jarify
Class JarVerifier

java.lang.Object
  extended by jarify.JarVerifier

public final class JarVerifier
extends java.lang.Object

Verfies the authencity of a signed jar file.


Field Summary
private  java.util.Hashtable aliasSBF
          Contains the signature block file (as PKCS#7) for each alias
private  java.util.Hashtable digestCache
          Contains all loaded Digest Class objects for caching purposes
private  JAPCertificate m_certRoot
          The trusted certificate
private  JarFile m_jarFile
          The JarFile to authenticate to
private  JarManifest m_Manifest
          The Manifest File of the JarFile
 
Constructor Summary
private JarVerifier(java.io.File jarFile)
          Constructor
 
Method Summary
private  void close()
           
private  org.bouncycastle.crypto.Digest getDigestClass(java.lang.String digestID)
          This method retrieves the digest class for the given digest name and
tries to instanciate an object of this digest class.
private  java.util.Vector InitAliases(java.util.Vector aliases)
          Initializes the aliasSBF Hashtable and removes the aliases which cannot be
authenticated by the given root certificate.
private  boolean isSignedJar()
          Checks whether the jarFile is a signed one.
static boolean verify(java.io.File file, JAPCertificate cert)
           
private  boolean verify(JAPCertificate cert)
          Verify the signature of the jarFile with the supplied certificate.
private  boolean verifyManifestDigests()
          Verifies the digests in the manifest file to the digests
calculated against the corresponding file.
private  boolean verifySFDigests(java.lang.String alias)
          Verifies the digests within the SF file against the digests
computed of the entries in the manifest file.
Verifies the digest in the SF file against the digest
computed from the entire manifest file.
private  boolean verifySignature(java.lang.String alias)
          Checks the Signature File against the Signature Block File from the given alias.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

m_jarFile

private JarFile m_jarFile
The JarFile to authenticate to


m_Manifest

private JarManifest m_Manifest
The Manifest File of the JarFile


m_certRoot

private JAPCertificate m_certRoot
The trusted certificate


digestCache

private java.util.Hashtable digestCache
Contains all loaded Digest Class objects for caching purposes


aliasSBF

private java.util.Hashtable aliasSBF
Contains the signature block file (as PKCS#7) for each alias

Constructor Detail

JarVerifier

private JarVerifier(java.io.File jarFile)
             throws java.util.zip.ZipException,
                    java.io.IOException,
                    java.lang.SecurityException
Constructor

Parameters:
jarFilePath - the JarFile to verify
Throws:
java.util.zip.ZipException
java.io.IOException
java.lang.SecurityException
Method Detail

close

private void close()

InitAliases

private java.util.Vector InitAliases(java.util.Vector aliases)
Initializes the aliasSBF Hashtable and removes the aliases which cannot be
authenticated by the given root certificate.

Parameters:
aliases - All aliases from the Jarfile.
Returns:
Vector with the aliases that can be verified.

verify

public static boolean verify(java.io.File file,
                             JAPCertificate cert)

verify

private boolean verify(JAPCertificate cert)
Verify the signature of the jarFile with the supplied certificate. Checks the signatures of the jarFile against the supplied certificate. If no Signer can be validated against this certificate, the verification fails.

Parameters:
cert - Path to the certificate
Returns:
True if the JarFile is valid, false otherwise

verifySignature

private boolean verifySignature(java.lang.String alias)
Checks the Signature File against the Signature Block File from the given alias.

Parameters:
alias - The entity whose signature(s) should be tested
Returns:
True if all signatures from this entity could be verified,
False otherwise

isSignedJar

private boolean isSignedJar()
Checks whether the jarFile is a signed one.

Checks in particular:
- if Manifest file exists
- if at least one Signature file exists
- if at least one Signature Block file for each SF exists

Returns:
True if this jarFile is signed, False otherwise

verifySFDigests

private boolean verifySFDigests(java.lang.String alias)
Verifies the digests within the SF file against the digests
computed of the entries in the manifest file.
Verifies the digest in the SF file against the digest
computed from the entire manifest file.

Parameters:
alias - Specfies the signature file for the given alias
Returns:
True if validated

verifyManifestDigests

private boolean verifyManifestDigests()
Verifies the digests in the manifest file to the digests
calculated against the corresponding file.

Returns:
True is validated, false otherwise

getDigestClass

private org.bouncycastle.crypto.Digest getDigestClass(java.lang.String digestID)
This method retrieves the digest class for the given digest name and
tries to instanciate an object of this digest class.

Parameters:
digestID - The name of the digest, e.g. 'SHA1-Digest'
Returns:
An object of the digest class for the given name or
null if no digest class was found
See Also:
JarConstants