Re: A question about signed jar file.
schemers@Eng
Mon, 4 Jan 1999 21:12:56 -0800 (PST)
LiuZhen writes:
> According to the JDK1.2's Documentation, there is method
> getCertificates() in the class java.util.jar.JarEntry, and an instance
> of JarEntry could be obtained by calling method getNextJarEntry() of
> class java.util.jar.JarInputStream.
> I have generated a keystore using keytool and signed a jar file
> using the keystore and jarsigner. I want to obtain the certificates
> associated with the files included in the jar file.
> After an instance of java.util.jar.JarInputStream is obtained by
> calling new java.util.jar.JarInputStream("the name of a signed jar
> file"), getNextJarEntry()is called and an instance of JarEntry is
> returned, but when calling getCertificates() method on the returned
> instance of JarEntry, null is returned.
You need to completely read the data for the entry before calling
getCertificates, because until all the data is read, the
signature/digest can't be verified.
roland