P4
Certain documentations and implementations make assumptions about the initial entries found in a valid JAR file. Here are two examples:
"
// This implementation assumes the META-INF/MANIFEST.MF entry
// should be either the first or the second entry (when preceded
// by the dir META-INF/). It skips the META-INF/ and then
// "consumes" the MANIFEST.MF to initialize the Manifest object.
"
https://github.com/openjdk/jdk/blob/49112fa5752174a77fb5cd276fdd4240bf76bf82/src/java.base/share/classes/java/util/jar/JarInputStream.java#L78-L81
"
The jar tool automatically generates a manifest file entry named META-INF/MANIFEST.MF. It is always the first entry in the jar file.
"
https://docs.oracle.com/javase/7/docs/technotes/tools/solaris/jar.html
The --validate option introduced into the jar tool in Java 17 seems to be a good place to check these assumptions.
"
// This implementation assumes the META-INF/MANIFEST.MF entry
// should be either the first or the second entry (when preceded
// by the dir META-INF/). It skips the META-INF/ and then
// "consumes" the MANIFEST.MF to initialize the Manifest object.
"
https://github.com/openjdk/jdk/blob/49112fa5752174a77fb5cd276fdd4240bf76bf82/src/java.base/share/classes/java/util/jar/JarInputStream.java#L78-L81
"
The jar tool automatically generates a manifest file entry named META-INF/MANIFEST.MF. It is always the first entry in the jar file.
"
https://docs.oracle.com/javase/7/docs/technotes/tools/solaris/jar.html
The --validate option introduced into the jar tool in Java 17 seems to be a good place to check these assumptions.