Index
constructor(jarFile: File, expectedSigningCertificate: String?, expectedSigningFingerprint: String?)
Parameters
jar
the signed jar file to verify.
expected
The signing certificate of the repo encoded in lower case hex, if it is known already. This should only be null if the repo is unknown. Then we trust it on first use (TOFU).
expected
The fingerprint, a SHA 256 hash of the expectedSigningCertificate's byte encoding as a lower case hex string. Even if expectedSigningFingerprint is null, the fingerprint might be known and can be used to verify that it matches the signing certificate.