Java 如何检查jar文件是否有效?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20152195/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
how to check if a jar file is valid?
提问by Jane Wayne
my webapp allows a user to upload a jar file. however, after the jar file is uploaded, it is corrupted. i have verified this by comparing the md5 checksum (winmd5free).
我的 webapp 允许用户上传 jar 文件。但是,jar 文件上传后,它已损坏。我已经通过比较 md5 校验和 (winmd5free) 验证了这一点。
the uploaded jar file looks "normal" and "right"
上传的 jar 文件看起来“正常”和“正确”
- the file size compared to the original looks right (at the KB level)
- i can open the uploaded jar file using 7z and view its content (resources and class files), and everything is the same compared to the original
- 与原始文件相比的文件大小看起来正确(在 KB 级别)
- 我可以使用7z打开上传的jar文件并查看其内容(资源和类文件),与原始文件相比,一切都相同
when i open up the uploaded jar file (using Notepad++), i did notice that the binary contents are different from the original. also, when i used JarInputStream to read the jar entries, there were no entries.
当我打开上传的 jar 文件(使用 Notepad++)时,我确实注意到二进制内容与原始内容不同。此外,当我使用 JarInputStream 读取 jar 条目时,没有条目。
JarInputStream is = new JarInputStream(new FileInputStream(new File("uploaded.jar")));
JarEntry entry = null;
while(null != (entry = is.getNextJarEntry())) {
System.out.println(entry.getName());
}
furthermore, when i double click on the jar (Windows), i get the following message.
此外,当我双击 jar (Windows) 时,我收到以下消息。
Error: Invalid or corrupt jarfile
错误:无效或损坏的 jarfile
my questions are
我的问题是
- is there a way to programmatically check if a jar file is valid? i would have expected JarInputStream to detect this right away, but it shows no problems at all
- when i double click on the jar file, in windows, is it java.exe that is giving me the invalid or corrupt jarfile message?
- how come when an invalid jar file is passed in as part of the classpath, no error/exception is thrown? e.g. java -cp uploaded.jar;libs* com.some.class.Test?
- 有没有办法以编程方式检查 jar 文件是否有效?我本来希望 JarInputStream 能够立即检测到这一点,但它根本没有显示任何问题
- 当我在 Windows 中双击 jar 文件时,是 java.exe 给了我无效或损坏的 jarfile 消息吗?
- 当一个无效的 jar 文件作为类路径的一部分传入时,怎么会没有错误/异常被抛出?例如java -cp Uploaded.jar;libs* com.some.class.Test?
please note that this has nothing to do with jar signing and/or checking the signing of a jar. it is simply checking if a file (uploaded or not) is a valid jar file (not necessarily if the jar's class files are valid, as there is another SO post on this issue already).
请注意,这与 jar 签名和/或检查 jar 的签名无关。它只是检查文件(上传与否)是否是有效的 jar 文件(不一定是 jar 的类文件是否有效,因为已经有关于此问题的另一篇 SO 帖子)。
results for running
运行结果
jar -tvf uploaded.jar
jar -tvf 上传.jar
java.util.zip.ZipException: error in opening zip file
at java.util.zip.ZipFile.open(Native Method)
at java.util.zip.ZipFile.<init>(ZipFile.java:127)
at java.util.zip.ZipFile.<init>(ZipFile.java:88)
at sun.tools.jar.Main.list(Main.java:977)
at sun.tools.jar.Main.run(Main.java:222)
at sun.tools.jar.Main.main(Main.java:1147)
采纳答案by Jane Wayne
a way to programmatically detect an invalid jar file is to use java.util.ZipFile.
一种以编程方式检测无效 jar 文件的方法是使用 java.util.ZipFile。
public static void main(String[] args) {
if(args.length < 1) {
System.err.println("need jar file");
return;
}
String pathname = args[0];
try {
ZipFile file = new ZipFile(new File(pathname));
Enumeration<? extends ZipEntry> e = file.entries();
while(e.hasMoreElements()) {
ZipEntry entry = e.nextElement();
System.out.println(entry.getName());
}
} catch(Exception ex) {
ex.printStackTrace();
}
}
if the jar file is invalid, a ZipException will be thrown when instantiating the ZipFile.
如果 jar 文件无效,则在实例化 ZipFile 时将抛出 ZipException。
