Java Reference
In-Depth Information
Example 6−4: Manifest.java (continued)
// If we're computing a signature, use the bytes of the filename
// and of the digest as part of the data to sign.
if (signature != null) {
signature.update(filename.getBytes());
signature.update(digest);
}
// Store the filename and the encoded digest bytes in the manifest
manifest.put(filename, hexEncode(digest));
System.out.print('.');
System.out.flush();
}
// If a signer was specified, compute signature for the manifest
byte[] signaturebytes = null;
if (signature != null) {
System.out.print("done\nComputing digital signature...");
System.out.flush();
// Compute the digital signature by encrypting a message digest of
// all the bytes passed to the update() method using the private
// key of the signer. This is a time consuming operation.
signaturebytes = signature.sign();
}
// Tell the user what comes next
System.out.print("done\nWriting manifest...");
System.out.flush();
// Store some metadata about this manifest, including the name of the
// message digest algorithm it uses
metadata.put("__META.DIGESTALGORITHM", digestAlgorithm);
// If we're signing the manifest, store some more metadata
if (signername != null) {
// Store the name of the signer
metadata.put("__META.SIGNER", signername);
// Store the name of the algorithm
metadata.put("__META.SIGNATUREALGORITHM", signatureAlgorithm);
// And generate the signature, encode it, and store it
metadata.put("__META.SIGNATURE", hexEncode(signaturebytes));
}
// Now, save the manifest data and the metadata to the manifest file
FileOutputStream f = new FileOutputStream(manifestfile);
manifest.store(f, "Manifest message digests");
metadata.store(f, "Manifest metadata");
System.out.println("done");
}
/**
* This method verifies the digital signature of the named manifest
* file, if it has one, and if that verification succeeds, it verifies
* the message digest of each file in filelist that is also named in the
* manifest. This method can throw a bunch of exceptions
**/
public static void verify(String manifestfile, KeyStore keystore)
throws NoSuchAlgorithmException, SignatureException,
InvalidKeyException, KeyStoreException, IOException
{
