) {
+						assertThat(actualEntry.getCertificates()).as(actualEntry.getName())
+								.isEqualTo(expectedEntry.getCertificates());
+						assertThat(actualEntry.getCodeSigners()).as(actualEntry.getName())
+								.isEqualTo(expectedEntry.getCodeSigners());
+					}
 				}
 				assertThat(stopWatch.getTotalTimeSeconds()).isLessThan(3.0);
 			}

Original file line number	Diff line number	Diff line change
`@@ -353,11 +353,12 @@ JarEntryCertification getCertification(JarEntry entry) throws IOException {`
`353`	`353`	`try (JarInputStream certifiedJarStream = new JarInputStream(this.jarFile.getData().getInputStream())) {`
`354`	`354`	`java.util.jar.JarEntry certifiedEntry = null;`
`355`	`355`	`while ((certifiedEntry = certifiedJarStream.getNextJarEntry()) != null) {`
	`356`	`+ // Entry must be closed to trigger a read and set entry certificates`
	`357`	`+ certifiedJarStream.closeEntry();`
`356`	`358`	`int index = getEntryIndex(certifiedEntry.getName());`
`357`	`359`	`if (index != -1) {`
`358`	`360`	`certifications[index] = JarEntryCertification.from(certifiedEntry);`
`359`	`361`	`}`
`360`		`- certifiedJarStream.closeEntry();`
`361`	`362`	`}`
`362`	`363`	`}`
`363`	`364`	`this.certifications = certifications;`