Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MSHADE-147: Add flag to disable jar signing verification #122

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
MSHADE-147: Add flag to disable jar signing verification
  • Loading branch information
gzsombor committed Feb 24, 2022

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit 787689ba900f6bf1f24e071c204fb6b6f2327b8e
16 changes: 8 additions & 8 deletions src/main/java/org/apache/maven/plugins/shade/DefaultShader.java
Original file line number Diff line number Diff line change
@@ -234,15 +234,15 @@ private void shadeJars( ShadeRequest shadeRequest, Set<String> resources, List<R

List<Filter> jarFilters = getFilters( jar, shadeRequest.getFilters() );

try ( JarFile jarFile = newJarFile( jar ) )
try ( JarFile jarFile = newJarFile( jar, shadeRequest.isDisableJarFileVerification() ) )
{

for ( Enumeration<JarEntry> j = jarFile.entries(); j.hasMoreElements(); )
{
JarEntry entry = j.nextElement();

String name = entry.getName();

if ( entry.isDirectory() || isFiltered( jarFilters, name ) )
{
continue;
@@ -347,7 +347,7 @@ private void goThroughAllJarEntriesForManifestTransformer( ShadeRequest shadeReq
{
for ( File jar : shadeRequest.getJars() )
{
try ( JarFile jarFile = newJarFile( jar ) )
try ( JarFile jarFile = newJarFile( jar, shadeRequest.isDisableJarFileVerification() ) )
{
for ( Enumeration<JarEntry> en = jarFile.entries(); en.hasMoreElements(); )
{
@@ -463,12 +463,12 @@ private void logSummaryOfDuplicates( MultiValuedMap<Collection<File>, String> ov
}
}

private JarFile newJarFile( File jar )
private JarFile newJarFile( File jar, boolean disableJarFileVerification )
throws IOException
{
try
{
return new JarFile( jar );
return new JarFile( jar, !disableJarFileVerification );
}
catch ( ZipException zex )
{
@@ -534,12 +534,12 @@ private void addRemappedClass( JarOutputStream jos, File jar, String name,

return;
}

// Keep the original class in, in case nothing was relocated by RelocatorRemapper. This avoids binary
// differences between classes, simply because they were rewritten and only details like constant pool or
// stack map frames are slightly different.
byte[] originalClass = IOUtil.toByteArray( is );

ClassReader cr = new ClassReader( new ByteArrayInputStream( originalClass ) );

// We don't pass the ClassReader here. This forces the ClassWriter to rebuild the constant pool.
@@ -691,7 +691,7 @@ private interface PackageMapper
{
/**
* Map an entity name according to the mapping rules known to this package mapper
*
*
* @param entityName entity name to be mapped
* @param mapPaths map "slashy" names like paths or internal Java class names, e.g. {@code com/acme/Foo}?
* @param mapPackages map "dotty" names like qualified Java class or package names, e.g. {@code com.acme.Foo}?
13 changes: 13 additions & 0 deletions src/main/java/org/apache/maven/plugins/shade/ShadeRequest.java
Original file line number Diff line number Diff line change
@@ -46,6 +46,8 @@ public class ShadeRequest

private boolean shadeSourcesContent;

private boolean disableJarFileVerification;

public Set<File> getJars()
{
return jars;
@@ -137,4 +139,15 @@ public void setShadeSourcesContent( boolean shadeSourcesContent )
{
this.shadeSourcesContent = shadeSourcesContent;
}

public boolean isDisableJarFileVerification()
{
return disableJarFileVerification;
}

public void setDisableJarFileVerification( boolean disableJarFileVerification )
{
this.disableJarFileVerification = disableJarFileVerification;
}

}
24 changes: 17 additions & 7 deletions src/main/java/org/apache/maven/plugins/shade/mojo/ShadeMojo.java
Original file line number Diff line number Diff line change
@@ -147,7 +147,7 @@ public class ShadeMojo
* syntax <code>groupId</code> is equivalent to <code>groupId:*:*:*</code>, <code>groupId:artifactId</code> is
* equivalent to <code>groupId:artifactId:*:*</code> and <code>groupId:artifactId:classifier</code> is equivalent to
* <code>groupId:artifactId:*:classifier</code>. For example:
*
*
* <pre>
* &lt;artifactSet&gt;
* &lt;includes&gt;
@@ -164,7 +164,7 @@ public class ShadeMojo

/**
* Packages to be relocated. For example:
*
*
* <pre>
* &lt;relocations&gt;
* &lt;relocation&gt;
@@ -179,7 +179,7 @@ public class ShadeMojo
* &lt;/relocation&gt;
* &lt;/relocations&gt;
* </pre>
*
*
* <em>Note:</em> Support for includes exists only since version 1.4.
*/
@SuppressWarnings( "MismatchedReadAndWriteOfArray" )
@@ -200,7 +200,7 @@ public class ShadeMojo
* to use an include to collect a set of files from the archive then use excludes to further reduce the set. By
* default, all files are included and no files are excluded. If multiple filters apply to an artifact, the
* intersection of the matched files will be included in the final JAR. For example:
*
*
* <pre>
* &lt;filters&gt;
* &lt;filter&gt;
@@ -401,7 +401,16 @@ public class ShadeMojo
*/
@Parameter( defaultValue = "false" )
private boolean skip;


/**
* When true, the JAR files of the dependencies will not be verified (only relevant in case of signed JAR files).
* This is to work around issues with incorrectly signed but otherwise valid dependencies (e.g. certificate
* expired).
* @since 3.3.1
*/
@Parameter( defaultValue = "false" )
private boolean disableJarFileVerification;

/**
* @throws MojoExecutionException in case of an error.
*/
@@ -565,7 +574,7 @@ public void execute()
replaceFile( finalFile, testSourcesJar );
testSourcesJar = finalFile;
}

renamed = true;
}

@@ -663,6 +672,7 @@ private ShadeRequest shadeRequest( String shade, Set<File> artifacts, File outpu
shadeRequest.setFilters( filters );
shadeRequest.setRelocators( relocators );
shadeRequest.setResourceTransformers( toResourceTransformers( shade, resourceTransformers ) );
shadeRequest.setDisableJarFileVerification( disableJarFileVerification );
return shadeRequest;
}

@@ -1159,7 +1169,7 @@ private void rewriteDependencyReducedPomIfWeHaveReduction( List<Dependency> depe
}

File f = dependencyReducedPomLocation;
// MSHADE-225
// MSHADE-225
// Works for now, maybe there's a better algorithm where no for-loop is required
if ( loopCounter == 0 )
{