This is an automated email from the ASF dual-hosted git repository. dblevins pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee-patch-plugin.git
commit eda6fd1cd89fb7d1343c13300ce3cba09cef7f9e Author: David Blevins <[email protected]> AuthorDate: Sun Jun 14 14:40:28 2020 -0700 Strip out jar signatures --- .../org/apache/tomee/patch/core/Transformation.java | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tomee-patch-core/src/main/java/org/apache/tomee/patch/core/Transformation.java b/tomee-patch-core/src/main/java/org/apache/tomee/patch/core/Transformation.java index 3448970..12d1480 100644 --- a/tomee-patch-core/src/main/java/org/apache/tomee/patch/core/Transformation.java +++ b/tomee-patch-core/src/main/java/org/apache/tomee/patch/core/Transformation.java @@ -81,6 +81,11 @@ public class Transformation { // TODO: the name may be changed in transformation final String path = updatePath(oldEntry.getName()); + if (skip(path)) { + IO.copy(zipInputStream, skipped); + continue; + } + /* * If this entry has been patched, skip it * We will add the patched version at the end @@ -137,6 +142,19 @@ public class Transformation { } } + /** + * Skip signed jar public key files. We most definitely + * have tampered with the jar. + */ + private boolean skip(final String name) { + if (name.startsWith("META-INF/")) { + if (name.endsWith(".SF")) return true; + if (name.endsWith(".DSA")) return true; + if (name.endsWith(".RSA")) return true; + } + return false; + } + private String updatePath(final String name) { return name.replace("resources/javax.faces","resources/jakarta.faces"); }
