Hello Ivan,
Ivan Ivanov wrote:
--- T E Schmitz <[EMAIL PROTECTED]> wrote:
I'm still looking to find out if you can determine whether a jar file is already signed or not.
In fact there is a way, but I do not know how it will
work with Ant: jarsigner command line tool has -verify
option. When run on signed jar:
jarsigner -verify signed.jar
it echoes jar verified
and when run on unsigned jar
jarsigner -verify unsigned.jar
it echoes
jar is unsigned. (signatures missing or not parsable).
That's strange. This is not the output I'm getting (I'm using Sun's SDK 1.4.2_01 on Win2K).
For an unsigned jar, jarsigner returns: "jarsigner: java.lang.IllegalStateException: zip file closed"
For a signed jar, jarsigner returns: "Note: This jar contains unsigned entries which are not integrity-checked. Re-run with -verbose to list unsigned entries." When I look at the MANIFEST, I find that all the classes in the jar are signed but not the directories.
Next idea that comes to me is that your third party jars are not likely to changed every day. So why don't you list them explicitly and exclude them when you call <signjar> task?
That's what I am doing just now - I was just wondering whether there might have been a better solution I had overlooked.
Like you, I keep the 3rd party jars in a separate directory. But some of them are already signed by Sun and mustn't be signed again when used with Java WebStart. The unsigned 3rd party jars, however, have to be signed.
--
Regards/Gru�,
Tarlika Elisabeth Schmitz
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
