How to verify jar entity certificate?
If I ask for Certificates[] method JarEntity.getCertificates() returns null.
How to get JarEntity certificates?
JarInputStream jar =null;
try{
jar =new JarInputStream(new FileInputStream("e:/out/p1.jar"));
JarEntry je =null;
while ((je = jar.getNextJarEntry()) !=null){
System.out.println("--");
System.out.println(je);
byte[] b =newbyte[3000];
int l = jar.read(b);
System.out.println("len: " + l);
Certificate[] certs = je.getCertificates();
System.out.println("certs: " + certs);
}
}catch (Exception e){
e.printStackTrace();
}finally{
if (jar !=null){
try{
jar.close();
}catch (Exception e){
// ignore
}
}
}
result
--
META-INF/GMNA.SF
len: 203
certs: null
--
META-INF/GMNA.DSA
len: 664
certs: null
--
org/x4444/p1/Superp1.class
len: 471
certs: null
Why certs for org/x4444/p1/Superp1.class == null?
the jar was signed :
E:\out>c:\j2sdk1.4.2_13\bin\jarsigner.exe p1.jar gmna
and verified
E:\out>c:\j2sdk1.4.2_13\bin\jarsigner.exe -verify -verbose p1.jar
104 Tue Jul 17 15:41:32 MSD 2007 META-INF/MANIFEST.MF
203 Tue Jul 17 15:41:32 MSD 2007 META-INF/GMNA.SF
1033 Tue Jul 17 15:41:32 MSD 2007 META-INF/GMNA.DSA
smk471 Tue Jul 17 15:14:56 MSD 2007 org/x4444/p1/Superp1.class
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
