JarSignature

java.lang.Object
- com.sun.javafx.tools.packager.JarSignature

```
public class JarSignature
extends java.lang.Object
```
(Source copied from: com.sun.deploy.security.JarSignature in Deploy workspace) This class is an abstraction of signature that is currently used for implementation of jar signing as BLOBs. There are 2 modes of use for this class - signing and validation and same instance of JarSignature object can not be reused. Signing mode: - create new instance using JarSignature.create() - add entries you want to include into the signature using updateWithEntry(). (Note the order is important.) - use getEncoded() to get bytes for the result signature Validation mode: - create new instance using JarSignature.load() - add entries using updateWithEntry() - use isValid() to validate result - use getCodeSigners() to get list of code signers used

Nested Class Summary

Nested Classes
Modifier and Type Class and Description

static interface JarSignature.InputStreamSource

private class JarSignature.ValidationStream

Nested Classes
Modifier and Type	Class and Description
`static interface`	`JarSignature.InputStreamSource`
`private class`	`JarSignature.ValidationStream`

Field Summary

Fields
Modifier and Type	Field and Description
`static java.lang.String`	`BLOB_SIGNATURE`
`private java.security.cert.X509Certificate[]`	`certChain`
`private java.security.CodeSigner[]`	`codeSigners`
`private java.security.Signature`	`sig`
`private sun.security.pkcs.SignerInfo[]`	`signerInfos`

Constructor Summary

Constructors
Modifier	Constructor and Description
`private`	`JarSignature(java.security.Signature signature, sun.security.pkcs.SignerInfo[] infos, java.security.CodeSigner[] signers)`
`private`	`JarSignature(java.security.Signature signature, java.security.cert.X509Certificate[] chain)`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`private void`	`addSignatureEntry(byte[] signature, java.util.zip.ZipOutputStream jos)`
`static JarSignature`	`create(java.security.PrivateKey privateKey, java.security.cert.X509Certificate[] chain)` Creates new signature for signing.
`private static java.security.CodeSigner[]`	`extractCodeSigners(sun.security.pkcs.SignerInfo[] infos, sun.security.pkcs.PKCS7 block)`
`java.security.CodeSigner[]`	`getCodeSigners()`
`private static java.lang.String`	`getDigAlgFromSigAlg(java.lang.String signatureAlgorithm)`
`(package private) sun.security.x509.AlgorithmId`	`getDigestAlgorithm()`
`private static java.lang.String`	`getEncAlgFromSigAlg(java.lang.String signatureAlgorithm)`
`byte[]`	`getEncoded()` Returns encoded representation of signature.
`(package private) sun.security.x509.AlgorithmId`	`getKeyAlgorithm()`
`private static java.security.Signature`	`getSignature(sun.security.pkcs.SignerInfo info)` Derive Signature from signer info for use in validation.
`private static java.security.Signature`	`getSignature(java.lang.String keyAlgorithm)` Get default signature object base on default signature algorithm derived from given key algorithm for use in encoding usage.
`(package private) java.lang.String`	`getSignatureAlgorithm()`
`private static java.security.Timestamp`	`getTimestamp(sun.security.pkcs.SignerInfo info, java.security.cert.CertificateFactory certificateFactory)`
`boolean`	`isValid()`
`boolean`	`isValidationMode()`
`static JarSignature`	`load(byte[] rawSignature)` Loads jar signature from given byte array.
`private static java.lang.String`	`makeSigAlg(java.lang.String digAlg, java.lang.String encAlg)`
`private static void`	`readFully(java.io.InputStream is)`
`void`	`signJarAsBLOB(JarSignature.InputStreamSource input, java.util.zip.ZipOutputStream jos)`
`void`	`update(byte[] v)`
`java.io.InputStream`	`updateWithZipEntry(java.lang.String name, java.io.InputStream is)` Performs partial validation of zip/jar entry with given name and data stream.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

BLOB_SIGNATURE

public static final java.lang.String BLOB_SIGNATURE

See Also:: Constant Field Values

sig

private final java.security.Signature sig

certChain

private final java.security.cert.X509Certificate[] certChain

codeSigners

private final java.security.CodeSigner[] codeSigners

signerInfos

private final sun.security.pkcs.SignerInfo[] signerInfos

Constructor Detail

JarSignature

private JarSignature(java.security.Signature signature,
                     java.security.cert.X509Certificate[] chain)

JarSignature

private JarSignature(java.security.Signature signature,
                     sun.security.pkcs.SignerInfo[] infos,
                     java.security.CodeSigner[] signers)

Method Detail

load

public static JarSignature load(byte[] rawSignature)
                         throws sun.security.pkcs.ParsingException,
                                java.security.cert.CertificateException,
                                java.io.IOException,
                                java.security.NoSuchAlgorithmException,
                                java.security.InvalidKeyException,
                                java.security.SignatureException

Loads jar signature from given byte array. If signature could not be reconstructed then exceptions are thrown.

Throws:: sun.security.pkcs.ParsingException; java.security.cert.CertificateException; java.io.IOException; java.security.NoSuchAlgorithmException; java.security.InvalidKeyException; java.security.SignatureException

create

public static JarSignature create(java.security.PrivateKey privateKey,
                                  java.security.cert.X509Certificate[] chain)
                           throws java.security.NoSuchAlgorithmException,
                                  java.security.InvalidKeyException

Creates new signature for signing.

Parameters:: privateKey - Key to be used for signing.
Returns:
Throws:: java.security.NoSuchAlgorithmException; java.security.InvalidKeyException

isValidationMode
```
public boolean isValidationMode()
```

getSignature
```
private static java.security.Signature getSignature(java.lang.String keyAlgorithm)
                                             throws java.security.NoSuchAlgorithmException
```
Get default signature object base on default signature algorithm derived from given key algorithm for use in encoding usage.

Throws:

java.security.NoSuchAlgorithmException

getSignature

private static java.security.Signature getSignature(sun.security.pkcs.SignerInfo info)
                                             throws java.security.NoSuchAlgorithmException

Derive Signature from signer info for use in validation.

Throws:: java.security.NoSuchAlgorithmException

getSignatureAlgorithm

java.lang.String getSignatureAlgorithm()
                                throws java.security.NoSuchAlgorithmException

Throws:: java.security.NoSuchAlgorithmException

getDigestAlgorithm

sun.security.x509.AlgorithmId getDigestAlgorithm()
                                          throws java.security.NoSuchAlgorithmException

Throws:: java.security.NoSuchAlgorithmException

getKeyAlgorithm

sun.security.x509.AlgorithmId getKeyAlgorithm()
                                       throws java.security.NoSuchAlgorithmException

Throws:: java.security.NoSuchAlgorithmException

makeSigAlg

private static java.lang.String makeSigAlg(java.lang.String digAlg,
                                           java.lang.String encAlg)

getDigAlgFromSigAlg

private static java.lang.String getDigAlgFromSigAlg(java.lang.String signatureAlgorithm)

getEncAlgFromSigAlg

private static java.lang.String getEncAlgFromSigAlg(java.lang.String signatureAlgorithm)

getEncoded
```
public byte[] getEncoded()
                  throws java.security.NoSuchAlgorithmException,
                         java.security.SignatureException,
                         java.io.IOException
```
Returns encoded representation of signature.

Throws:

java.lang.UnsupportedOperationException - if called in validation mode.

java.security.NoSuchAlgorithmException

java.security.SignatureException

java.io.IOException

updateWithZipEntry
```
public java.io.InputStream updateWithZipEntry(java.lang.String name,
                                              java.io.InputStream is)
                                       throws java.security.SignatureException
```
Performs partial validation of zip/jar entry with given name and data stream. Return wrapped version of input stream to complete validation. Stream need to be read fully for validation to be complete.

Throws:

java.security.SignatureException

update

public void update(byte[] v)
            throws java.security.SignatureException

Throws:: java.security.SignatureException

isValid
```
public boolean isValid()
```

getCodeSigners

public java.security.CodeSigner[] getCodeSigners()

extractCodeSigners

private static java.security.CodeSigner[] extractCodeSigners(sun.security.pkcs.SignerInfo[] infos,
                                                             sun.security.pkcs.PKCS7 block)
                                                      throws java.io.IOException,
                                                             java.security.NoSuchAlgorithmException,
                                                             java.security.SignatureException,
                                                             java.security.cert.CertificateException

Throws:: java.io.IOException; java.security.NoSuchAlgorithmException; java.security.SignatureException; java.security.cert.CertificateException

getTimestamp

private static java.security.Timestamp getTimestamp(sun.security.pkcs.SignerInfo info,
                                                    java.security.cert.CertificateFactory certificateFactory)
                                             throws java.io.IOException,
                                                    java.security.NoSuchAlgorithmException,
                                                    java.security.SignatureException,
                                                    java.security.cert.CertificateException

Throws:: java.io.IOException; java.security.NoSuchAlgorithmException; java.security.SignatureException; java.security.cert.CertificateException

signJarAsBLOB

public void signJarAsBLOB(JarSignature.InputStreamSource input,
                          java.util.zip.ZipOutputStream jos)
                   throws java.io.IOException,
                          java.security.SignatureException,
                          java.security.NoSuchAlgorithmException

Throws:: java.io.IOException; java.security.SignatureException; java.security.NoSuchAlgorithmException

addSignatureEntry

private void addSignatureEntry(byte[] signature,
                               java.util.zip.ZipOutputStream jos)
                        throws java.io.IOException

Throws:: java.io.IOException

readFully

private static void readFully(java.io.InputStream is)
                       throws java.io.IOException

Throws:: java.io.IOException

Class JarSignature

Nested Class Summary

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

BLOB_SIGNATURE

sig

certChain

codeSigners

signerInfos

Constructor Detail

JarSignature

JarSignature

Method Detail

load

create

isValidationMode

getSignature

getSignature

getSignatureAlgorithm

getDigestAlgorithm

getKeyAlgorithm

makeSigAlg

getDigAlgFromSigAlg

getEncAlgFromSigAlg

getEncoded

updateWithZipEntry

update

isValid

getCodeSigners

extractCodeSigners

getTimestamp

signJarAsBLOB

addSignatureEntry

readFully