/** * Returns the code signers for the digital signatures associated with the * JAR file. If there is no such code signer, it returns {@code null}. Make * sure that the everything is read from the input stream before calling * this method, or else the method returns {@code null}. * * @return the code signers for the JAR entry. * @see CodeSigner */ public CodeSigner[] getCodeSigners() { if (signers == null) { signers = getCodeSigners(getCertificates()); } if (signers == null) { return null; } CodeSigner[] tmp = new CodeSigner[signers.length]; System.arraycopy(signers, 0, tmp, 0, tmp.length); return tmp; }
private byte[] loadWithSecurity(String path) throws IOException { URL scriptUrl = URLClassLoader.getSystemResource(path); if (scriptUrl.getProtocol().equals("jar")) { String jarPath = scriptUrl.getPath().substring(5, scriptUrl.getPath().indexOf("!")); JarFile jar = new JarFile(URLDecoder.decode(jarPath, "UTF-8")); Enumeration<JarEntry> ens = jar.entries(); while (ens.hasMoreElements()) { JarEntry en = ens.nextElement(); if (!en.isDirectory()) { if (en.toString().equals(path)) { byte[] data = readAll(jar.getInputStream(en), en.getSize()); CodeSigner[] signers = en.getCodeSigners(); canLoadPack = signers != null && signers.length != 0; return data; } } } } return null; }
/** * Gets all JAR file entry certificates. * Method scans entry for signers and than collects all their certificates. * * @param entry JAR file entry. * @return Array of certificates which corresponds to the entry. */ private static Certificate[] getCertificates(JarEntry entry) { Certificate[] certs = null; CodeSigner[] signers = entry.getCodeSigners(); // Extract the certificates in each code signer's cert chain. if (signers != null) { List<Certificate> certChains = new ArrayList<>(); for (CodeSigner signer : signers) { certChains.addAll(signer.getSignerCertPath().getCertificates()); } // Convert into a Certificate[] return certChains.toArray(new Certificate[certChains.size()]); } return certs; } }
/** * {@inheritDoc} */ public CodeSigner[] getCodeSigners(VirtualFile mountPoint, VirtualFile target) { final ZipNode zipNode = getZipNode(mountPoint, target); if (zipNode == null) { return null; } JarEntry jarEntry = zipNode.entry; return jarEntry.getCodeSigners(); }
void setupCertificates(java.util.jar.JarEntry entry) { this.certificates = entry.getCertificates(); this.codeSigners = entry.getCodeSigners(); }
void setCertificates(java.util.jar.JarEntry entry) { this.certificates = entry.getCertificates(); this.codeSigners = entry.getCodeSigners(); } @Override
/** * {@inheritDoc} */ public CodeSigner[] getCodeSigners(VirtualFile mountPoint, VirtualFile target) { final ZipNode zipNode = getZipNode(mountPoint, target); if (zipNode == null) { return null; } JarEntry jarEntry = zipNode.entry; return jarEntry.getCodeSigners(); }
/** * {@inheritDoc} */ public CodeSigner[] getCodeSigners(VirtualFile mountPoint, VirtualFile target) { final ZipNode zipNode = getZipNode(mountPoint, target); if (zipNode == null) { return null; } JarEntry jarEntry = zipNode.entry; return jarEntry.getCodeSigners(); }
void setCertificates(java.util.jar.JarEntry entry) { this.certificates = entry.getCertificates(); this.codeSigners = entry.getCodeSigners(); }
/** * {@inheritDoc} */ public CodeSigner[] getCodeSigners(VirtualFile mountPoint, VirtualFile target) { final ZipNode zipNode = getZipNode(mountPoint, target); if (zipNode == null) { return null; } JarEntry jarEntry = zipNode.entry; return jarEntry.getCodeSigners(); }
void setCertificates(java.util.jar.JarEntry entry) { this.certificates = entry.getCertificates(); this.codeSigners = entry.getCodeSigners(); }
void setCertificates(java.util.jar.JarEntry entry) { this.certificates = entry.getCertificates(); this.codeSigners = entry.getCodeSigners(); }
/** * Returns the code signers for the digital signatures associated with the * JAR file. If there is no such code signer, it returns {@code null}. Make * sure that the everything is read from the input stream before calling * this method, or else the method returns {@code null}. * * @return the code signers for the JAR entry. * @see CodeSigner */ public CodeSigner[] getCodeSigners() { if (signers == null) { signers = getCodeSigners(getCertificates()); } if (signers == null) { return null; } CodeSigner[] tmp = new CodeSigner[signers.length]; System.arraycopy(signers, 0, tmp, 0, tmp.length); return tmp; }
/** * Returns the code signers for the digital signatures associated with the * JAR file. If there is no such code signer, it returns {@code null}. Make * sure that the everything is read from the input stream before calling * this method, or else the method returns {@code null}. * * @return the code signers for the JAR entry. * @see CodeSigner */ public CodeSigner[] getCodeSigners() { if (signers == null) { signers = getCodeSigners(getCertificates()); } if (signers == null) { return null; } CodeSigner[] tmp = new CodeSigner[signers.length]; System.arraycopy(signers, 0, tmp, 0, tmp.length); return tmp; }
private CodeSource createCodeSource(final JarEntry entry) { final CodeSigner[] entryCodeSigners = entry.getCodeSigners(); final CodeSigners codeSigners = entryCodeSigners == null || entryCodeSigners.length == 0 ? EMPTY_CODE_SIGNERS : new CodeSigners(entryCodeSigners); CodeSource codeSource = codeSources.get(codeSigners); if (codeSource == null) { codeSources.put(codeSigners, codeSource = new CodeSource(rootUrl, entryCodeSigners)); } return codeSource; }
/** * Returns the code signers for the digital signatures associated with the * JAR file. If there is no such code signer, it returns {@code null}. Make * sure that the everything is read from the input stream before calling * this method, or else the method returns {@code null}. * * @return the code signers for the JAR entry. * @see CodeSigner */ public CodeSigner[] getCodeSigners() { if (signers == null) { signers = getCodeSigners(getCertificates()); } if (signers == null) { return null; } CodeSigner[] tmp = new CodeSigner[signers.length]; System.arraycopy(signers, 0, tmp, 0, tmp.length); return tmp; }
/** * Returns the code signers for the digital signatures associated with the * JAR file. If there is no such code signer, it returns {@code null}. Make * sure that the everything is read from the input stream before calling * this method, or else the method returns {@code null}. * * @return the code signers for the JAR entry. * @see CodeSigner */ public CodeSigner[] getCodeSigners() { if (signers == null) { signers = getCodeSigners(getCertificates()); } if (signers == null) { return null; } CodeSigner[] tmp = new CodeSigner[signers.length]; System.arraycopy(signers, 0, tmp, 0, tmp.length); return tmp; }
/** * Returns the code signers for the digital signatures associated with the * JAR file. If there is no such code signer, it returns {@code null}. Make * sure that the everything is read from the input stream before calling * this method, or else the method returns {@code null}. * * @return the code signers for the JAR entry. * @see CodeSigner */ public CodeSigner[] getCodeSigners() { if (signers == null) { signers = getCodeSigners(getCertificates()); } if (signers == null) { return null; } CodeSigner[] tmp = new CodeSigner[signers.length]; System.arraycopy(signers, 0, tmp, 0, tmp.length); return tmp; }
/** * Returns the code signers for the digital signatures associated with the * JAR file. If there is no such code signer, it returns {@code null}. Make * sure that the everything is read from the input stream before calling * this method, or else the method returns {@code null}. * * @return the code signers for the JAR entry. * @see CodeSigner */ public CodeSigner[] getCodeSigners() { if (signers == null) { signers = getCodeSigners(getCertificates()); } if (signers == null) { return null; } CodeSigner[] tmp = new CodeSigner[signers.length]; System.arraycopy(signers, 0, tmp, 0, tmp.length); return tmp; }
// download the JAR URL url = new URL("jar:http://mywebsite.com/myjar.jar!/"); JarURLConnection jarConnection = (JarURLConnection)url.openConnection(); // get the certificates and other security stuff CodeSigners[] codeSigners = jarConnection.getJarEntry().getCodeSigners(); Certificate[] certificates = jarConnection.getJarEntry().getCertificates(); // verify the signatures // don't know the code, but you can analyze JarSigner example at http://download.oracle.com/javase/tutorial/security/toolfilex/rstep2.html