IndexV1Verifier

class IndexV1Verifier(jarFile: File, expectedSigningCertificate: String?, expectedSigningFingerprint: String?) : JarIndexVerifier

Verifies the old Index V1.

Parameters

jarFile

the signed jar file to verify.

expectedSigningCertificate

The signing certificate of the repo encoded in lower case hex, if it is known already. This should only be null if the repo is unknown. Then we trust it on first use (TOFU).

expectedSigningFingerprint

The fingerprint, a SHA 256 hash of the expectedSigningCertificate's byte encoding as a lower case hex string. Even if expectedSigningFingerprint is null, the fingerprint might be known and can be used to verify that it matches the signing certificate.

Constructors

Link copied to clipboard
constructor(jarFile: File, expectedSigningCertificate: String?, expectedSigningFingerprint: String?)

Functions

Link copied to clipboard
fun <T> getStreamAndVerify(certificateAndStream: (InputStream) -> T): Pair<String, T>

Opens the jarFile, verifies it and then gets signing certificate as well as the index stream for further processing. The caller does not need to close the stream.