org.freshcookies.security.cert
Class JarHelper

java.lang.Object
  extended by org.freshcookies.security.cert.JarHelper

public class JarHelper
extends java.lang.Object

Extracts certificates used to sign a specified JAR file and optionally save them to disk. If the SecurityManager is running, the ProtectionDomain of this class must grant read access to any jar files passed to extractCACertificates(JarFile) or extractSigningCertificates(JarFile). For example, to process the jar file /etc/myclasses.jar, the security policy file should grant the following permission to the freshcookies-securty-version.jar CodeSource and all preceding callers:

permission java.io.FilePermision "/etc/myclasses.jar", "read"

In addition, if the stand-alone main(String[]) method is used to automatically extract discovered certificates or add them to the system-wide trust store, this CodeSource and all preceding callsers require these additional privileges:

None of the methods in this class perform their actions inside doPrivileged blocks, so all SecurityException errors are propagated to callers.


Constructor Summary
JarHelper()
          Constructs a new instance of JarHelper.
 
Method Summary
 java.util.Set extractCACertificates(java.util.jar.JarFile jar)
          Extracts the CA certificates from a Jar file.
 java.util.Set extractSigningCertificates(java.util.jar.JarFile jar)
          Extracts the signing certificates from a Jar file.
static void main(java.lang.String[] args)
          Convenience main method that extracts the signing certificates from a jar file and optionally saves them to disk and the system trust store.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

JarHelper

public JarHelper()
Constructs a new instance of JarHelper.

Method Detail

main

public static void main(java.lang.String[] args)
Convenience main method that extracts the signing certificates from a jar file and optionally saves them to disk and the system trust store.

Parameters:
args - the absolute path to the jar file, or --help to print a short help message.
Throws:
java.lang.SecurityException - when the SecurityManager is running, and the current policy does not grant this ProtectionDomain and preceding callers all of the following permissions:
  • java.io.FilePermission "${java.home}/lib/security/cacerts", "read,write"
  • java.lang.RuntimePermission "writeFileDescriptor"
  • java.util.PropertyPermission "javax.net.ssl.trustStore", "read"
  • java.util.PropertyPermission "java.home" "read"

extractCACertificates

public java.util.Set extractCACertificates(java.util.jar.JarFile jar)
                                    throws java.io.IOException
Extracts the CA certificates from a Jar file.

Parameters:
jar - the jar file
Returns:
an array of CA X509Certificate objects
Throws:
java.io.IOException - if the jar cannot be read
java.lang.SecurityException - when the SecurityManager is running, and it denies read access to the jar file

extractSigningCertificates

public java.util.Set extractSigningCertificates(java.util.jar.JarFile jar)
                                         throws java.io.IOException
Extracts the signing certificates from a Jar file.

Parameters:
jar - the jar file
Returns:
an array of X509Certificate objects used to sign various files
Throws:
java.io.IOException - if the jar cannot be read
java.lang.SecurityException - when the SecurityManager is running, and it denies read access to the jar file