Skip to content

Signed jar verification fails when nested in an uber war running on an Oracle JVM #47284

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Signed jar verification fails when nested in an uber war running on an Oracle JVM #47284

wants to merge 1 commit into from
+149 −27

Conversation

DKARAGODIN
Copy link

There is an issue with spring boot app as fat Jar that runs on Oracle JVM and uses third-party crypto libraries.

#28837

The hacked solution committed 33c5e12 is relevant to this day because ZipFile.getManifestName(onlyIfSignatureRelatedFiles) stays private. But this hacked solution only works for uber Jar.

In this PR I extend this hack to uber War.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Sep 19, 2025
@wilkinsona wilkinsona changed the title Write signature files to uber wars for Oracle Java 17 verification Signed jar verification fails when nested in an uber war running on an Oracle JVM Sep 22, 2025
@wilkinsona wilkinsona added type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels Sep 22, 2025
@wilkinsona wilkinsona added this to the 3.4.x milestone Sep 22, 2025
@wilkinsona
Copy link
Member

Thanks for the PR. Could you please add some tests on the Gradle side, similar to those that were added in 33c5e12. It may be possible to move BootJarIntegrationTests::signed up into AbstractBootArchiveIntegrationTests.

@wilkinsona wilkinsona added the status: waiting-for-feedback We need additional information before we can continue label Sep 22, 2025
@DKARAGODIN
Copy link
Author

Thanks for the PR. Could you please add some tests on the Gradle side, similar to those that were added in 33c5e12. It may be possible to move BootJarIntegrationTests::signed up into AbstractBootArchiveIntegrationTests.

Done.

Also deleted field BootZipCopyAction#supportsSignatureFile since it was used to distinguish between jar and war build in gradle.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Sep 22, 2025
wilkinsona
wilkinsona requested changes Sep 22, 2025
View reviewed changes
Copy link
Member

@wilkinsona wilkinsona left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates. I think there's one more tweak that could be made.

...java/org/springframework/boot/gradle/tasks/bundling/AbstractBootArchiveIntegrationTests.java Outdated
}

protected void signed(String bundling) throws IOException {
assertThat(this.gradleBuild.build(bundling).task(":" + bundling).getOutcome()).isEqualTo(TaskOutcome.SUCCESS);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can use this.taskName here instead of bundling and further simplify the sub-classes.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

Deleted tests in sub-classes.

@DKARAGODIN
Write signature files to uber wars for Oracle Java 17 verification
c21d083 
This commit extends 33c5e12 to uber War.

Fixes spring-projectsgh-28837

Signed-off-by: Dmitrii Karagodin <4319788@gmail.com>
@DKARAGODIN
Copy link
Author

DKARAGODIN commented Sep 24, 2025
edited by wilkinsona
Loading

Fixed merge conflicts introduced by bc46bb2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wilkinsona wilkinsona Awaiting requested review from wilkinsona

Assignees
No one assigned
Labels
status: feedback-provided Feedback has been provided type: bug A general bug
Projects
None yet
Milestone
3.4.x
Development

Successfully merging this pull request may close these issues.
3 participants
@DKARAGODIN @wilkinsona @spring-projects-issues