handle empty jar, add test (#16)

tasgon · web-flow · commit c8a03e2be997 · 2021-12-30T20:22:23.000-05:00
diff --git a/src/main/java/cpw/mods/jarhandling/impl/Jar.java b/src/main/java/cpw/mods/jarhandling/impl/Jar.java
@@ -90,12 +90,13 @@ public Jar(final Supplier<Manifest> defaultManifest, final Function<SecureJar, J
                         var jv = SecureJarVerifier.getJarVerifier(jis);
                         if (jv != null) {
                             while (SecureJarVerifier.isParsingMeta(jv)) {
-                                jis.getNextJarEntry();
+                                if (jis.getNextJarEntry() == null) break;
                             }
 
                             if (SecureJarVerifier.hasSignatures(jv)) {
                                 pendingSigners.putAll(SecureJarVerifier.getPendingSigners(jv));
-                                verifiedSigners.put(JarFile.MANIFEST_NAME, SecureJarVerifier.getVerifiedSigners(jv).get(JarFile.MANIFEST_NAME));
+                                var manifestSigners = SecureJarVerifier.getVerifiedSigners(jv).get(JarFile.MANIFEST_NAME);
+                                if (manifestSigners != null) verifiedSigners.put(JarFile.MANIFEST_NAME, manifestSigners);
                                 StatusData.add(JarFile.MANIFEST_NAME, Status.VERIFIED, verifiedSigners.get(JarFile.MANIFEST_NAME), this);
                             }
                         }
diff --git a/src/test/java/cpw/mods/jarhandling/impl/TestSecureJarLoading.java b/src/test/java/cpw/mods/jarhandling/impl/TestSecureJarLoading.java
@@ -104,4 +104,22 @@ void testPartial() throws Exception {
         final var ucs = ((Jar)jar).verifyAndGetSigners(uentry.getName(), zf.getInputStream(uentry).readAllBytes());
         assertNull(ucs);
     }
+
+    @Test // Has a jar with only a manifest
+    void testEmptyJar() throws Exception {
+        final var path = Paths.get("src", "test", "resources", "empty.zip");
+        SecureJar jar = SecureJar.from(path);
+        try (var is = Files.newInputStream(path)) {
+            ZipInputStream zis = new ZipInputStream(is);
+            for (var ze = zis.getNextEntry(); ze!=null; ze=zis.getNextEntry()) {
+                if (SecureJarVerifier.isSigningRelated(ze.getName())) continue;
+                if (ze.isDirectory()) continue;
+                final var zeName = ze.getName();
+                var cs = ((Jar)jar).verifyAndGetSigners(ze.getName(), zis.readAllBytes());
+                assertAll("Jar behaves correctly",
+                        ()->assertNull(cs, "No code signers")
+                );
+            }
+        }
+    }
 }
diff --git a/src/test/resources/empty.zip b/src/test/resources/empty.zip

Original file line number	Diff line number	Diff line change
`@@ -90,12 +90,13 @@ public Jar(final Supplier<Manifest> defaultManifest, final Function<SecureJar, J`
`90`	`90`	`var jv = SecureJarVerifier.getJarVerifier(jis);`
`91`	`91`	`if (jv != null) {`
`92`	`92`	`while (SecureJarVerifier.isParsingMeta(jv)) {`
`93`		`- jis.getNextJarEntry();`
	`93`	`+ if (jis.getNextJarEntry() == null) break;`
`94`	`94`	`}`
`95`	`95`
`96`	`96`	`if (SecureJarVerifier.hasSignatures(jv)) {`
`97`	`97`	`pendingSigners.putAll(SecureJarVerifier.getPendingSigners(jv));`
`98`		`- verifiedSigners.put(JarFile.MANIFEST_NAME, SecureJarVerifier.getVerifiedSigners(jv).get(JarFile.MANIFEST_NAME));`
	`98`	`+ var manifestSigners = SecureJarVerifier.getVerifiedSigners(jv).get(JarFile.MANIFEST_NAME);`
	`99`	`+ if (manifestSigners != null) verifiedSigners.put(JarFile.MANIFEST_NAME, manifestSigners);`
`99`	`100`	`StatusData.add(JarFile.MANIFEST_NAME, Status.VERIFIED, verifiedSigners.get(JarFile.MANIFEST_NAME), this);`
`100`	`101`	`}`
`101`	`102`	`}`