Menu
My webapp allows a user to upload a JAR file. However, after the jar file is uploaded, it is corrupted. I have verified this by comparing the MD5 checksums before and after uploading the file (winmd5free).
The uploaded jar file is almost identical to the original:
When I open up the uploaded jar file (using Notepad++), I did notice that the binary contents are different from the original. Also, when I used JarInputStream to read the JAR entries, there were no entries.
JarInputStream is = new JarInputStream(new FileInputStream(new File("uploaded.jar")));
JarEntry entry = null;
while(null != (entry = is.getNextJarEntry())) {
System.out.println(entry.getName());
}
Furthermore, when I double click on the jar (Windows), I get the following message.
Error: Invalid or corrupt jarfile
My questions are:
JarInputStream to detect this right away, but it shows no problems at alljava -cp uploaded.jar;libs\* com.some.class.Test command?This question is irrelevant from jar signing and/or checking the signature of a JAR file. It is simply checking if a file (uploaded or not) is a valid JAR file (not necessarily if the jar's class files are valid, as there is another SO post on this issue already).
My results for running jar -tvf uploaded.jar:
java.util.zip.ZipException: error in opening zip file
at java.util.zip.ZipFile.open(Native Method)
at java.util.zip.ZipFile.<init>(ZipFile.java:127)
at java.util.zip.ZipFile.<init>(ZipFile.java:88)
at sun.tools.jar.Main.list(Main.java:977)
at sun.tools.jar.Main.run(Main.java:222)
at sun.tools.jar.Main.main(Main.java:1147)
554
On the command line, run the jar command like this: jar -tvf <jarname> . The 't' says "test", 'v' I believe means "verbose", and 'f' means "file". You can also open a JAR in any ZIP program.
Hi, Jar files are archive files that contains of a lot of different java classes (files). You can use winzip/winrar to open the jar files and you can see those java classes in jar files. Typically you can use a Java decompiler to decompile the class file and look into the source code.
To run an application in a nonexecutable JAR file, we have to use -cp option instead of -jar. We'll use the -cp option (short for classpath) to specify the JAR file that contains the class file we want to execute: java -cp jar-file-name main-class-name [args …]
A way to programmatically detect an invalid jar file is to use java.util.ZipFile.
public static void main(String[] args) {
if(args.length < 1) {
System.err.println("need jar file");
return;
}
String pathname = args[0];
try {
ZipFile file = new ZipFile(new File(pathname));
Enumeration<? extends ZipEntry> e = file.entries();
while(e.hasMoreElements()) {
ZipEntry entry = e.nextElement();
System.out.println(entry.getName());
}
} catch(Exception ex) {
ex.printStackTrace();
}
}
If the jar file is invalid, a ZipException will be thrown when instantiating the ZipFile object.
198
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With