You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Tomcat Mailing List <to...@ttsecure.org> on 2012/01/19 12:28:12 UTC
Signing WAR files
Hi,
I added the feature to sign a war file, sothat the war file containing classes can run in a security manager.
As already explained I can.t put my signed code in a jar in the lib file but have to have it under /classes.
Now I.d like to commit this change back to the community.
My changes are for Tomcat 7.0.23
Suggestion for Patch:
java/org/apache/catalina/loader/WebappClassLoader.java
change
if (jarEntry != null) {
entry.certificates = jarEntry.getCertificates();
}
to
if (jarEntry != null) {
entry.certificates = jarEntry.getCertificates();
}
else {
JarEntry jEntry=null;
JarFile wFile=null;
try {
wFile = new JarFile(org.apache.naming.resources.WARDirContext.getCurrentPath());
} catch (Exception e) {
}
if (wFile != null) {
try {
jEntry = wFile.getJarEntry(current_full_path.substring(1));
InputStream is = wFile.getInputStream(jEntry);
int n;
byte[] buffer = new byte[8192];
while ((n = is.read(buffer, 0, buffer.length)) != -1) {
}
if (jEntry != null) {
entry.certificates=jEntry.getCertificates();
}
} catch (Exception exc) {
log.info("Could not read certificates from war.");
}
}
}
./java/org/apache/naming/resources/WARDirContext.java
change
protected ZipFile base = null;
to
protected static ZipFile base = null;
and add the following function:
public static String getCurrentPath() {
if (base != null)
return base.getName();
else
return null;
}
Perhaps there is a much better way for getting the filename of the war file . any suggestions? The change to a static variable is only required to get the name of the war file that the class file is read from.
Thanks,
Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Signing WAR files
Posted by Mark Thomas <ma...@apache.org>.
On 19/01/2012 11:28, Tomcat Mailing List wrote:
> Hi,
>
> I added the feature to sign a war file, sothat the war file containing classes can run in a security manager.
> As already explained I can.t put my signed code in a jar in the lib file but have to have it under /classes.
>
> Now I.d like to commit this change back to the community.
> My changes are for Tomcat 7.0.23
>
> Suggestion for Patch:
> java/org/apache/catalina/loader/WebappClassLoader.java
Please create a bugzilla entry for this and attach your suggested patch
in diff -u format.
Cheers,
Mark
>
> change
> if (jarEntry != null) {
> entry.certificates = jarEntry.getCertificates();
> }
>
> to
>
> if (jarEntry != null) {
> entry.certificates = jarEntry.getCertificates();
> }
> else {
> JarEntry jEntry=null;
> JarFile wFile=null;
> try {
> wFile = new JarFile(org.apache.naming.resources.WARDirContext.getCurrentPath());
> } catch (Exception e) {
> }
>
> if (wFile != null) {
>
> try {
> jEntry = wFile.getJarEntry(current_full_path.substring(1));
> InputStream is = wFile.getInputStream(jEntry);
> int n;
> byte[] buffer = new byte[8192];
> while ((n = is.read(buffer, 0, buffer.length)) != -1) {
> }
>
> if (jEntry != null) {
> entry.certificates=jEntry.getCertificates();
> }
> } catch (Exception exc) {
> log.info("Could not read certificates from war.");
> }
> }
> }
>
>
>
> ./java/org/apache/naming/resources/WARDirContext.java
> change
> protected ZipFile base = null;
> to
> protected static ZipFile base = null;
>
> and add the following function:
> public static String getCurrentPath() {
> if (base != null)
> return base.getName();
> else
> return null;
> }
>
> Perhaps there is a much better way for getting the filename of the war file . any suggestions? The change to a static variable is only required to get the name of the war file that the class file is read from.
>
> Thanks,
> Thomas
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org