public String verify(JarFile jar, String... algorithms) throws IOException {
if (algorithms == null || algorithms.length == 0) algorithms = new String[] {"MD5", "SHA"};
else if (algorithms.length == 1 && algorithms[0].equals("-")) return null;
try {
Manifest m = jar.getManifest();
if (m.getEntries().isEmpty()) return "No name sections";
for (Enumeration<JarEntry> e = jar.entries(); e.hasMoreElements(); ) {
JarEntry je = e.nextElement();
if (MANIFEST_ENTRY.matcher(je.getName()).matches()) continue;
Attributes nameSection = m.getAttributes(je.getName());
if (nameSection == null) return "No name section for " + je.getName();
for (String algorithm : algorithms) {
try {
MessageDigest md = MessageDigest.getInstance(algorithm);
String expected = nameSection.getValue(algorithm + "-Digest");
if (expected != null) {
byte digest[] = Base64.decodeBase64(expected);
copy(jar.getInputStream(je), md);
if (!Arrays.equals(digest, md.digest()))
return "Invalid digest for "
+ je.getName()
+ ", "
+ expected
+ " != "
+ Base64.encodeBase64(md.digest());
} else reporter.error("could not find digest for " + algorithm + "-Digest");
} catch (NoSuchAlgorithmException nsae) {
return "Missing digest algorithm " + algorithm;
}
}
}
} catch (Exception e) {
return "Failed to verify due to exception: " + e.getMessage();
}
return null;
}
protected void definePackage(
final File container, final String packageName, final Manifest manifest) {
final String sectionName = packageName.replace('.', '/') + "/";
String specificationTitle = null;
String specificationVendor = null;
String specificationVersion = null;
String implementationTitle = null;
String implementationVendor = null;
String implementationVersion = null;
String sealedString = null;
URL sealBase = null;
final Attributes sectionAttributes = manifest.getAttributes(sectionName);
if (sectionAttributes != null) {
specificationTitle = sectionAttributes.getValue(Attributes.Name.SPECIFICATION_TITLE);
specificationVendor = sectionAttributes.getValue(Attributes.Name.SPECIFICATION_VENDOR);
specificationVersion = sectionAttributes.getValue(Attributes.Name.SPECIFICATION_VERSION);
implementationTitle = sectionAttributes.getValue(Attributes.Name.IMPLEMENTATION_TITLE);
implementationVendor = sectionAttributes.getValue(Attributes.Name.IMPLEMENTATION_VENDOR);
implementationVersion = sectionAttributes.getValue(Attributes.Name.IMPLEMENTATION_VERSION);
sealedString = sectionAttributes.getValue(Attributes.Name.SEALED);
}
final Attributes mainAttributes = manifest.getMainAttributes();
if (mainAttributes != null) {
if (specificationTitle == null) {
specificationTitle = mainAttributes.getValue(Attributes.Name.SPECIFICATION_TITLE);
}
if (specificationVendor == null) {
specificationVendor = mainAttributes.getValue(Attributes.Name.SPECIFICATION_VENDOR);
}
if (specificationVersion == null) {
specificationVersion = mainAttributes.getValue(Attributes.Name.SPECIFICATION_VERSION);
}
if (implementationTitle == null) {
implementationTitle = mainAttributes.getValue(Attributes.Name.IMPLEMENTATION_TITLE);
}
if (implementationVendor == null) {
implementationVendor = mainAttributes.getValue(Attributes.Name.IMPLEMENTATION_VENDOR);
}
if (implementationVersion == null) {
implementationVersion = mainAttributes.getValue(Attributes.Name.IMPLEMENTATION_VERSION);
}
if (sealedString == null) {
sealedString = mainAttributes.getValue(Attributes.Name.SEALED);
}
}
if (sealedString != null && sealedString.equalsIgnoreCase("true")) {
try {
sealBase = new URL(FileUtils.getFileUtils().toURI(container.getAbsolutePath()));
} catch (MalformedURLException ex) {
}
}
this.definePackage(
packageName,
specificationTitle,
specificationVersion,
specificationVendor,
implementationTitle,
implementationVersion,
implementationVendor,
sealBase);
}