RFR: 8341775: Duplicate manifest files are removed by jarsigner after signing

[Eirik Bjørsnøs]

On Thu, 21 Nov 2024 19:46:27 GMT, Kevin Driver <kdriver at openjdk.org> wrote:

> Furthermore, we cannot create a jar with two different META-INF directories at the root, both with two different all-caps MANIFEST.MF files dynamically. Unless I am mistaken.

Here's a unit test which produces a JAR file with a duplicated META-INF/MANIFEST.MF:


@Test
public void doubleManifest() throws IOException {
    var name = "META-INF/MANIFEST.MF";
    var nameBytes = name.getBytes(StandardCharsets.UTF_8);

    var baos = new ByteArrayOutputStream();
    try (var zo = new ZipOutputStream(baos)) {
        // ZOS does not allow duplicated name, use lowercase
        zo.putNextEntry(new ZipEntry(name.toLowerCase(Locale.ROOT)));
        zo.putNextEntry(new ZipEntry(name));
    }

    byte[] zip = baos.toByteArray();
    // Byte buffer to navigate the ZIP
    ByteBuffer bb = ByteBuffer.wrap(zip).order(ByteOrder.LITTLE_ENDIAN);

    // Offset of the start of the END header
    int endOff = zip.length - ZipEntry.ENDHDR;
    // Offset of the first CEN header
    short cenOff = bb.getShort(endOff + ZipEntry.ENDOFF);
    // Write uppercase name to first CEN entry
    bb.put(cenOff + ZipEntry.CENHDR, nameBytes, 0, nameBytes.length);

    // Write the file to disk
    Path zipFile = Path.of("double-man.jar");
    Files.write(zipFile, zip);

    // Verify that ZipFile reads duplicated MANIFEST files
    try (var zf = new ZipFile(zipFile.toFile())) {
        List<? extends ZipEntry> entries = Collections.list(zf.entries());
        assertEquals(2, entries.size());
        assertEquals(name, entries.get(0).getName());
        assertEquals(name, entries.get(1).getName());
    }

}

-------------

PR Comment: https://git.openjdk.org/jdk/pull/22222#issuecomment-2495505847