-
Bob Callaway authored* Add new type for JAR archives This adds support for a new pluggable type that can extract signatures from signed JAR files. Per the JAR spec, a special manifest file is created with the digest hashes of all included content in the JAR file. It is this special manifest file that is then signed, and included in a file within the archive in PKCS7 format. The PKCS7 file also includes the X509 certificate that can be used to verify the signed manifest file inside of the JAR. Signed-off-by:
Bob Callaway <bob.callaway@gmail.com>Bob Callaway authored* Add new type for JAR archives This adds support for a new pluggable type that can extract signatures from signed JAR files. Per the JAR spec, a special manifest file is created with the digest hashes of all included content in the JAR file. It is this special manifest file that is then signed, and included in a file within the archive in PKCS7 format. The PKCS7 file also includes the X509 certificate that can be used to verify the signed manifest file inside of the JAR. Signed-off-by:Bob Callaway <bob.callaway@gmail.com>