[jboss-dev] certs and verified signers

Ales Justin ales.justin at gmail.com
Tue Sep 15 11:36:13 EDT 2009

> Read the fine manual :-)
> http://java.sun.com/j2se/1.5.0/docs/api/java/util/jar/JarEntry.html#getCertificates()
> i.e. you have to read() the entire stream before asking 
> for the certs/signers.

Yeah, just found that out, while reading and weeping at that super ugly 
code. :-)

But this still doesn't return any certs:

       URL url = getResource("/vfs/test/cert_test.jar");
       VirtualFile jar = VFS.getRoot(url);
       VirtualFile clazz = 
       InputStream tmp = clazz.openStream(); // HERE -- reading stream
       Certificate[] certs = clazz.getCertificates();
       assertNotNull("No certificates: " + clazz, certs);

I now get "sigFileSigners" entry in JarVerifier class, but I don't know 
how to move it to verifiedSigners Hashtable in 

> But the real reason for JBCL-67 - besides having a
> mechanism to do a VirtualFile.getCertificates() - is how to do it for
> non-jar files, e.g. unpacked deployments?

Since this is now an impl detail of VirtualFile/VirtualFileHandler, it's 
up to them do provide a mechanism.

Any ideas / suggestions?
e.g. X.class --> X.class.cert if it exists

More information about the jboss-development mailing list