|
1 | 1 | /* |
2 | | - * Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved. |
| 2 | + * Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved. |
3 | 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 | 4 | * |
5 | 5 | * This code is free software; you can redistribute it and/or modify it |
|
31 | 31 | import jdk.internal.util.jar.JarIndex; |
32 | 32 |
|
33 | 33 | /** |
34 | | - * The {@code JarInputStream} class is used to read the contents of |
35 | | - * a JAR file from any input stream. It extends the class |
36 | | - * {@code java.util.zip.ZipInputStream} with support for reading |
37 | | - * an optional {@code Manifest} entry. The {@code Manifest} |
38 | | - * can be used to store meta-information about the JAR file and its entries. |
| 34 | + * The {@code JarInputStream} class, which extends {@link ZipInputStream}, |
| 35 | + * is used to read the contents of a JAR file from an input stream. |
| 36 | + * It provides support for reading an optional |
| 37 | + * <a href="{@docRoot}/../specs/jar/jar.html#jar-manifest">Manifest</a> |
| 38 | + * entry. The {@code Manifest} can be used to store |
| 39 | + * meta-information about the JAR file and its entries. |
| 40 | + * |
| 41 | + * <h2>Accessing the Manifest</h2> |
| 42 | + * <p> |
| 43 | + * The {@link #getManifest() getManifest} method is used to return the |
| 44 | + * <a href="{@docRoot}/../specs/jar/jar.html#jar-manifest">Manifest</a> |
| 45 | + * from the entry {@code META-INF/MANIFEST.MF} when it is the first entry |
| 46 | + * in the stream (or the second entry if the first entry in the stream is |
| 47 | + * {@code META-INF/} and the second entry is {@code META-INF/MANIFEST.MF}). |
| 48 | + * </p> |
| 49 | + * <p> The {@link #getNextJarEntry()} and {@link #getNextEntry()} methods are |
| 50 | + * used to read JAR file entries from the stream. These methods skip over the |
| 51 | + * Manifest ({@code META-INF/MANIFEST.MF}) when it is at the beginning of the |
| 52 | + * stream. In other words, these methods do not return an entry for the Manifest |
| 53 | + * when the Manifest is the first entry in the stream. If the first entry is |
| 54 | + * {@code META-INF/} and the second entry is the Manifest then both are skipped |
| 55 | + * over by these methods. Whether these methods skip over the Manifest when it |
| 56 | + * appears later in the stream is not specified. |
| 57 | + * </p> |
| 58 | + * <h2>Signed JAR Files</h2> |
| 59 | + * |
| 60 | + * A {@code JarInputStream} verifies the signatures of entries in a |
| 61 | + * <a href="{@docRoot}/../specs/jar/jar.html#signed-jar-file">Signed JAR file</a> |
| 62 | + * when: |
| 63 | + * <ul> |
| 64 | + * <li> |
| 65 | + * The {@code Manifest} is the first entry in the stream (or the second |
| 66 | + * entry if the first entry in the stream is {@code META-INF/} and the |
| 67 | + * second entry is {@code META-INF/MANIFEST.MF}). |
| 68 | + * </li> |
| 69 | + * <li> |
| 70 | + * All signature-related entries immediately follow the {@code Manifest} |
| 71 | + * </li> |
| 72 | + * </ul> |
| 73 | + * <p> |
| 74 | + * Once the {@code JarEntry} has been completely verified, which is done by |
| 75 | + * reading until the end of the entry's input stream, |
| 76 | + * {@link JarEntry#getCertificates()} may be called to obtain the certificates |
| 77 | + * for this entry and {@link JarEntry#getCodeSigners()} may be called to obtain |
| 78 | + * the signers. |
| 79 | + * </p> |
| 80 | + * <p> |
| 81 | + * It is important to note that the verification process does not include validating |
| 82 | + * the signer's certificate. A caller should inspect the return value of |
| 83 | + * {@link JarEntry#getCodeSigners()} to further determine if the signature |
| 84 | + * can be trusted. |
| 85 | + * </p> |
| 86 | + * @apiNote |
| 87 | + * If a {@code JarEntry} is modified after the JAR file is signed, |
| 88 | + * a {@link SecurityException} will be thrown when the entry is read. |
39 | 89 | * |
40 | 90 | * @author David Connelly |
41 | 91 | * @see Manifest |
@@ -103,11 +153,13 @@ private JarEntry checkManifest(JarEntry e) |
103 | 153 | } |
104 | 154 |
|
105 | 155 | /** |
106 | | - * Returns the {@code Manifest} for this JAR file, or |
107 | | - * {@code null} if none. |
| 156 | + * Returns the {@code Manifest} for this JAR file when it is the first entry |
| 157 | + * in the stream (or the second entry if the first entry in the stream is |
| 158 | + * {@code META-INF/} and the second entry is {@code META-INF/MANIFEST.MF}), or |
| 159 | + * {@code null} otherwise. |
108 | 160 | * |
109 | 161 | * @return the {@code Manifest} for this JAR file, or |
110 | | - * {@code null} if none. |
| 162 | + * {@code null} otherwise. |
111 | 163 | */ |
112 | 164 | public Manifest getManifest() { |
113 | 165 | return man; |
|
1 commit comments
openjdk-notifier[bot] commentedon Sep 28, 2022
Review
Issues