1
我需要從我的應用程序驗證簽名的jar。我發現我可以通過閱讀所有內容,這樣做:JarFile/ZipFile緩存?
public boolean verifyJar(String filePath) {
try {
JarFile jar = new JarFile(filePath, true);
Enumeration<JarEntry> entries = jar.entries();
while (entries.hasMoreElements()) {
JarEntry entry = entries.nextElement();
InputStream is = jar.getInputStream(entry);
byte[] buffer = new byte[10000];
while (is.read(buffer, 0, buffer.length) != -1) {
// we just read. this will throw a SecurityException
// if a signature/digest check fails.
}
is.close();
}
return true;
} catch (Exception e) {
return false;
}
}
如果我有一個有效的JAR執行檢查,它傳遞。如果我通過將它切成兩半來損壞罐子,它就會失敗。但是如果我在一個進程中同時執行,則第二次檢查通過(就像它讀取文件的以前版本一樣)!
public static void main(String[] args) throws Exception {
String path = "src/test/resources/temp/lib.jar";
// Passes - that's good
System.out.println(new Validator().verifyJar(path));
byte[] content = FileUtil.readFile(path);
FileUtil.save(path, Arrays.copyOf(content, content.length/2));
// Passes - but it shouldn't.
// Fails if the first check is commented out though.
System.out.println(new Validator().verifyJar(path));
}
所以看起來ZipFile
或JarFile
以某種方式緩存。我如何抑制這種行爲?
我會提示你,使用ZipFile.close方法 – bestsss 2011-06-08 08:11:28
@bestsss這樣做的伎倆,謝謝!隨意發佈它作爲答案。 – 2011-06-08 08:18:52