Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I check if a JAR file is valid?

Tags:

java

jar

classpath

jakarta-ee

My webapp allows a user to upload a JAR file. However, after the jar file is uploaded, it is corrupted. I have verified this by comparing the MD5 checksums before and after uploading the file (winmd5free).

The uploaded jar file is almost identical to the original:

  • The file size compared to the original is similar (at the KB level)
  • I can open the uploaded jar file using an unzipping program and view it's contents (resources and class files), and everything is the same compared to the original file

When I open up the uploaded jar file (using Notepad++), I did notice that the binary contents are different from the original. Also, when I used JarInputStream to read the JAR entries, there were no entries.

JarInputStream is = new JarInputStream(new FileInputStream(new File("uploaded.jar")));
JarEntry entry = null;
while(null != (entry = is.getNextJarEntry())) {
    System.out.println(entry.getName());
}

Furthermore, when I double click on the jar (Windows), I get the following message.

Error: Invalid or corrupt jarfile

My questions are:

  • Is there a way to programmatically check if a jar file is valid? I would have expected JarInputStream to detect this right away, but it shows no problems at all
  • When I double click on the jar file, in windows, is it java.exe that is giving me the "invalid or corrupt JAR file" message?
  • How come when an invalid jar file is passed in as part of the classpath, no error/exception is thrown? For example, by running the java -cp uploaded.jar;libs\* com.some.class.Test command?

This question is irrelevant from jar signing and/or checking the signature of a JAR file. It is simply checking if a file (uploaded or not) is a valid JAR file (not necessarily if the jar's class files are valid, as there is another SO post on this issue already).

My results for running jar -tvf uploaded.jar:

java.util.zip.ZipException: error in opening zip file
        at java.util.zip.ZipFile.open(Native Method)
        at java.util.zip.ZipFile.<init>(ZipFile.java:127)
        at java.util.zip.ZipFile.<init>(ZipFile.java:88)
        at sun.tools.jar.Main.list(Main.java:977)
        at sun.tools.jar.Main.run(Main.java:222)
        at sun.tools.jar.Main.main(Main.java:1147)
like image 554
Jane Wayne Avatar asked Nov 22 '13 18:11

Jane Wayne

People also ask

How do you know if a jar is corrupted?

On the command line, run the jar command like this: jar -tvf <jarname> . The 't' says "test", 'v' I believe means "verbose", and 'f' means "file". You can also open a JAR in any ZIP program.

Can you check the code of JAR file?

Hi, Jar files are archive files that contains of a lot of different java classes (files). You can use winzip/winrar to open the jar files and you can see those java classes in jar files. Typically you can use a Java decompiler to decompile the class file and look into the source code.

What is the valid command to run a jar?

To run an application in a nonexecutable JAR file, we have to use -cp option instead of -jar. We'll use the -cp option (short for classpath) to specify the JAR file that contains the class file we want to execute: java -cp jar-file-name main-class-name [args …]

1 Answers

A way to programmatically detect an invalid jar file is to use java.util.ZipFile.

public static void main(String[] args) {
    if(args.length < 1) {
        System.err.println("need jar file");
        return;
    }
    
    String pathname = args[0];
    try {
        ZipFile file = new ZipFile(new File(pathname));
        Enumeration<? extends ZipEntry> e = file.entries();
        while(e.hasMoreElements()) {
            ZipEntry entry = e.nextElement();
            System.out.println(entry.getName());
        }
    } catch(Exception ex) {
        ex.printStackTrace();
    }
}

If the jar file is invalid, a ZipException will be thrown when instantiating the ZipFile object.

like image 198
Jane Wayne Avatar answered Sep 23 '22 11:09

Jane Wayne
Sign in to Comment

Related questions

Hibernate TypeResolver
APT (Annotation Processing Tool)
Heterogeneous container to store genericly typed objects in Java
How to fix java OutOfMemoryError: Java heap space from DataImportHandler?
Polymorphic CriteriaQuery without inverse relationship
Can I save a huge PNG without the whole thing being in memory?
google.zxing barcode generator in iReport
R-Tree Implementation Java
How to set alarm when mobile has been idle using android?
What are the differences between mapping,binding and parsing?
Old I/O thread per client model or NIO reactor pattern?
Java limiting resource usage
How do I get Spring MVC to invoke validation in a JUnit test?
ClassFormatError: Unknown constant tag in class XY
Searching two arrays for matches, no extra memory
What is the correct way to use add_jar with Java bindings produced by Swig?
escaped html won't unescaped (now: unescaped html won't escape back)
Pass JAVA HOME as parameter to mvn
Java, check if an executable exists in PATH environment [duplicate]
JUnit4 : Test a shutdown hook is called

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!