CORDA-195 When collecting JAR Signatures allow META-INF/*.EC block signature to follow jarsinger tool capabilities (#4065)

jarsigner can produce META-INF/*.EC block signature for EC algorithm (https://docs.oracle.com/javase/8/docs/technotes/tools/windows/jarsigner.html) even if this is contrary to JAR File spec (https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html). Allow block signature be also in *.EC file.

core/src/main/kotlin/net/corda/core/internal/JarSignatureCollector.kt

@@ -11,8 +11,11 @@ import java.util.jar.JarInputStream
  */
 object JarSignatureCollector {
 
-    /** @see <https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html#Signed_JAR_File> */
-    private val unsignableEntryName = "META-INF/(?:.*[.](?:SF|DSA|RSA)|SIG-.*)".toRegex()
+    /**
+     * @see <https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html#Signed_JAR_File>
+     * also accepting *.EC as this can be created and accepted by jarsigner tool @see https://docs.oracle.com/javase/8/docs/technotes/tools/windows/jarsigner.html
+     * and Java Security Manager. */
+    private val unsignableEntryName = "META-INF/(?:.*[.](?:SF|DSA|RSA|EC)|SIG-.*)".toRegex()
 
     /**
      * Returns an ordered list of every [Party] which has signed every signable item in the given [JarInputStream].

core/src/test/kotlin/net/corda/core/internal/JarSignatureCollectorTest.kt

@@ -4,6 +4,7 @@ import net.corda.core.identity.CordaX500Name
 import net.corda.core.identity.Party
 import net.corda.testing.core.ALICE_NAME
 import net.corda.testing.core.BOB_NAME
+import net.corda.testing.core.CHARLIE_NAME
 import org.assertj.core.api.Assertions.assertThat
 import org.junit.After
 import org.junit.AfterClass
@@ -38,15 +39,18 @@ class JarSignatureCollectorTest {
         private const val ALICE_PASS = "alicepass"
         private const val BOB = "bob"
         private const val BOB_PASS = "bobpass"
+        private const val CHARLIE = "Charlie"
+        private const val CHARLIE_PASS = "charliepass"
 
-        private fun generateKey(alias: String, password: String, name: CordaX500Name) =
-                execute("keytool", "-genkey", "-keystore", "_teststore", "-storepass", "storepass", "-keyalg", "RSA", "-alias", alias, "-keypass", password, "-dname", name.toString())
+        private fun generateKey(alias: String, password: String, name: CordaX500Name, keyalg: String = "RSA") =
+                execute("keytool", "-genkey", "-keystore", "_teststore", "-storepass", "storepass", "-keyalg", keyalg, "-alias", alias, "-keypass", password, "-dname", name.toString())
 
         @BeforeClass
         @JvmStatic
         fun beforeClass() {
             generateKey(ALICE, ALICE_PASS, ALICE_NAME)
             generateKey(BOB, BOB_PASS, BOB_NAME)
+            generateKey(CHARLIE, CHARLIE_PASS, CHARLIE_NAME, "EC")
 
             (dir / "_signable1").writeLines(listOf("signable1"))
             (dir / "_signable2").writeLines(listOf("signable2"))
@@ -141,6 +145,18 @@ class JarSignatureCollectorTest {
         assertFailsWith<SecurityException> { getJarSigners() }
     }
 
+    // Signing using EC algorithm produced JAR File spec incompatible signature block (META-INF/*.EC) which is anyway accepted by jarsiner, see [JarSignatureCollector]
+    @Test
+    fun `one signer with EC sign algorithm`() {
+        createJar("_signable1", "_signable2")
+        signJar(CHARLIE, CHARLIE_PASS)
+        assertEquals(listOf(CHARLIE_NAME), getJarSigners().names) // We only reused CHARLIE's distinguished name, so the keys will be different.
+
+        (dir / "my-dir").createDirectory()
+        updateJar("my-dir")
+        assertEquals(listOf(CHARLIE_NAME), getJarSigners().names) // Unsigned directory is irrelevant.
+    }
+
     //region Helper functions
     private fun createJar(vararg contents: String) =
             execute(*(arrayOf("jar", "cvf", FILENAME) + contents))