summaryrefslogtreecommitdiffstats
path: root/luni/src/main/java/java/util/jar/JarVerifier.java
diff options
context:
space:
mode:
Diffstat (limited to 'luni/src/main/java/java/util/jar/JarVerifier.java')
-rw-r--r--luni/src/main/java/java/util/jar/JarVerifier.java18
1 files changed, 16 insertions, 2 deletions
diff --git a/luni/src/main/java/java/util/jar/JarVerifier.java b/luni/src/main/java/java/util/jar/JarVerifier.java
index ec0e088..640f13c 100644
--- a/luni/src/main/java/java/util/jar/JarVerifier.java
+++ b/luni/src/main/java/java/util/jar/JarVerifier.java
@@ -68,6 +68,9 @@ class JarVerifier {
int mainAttributesEnd;
+ /** Whether or not to check certificate chain signatures. */
+ private final boolean chainCheck;
+
/**
* Stores and a hash and a message digest and verifies that massage digest
* matches the hash.
@@ -137,13 +140,23 @@ class JarVerifier {
}
/**
+ * Convenience constructor for backward compatibility.
+ */
+ JarVerifier(String name) {
+ this(name, false);
+ }
+
+ /**
* Constructs and returns a new instance of {@code JarVerifier}.
*
* @param name
* the name of the JAR file being verified.
+ * @param chainCheck
+ * whether to check the certificate chain signatures
*/
- JarVerifier(String name) {
+ JarVerifier(String name, boolean chainCheck) {
jarName = name;
+ this.chainCheck = chainCheck;
}
/**
@@ -288,7 +301,8 @@ class JarVerifier {
try {
Certificate[] signerCertChain = JarUtils.verifySignature(
new ByteArrayInputStream(sfBytes),
- new ByteArrayInputStream(sBlockBytes));
+ new ByteArrayInputStream(sBlockBytes),
+ chainCheck);
/*
* Recursive call in loading security provider related class which
* is in a signed JAR.
generated by cgit v1.1 at 2024-05-30 16:00:53 +0000