java - Convert modified manifest files back to JarEntry -


at work use lot of third-party libraries come signed. of them no longer maintained, still need use them. due recent java security update manifest files in jars need updated include security attributes. given how jar files work need perform unpack-edit-repack procedure on each jar.

this involves unpacking jar, adding attributes manifest while removing present sha1 signature strings, repacking , resigning jar our own signature. here's code have far unpack jar:

public static void unpackjarfile(file srcjarfile) throws ioexception{     file tmpjarfile = file.createtempfile("tempjar", ".tmp");     jarfile jarfile = new jarfile(srcjarfile);     jaroutputstream tempjaroutputstream = new jaroutputstream(new fileoutputstream(tmpjarfile));      //copy original jar file temporary one.     enumeration<jarentry> jarentries = jarfile.entries();     while(jarentries.hasmoreelements()) {         jarentry temp = jarentries.nextelement();          //if file manifest unsign else carry on         jarentry entry = ismanifestfile(temp) ? unsignmanifest(temp, jarfile) : temp;         // ingore files ending in .sf , .rsa         if (fileisnotsignature(entry)){             inputstream entryinputstream = jarfile.getinputstream(entry);             tempjaroutputstream.putnextentry(entry);             byte[] buffer = new byte[1024];             int bytesread = 0;             while ((bytesread = entryinputstream.read(buffer)) != -1) {                 tempjaroutputstream.write(buffer, 0, bytesread);             }         }     }     tempjaroutputstream.close();     jarfile.close();     srcjarfile.delete();     tmpjarfile.renameto(srcjarfile); }    private static jarentry unsignmanifest(jarentry signed, jarfile jarfile) throws ioexception {      //extract signed manifest contents temp text file     file tmpmanifestfile = file.createtempfile("tempmanifest", ".tmp");     tmpmanifestfile.deleteonexit();     manifest manifest = jarfile.getmanifest();     outputstream fos = new fileoutputstream(tmpmanifestfile);      //write out manifest contents actual file on disk later editing     manifest.write(fos);     fos.close();      //read physical file in line line sha1 strings      //can ignored when creating new manifest file.     path path = paths.get(tmpmanifestfile.getpath());     list<string> lines = files.readalllines(path, charset.defaultcharset());      // logic here.     // each line : lines     // if !line.contains("sha1-digest: swda1ic/t+le1n+uvrayf89ly4e=")     // write out new manifest file     // append security attributes     //convert new manifest file new jarentry unsigned     // return jarentry      return unsigned;  }

given one-way nature of java's jarentry , manifest classes looks have heavy lifting. i'm okay getting values out, selectively putting them in painful in opinion. far, can unpack , repack jars fine. can see @ end of code can't figure out how selectively put contents manifest file , convert jarentry unpackjarfile() method thinks newly-created manifest file came original jar.

thanks in advance.


Comments

Post a Comment

Popular posts from this blog

Android layout hidden on keyboard show -

i have strange problem layout. when tap on edittext , keyboard shown edittext stay on bottom , when tap on to hide keyboard , keyboard hides , edittext go should when want input text. when tap again, keyboard shown , edittext goes down behind keyboard... <relativelayout android:layout_width="match_parent" android:layout_height="match_parent" > <scrollview android:layout_width="match_parent" android:layout_height="fill_parent" android:above="@+id/rl_commands"> <textview android:layout_width="match_parent" android:layout_height="wrap_content"/> </scrollview> <relativelayout android:layout_width="match_parent android:layout_height="24dp" android:id="@+id/rl_commands" android:alignparentbottom="true">
Read more

google app engine - 403 Forbidden POST - Flask WTForms -

i have flask application running on google app engine. trying submit form built using wtform , keep getting following error. 403 forbidden: don't have permission access requested resource. either read-protected or not readable server. location.html (part of code) <form method=post action="/home/location"> .... <button type="submit" class="btn btn-primary" value="submit"> directions </button> </form> main.py @app.route('/home/location', methods=['post', 'get']) def location(): form = cfcdirections.direction(request.form) print(request.method) if request.method == 'post' , form.validate(): print("after if") directions = cfcdirections() street_no = directions.no street = directions.street suburb = directions.suburb postcode = directions.postcode
Read more

c - Why would PK11_GenerateRandom() return an error -8023? -

i looking through internet trying find source of pk11_generaterandom() function see why function fail. have program uses function when moved new flavor of linux, fails after forking ( fork() ) since not believe there problem nss, suspect doing incorrectly disregarded in older versions of linux new 1 there issue. the openssl package same on 'good' , 'bad' server: openssl 0.9.8e-fips-rhel5 01 jul nss rpm differs though. 'good' has nss-3.12.2.0-2.el5 and bas has version nss-3.15.3-4.el5_10 the 'good' server uses quite obsolete linux: linux 2.6.18-128.el5 #1 smp wed jan 21 08:45:05 est 2009 x86_64 x86_64 x86_64 gnu/linux enterprise linux enterprise linux server release 5.3 (carthage) red hat enterprise linux server release 5.3 (tikanga) the 'bad' server newer: linux bad 2.6.18-371.4.1.el5 #1 smp wed jan 29 11:05:49 pst 2014 x86_64 x86_64 x86_64 gnu/linux oracle linux server release 5.10 red hat enterprise linux server release
Read more