Entry Verifier
constructor(jarFile: File, expectedSigningCertificate: String?, expectedSigningFingerprint: String?)
Parameters
jar File
the signed entry.jar
file to verify.
expected Signing Certificate
The signing certificate of the repo encoded in lower case hex, if it is known already. This should only be null if the repo is unknown. Then we trust it on first use (TOFU).
expected Signing Fingerprint
The fingerprint, a SHA 256 hash of the expectedSigningCertificate's byte encoding as a lower case hex string. Even if expectedSigningFingerprint is null, the fingerprint might be known and can be used to verify that it matches the signing certificate.