| java.lang.Object
 java.util.jar.JarVerifier
| JarVerifier | | class JarVerifier (Code) | | Non-public class used by
JarFile and
JarInputStream to manage
the verification of signed jars. JarFile and
JarInputStream objects will be expected to have a
JarVerifier instance member which can be used to carry out the
tasks associated with verifying a signed jar. These tasks would typically
include:
- verification of all signed signature files
- confirmation that all signed data was signed only by the party or
parties specified in the signature block data
- verification that the contents of all signature files (i.e.
.SF files) agree with the jar entries information found in the
jar manifest.
|
| Inner Class :static class VerifierEntry extends OutputStream | |
| Constructor Summary | |
| | JarVerifier(String name)
Constructs and answers with a new instance of JarVerifier. |
| Method Summary | |
| void | addMetaEntry(String name, byte[] buf)
Add a new meta entry to the internal collection of data held on each jar
entry in the META-INF directory including the manifest
file itself. | | Certificate[] | getCertificates(String name)
Returns all of the
java.security.cert.Certificate instances that
were used to verify the signature on the jar entry called
name.
Parameters:
name - the name of a jar entry. | | public static Vector<Certificate> | getSignerCertificates(String signatureFileName, Map<String, Certificate[]> certificates)
Returns a Vector of all of the
java.security.cert.Certificate s that are associated with the
signing of the named signature file.
Parameters:
signatureFileName - the name of a signature file
Parameters:
certificates - a Map of all of the certificate chainsdiscovered so far while attempting to verify the jar thatcontains the signature file signatureFileName.This object will have been previously set in the course of oneor more calls toJarVerifier.verifyJarSignatureFile(String,String,String,Map,Map)where it was passed in as the last argument. | | VerifierEntry | initEntry(String name)
Called for each new jar entry read in from the input stream. | | boolean | isSignedJar()
Returns a boolean indication of whether or not the
associated jar file is signed. | | synchronized boolean | readCertificates()
If the associated jar file is signed, check on the validity of all of the
known signatures.
true if the associated jar is signed and aninternal check verifies the validity of the signature(s).false if the associated jar file has no entries atall in its META-INF directory. | | void | removeMetaEntries()
Remove all entries from the internal collection of data held about each
jar entry in the META-INF directory. | | void | setManifest(Manifest mf)
Associate this verifier with the specified
Manifest object. | | void | verifySignatures(VerifierEntry entry, ZipEntry zipEntry)
Verifies that the digests stored in the manifest match the decrypted
digests from the .SF file. |
| mainAttributesChunk | | byte[] mainAttributesChunk(Code) | | |
| JarVerifier | | JarVerifier(String name)(Code) | | Constructs and answers with a new instance of JarVerifier.
Parameters:
name - the name of the jar file being verified. |
| addMetaEntry | | void addMetaEntry(String name, byte[] buf)(Code) | | Add a new meta entry to the internal collection of data held on each jar
entry in the META-INF directory including the manifest
file itself. Files associated with the signing of a jar would also be
added to this collection.
Parameters:
name - the name of the file located in the META-INFdirectory.
Parameters:
buf - the file bytes for the file called name.
See Also: JarVerifier.removeMetaEntries() |
| getSignerCertificates | | public static Vector<Certificate> getSignerCertificates(String signatureFileName, Map<String, Certificate[]> certificates)(Code) | | Returns a Vector of all of the
java.security.cert.Certificate s that are associated with the
signing of the named signature file.
Parameters:
signatureFileName - the name of a signature file
Parameters:
certificates - a Map of all of the certificate chainsdiscovered so far while attempting to verify the jar thatcontains the signature file signatureFileName.This object will have been previously set in the course of oneor more calls toJarVerifier.verifyJarSignatureFile(String,String,String,Map,Map)where it was passed in as the last argument. all of the Certificate entries for the signer ofthe jar whose actions led to the creation of the named signaturefile. |
| initEntry | | VerifierEntry initEntry(String name)(Code) | | Called for each new jar entry read in from the input stream. This method
constructs and returns a new
VerifierEntry which contains the
certificates used to sign the entry and its hash value as specified in
the jar manifest.
Parameters:
name - the name of an entry in a jar file which is not in theMETA-INF directory. a new instance of VerifierEntry which can be used bycallers as an OutputStream. |
| isSignedJar | | boolean isSignedJar()(Code) | | Returns a boolean indication of whether or not the
associated jar file is signed.
true if the jar is signed, falseotherwise. |
| readCertificates | | synchronized boolean readCertificates()(Code) | | If the associated jar file is signed, check on the validity of all of the
known signatures.
true if the associated jar is signed and aninternal check verifies the validity of the signature(s).false if the associated jar file has no entries atall in its META-INF directory. This situation isindicative of an invalid jar file.Will also return true if the jar file is not signed.
throws:
SecurityException - if the jar file is signed and it is determined that asignature block file contains an invalid signature for thecorresponding signature file. |
| setManifest | | void setManifest(Manifest mf)(Code) | | Associate this verifier with the specified
Manifest object.
Parameters:
mf - a java.util.jar.Manifest object. |
| verifySignatures | | void verifySignatures(VerifierEntry entry, ZipEntry zipEntry)(Code) | | Verifies that the digests stored in the manifest match the decrypted
digests from the .SF file. This indicates the validity of the signing,
not the integrity of the file, as it's digest must be calculated and
verified when its contents are read.
Parameters:
entry - the VerifierEntry associated with the specifiedzipEntry.
Parameters:
zipEntry - an entry in the jar file
throws:
SecurityException - if the digest value stored in the manifest does notagree with the decrypted digest as recovered from the.SF file.
See Also: JarVerifier.initEntry(String) |
|
|