8253299: Manifest bytes are read twice when verifying a signed JAR

Reviewed-by: redestad, lancea, alanb
2020-11-19 17:22:59 +00:00 · 2020-11-19 17:22:59 +00:00 · 9bb82232fa
commit 9bb82232fa
parent 580f22ccb7
1 changed files with 6 additions and 1 deletions
--- a/src/java.base/share/classes/java/util/jar/JarFile.java
+++ b/src/java.base/share/classes/java/util/jar/JarFile.java
@ -739,6 +739,7 @@ public class JarFile extends ZipFile {
            List<String> names = JUZFA.getManifestAndSignatureRelatedFiles(this);
            for (String name : names) {
                JarEntry e = getJarEntry(name);
+                byte[] b;
                if (e == null) {
                    throw new JarException("corrupted jar file");
                }
@ -746,7 +747,11 @@ public class JarFile extends ZipFile {
                    mev = new ManifestEntryVerifier
                        (getManifestFromReference());
                }
-                byte[] b = getBytes(e);
+                if (name.equals(MANIFEST_NAME)) {
+                    b = jv.manifestRawBytes;
+                } else {
+                    b = getBytes(e);
+                }
                if (b != null && b.length > 0) {
                    jv.beginEntry(e, mev);
                    jv.update(b.length, b, 0, b.length, mev);