/** * If the associated JAR file is signed, check on the validity of all of the known signatures. * * @return {@code true} if the associated JAR is signed and an internal check verifies the * validity of the signature(s). {@code false} if the associated JAR file has no entries at * all in its {@code META-INF} directory. This situation is indicative of an invalid JAR file. * <p>Will also return {@code true} if the JAR file is <i>not</i> signed. * @throws SecurityException if the JAR file is signed and it is determined that a signature block * file contains an invalid signature for the corresponding signature file. */ synchronized boolean readCertificates() { if (metaEntries == null) { return false; } Iterator<String> it = metaEntries.keySet().iterator(); while (it.hasNext()) { String key = it.next(); if (key.endsWith(".DSA") || key.endsWith(".RSA") || key.endsWith(".EC")) { verifyCertificate(key); // Check for recursive class load if (metaEntries == null) { return false; } it.remove(); } } return true; }