发表新帖
发表新帖

Verifying Jar Signature

后端 未结
关注
2 1692
你的背包
你的背包 2020-12-03 16:00

I\'m trying to programmatically verify that a jar file has not been obviously tampered with. I have 2 use cases I want to prevent. 1) Modifications of existing classes 2) ad

2条回答
  • 慢半拍i
    慢半拍i (楼主)
    2020-12-03 16:10

    I figured out why this was happening to me...it was a stupid mistake.

    I had my tampered signed jar, but I also had all the same classes compiled since this was my dev env. So the classloader picked up the compiled classes over the jar classes. There is no manifest for the compiled classes, so no security errors were generated.

    Once I deleted my compiled classes I got the expected security exceptions.

    0 讨论(0)
 看不清?
提交回复
热议问题