Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for signed JARs #956

Open
Duhemm opened this issue Aug 21, 2017 · 0 comments
Open

Add support for signed JARs #956

Duhemm opened this issue Aug 21, 2017 · 0 comments
Labels
component:javalib feature
Milestone
Backlog

Comments

@Duhemm
Copy link
Contributor

Duhemm commented Aug 21, 2017
edited

The support for JAR files provided by #942 doesn't include support for signed JARs.

We should port org.apache.harmony.security.utils.JarUtils from Apache Harmony (see here: https://github.com/apache/harmony/blob/java6/classlib/modules/security/src/main/java/common/org/apache/harmony/security/utils/JarUtils.java).

There are already tests for signed JARs in:

  • java.util.jar.JarEntrySuite
  • java.util.jar.JarFileSuite

How to fix this issue:

1. Fix these issues:

2. Use JarUtils in JarVerifier.verifyCertificate:

https://github.com/apache/harmony/blob/java6/classlib/modules/archive/src/main/java/java/util/jar/JarVerifier.java#L295-L298

        try {
            Certificate[] signerCertChain = JarUtils.verifySignature(
                    new ByteArrayInputStream(sfBytes),
                    new ByteArrayInputStream(sBlockBytes));
            (...)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component:javalib feature
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
2 participants
@densh @Duhemm