如何以编程方式验证使用jarsigner签名的jar [英] How to verify a jar signed with jarsigner programmatically

问题描述

我想使用jarsigner签署jar，然后使用Java应用程序验证它，该应用程序没有签名jar作为其类路径的一部分（即只使用jar的文件系统位置）

I'm wanting to sign a jar using jarsigner, then verify it using a Java application which does not have the signed jar as part of it's classpath (i.e. just using a filesystem location of the jar)

现在我的问题是从jar中获取签名文件，有没有一种简单的方法可以做到这一点？

Now my problem is getting the signature file out of the jar, is there a simple way to do this?

我有过与Inflater和Jar InputStreams一起玩没有运气。

I've had a play with the Inflater and Jar InputStreams with no luck.

或者这可以用更好的方式完成吗？

Or is this something that can be accomplished in a better way?

谢谢

推荐答案

安全提供者实施指南概述了验证JAR的过程。虽然这些说明适用于JCA加密服务提供商进行验证，但它们应适用于您的问题。

The security Provider implementation guide outlines the process of verifying JARs. Although these instructions are for a JCA cryptographic service provider to verify itself, they should be applicable to your problem.

具体来说，请查看验证（ X509Certificate targetCert）示例代码中的方法，MyJCE.java。

Specifically, check out the verify(X509Certificate targetCert) method in the sample code, "MyJCE.java".

这篇关于如何以编程方式验证使用jarsigner签名的jar的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！