Summary

Print out a warning if an entry is removed from a signed JAR file.

Problem

If an entry is removed from a signed JAR file, there is no way to detect it from the JarFile API. The JarFile class itself does not have any method on code signers. Instead, signers are only assigned to individual entries which can be retrieved with the JarEntry::getCertificates or JarEntry::getCodeSigners methods. If an entry is removed, there is no way to get a JarEntry for it since JarFile::getJarEntry simply returns null as if the file has never existed.

On the other hand, some users might consider removing an entry from a signed JAR file breaks the integrity of the file and would like a way to detect it.

Solution

Inside a signed JAR file, the signature file contains the names of all files at the signing time. The jarsigner tool can compare the names with the content of the JAR file to detect whether any is missing.

Please note that there is no restriction that users cannot put non-file entries inside the MANIFEST.MF file, and the jarsigner tool will always create a section with the same entry name in a signature file. In this case, the new feature might falsely report missing entries. This is the reason why the warning message uses "Nonexistent signed entries" instead of "Removed signed entries".

Specification

If the jarsigner -verify command detects that certain sections inside a signature file does not map to file entries in a signed JAR file, the following warning is printed:

This jar contains signed entries for files that do not exist. See the -verbose output for more details.

Rerun the command with the -verbose option would show what these entries are for each signer, for example,

- Signed by "CN=a"
    Digest algorithm: SHA-384
    Signature algorithm: SHA384withECDSA, 384-bit key
    Warning: nonexistent signed entries: [missing_entry_name]

The warning will be added to the jarsigner man page as an Informational Warning:

hasNonexistentEntries
:   This JAR contains signed entries for files that do not exist.