Move to Unsafe, which does not require module opens. (#11)

Added system property to specify which accessor to use. -Dsecurejarhandler.useUnsafeAccessor=false (defaults to true)

Author: LexManos

src/main/java/cpw/mods/jarhandling/impl/Jar.java

@@ -29,7 +29,7 @@ public class Jar implements SecureJar {
     private static final UnionFileSystemProvider UFSP = (UnionFileSystemProvider) FileSystemProvider.installedProviders().stream().filter(fsp->fsp.getScheme().equals("union")).findFirst().orElseThrow(()->new IllegalStateException("Couldn't find UnionFileSystemProvider"));
     private final Manifest manifest;
     private final Hashtable<String, CodeSigner[]> pendingSigners = new Hashtable<>();
-    private final Hashtable<String, CodeSigner[]> existingSigners = new Hashtable<>();
+    private final Hashtable<String, CodeSigner[]> verifiedSigners = new Hashtable<>();
     private final ManifestVerifier verifier = new ManifestVerifier();
     private final Map<String, StatusData> statusData = new HashMap<>();
     private final JarMetadata metadata;
@@ -84,16 +84,16 @@ public Jar(final Supplier<Manifest> defaultManifest, final Function<SecureJar, J
                     }
                 } else {
                     try (var jis = new JarInputStream(Files.newInputStream(path))) {
-                        var jv = SecureJarVerifier.jarVerifier.get(jis);
+                        var jv = SecureJarVerifier.getJarVerifier(jis);
                         if (jv != null) {
-                            while ((Boolean)SecureJarVerifier.parsingMeta.get(jv)) {
+                            while (SecureJarVerifier.isParsingMeta(jv)) {
                                 jis.getNextJarEntry();
                             }
 
-                            if (SecureJarVerifier.anyToVerify.getBoolean(jv)) {
-                                pendingSigners.putAll((Hashtable<String, CodeSigner[]>) SecureJarVerifier.sigFileSigners.get(SecureJarVerifier.jarVerifier.get(jis)));
-                                existingSigners.put(JarFile.MANIFEST_NAME, ((Hashtable<String, CodeSigner[]>) SecureJarVerifier.existingSigners.get(SecureJarVerifier.jarVerifier.get(jis))).get(JarFile.MANIFEST_NAME));
-                                StatusData.add(JarFile.MANIFEST_NAME, Status.VERIFIED, existingSigners.get(JarFile.MANIFEST_NAME), this);
+                            if (SecureJarVerifier.hasSignatures(jv)) {
+                                pendingSigners.putAll(SecureJarVerifier.getPendingSigners(jv));
+                                verifiedSigners.put(JarFile.MANIFEST_NAME, SecureJarVerifier.getVerifiedSigners(jv).get(JarFile.MANIFEST_NAME));
+                                StatusData.add(JarFile.MANIFEST_NAME, Status.VERIFIED, verifiedSigners.get(JarFile.MANIFEST_NAME), this);
                             }
                         }
 
@@ -105,8 +105,6 @@ public Jar(final Supplier<Manifest> defaultManifest, final Function<SecureJar, J
                 }
             }
             this.manifest = mantmp == null ? defaultManifest.get() : mantmp;
-        } catch (IllegalAccessException e) {
-            throw new RuntimeException(e);
         } catch (IOException e) {
             throw new UncheckedIOException(e);
         }
@@ -146,7 +144,7 @@ public synchronized CodeSigner[] verifyAndGetSigners(final String name, final by
         if (!hasSecurityData()) return null;
         if (statusData.containsKey(name)) return statusData.get(name).signers;
 
-        var signers = verifier.verify(this.manifest, pendingSigners, existingSigners, name, bytes);
+        var signers = verifier.verify(this.manifest, pendingSigners, verifiedSigners, name, bytes);
         if (signers == null) {
             StatusData.add(name, Status.INVALID, null, this);
             return null;
@@ -193,7 +191,7 @@ public Attributes getTrustedManifestEntries(final String name) {
     }
     @Override
     public boolean hasSecurityData() {
-        return !pendingSigners.isEmpty() || !this.existingSigners.isEmpty();
+        return !pendingSigners.isEmpty() || !this.verifiedSigners.isEmpty();
     }
 
     @Override

src/main/java/cpw/mods/jarhandling/impl/ManifestVerifier.java

@@ -81,4 +81,4 @@ record Expected(MessageDigest hash, byte[] value){};
             verified.put(name, signers);
         return Optional.ofNullable(signers);
     }
-}
+}

src/main/java/cpw/mods/jarhandling/impl/SecureJarVerifier.java

@@ -1,51 +1,18 @@
 package cpw.mods.jarhandling.impl;
 
+import sun.misc.Unsafe;
+
 import java.lang.reflect.Field;
-import java.net.spi.URLStreamHandlerProvider;
+import java.security.CodeSigner;
 import java.util.Locale;
+import java.util.Map;
 import java.util.jar.JarInputStream;
 
 public class SecureJarVerifier {
-    static final Field jarVerifier;
-    static final Field parsingMeta;
-    static final Field existingSigners;
-    static final Field sigFileSigners;
-    static final Field anyToVerify;
-
-    static {
-        final var moduleLayer = ModuleLayer.boot();
-        final var gj9hOptional = moduleLayer.findModule("cpw.mods.securejarhandler");
-        if (gj9hOptional.isPresent()) {
-            final var gj9h = gj9hOptional.get();
-            moduleLayer
-                    .findModule("java.base")
-                    .filter(m-> m.isOpen("java.util.jar", gj9h) && m.isExported("sun.security.util", gj9h))
-                    .orElseThrow(()->new IllegalStateException("""
-                    Missing JVM arguments. Please correct your runtime profile and run again.
-                        --add-opens java.base/java.util.jar=cpw.mods.securejarhandler
-                        --add-exports java.base/sun.security.util=cpw.mods.securejarhandler"""));
-        } else if (Boolean.parseBoolean(System.getProperty("securejarhandler.throwOnMissingModule", "true"))) {
-            // Hack for JMH benchmark: in JMH, SecureJarHandler does not load as a module, but we add-open to all unnamed in the jvm args
-            throw new RuntimeException("Failed to find securejarhandler module!");
-        }
-        try {
-            jarVerifier = JarInputStream.class.getDeclaredField("jv");
-            sigFileSigners = jarVerifier.getType().getDeclaredField("sigFileSigners");
-            existingSigners = jarVerifier.getType().getDeclaredField("verifiedSigners");
-            parsingMeta = jarVerifier.getType().getDeclaredField("parsingMeta");
-            anyToVerify = jarVerifier.getType().getDeclaredField("anyToVerify");
-            jarVerifier.setAccessible(true);
-            sigFileSigners.setAccessible(true);
-            existingSigners.setAccessible(true);
-            parsingMeta.setAccessible(true);
-            anyToVerify.setAccessible(true);
-        } catch (NoSuchFieldException e) {
-            throw new IllegalStateException("Missing essential fields", e);
-        }
-    }
+    private static final boolean USE_UNSAAFE = Boolean.parseBoolean(System.getProperty("securejarhandler.useUnsafeAccessor", "true"));
+    private static IAccessor ACCESSOR = USE_UNSAAFE ? new UnsafeAccessor() : new Reflection();
 
     private static final char[] LOOKUP = "0123456789abcdef".toCharArray();
-
     public static String toHexString(final byte[] bytes) {
         final var buffer = new StringBuffer(2*bytes.length);
         for (int i = 0, bytesLength = bytes.length; i < bytesLength; i++) {
@@ -65,9 +32,9 @@ public static boolean isSigningRelated(String path) {
         if (filename.indexOf('/') != -1)  // Can't be a sub-directory
             return false;
         if ("manifest.mf".equals(filename) || // Main manifest, which has the file hashes
-                filename.endsWith(".sf") ||       // Signature file, which has hashes of the entries in the manifest file
-                filename.endsWith(".dsa") ||      // PKCS7 signature, DSA
-                filename.endsWith(".rsa"))        // PKCS7 signature, SHA-256 + RSA
+            filename.endsWith(".sf") ||       // Signature file, which has hashes of the entries in the manifest file
+            filename.endsWith(".dsa") ||      // PKCS7 signature, DSA
+            filename.endsWith(".rsa"))        // PKCS7 signature, SHA-256 + RSA
             return true;
 
         if (!filename.startsWith("sig-")) // Unspecifed signature format
@@ -85,4 +52,118 @@ public static boolean isSigningRelated(String path) {
         }
         return true;
     }
+
+    public static Object getJarVerifier(Object inst) {
+        return ACCESSOR.getJarVerifier(inst);
+    }
+    public static boolean isParsingMeta(Object inst) { return ACCESSOR.isParsingMeta(inst); }
+    public static boolean hasSignatures(Object inst) { return ACCESSOR.hasSignatures(inst); }
+    public static Map<String, CodeSigner[]> getVerifiedSigners(Object inst){ return ACCESSOR.getVerifiedSigners(inst); }
+    public static Map<String, CodeSigner[]> getPendingSigners(Object inst){ return ACCESSOR.getPendingSigners(inst); }
+
+    private interface IAccessor {
+        Object getJarVerifier(Object inst);
+        boolean isParsingMeta(Object inst);
+        boolean hasSignatures(Object inst);
+        Map<String, CodeSigner[]> getVerifiedSigners(Object inst);
+        Map<String, CodeSigner[]> getPendingSigners(Object inst);
+    }
+
+    private static class Reflection implements IAccessor {
+        private static final Field jarVerifier;
+        private static final Field parsingMeta;
+        private static final Field verifiedSigners;
+        private static final Field sigFileSigners;
+        private static final Field anyToVerify;
+
+        static {
+            final var moduleLayer = ModuleLayer.boot();
+            final var myModule = moduleLayer.findModule("cpw.mods.securejarhandler");
+            if (myModule.isPresent()) {
+                final var gj9h = myModule.get();
+                moduleLayer
+                        .findModule("java.base")
+                        .filter(m-> m.isOpen("java.util.jar", gj9h) && m.isExported("sun.security.util", gj9h))
+                        .orElseThrow(()->new IllegalStateException("""
+                    Missing JVM arguments. Please correct your runtime profile and run again.
+                        --add-opens java.base/java.util.jar=cpw.mods.securejarhandler
+                        --add-exports java.base/sun.security.util=cpw.mods.securejarhandler"""));
+            } else if (Boolean.parseBoolean(System.getProperty("securejarhandler.throwOnMissingModule", "true"))) {
+                // Hack for JMH benchmark: in JMH, SecureJarHandler does not load as a module, but we add-open to all unnamed in the jvm args
+                throw new RuntimeException("Failed to find securejarhandler module!");
+            }
+            try {
+                jarVerifier = JarInputStream.class.getDeclaredField("jv");
+                sigFileSigners = jarVerifier.getType().getDeclaredField("sigFileSigners");
+                verifiedSigners = jarVerifier.getType().getDeclaredField("verifiedSigners");
+                parsingMeta = jarVerifier.getType().getDeclaredField("parsingMeta");
+                anyToVerify = jarVerifier.getType().getDeclaredField("anyToVerify");
+                jarVerifier.setAccessible(true);
+                sigFileSigners.setAccessible(true);
+                verifiedSigners.setAccessible(true);
+                parsingMeta.setAccessible(true);
+                anyToVerify.setAccessible(true);
+            } catch (NoSuchFieldException e) {
+                throw new IllegalStateException("Missing essential fields", e);
+            }
+        }
+
+        @Override public Object getJarVerifier(Object inst) {
+            return getField(jarVerifier, inst);
+        }
+        @Override public boolean isParsingMeta(Object inst) { return (Boolean)getField(parsingMeta, inst); }
+        @Override public boolean hasSignatures(Object inst) { return (Boolean)getField(anyToVerify, inst); }
+        @SuppressWarnings("unchecked")
+        @Override public Map<String, CodeSigner[]> getVerifiedSigners(Object inst){ return (Map<String, CodeSigner[]>)getField(verifiedSigners, inst); }
+        @SuppressWarnings("unchecked")
+        @Override public Map<String, CodeSigner[]> getPendingSigners(Object inst){ return (Map<String, CodeSigner[]>)getField(verifiedSigners, inst); }
+
+        private static Object getField(Field f, Object inst) {
+            try {
+                return f.get(inst);
+            } catch (IllegalAccessException e) {
+                throw new RuntimeException(e);
+            }
+        }
+
+    }
+
+    private static class UnsafeAccessor implements IAccessor {
+        private static final Unsafe UNSAFE;
+        private static final Class<?> JV_TYPE;
+        static {
+            try {
+                var f = Unsafe.class.getDeclaredField("theUnsafe");
+                f.setAccessible(true);
+                UNSAFE = (Unsafe)f.get(null);
+                JV_TYPE = JarInputStream.class.getDeclaredField("jv").getType();
+            } catch (Exception e) {
+                throw new RuntimeException("Unable to get Unsafe reference, this should never be possible," +
+                        " be sure to report this will exact details on what JVM you're running.", e);
+            }
+        }
+
+        private static final long jarVerifier = getOffset(JarInputStream.class, "jv");
+        private static final long sigFileSigners = getOffset(JV_TYPE, "sigFileSigners");
+        private static final long verifiedSigners = getOffset(JV_TYPE, "verifiedSigners");
+        private static final long parsingMeta = getOffset(JV_TYPE, "parsingMeta");
+        private static final long anyToVerify = getOffset(JV_TYPE, "anyToVerify");
+
+        private static long getOffset(Class<?> clz, String name) {
+            try {
+                return UNSAFE.objectFieldOffset(clz.getDeclaredField(name));
+            } catch (Exception e) {
+                throw new RuntimeException("Unable to get index for " + clz.getName() + "." + name + ", " +
+                        " be sure to report this will exact details on what JVM you're running.", e);
+            }
+        }
+
+        @Override public Object getJarVerifier(Object inst) { return UNSAFE.getObject(inst, jarVerifier); }
+        @Override public boolean isParsingMeta(Object inst) { return UNSAFE.getBoolean(inst, parsingMeta); }
+        @Override public boolean hasSignatures(Object inst) { return UNSAFE.getBoolean(inst, anyToVerify); }
+        @SuppressWarnings("unchecked")
+        @Override public Map<String, CodeSigner[]> getVerifiedSigners(Object inst) { return (Map<String, CodeSigner[]>)UNSAFE.getObject(inst, verifiedSigners); }
+        @SuppressWarnings("unchecked")
+        @Override public Map<String, CodeSigner[]> getPendingSigners(Object inst) { return (Map<String, CodeSigner[]>)UNSAFE.getObject(inst, sigFileSigners); }
+    }
 }

src/main/java/module-info.java

@@ -4,7 +4,7 @@
 
 module cpw.mods.securejarhandler {
     exports cpw.mods.jarhandling;
-    exports cpw.mods.jarhandling.impl;
+    exports cpw.mods.jarhandling.impl; // TODO - Bump version, and remove this export, you don't need our implementation
     exports cpw.mods.cl;
     requires jdk.unsupported;
     requires org.objectweb.asm;