8273826: Correct Manifest file name and NPE checks

Reviewed-by: weijun, hchao, mullan
2025-08-28 07:14:30 +02:00 · 2021-10-07 15:12:13 +00:00 · 2021-10-07 15:12:13 +00:00 · 03a8d342b8
commit 03a8d342b8
parent 722d639fad
5 changed files with 137 additions and 11 deletions
--- a/src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java
+++ b/src/java.base/share/classes/sun/security/util/ManifestEntryVerifier.java
@ -63,7 +63,9 @@ public class ManifestEntryVerifier {
    ArrayList<byte[]> manifestHashes;

    private String name = null;
-    private Manifest man;
+
+    private final String manifestFileName; // never null
+    private final Manifest man;

    private boolean skip = true;

@ -74,11 +76,12 @@ public class ManifestEntryVerifier {
    /**
     * Create a new ManifestEntryVerifier object.
     */
-    public ManifestEntryVerifier(Manifest man)
+    public ManifestEntryVerifier(Manifest man, String manifestFileName)
    {
        createdDigests = new HashMap<>(11);
        digests = new ArrayList<>();
        manifestHashes = new ArrayList<>();
+        this.manifestFileName = manifestFileName;
        this.man = man;
    }

@ -187,7 +190,6 @@ public class ManifestEntryVerifier {
     * the first time we have verified this object, remove its
     * code signers from sigFileSigners and place in verifiedSigners.
     *
-     *
     */
    public CodeSigner[] verify(Hashtable<String, CodeSigner[]> verifiedSigners,
                Hashtable<String, CodeSigner[]> sigFileSigners)
@ -209,7 +211,6 @@ public class ManifestEntryVerifier {
            getParams(verifiedSigners, sigFileSigners);

        for (int i=0; i < digests.size(); i++) {
-
            MessageDigest digest = digests.get(i);
            if (params != null) {
                try {
@ -251,7 +252,8 @@ public class ManifestEntryVerifier {
    /**
     * Get constraints parameters for JAR. The constraints should be
     * checked against all code signers. Returns the parameters,
-     * or null if the signers for this entry have already been checked.
+     * or null if the signers for this entry have already been checked
+     * or there are no signers for this entry.
     */
    private JarConstraintsParameters getParams(
            Map<String, CodeSigner[]> verifiedSigners,
@ -262,17 +264,20 @@ public class ManifestEntryVerifier {
        // the signers of the JAR. But if it doesn't then we need to fallback
        // and check verifiedSigners to see if the signers of this entry have
        // been checked already.
-        if (verifiedSigners.containsKey(JarFile.MANIFEST_NAME)) {
+        if (verifiedSigners.containsKey(manifestFileName)) {
            if (verifiedSigners.size() > 1) {
                // this means we already checked it previously
                return null;
            } else {
                return new JarConstraintsParameters(
-                    verifiedSigners.get(JarFile.MANIFEST_NAME));
+                    verifiedSigners.get(manifestFileName));
            }
        } else {
+            if (debug != null) {
+                debug.println(manifestFileName + " not present in verifiedSigners");
+            }
            CodeSigner[] signers = sigFileSigners.get(name);
-            if (verifiedSigners.containsValue(signers)) {
+            if (signers == null || verifiedSigners.containsValue(signers)) {
                return null;
            } else {
                return new JarConstraintsParameters(signers);