bartoszmajsak
commented
4 years ago Hi @Vampire, thanks for reporting that problem. It's a use case we haven't thought of.
Since you have all bits in place to test such an improvement could you help us bring this for the community through a PR?
We have a functionality where the signature of an uploaded JAR is validated. To test this we have a signed JAR as part of the deployment to then get it via
Class#getResourceAsStream. Now that we added this extension, the tests fail, because the signature is stripped even though the JAR does not even contain class files. I work-arounded the problem by renaming the jars to.jar_for_testwhich prevents the signature killer to catch it and so got the tests green again. But I spent a day to find out, why there is no signature while the artifact that should be deployed had the signature in place properly. It would be nice to have a configuration option with which the signature killing could be suppressed for certain files.