How to verify a jar signed with jarsigner programmatically

Question

I\'m wanting to sign a jar using jarsigner, then verify it using a Java application which does not have the signed jar as part of it\'s classpath (i.e. just using a filesyst

Answer 1

The security Provider implementation guide outlines the process of verifying JARs. Although these instructions are for a JCA cryptographic service provider to verify itself, they should be applicable to your problem.

Specifically, check out the verify(X509Certificate targetCert) method in the sample code, "MyJCE.java".