1
我需要从我的应用程序验证签名的jar。我发现我可以通过阅读所有内容,这样做:JarFile/ZipFile缓存?
public boolean verifyJar(String filePath) {
try {
JarFile jar = new JarFile(filePath, true);
Enumeration<JarEntry> entries = jar.entries();
while (entries.hasMoreElements()) {
JarEntry entry = entries.nextElement();
InputStream is = jar.getInputStream(entry);
byte[] buffer = new byte[10000];
while (is.read(buffer, 0, buffer.length) != -1) {
// we just read. this will throw a SecurityException
// if a signature/digest check fails.
}
is.close();
}
return true;
} catch (Exception e) {
return false;
}
}
如果我有一个有效的JAR执行检查,它传递。如果我通过将它切成两半来损坏罐子,它就会失败。但是如果我在一个进程中同时执行,则第二次检查通过(就像它读取文件的以前版本一样)!
public static void main(String[] args) throws Exception {
String path = "src/test/resources/temp/lib.jar";
// Passes - that's good
System.out.println(new Validator().verifyJar(path));
byte[] content = FileUtil.readFile(path);
FileUtil.save(path, Arrays.copyOf(content, content.length/2));
// Passes - but it shouldn't.
// Fails if the first check is commented out though.
System.out.println(new Validator().verifyJar(path));
}
所以看起来ZipFile
或JarFile
以某种方式缓存。我如何抑制这种行为?
我会提示你,使用ZipFile.close方法 – bestsss 2011-06-08 08:11:28
@bestsss这样做的伎俩,谢谢!随意发布它作为答案。 – 2011-06-08 08:18:52