Just An Application

August 10, 2014

And Another One: Part Six — PackageParser.loadCertificates

File

    $(ANDROID_SRC)/frameworks/base/core/java/android/content/pm/PackageParser.java

Source

    ...

    private Certificate[] loadCertificates(JarFile jarFile, JarEntry je,
            byte[] readBuffer) {
        try {
            // We must read the stream for the JarEntry to retrieve
            // its certificates.
            InputStream is = new BufferedInputStream(jarFile.getInputStream(je));
            while (is.read(readBuffer, 0, readBuffer.length) != -1) {
                // not using
            }
            is.close();
            return je != null ? je.getCertificates() : null;
        } catch (IOException e) {
            Slog.w(TAG, "Exception reading " + je.getName() + " in "
                    + jarFile.getName(), e);
        } catch (RuntimeException e) {
            Slog.w(TAG, "Exception reading " + je.getName() + " in "
                    + jarFile.getName(), e);
        }
        return null;
    }
    
    ...

The loadCertificates method is very simple.

It creates a BufferedInputStream with which to read the file corresponding to its JarEntry argument from the JAR represented by its JarFile argument.

It then reads the entire file without doing anything with the contents. This is necessary to ensure that the file represented by the JarEntry argument is verified.

Having done this it returns the result of calling the getCertificates method on its JarEntry argument.

As an aside, the null test in the return statement is puzzling.

If the argument je was null then the method would never have reached this point as the JarFile.getInputStream method does not take kindly to being passed null.


Copyright (c) 2014 By Simon Lewis. All Rights Reserved.

Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and owner Simon Lewis is strictly prohibited.

Excerpts and links may be used, provided that full and clear credit is given to Simon Lewis and justanapplication.wordpress.com with appropriate and specific direction to the original content.

Advertisements

3 Comments »

  1. […] invoked by the PackageParser method loadCertificates for the first time we know that verifier is not null since the JarFile instance was created by the […]

    Pingback by And Another One: Part Seven — JarFile.getInputStream | Just An Application — August 11, 2014 @ 8:24 am

  2. […] PackageParser.loadCertificates method creates a BufferedInputStream passing it the InputStream returned by the […]

    Pingback by And Another One: Part Thirteen — JarFile.JarFileInputStream.read | Just An Application — August 14, 2014 @ 6:08 pm

  3. […] read the contents of the file in the JAR the PackageParser.loadCertificates method returns the result of calling getCertificates on the given […]

    Pingback by And Another One: Part Fifteen — JarEntry.getCertificates And JarVerifier.getCertificates | Just An Application — August 15, 2014 @ 8:09 pm


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: