/**
* If the associated JAR file is signed, check on the validity of all of the known signatures.
*
* @return {@code true} if the associated JAR is signed and an internal check verifies the
* validity of the signature(s). {@code false} if the associated JAR file has no entries at
* all in its {@code META-INF} directory. This situation is indicative of an invalid JAR file.
* <p>Will also return {@code true} if the JAR file is <i>not</i> signed.
* @throws SecurityException if the JAR file is signed and it is determined that a signature block
* file contains an invalid signature for the corresponding signature file.
*/
synchronized boolean readCertificates() {
if (metaEntries == null) {
return false;
}
Iterator<String> it = metaEntries.keySet().iterator();
while (it.hasNext()) {
String key = it.next();
if (key.endsWith(".DSA") || key.endsWith(".RSA") || key.endsWith(".EC")) {
verifyCertificate(key);
// Check for recursive class load
if (metaEntries == null) {
return false;
}
it.remove();
}
}
return true;
}
