Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

java code for checking if jar file are signed or not

I have a question regarding verifying if a .jar file is signed or not.

How can I check this with standard java code, not using the jarsigner, etc.?

like image 840
padre Avatar asked Sep 24 '13 13:09

padre


People also ask

Is a JAR file signed?

You use the JAR Signing and Verification Tool to sign JAR files and time stamp the signature. You invoke the JAR Signing and Verification Tool by using the jarsigner command, so we'll refer to it as "Jarsigner" for short. To sign a JAR file, you must first have a private key.

Do JAR files need to be signed?

Signing a jar file, just like using certificates in other contexts, is done so that people using it know where it came from. People may trust that Chris Carruthers isn't going to write malicious code, and so they're willing to allow your applet access to their file system.


1 Answers

If you simply want to check if jar is signed or not check MANIFEST.MF attributes with JarFile, there should be entries like this for each file

Name: sun/plugin/AppletViewer$2.class
SHA-256-Digest: VAPu2ppyO3MeFiJBHcCmusw+59pL4pRg9n2aKWyHnS0=
like image 63
Evgeniy Dorofeev Avatar answered Oct 07 '22 16:10

Evgeniy Dorofeev