Revising to String name = entry.name().toUpperCase(Locale.ENGLISH);
return name.startsWith("META-INF/") && name.indexOf('/', 9) == -1 && ( name.endsWith(".SF") || name.endsWith(".DSA") || name.endsWith(".RSA") || name.endsWith(".EC") || name.startsWith("META-INF/SIG-") ); > On Nov 7, 2016, at 9:17 AM, Jim Laskey (Oracle) <james.las...@oracle.com> > wrote: > > Right. From SignatureFileVerifier.java > > > /** > * Utility method used by JarVerifier and JarSigner > * to determine the signature file names and PKCS7 block > * files names that are supported > * > * @param s file name > * @return true if the input file name is a supported > * Signature File or PKCS7 block file name > */ > public static boolean isBlockOrSF(String s) { > // we currently only support DSA and RSA PKCS7 blocks > return s.endsWith(".SF") > || s.endsWith(".DSA") > || s.endsWith(".RSA") > || s.endsWith(".EC"); > } > > /** > * Yet another utility method used by JarVerifier and JarSigner > * to determine what files are signature related, which includes > * the MANIFEST, SF files, known signature block files, and other > * unknown signature related files (those starting with SIG- with > * an optional [A-Z0-9]{1,3} extension right inside META-INF). > * > * @param name file name > * @return true if the input file name is signature related > */ > public static boolean isSigningRelated(String name) { > name = name.toUpperCase(Locale.ENGLISH); > if (!name.startsWith("META-INF/")) { > return false; > } > name = name.substring(9); > if (name.indexOf('/') != -1) { > return false; > } > if (isBlockOrSF(name) || name.equals("MANIFEST.MF")) { > return true; > } else if (name.startsWith("SIG-")) { > // check filename extension > // see > http://docs.oracle.com/javase/7/docs/technotes/guides/jar/jar.html#Digital_Signatures > // for what filename extensions are legal > int extIndex = name.lastIndexOf('.'); > if (extIndex != -1) { > String ext = name.substring(extIndex + 1); > // validate length first > if (ext.length() > 3 || ext.length() < 1) { > return false; > } > // then check chars, must be in [a-zA-Z0-9] per the jar spec > for (int index = 0; index < ext.length(); index++) { > char cc = ext.charAt(index); > // chars are promoted to uppercase so skip lowercase checks > if ((cc < 'A' || cc > 'Z') && (cc < '0' || cc > '9')) { > return false; > } > } > } > return true; // no extension is OK > } > return false; > } > > > > > >> On Nov 7, 2016, at 9:16 AM, Alan Bateman <alan.bate...@oracle.com> wrote: >> >> On 07/11/2016 13:09, Jim Laskey (Oracle) wrote: >> >>> Thank you. Regarding SIG- I was just followed the spec. >>> >> I hope Sean or Max can jump in on this, the other question is .EC as I >> believe the JDK allows this when signing too. >> >> -Alan >