I don't want to use the jarsigner -verify. Is there no JAR util package for my problem?
I just want to verfiy a JAR in pure Java.
views:
199answers:
2
A:
I think I have the right solution now.
greetz Alexander
Edit: Sorry, but the link is a dead link and I can't find the source.
polyurethan
2009-05-15 12:25:21
A good reason not to answer with only a link (especially not a volatile one such as this)
Joachim Sauer
2009-10-02 13:14:19
@polyurethan: Could you please paste the solution into your answer - this link is dead.
Software Monkey
2009-10-16 01:54:56
+3
A:
The "jarsigner" is just a small wrapper for a java program that verifies the jar. Inside your JDK there is a "tools.jar" (usally "C:\programs\Java\jdk1.6.0_13\lib\tools.jar" or something like this). Inside this library there is a class "JarSigner" that provides the desired ability. Just put the "tools.jar" on your classpath!
Heres an example program to demonstrate the behaviour
import sun.security.tools.JarSigner;
public class TestJarSigner {
public static void main(String[] args) {
JarSigner signer = new JarSigner();
signer.run(new String[] { "-verify", "tools.jar" });
}
}
Output is:
jar is unsigned. (signatures missing or not parsable)
The sources are availible if you need a deeper understanding of the signing process.
Arne
2009-11-20 09:00:39