commit 09bcd3ebb639af6cfd83ff2203ffeb80a59cc0eb

Author: Jiri Vanek <jvanek@redhat.com>

Date:   Fri Jun 28 16:05:35 2019 +0200

    All files, except signaturre files, are now  checked for signatures

diff --git a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java

index 759bedfb..cabfb3c5 100644

--- a/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java

+++ b/netx/net/sourceforge/jnlp/tools/JarCertVerifier.java

@@ -41,6 +41,7 @@

 import java.util.Map;

 import java.util.Vector;

 import java.util.jar.JarEntry;

+import java.util.regex.Pattern;

 import net.sourceforge.jnlp.JARDesc;

 import net.sourceforge.jnlp.JNLPFile;

@@ -67,6 +68,7 @@

 public class JarCertVerifier implements CertVerifier {

     private static final String META_INF = "META-INF/";

+    private static final Pattern SIG = Pattern.compile(".*" + META_INF + "SIG-.*");

     // prefix for new signature-related files in META-INF directory

     private static final String SIG_PREFIX = META_INF + "SIG-";

@@ -500,12 +502,20 @@

     /**

      * Returns whether a file is in META-INF, and thus does not require signing.

-     * 

+     * 

      * Signature-related files under META-INF include: . META-INF/MANIFEST.MF . META-INF/SIG-* . META-INF/*.SF . META-INF/*.DSA . META-INF/*.RSA

      */

     static boolean isMetaInfFile(String name) {

-        String ucName = name.toUpperCase();

-        return ucName.startsWith(META_INF);

+        if (name.endsWith("class")) {

+            return false;

+        }

+        return name.startsWith(META_INF) && (

+                name.endsWith(".MF") ||

+                name.endsWith(".SF") ||

+                name.endsWith(".DSA") ||

+                name.endsWith(".RSA") ||

+                SIG.matcher(name).matches()

+        );

     }

     /**

diff --git a/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java b/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java

index 4661fb87..44253e08 100644

--- a/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java

+++ b/tests/netx/unit/net/sourceforge/jnlp/tools/JarCertVerifierTest.java

@@ -58,9 +58,22 @@ public class JarCertVerifierTest {

     @Test

     public void testIsMetaInfFile() {

         final String METAINF = "META-INF";

+        assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/file.MF"));

+        assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/file.SF"));

+        assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/file.DSA"));

+        assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/file.RSA"));

+        assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/SIG-blah.blah"));

+

+        assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/file.MF.class"));

+        assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/file.SF.class"));

+        assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/file.DSA.class"));

+        assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/file.RSA.class"));

+        assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/SIG-blah.blah.class"));

+

         assertFalse(JarCertVerifier.isMetaInfFile("some_dir/" + METAINF + "/filename"));

         assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "filename"));

-        assertTrue(JarCertVerifier.isMetaInfFile(METAINF + "/filename"));

+        assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/filename"));

+        assertFalse(JarCertVerifier.isMetaInfFile(METAINF + "/filename"));

     }

     class JarCertVerifierEntry extends JarEntry {