Fall back to PreloadedEmbeddedJar for signed nested jars

OndemandEmbeddedJar does not implement the logic required to deal with
signed jars, so if any files are present in the META-INF/ directory of
a nested jar that indicate that the jar contents are integrity
protected by signatures, fall back to PreloadedEmbeddedJar for that
specific jar.

emjar-demo/pom.xml

@@ -21,6 +21,8 @@
     <jetty.version>9.3.15.v20161220</jetty.version>
     <jersey.version>2.25</jersey.version>
     <jackson.version>2.8.6</jackson.version>
+    <java.executable>java</java.executable>
+    <logging.format>[%4$s] %5$s%6$s%n</logging.format>
   </properties>
 
   <dependencies>
@@ -129,7 +131,7 @@
               <goal>exec</goal>
             </goals>
             <configuration>
-              <executable>java</executable>
+              <executable>${java.executable}</executable>
               <workingDirectory>${project.build.directory}</workingDirectory>
               <arguments>
                 <argument>-version</argument>
@@ -175,9 +177,10 @@
                   <goal>exec</goal>
                 </goals>
                 <configuration>
-                  <executable>java</executable>
+                  <executable>${java.executable}</executable>
                   <workingDirectory>${project.build.directory}</workingDirectory>
                   <arguments>
+                    <argument>-Djava.util.logging.SimpleFormatter.format=  bare ${logging.format}</argument>
                     <argument>-cp</argument>
                     <argument>classes/:${bare.classpath}</argument>
                     <argument>${main.class}</argument>
@@ -191,9 +194,10 @@
                   <goal>exec</goal>
                 </goals>
                 <configuration>
-                  <executable>java</executable>
+                  <executable>${java.executable}</executable>
                   <workingDirectory>${project.build.directory}</workingDirectory>
                   <arguments>
+                    <argument>-Djava.util.logging.SimpleFormatter.format=  bare ${logging.format}</argument>
                     <argument>-Demjar.demo.classpath-scanning</argument>
                     <argument>-cp</argument>
                     <argument>classes/:${bare.classpath}</argument>
@@ -237,9 +241,10 @@
                   <goal>exec</goal>
                 </goals>
                 <configuration>
-                  <executable>java</executable>
+                  <executable>${java.executable}</executable>
                   <workingDirectory>${project.build.directory}</workingDirectory>
                   <arguments>
+                    <argument>-Djava.util.logging.SimpleFormatter.format=  emjar ${logging.format}</argument>
                     <argument>-jar</argument>
                     <argument>emjar-demo-${project.version}-emjar.jar</argument>
                   </arguments>
@@ -252,9 +257,10 @@
                   <goal>exec</goal>
                 </goals>
                 <configuration>
-                  <executable>java</executable>
+                  <executable>${java.executable}</executable>
                   <workingDirectory>${project.build.directory}</workingDirectory>
                   <arguments>
+                    <argument>-Djava.util.logging.SimpleFormatter.format=  emjar ${logging.format}</argument>
                     <argument>-Demjar.demo.classpath-scanning</argument>
                     <argument>-jar</argument>
                     <argument>emjar-demo-${project.version}-emjar.jar</argument>
@@ -321,9 +327,10 @@
                   <goal>exec</goal>
                 </goals>
                 <configuration>
-                  <executable>java</executable>
+                  <executable>${java.executable}</executable>
                   <workingDirectory>${project.build.directory}</workingDirectory>
                   <arguments>
+                    <argument>-Djava.util.logging.SimpleFormatter.format=  shade ${logging.format}</argument>
                     <argument>-jar</argument>
                     <argument>emjar-demo-${project.version}-shaded.jar</argument>
                   </arguments>
@@ -336,9 +343,10 @@
                   <goal>exec</goal>
                 </goals>
                 <configuration>
-                  <executable>java</executable>
+                  <executable>${java.executable}</executable>
                   <workingDirectory>${project.build.directory}</workingDirectory>
                   <arguments>
+                    <argument>-Djava.util.logging.SimpleFormatter.format=  shade ${logging.format}</argument>
                     <argument>-Demjar.demo.classpath-scanning</argument>
                     <argument>-jar</argument>
                     <argument>emjar-demo-${project.version}-shaded.jar</argument>
@@ -417,9 +425,10 @@
                   <goal>exec</goal>
                 </goals>
                 <configuration>
-                  <executable>java</executable>
+                  <executable>${java.executable}</executable>
                   <workingDirectory>${project.build.directory}</workingDirectory>
                   <arguments>
+                    <argument>-Djava.util.logging.SimpleFormatter.format=  onejar ${logging.format}</argument>
                     <argument>-jar</argument>
                     <argument>emjar-demo-${project.version}-onejar.jar</argument>
                   </arguments>
@@ -432,9 +441,10 @@
                   <goal>exec</goal>
                 </goals>
                 <configuration>
-                  <executable>java</executable>
+                  <executable>${java.executable}</executable>
                   <workingDirectory>${project.build.directory}</workingDirectory>
                   <arguments>
+                    <argument>-Djava.util.logging.SimpleFormatter.format=  onejar ${logging.format}</argument>
                     <argument>-Demjar.demo.classpath-scanning</argument>
                     <argument>-jar</argument>
                     <argument>emjar-demo-${project.version}-onejar.jar</argument>
@@ -481,9 +491,10 @@
                   <goal>exec</goal>
                 </goals>
                 <configuration>
-                  <executable>java</executable>
+                  <executable>${java.executable}</executable>
                   <workingDirectory>${project.build.directory}</workingDirectory>
                   <arguments>
+                    <argument>-Djava.util.logging.SimpleFormatter.format=  springboot ${logging.format}</argument>
                     <argument>-jar</argument>
                     <argument>emjar-demo-${project.version}-springboot.jar</argument>
                   </arguments>
@@ -500,9 +511,10 @@
                   <goal>exec</goal>
                 </goals>
                 <configuration>
-                  <executable>java</executable>
+                  <executable>${java.executable}</executable>
                   <workingDirectory>${project.build.directory}</workingDirectory>
                   <arguments>
+                    <argument>-Djava.util.logging.SimpleFormatter.format=  springboot ${logging.format}</argument>
                     <argument>-Demjar.demo.classpath-scanning</argument>
                     <argument>-jar</argument>
                     <argument>emjar-demo-${project.version}-springboot.jar</argument>
@@ -606,9 +618,10 @@
                   <goal>exec</goal>
                 </goals>
                 <configuration>
-                  <executable>java</executable>
+                  <executable>${java.executable}</executable>
                   <workingDirectory>${project.build.directory}</workingDirectory>
                   <arguments>
+                    <argument>-Djava.util.logging.SimpleFormatter.format=  jarinjar ${logging.format}</argument>
                     <argument>-jar</argument>
                     <argument>emjar-demo-${project.version}-jarinjar.jar</argument>
                   </arguments>
@@ -621,9 +634,10 @@
                   <goal>exec</goal>
                 </goals>
                 <configuration>
-                  <executable>java</executable>
+                  <executable>${java.executable}</executable>
                   <workingDirectory>${project.build.directory}</workingDirectory>
                   <arguments>
+                    <argument>-Djava.util.logging.SimpleFormatter.format=  jarinjar ${logging.format}</argument>
                     <argument>-Demjar.demo.classpath-scanning</argument>
                     <argument>-jar</argument>
                     <argument>emjar-demo-${project.version}-jarinjar.jar</argument>

emjar-demo/src/main/java/com/comoyo/commons/emjar/demo/Demo.java

@@ -2,10 +2,14 @@
 
 import com.comoyo.commons.emjar.demo.rs.Endpoint;
 import java.net.URI;
+import java.security.NoSuchProviderException;
+import java.security.Security;
 import java.util.logging.Logger;
+import javax.crypto.KeyAgreement;
 import javax.ws.rs.client.Client;
 import javax.ws.rs.client.ClientBuilder;
 import javax.ws.rs.core.MediaType;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.eclipse.jetty.servlet.ServletHolder;
@@ -14,16 +18,26 @@
 
 public class Demo {
     public static void main(final String[] args) throws Exception {
+        System.setErr(System.out);
         final Logger log = Logger.getLogger(Demo.class.getName());
         final ResourceConfig app = new ResourceConfig();
         if (System.getProperty("emjar.demo.classpath-scanning") != null) {
-            log.info("=== Running test (classpath scanning)");
+            log.info("Running test (classpath scanning)");
             app.packages("com.comoyo.commons.emjar.demo.rs");
         } else {
-            log.info("=== Running test (explicit registration)");
+            log.info("Running test (explicit registration)");
             app.register(Endpoint.class);
         }
 
+        try {
+            final BouncyCastleProvider provider = new BouncyCastleProvider();
+            Security.addProvider(provider);
+            KeyAgreement.getInstance("DH", provider.getName());
+            log.info("BouncyCastle security provider loaded successfully");
+        } catch (final NoSuchProviderException e) {
+            e.printStackTrace(System.err);
+        }
+
         final ServletHolder servlet = new ServletHolder(new ServletContainer(app));
         final Server server = new Server(0);
         final ServletContextHandler context = new ServletContextHandler(server, "/");

emjar-maven-plugin/README.md

@@ -50,7 +50,7 @@ Maven Plugin Mojo for building bundling jars that contain dependency artifact ja
   <plugin>
     <groupId>com.comoyo.commons</groupId>
     <artifactId>emjar-maven-plugin</artifactId>
-    <version>1.4.59</version>
+    <version>1.4.60</version>
     <executions>
       <execution>
         <goals>
@@ -71,7 +71,7 @@ Maven Plugin Mojo for building bundling jars that contain dependency artifact ja
   <plugin>
     <groupId>com.comoyo.commons</groupId>
     <artifactId>emjar-maven-plugin</artifactId>
-    <version>1.4.46</version>
+    <version>1.4.60</version>
     <executions>
       <execution>
         <goals>

emjar/src/main/java/com/comoyo/emjar/ZipScanner.java

@@ -81,7 +81,7 @@ public Map<String, Map<String, OndemandEmbeddedJar.Descriptor>> scan()
         return nestedDescriptors;
     }
 
-    public void recurse(
+    public boolean recurse(
         final ByteBuffer map,
         final Map<String, OndemandEmbeddedJar.Descriptor> context)
         throws IOException
@@ -118,8 +118,7 @@ public void recurse(
             if (endOff > Integer.MAX_VALUE) {
                 throw new IOException("Unexpected oversize offset value");
             }
-            parseDirectory(map, (int) endOff, (int) endSiz, context);
-            return;
+            return parseDirectory(map, (int) endOff, (int) endSiz, context);
         }
         final ByteBuffer eocd = findEocd(map, ZipFile.ENDSIG, ZipFile.ENDHDR);
         if (eocd != null) {
@@ -134,19 +133,20 @@ public void recurse(
             if (curDiskNum != 0 || cdStartDisk != 0 || cdRecsHere != cdRecsTotal) {
                 throw new IOException("Split archives not supported");
             }
-            parseDirectory(map, cdOffs, cdSize, context);
-            return;
+            return parseDirectory(map, cdOffs, cdSize, context);
         }
         throw new IOException("EOCD signature not found");
     }
 
-    private void parseDirectory(
+    private boolean parseDirectory(
         final ByteBuffer map,
         final int offset,
         final int size,
         final Map<String, OndemandEmbeddedJar.Descriptor> context)
         throws IOException
     {
+        boolean ondemandPossible = true;
+
         map.position(offset);
         final ByteBuffer dir = map.slice();
         dir.limit(size);
@@ -181,16 +181,22 @@ private void parseDirectory(
             if (method == METHOD_STORED && name.endsWith(".jar")) {
                 final Map<String, OndemandEmbeddedJar.Descriptor> descriptors
                     = new HashMap<>(16);
-                parseFile(map.slice(), descriptors, compressedSize);
-                nestedDescriptors.put(name, descriptors);
+                if (parseFile(map.slice(), descriptors, compressedSize)) {
+                    nestedDescriptors.put(name, descriptors);
+                }
+            }
+            if (name.startsWith("META-INF/")
+                    && (name.endsWith(".SF") || name.endsWith(".DSA") || name.endsWith(".RSA"))) {
+                ondemandPossible = false;
             }
             if (context != null) {
                 context.put(name, new OndemandEmbeddedJar.Descriptor(name, map, headerOffs, originalSize));
             }
         }
+        return ondemandPossible;
     }
 
-    private void parseFile(
+    private boolean parseFile(
         final ByteBuffer map,
         final Map<String, OndemandEmbeddedJar.Descriptor> context,
         final int compressedSize)
@@ -200,14 +206,14 @@ private void parseFile(
         final int pos = map.position();
         final int sig = map.getInt(pos);
         if (sig != ZipFile.LOCSIG) {
-            return;
+            return false;
         }
         final int nameLen = map.getShort(pos + ZipFile.LOCNAM);
         final int extraLen = map.getShort(pos + ZipFile.LOCEXT);
         map.position(pos + ZipFile.LOCHDR + nameLen + extraLen);
         final ByteBuffer nested = map.slice();
         nested.limit(compressedSize);
-        recurse(nested, context);
+        return recurse(nested, context);
     }
 
     private ByteBuffer findEocd(

emjar/src/test/java/com/comoyo/emjar/EmJarClassLoaderTest.java

@@ -27,6 +27,7 @@
 import java.net.URL;
 import java.net.URLClassLoader;
 import java.net.URLConnection;
+import java.security.cert.Certificate;
 import java.util.Enumeration;
 import java.util.Properties;
 import java.util.jar.JarEntry;
@@ -43,7 +44,7 @@
 import static org.junit.Assume.*;
 
 @RunWith(JUnit4.class)
-public class EmJarClassLoaderTest extends EmJarTest
+public class EmJarClassLoaderTest extends JarTest
 {
     private EmJarClassLoader testLoader()
         throws URISyntaxException
@@ -97,6 +98,23 @@ private static InputStream getResourceAsStreamRobust(
         return null;
     }
 
+    @Override
+    public JarURLConnection getJarUrlConnection(File root, String jarName, String entryName)
+        throws Exception
+    {
+        final Properties props = new Properties();
+        props.setProperty("java.class.path", root.toString());
+        final URLClassLoader loader = new EmJarClassLoader(props);
+        final URL url = loader.findResource(entryName);
+        assertNotNull("Entry " + entryName + " not found using " + root.toString(), url);
+        final JarURLConnection conn = (JarURLConnection) url.openConnection();
+        if (!jarName.equals("lib-signed.jar")) {
+            assertEquals("Connection returned from load was not Ondemand",
+                OndemandEmbeddedJar.Connection.class, conn.getClass());
+        }
+        return conn;
+    }
+
     @Test
     public void testClassPathQuoting()
         throws Exception
@@ -132,4 +150,20 @@ public void testOpenConnection()
         }
         fail("Did not find any elements in classpath with protocol jar");
     }
+
+    @Test
+    public void testBundleWithSignedContents()
+        throws Exception
+    {
+        final JarURLConnection conn = getJarUrlConnection(
+                getResourceFile("bundle-signed.jar"), "lib-signed.jar", "entry-signed.txt");
+        final JarFile jar = conn.getJarFile();
+        final JarEntry entry = jar.getJarEntry("entry-signed.txt");
+        final Certificate[] certs = entry.getCertificates();
+        assertNotNull("No certificates found for signed entry", certs);
+        assertEquals("Unexpected number of certificates for signed entry",
+                1, certs.length);
+        assertEquals("Supplied certificate was of unexpected type",
+                "X.509", certs[0].getType());
+    }
 }

emjar/src/test/java/com/comoyo/emjar/JarTest.java

@@ -40,7 +40,8 @@ protected JarFile testJarBundle(String name)
         throws Exception
     {
         final File bundle = getResourceFile("bundle-" + name + ".jar");
-        final JarURLConnection conn = getJarUrlConnection(bundle, "lib-" + name + ".jar", "");
+        final JarURLConnection conn = getJarUrlConnection(
+                bundle, "lib-" + name + ".jar", "entry-" + name + ".txt");
         final JarFile jar = conn.getJarFile();
         final BufferedReader entry
             = new BufferedReader(new InputStreamReader(

emjar/src/test/java/com/comoyo/emjar/OndemandEmbeddedJarTest.java

@@ -34,6 +34,7 @@
 public class OndemandEmbeddedJarTest
     extends JarTest
 {
+    @Override
     public JarURLConnection getJarUrlConnection(File root, String jarName, String entryName)
         throws Exception
     {

emjar/src/test/java/com/comoyo/emjar/PreloadedEmbeddedJarTest.java

@@ -33,6 +33,7 @@
 public class PreloadedEmbeddedJarTest
     extends JarTest
 {
+    @Override
     public JarURLConnection getJarUrlConnection(File root, String jarName, String entryName)
         throws Exception
     {