EntryVerifier

constructor(jarFile: File, expectedSigningCertificate: String?, expectedSigningFingerprint: String?)

Parameters

jarFile

the signed entry.jar file to verify.

expectedSigningCertificate

The signing certificate of the repo encoded in lower case hex, if it is known already. This should only be null if the repo is unknown. Then we trust it on first use (TOFU).

expectedSigningFingerprint

The fingerprint, a SHA 256 hash of the expectedSigningCertificate's byte encoding as a lower case hex string. Even if expectedSigningFingerprint is null, the fingerprint might be known and can be used to verify that it matches the signing certificate.