Validating signed jar file

Hi all,

This seems like a basic question, yet i have been unable to find the answer in a day or so of web searching.

I have a security sensitive application. I have signed my jar files using a certificate. I am concerned that someone could take one of my jars, remove my signature, modify a file in it, and then resign it using their certificate. So I am looking for a way to determine from within a Java program whether a jar file is signed AND who the signer of a given jar file is.

This is probably something obvious that I have missed, but any help would be appreciated.

Thanks,

Don

[624 byte] By [GFLDona] at [2007-11-26 17:37:39]

«« Problem with my Thread
»» What is the purpose of waitFor.

# 1

I am looking for the same information. I have also not been able to find anything after searching for a few days.

mvfranza at 2007-7-9 0:05:49 >

top of Java-index,Security,Other Security APIs, Tools, and Issues...

# 2

You can get the signer and the signing certificate of any class that's known to be in the JAR file.Class.getProtectionDomain().getCodeSource().getCertificates() or getCodeSigners().

ejpa at 2007-7-9 0:05:49 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Validating signed jar file

Security New Topic

Security Hot Topic

Security

All Classified