Build 1.0_r1(from source)

java.util.jar
Class JarVerifier

java.lang.Object
  extended by java.util.jar.JarVerifier

 class JarVerifier
extends Object

Non-public class used by JarFile and JarInputStream to manage the verification of signed jars. JarFile and JarInputStream objects will be expected to have a JarVerifier instance member which can be used to carry out the tasks associated with verifying a signed jar. These tasks would typically include:


Nested Class Summary
(package private) static class JarVerifier.VerifierEntry
          TODO Type description
 
Field Summary
(package private)  byte[] mainAttributesChunk
           
 
Constructor Summary
JarVerifier(String name)
          Constructs and returns a new instance of JarVerifier.
 
Method Summary
(package private)  void addMetaEntry(String name, byte[] buf)
          Add a new meta entry to the internal collection of data held on each jar entry in the META-INF directory including the manifest file itself.
(package private)  Certificate[] getCertificates(String name)
          Returns all of the Certificate instances that were used to verify the signature on the jar entry called name.
static Vector<Certificate> getSignerCertificates(String signatureFileName, Map<String,Certificate[]> certificates)
          Returns a Vector of all of the Certificates that are associated with the signing of the named signature file.
(package private)  JarVerifier.VerifierEntry initEntry(String name)
          Called for each new jar entry read in from the input stream.
(package private)  boolean isSignedJar()
          Returns a boolean indication of whether or not the associated jar file is signed.
(package private)  boolean readCertificates()
          If the associated jar file is signed, check on the validity of all of the known signatures.
(package private)  void removeMetaEntries()
          Remove all entries from the internal collection of data held about each jar entry in the META-INF directory.
(package private)  void setManifest(Manifest mf)
          Associate this verifier with the specified Manifest object.
(package private)  void verifySignatures(JarVerifier.VerifierEntry entry, ZipEntry zipEntry)
          Verifies that the digests stored in the manifest match the decrypted digests from the .SF file.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

mainAttributesChunk

byte[] mainAttributesChunk
Constructor Detail

JarVerifier

JarVerifier(String name)
Constructs and returns a new instance of JarVerifier.

Parameters:
name - the name of the jar file being verified.
Method Detail

initEntry

JarVerifier.VerifierEntry initEntry(String name)
Called for each new jar entry read in from the input stream. This method constructs and returns a new JarVerifier.VerifierEntry which contains the certificates used to sign the entry and its hash value as specified in the jar manifest.

Parameters:
name - the name of an entry in a jar file which is not in the META-INF directory.
Returns:
a new instance of JarVerifier.VerifierEntry which can be used by callers as an OutputStream.

addMetaEntry

void addMetaEntry(String name,
                  byte[] buf)
Add a new meta entry to the internal collection of data held on each jar entry in the META-INF directory including the manifest file itself. Files associated with the signing of a jar would also be added to this collection.

Parameters:
name - the name of the file located in the META-INF directory.
buf - the file bytes for the file called name.
See Also:
removeMetaEntries()

readCertificates

boolean readCertificates()
If the associated jar file is signed, check on the validity of all of the known signatures.

Returns:
true if the associated jar is signed and an internal check verifies the validity of the signature(s). false if the associated jar file has no entries at all in its META-INF directory. This situation is indicative of an invalid jar file.

Will also return true if the jar file is not signed.

Throws:
SecurityException - if the jar file is signed and it is determined that a signature block file contains an invalid signature for the corresponding signature file.

setManifest

void setManifest(Manifest mf)
Associate this verifier with the specified Manifest object.

Parameters:
mf - a java.util.jar.Manifest object.

verifySignatures

void verifySignatures(JarVerifier.VerifierEntry entry,
                      ZipEntry zipEntry)
Verifies that the digests stored in the manifest match the decrypted digests from the .SF file. This indicates the validity of the signing, not the integrity of the file, as it's digest must be calculated and verified when its contents are read.

Parameters:
entry - the JarVerifier.VerifierEntry associated with the specified zipEntry.
zipEntry - an entry in the jar file
Throws:
SecurityException - if the digest value stored in the manifest does not agree with the decrypted digest as recovered from the .SF file.
See Also:
initEntry(String)

isSignedJar

boolean isSignedJar()
Returns a boolean indication of whether or not the associated jar file is signed.

Returns:
true if the jar is signed, false otherwise.

getCertificates

Certificate[] getCertificates(String name)
Returns all of the Certificate instances that were used to verify the signature on the jar entry called name.

Parameters:
name - the name of a jar entry.
Returns:
an array of Certificate.

removeMetaEntries

void removeMetaEntries()
Remove all entries from the internal collection of data held about each jar entry in the META-INF directory.

See Also:
addMetaEntry(String, byte[])

getSignerCertificates

public static Vector<Certificate> getSignerCertificates(String signatureFileName,
                                                        Map<String,Certificate[]> certificates)
Returns a Vector of all of the Certificates that are associated with the signing of the named signature file.

Parameters:
signatureFileName - the name of a signature file
certificates - a Map of all of the certificate chains discovered so far while attempting to verify the jar that contains the signature file signatureFileName. This object will have been previously set in the course of one or more calls to #verifyJarSignatureFile(String, String, String, Map, Map) where it was passed in as the last argument.
Returns:
all of the Certificate entries for the signer of the jar whose actions led to the creation of the named signature file.

Build 1.0_r1(from source)

Please submit a feedback, bug or feature