-
Sub-task
-
Resolution: Unresolved
-
P4
-
24
If an entry is removed from a signed JAR file, there is no way to detect it using the `JarFile` API, since the `getJarEntry` method simply returns `null` as if the entry has never existed. With this change, the `jarsigner -verify` command looks into the signature files, and prints out a warning showing "This JAR contains signed entries for files that do not exist" if some sections do not have matched file entries. Users can further find out the names of these entries by adding the `-verbose` option to the command.