[jboss-dev] certs and verified signers
Ales Justin
ales.justin at gmail.com
Tue Sep 15 11:36:13 EDT 2009
> Read the fine manual :-)
> http://java.sun.com/j2se/1.5.0/docs/api/java/util/jar/JarEntry.html#getCertificates()
>
> i.e. you have to read() the entire stream before asking
> for the certs/signers.
Yeah, just found that out, while reading and weeping at that super ugly
code. :-)
But this still doesn't return any certs:
URL url = getResource("/vfs/test/cert_test.jar");
VirtualFile jar = VFS.getRoot(url);
VirtualFile clazz =
jar.findChild("examplets/plugins/impl/AnotherInjectedPlugin.class");
InputStream tmp = clazz.openStream(); // HERE -- reading stream
Certificate[] certs = clazz.getCertificates();
assertNotNull("No certificates: " + clazz, certs);
I now get "sigFileSigners" entry in JarVerifier class, but I don't know
how to move it to verifiedSigners Hashtable in
http://www.java2s.com/Open-Source/Java-Document/6.0-JDK-Modules-sun/security/sun/security/util/ManifestEntryVerifier.java.htm
yet.
> But the real reason for JBCL-67 - besides having a
> mechanism to do a VirtualFile.getCertificates() - is how to do it for
> non-jar files, e.g. unpacked deployments?
Since this is now an impl detail of VirtualFile/VirtualFileHandler, it's
up to them do provide a mechanism.
Any ideas / suggestions?
e.g. X.class --> X.class.cert if it exists
More information about the jboss-development
mailing list