Merge "Use StrictJarFile instead of JarFile for cert collection."
diff --git a/core/java/android/content/pm/PackageParser.java b/core/java/android/content/pm/PackageParser.java
index e6da288..4607902 100644
--- a/core/java/android/content/pm/PackageParser.java
+++ b/core/java/android/content/pm/PackageParser.java
@@ -58,7 +58,7 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.jar.JarEntry;
-import java.util.jar.JarFile;
+import java.util.jar.StrictJarFile;
 import java.util.zip.ZipEntry;
 
 import com.android.internal.util.XmlUtils;
@@ -456,7 +456,7 @@
         return pi;
     }
 
-    private Certificate[] loadCertificates(JarFile jarFile, JarEntry je,
+    private Certificate[] loadCertificates(StrictJarFile jarFile, ZipEntry je,
             byte[] readBuffer) {
         try {
             // We must read the stream for the JarEntry to retrieve
@@ -466,13 +466,11 @@
                 // not using
             }
             is.close();
-            return je != null ? je.getCertificates() : null;
+            return je != null ? jarFile.getCertificates(je) : null;
         } catch (IOException e) {
-            Slog.w(TAG, "Exception reading " + je.getName() + " in "
-                    + jarFile.getName(), e);
+            Slog.w(TAG, "Exception reading " + je.getName() + " in " + jarFile, e);
         } catch (RuntimeException e) {
-            Slog.w(TAG, "Exception reading " + je.getName() + " in "
-                    + jarFile.getName(), e);
+            Slog.w(TAG, "Exception reading " + je.getName() + " in " + jarFile, e);
         }
         return null;
     }
@@ -591,9 +589,9 @@
      */
     public boolean collectManifestDigest(Package pkg) {
         try {
-            final JarFile jarFile = new JarFile(mArchiveSourcePath);
+            final StrictJarFile jarFile = new StrictJarFile(mArchiveSourcePath);
             try {
-                final ZipEntry je = jarFile.getEntry(ANDROID_MANIFEST_FILENAME);
+                final ZipEntry je = jarFile.findEntry(ANDROID_MANIFEST_FILENAME);
                 if (je != null) {
                     pkg.manifestDigest = ManifestDigest.fromInputStream(jarFile.getInputStream(je));
                 }
@@ -624,7 +622,7 @@
         }
 
         try {
-            JarFile jarFile = new JarFile(mArchiveSourcePath);
+            StrictJarFile jarFile = new StrictJarFile(mArchiveSourcePath);
 
             Certificate[] certs = null;
 
@@ -633,7 +631,7 @@
                 // can trust it...  we'll just use the AndroidManifest.xml
                 // to retrieve its signatures, not validating all of the
                 // files.
-                JarEntry jarEntry = jarFile.getJarEntry(ANDROID_MANIFEST_FILENAME);
+                ZipEntry jarEntry = jarFile.findEntry(ANDROID_MANIFEST_FILENAME);
                 certs = loadCertificates(jarFile, jarEntry, readBuffer);
                 if (certs == null) {
                     Slog.e(TAG, "Package " + pkg.packageName
@@ -656,9 +654,9 @@
                     }
                 }
             } else {
-                Enumeration<JarEntry> entries = jarFile.entries();
-                while (entries.hasMoreElements()) {
-                    final JarEntry je = entries.nextElement();
+                Iterator<ZipEntry> entries = jarFile.iterator();
+                while (entries.hasNext()) {
+                    final ZipEntry je = entries.next();
                     if (je.isDirectory()) continue;
 
                     final String name = je.getName();
@@ -744,6 +742,10 @@
             Slog.w(TAG, "Exception reading " + mArchiveSourcePath, e);
             mParseError = PackageManager.INSTALL_PARSE_FAILED_CERTIFICATE_ENCODING;
             return false;
+        } catch (SecurityException e) {
+            Slog.w(TAG, "Exception reading " + mArchiveSourcePath, e);
+            mParseError = PackageManager.INSTALL_PARSE_FAILED_CERTIFICATE_ENCODING;
+            return false;
         } catch (RuntimeException e) {
             Slog.w(TAG, "Exception reading " + mArchiveSourcePath, e);
             mParseError = PackageManager.INSTALL_PARSE_FAILED_UNEXPECTED_EXCEPTION;