- Jul 17, 2021
-
-
Bob Callaway authoredThis causes a JAR to be fetched over a local HTTP server in the e2e test harness instead of the external Jenkins mirror. Also causes the JAR input to be randomized so we can re-use the createSignedJar method in multiple tests. Fixes: #375 Signed-off-by:
Bob Callaway <bob.callaway@gmail.com>
-
- Apr 18, 2021
-
-
Bob Callaway authored
* Improve code sharing in pluggable type support This patch removes some of the duplicate logic from specific type implementations and moves it into the base design which hopefully makes writing pluggable types a bit easier. Signed-off-by:Bob Callaway <bob.callaway@gmail.com>
-
- Apr 15, 2021
-
-
Bob Callaway authored
* Add new type for JAR archives This adds support for a new pluggable type that can extract signatures from signed JAR files. Per the JAR spec, a special manifest file is created with the digest hashes of all included content in the JAR file. It is this special manifest file that is then signed, and included in a file within the archive in PKCS7 format. The PKCS7 file also includes the X509 certificate that can be used to verify the signed manifest file inside of the JAR. Signed-off-by:Bob Callaway <bob.callaway@gmail.com>
-