1

I want to check if a Jar File is Signed, the response should return the following details

  1. Certification file provider e.g. Trusted CA, Digicert, Norton etc
  2. Expiry Date of the signature if any
  3. Date Signed if any
  4. If the applet is Self Signed or Not

How do I achieve this?

Seroney
  • 805
  • 8
  • 26

1 Answers1

2
  1. Get the CodeSource via Class.getProtectionDomain().getCodeSource().
  2. Get the certificate chain.
  3. If it exists, the JAR is signed.
  4. If it is length 1, the certificate is self-signed.
  5. It is signed by whoever appears in the IssuerDN of the first certificate in the chain.
  6. The validity dates are in the Certificate.
user207421
  • 305,947
  • 44
  • 307
  • 483