Fix "signer information does not match" error

Update ExecutableArchiveLauncher so that `-cp` URLs are not added
when they are already contained as nested JARs. This prevents a
SecurityException "signer information does not match error" when using
signed jars. The root cause of the issue was that the primary JAR file
was on the default classpath with the URL "file:....jar" and in the
main URL set as "jar:file:....jar". It is now filtered so that only
the "jar:" variant is added.

Fixes gh-1134

Author: Phillip Webb

spring-boot-tools/spring-boot-loader/src/main/java/org/springframework/boot/loader/ExecutableArchiveLauncher.java

@@ -30,7 +30,7 @@
 
 /**
  * Base class for executable archive {@link Launcher}s.
- *
+ * 
  * @author Phillip Webb
  * @author Andy Wilkinson
  */
@@ -78,11 +78,11 @@ public boolean matches(Entry entry) {
 
 	@Override
 	protected ClassLoader createClassLoader(URL[] urls) throws Exception {
-		Set<URL> copy = new LinkedHashSet<URL>();
+		Set<URL> copy = new LinkedHashSet<URL>(urls.length);
 		ClassLoader loader = getDefaultClassLoader();
 		if (loader instanceof URLClassLoader) {
 			for (URL url : ((URLClassLoader) loader).getURLs()) {
-				if (!this.javaAgentDetector.isJavaAgentJar(url)) {
+				if (addDefaultClassloaderUrl(urls, url)) {
 					copy.add(url);
 				}
 			}
@@ -93,6 +93,16 @@ protected ClassLoader createClassLoader(URL[] urls) throws Exception {
 		return super.createClassLoader(copy.toArray(new URL[copy.size()]));
 	}
 
+	private boolean addDefaultClassloaderUrl(URL[] urls, URL url) {
+		String jarUrl = "jar:" + url + "!/";
+		for (URL nestedUrl : urls) {
+			if (nestedUrl.equals(url) || nestedUrl.toString().equals(jarUrl)) {
+				return false;
+			}
+		}
+		return !this.javaAgentDetector.isJavaAgentJar(url);
+	}
+
 	/**
 	 * Determine if the specified {@link JarEntry} is a nested item that should be added
 	 * to the classpath. The method is called once for each entry.