问题
my webapp allows a user to upload a jar file. however, after the jar file is uploaded, it is corrupted. i have verified this by comparing the md5 checksum (winmd5free).
the uploaded jar file looks "normal" and "right"
- the file size compared to the original looks right (at the KB level)
- i can open the uploaded jar file using 7z and view its content (resources and class files), and everything is the same compared to the original
when i open up the uploaded jar file (using Notepad++), i did notice that the binary contents are different from the original. also, when i used JarInputStream to read the jar entries, there were no entries.
JarInputStream is = new JarInputStream(new FileInputStream(new File("uploaded.jar")));
JarEntry entry = null;
while(null != (entry = is.getNextJarEntry())) {
System.out.println(entry.getName());
}
furthermore, when i double click on the jar (Windows), i get the following message.
Error: Invalid or corrupt jarfile
my questions are
- is there a way to programmatically check if a jar file is valid? i would have expected JarInputStream to detect this right away, but it shows no problems at all
- when i double click on the jar file, in windows, is it java.exe that is giving me the invalid or corrupt jarfile message?
- how come when an invalid jar file is passed in as part of the classpath, no error/exception is thrown? e.g. java -cp uploaded.jar;libs* com.some.class.Test ?
please note that this has nothing to do with jar signing and/or checking the signing of a jar. it is simply checking if a file (uploaded or not) is a valid jar file (not necessarily if the jar's class files are valid, as there is another SO post on this issue already).
results for running
jar -tvf uploaded.jar
java.util.zip.ZipException: error in opening zip file
at java.util.zip.ZipFile.open(Native Method)
at java.util.zip.ZipFile.<init>(ZipFile.java:127)
at java.util.zip.ZipFile.<init>(ZipFile.java:88)
at sun.tools.jar.Main.list(Main.java:977)
at sun.tools.jar.Main.run(Main.java:222)
at sun.tools.jar.Main.main(Main.java:1147)
回答1:
a way to programmatically detect an invalid jar file is to use java.util.ZipFile.
public static void main(String[] args) {
if(args.length < 1) {
System.err.println("need jar file");
return;
}
String pathname = args[0];
try {
ZipFile file = new ZipFile(new File(pathname));
Enumeration<? extends ZipEntry> e = file.entries();
while(e.hasMoreElements()) {
ZipEntry entry = e.nextElement();
System.out.println(entry.getName());
}
} catch(Exception ex) {
ex.printStackTrace();
}
}
if the jar file is invalid, a ZipException will be thrown when instantiating the ZipFile.
来源:https://stackoverflow.com/questions/20152195/how-to-check-if-a-jar-file-is-valid