Most Java programmers are familiar with the basic operations of the JAR file. But only a few programmers understand powerful features in the JAR file format. In this article, the authors discussed many features and advantages in the JAR format, including packaging, executable JAR files, security, and indexes. What is the JAR file? The JAR file format is based on the popular ZIP file format to gather many files to a file. Unlike the ZIP file, JAR files are not only used for compression and release, but also for deploying and package libraries, components, plug-in, and can be used directly like compilers and JVMs. In Jar contains special files, such as manifests and deployment descriptors, used to indicate how tools handle specific JAR. A JAR file can be used to: Publish and use class libraries as application and extended build units as components, Applets or plug-in deployment units for packaging and component associated assist resource JAR file formats provide many advantages and Function, many of which are not provided by traditional compression formats such as ZIP or TAR. They include: security. You can add a digitized signature on the contents of JAR files. In this way, you can identify the signed tools to selectively grant software security privileges, which is what other files cannot be done, and it can also detect whether the code is tampered with. Reduce download time. If an applet is bundled into a JAR file, the browser can download the applet class file and related resources in an HTTP transaction, not to open a new connection to each file. compression. The JAR format allows you to compress files to increase storage efficiency. Transmission platform extension. Java Extensions Framework provides a method of adding a function to the Java core platform, which is packaged with JAR files (Java 3D and JavaMail are extended by Sun development). Package seal. Packages stored in the JAR file can be selected to enhance version consistency and security. Sealed a package means that all classes in the package must be found in the same jar file. Package version control. A JAR file can contain data about the files it contain, such as vendors and version information. portability. The mechanism for processing JAR files is the standard part of the core API of the Java platform. Compressed and Uncompressed JAR JAR Tools (See JAR Tools for details) compressed files by default. Uncompressed JAR files can generally be loaded more quickly than compressed JAR files because the files to decompress files during the loading process, but uncompressed files can be longer on the network. Meta-Inf Directory Most JAR files contain a meta-inflica, which is used to store package and extended configuration data, such as security and version information. The Java 2 platform identifies and explains the following files and directories in the meta-INF directory to configure applications, extensions, and class loaders: Manifest.mf. This manifest file defines data related to extended and package. Index.list. This file is generated by the new option -i of the JAR tool, which contains location information of the package defined in the application or extension. It is part of the JARINDEX implementation and is used by class loaders to accelerate class loading procedures. xxx.sf. This is a signature file for the JAR file. The placeholder XXX identifies the signature. XXX.DSA. The signature block file associated with the signature file, which stores a public signature for signing JAR files. JAR Tools In order to perform basic tasks with JAR files, Java Archive Tool (JAR tools) provided as part of Java Development Kit is used. Use the jar command to call the JAR tool.
Table 1 shows some common applications: Table 1. Common JAR tool usage function command creates a JAR file JAR CF JAR-File Input-file with a single file ... Create a JAR file JAR CF JAR- File Dir-Name Create an uncompressed JAR file JAR CF0 JAR-File Dir-name Update a JAR file JAR UF JAR-File Input-file ... View a JAR file JAR TF JAR-File extracts a JAR file Content JAR XF JAR-FILE extracts specific files from a JAR file JAR XF JAR-File Archived-File ... Running a package to execute JAR file Java -jar app.jar executable JAR an executable The JAR file is a self-contained Java application that is stored in a specially configured JAR file, which can be executed directly by JVM without having to extract files or set a class path in advance. To run an application stored in a non-executable JAR, you must add it to your classpath and use the name of the application's primary class. But use the executable JAR file, we can run an application without extracting it or knowing the primary entry point. JAR can be implemented to facilitate the release and execute Java applications. Creating an executable JAR to create a executable JAR is easy. First put all application code in a directory. Suppose the primary class in the application is com.mycompany.myapp.sample. You want to create a JAR file containing the application code and identify the primary class. To do this, create a file called Manifest in a certain location (not in the application directory), add the following line: main-class: com.mycompany.myapp.sample then, create a JAR file like this: JAR CMF manifest executablejar.jar Application-DIR is these - now you can use Java -jar to execute this JAR file executablejar.jar. An executable JAR must reference all other subordinate JAR it needs through the header of the Menifest file. If the -jar option is used, the environment variable ClassPath and all class paths specified in the command line are ignored by the JVM. Starting executive JAR Since we have already packaged your application to execute JAR named Executablejar.jar, then we can start using the following command directly from the file: java -jar executablejar.jar package A package in the sealed seal JAR file means that all classes defined in this package must be found in the same JAR file. This allows the author of the package to enhance the version consistency between the packaging class. The seal also provides means to prevent code tampering. To seal the package, you need to add a name header for the package in the JAR's Manifest file, then add the value "true" Sealed header. Like executable JAR, you can seal a JAR when you create a JAR, seal a JAR with a manifest file with an appropriate header, as shown below: Name: COM / SamplePackage / Sealed: true name header identifies the relative path name of the package. It ends with the file name in a "/". All heads prior to the first space behind the Name head act on the files or packages specified in the NAME header. In the above example, since the Sealed header appears after the NAME head and there is no space line, the Sealed header will be interpreted as only applied to the package COM / SamplePackage.
If you try to load a class in the seal package from the JAR file outside the seal, the JVM will throw a securityException. Extended package expansion adds a function to the Java platform, which has already joined the extended mechanism in the JAR file format. The extended mechanism allows the JAR file to specify the other JAR files required by the class-path header in the Manifest file. Suppose extension1.jar and extension2.jar are two JAR files in the same directory, and the Manifest file of Extension1.jar contains the following: Class-path: extension2.jar This header indicates that the class in Extension2.jar is extension1.jar The class of the class. The classes in Extension1.jar can call classes in Extension2.jar and do not require Extension2.jar in the classpath. When the JAR loaded using the extension mechanism, the JVM will automatically add the JAR referenced in the Class-Path head to the classpath in the JAR in the class-path header. However, the extended JAR path is interpreted as a relative path, so in general, the extension JAR must be stored in the same directory where the JAR is referenced. For example, assume that class extensionClient references class ExtensionDemo, which is bundled in a JAR file called ExtensionClient.jar, and class ExtensionDemo is bundled in ExtensionDemo.jar. In order to make the extensionDemo.jar be extended, you must list the extensionDemo.jar in the class-path header of ExtensionClient.jar, as shown below: Manifest-Version: 1.0 Class-path: ExtensionDemo.jar in this manifest Class- The value of the PATH head is an extensionDemo.jar without a specified path, indicating that extensionDemo.jar is in the same directory with the ExtensionClient JAR file. The security JAR file in the JAR file can be signed with the JARSIGNER tool or pass the Java.security API. A signature JAR file is exactly the same as the original JAR file, just updates its manifest and adds two files, a signature file, and a signature block file in the meta-inflicide. The JAR file is signed with a certificate stored in the KeyStore database. The certificate stored in the keystore has password protection, and this password must be provided to the JARSIGNER tool to sign the JAR file. Figure 1. KEYSTORE Database JAR's signature is represented by a signature file with a .sf extension in the Meta-Inf directory of the JAR file. The format of this file is similar to the Manifest file - a set of RFC-822 heads. As shown below, its composition includes a major part, which includes information provided by the signature, but does not specifically for any specific JAR file item, there is a series of separate items, which must also be included in the Menifest file. . When verifying a signature JAR, the summary value of the signature file is compared to the summary value calculated by the corresponding item in the JAR file.
Listing 1. Signature Jar Manifest and Signature File Contents of Signature File Meta-INF / Manifest.mf Manifest-Version: 1.0 Created-by: 1.3.0 (Sun Microsystems Inc.) Name: Sample.java Sha1-Digest: 3 DdYW8INICtyG8ZarHlFxX0W6g = Name: Sample.class SHA1-Digest: YJ5yQHBZBJ3SsTNcHJFqUkfWEmI = Contents of signature file META-INF / JAMES.SF Signature-Version: 1.0 SHA1-Digest-Manifest: HBstZOJBuuTJ6QMIdB90T8sjaOM = Created-By: 1.3.0 (Sun Microsystems Inc. ) Name: sample.java sha1-digest: Qipmdrkurqckwnyili3jtrnia8Q = name: sample.class sha1-digest: pt2dyby8qxpcczv2nWPLXD8P4G4 = Digital Signature A digital signature is the signed version of the .sf signature file. Digital signature files are binary and have the same file name as the .sf file, but the extension is different. Depending on the type of digital signature - RSA, DSA or PGP - and a different extension of the certificate type for signature JAR. KeyStore To sign a JAR file, you must first have a private key. The private key and its associated public key certificate are stored in a password-protected database called KeyStores. JDK contains tools that create and modify keystores. Each key in KeyStore can be identified by an individual name, which is usually the name of the signature owner with this key. All KeyStore items (certificate items for keys and trust) are accessed with unique alias. The alias is specified by generating a key pair (public key and private key) with the keytool -genkey command and add items to the KeyStore. The subsequent keytool command must use the same alias to reference this. For example, use alias "James" to generate a new public key / private key pair and package the public key into the self-signed certificate, use the following command: Keytool -Genkey -Alias James -KeyPass JamesPass -Validity 80 -KeyStore JameskeyStore -StorePass JamesKeyStorePass This command sequence specifies the initial password "JameSpass", which requires this password when accessing the KeyStore "JameskeyStore" JamesKeyStore). If KeyStore "JameskeyStore does not exist, KeyTool will automatically create it. Jarsigner Tools Jarsigner Tool Use KeyStore to generate or verify the digital signature of the JAR file.
It is assumed that the keystore "jameskeystore" is created like the above example, and it contains a key called "james", you can sign a JAR file with the following command: jarsigner -keystore jameskeystore -storepass jameskeystorePass -KeyPass JamesPass-Signedjar ssample.jar Sample.jar James This command "JAMESKEYSTOREPASS" proposes the key name "James" from the keystore named "jameskeystore", the password is "jamespass", and the Sample.jar file is signed, create a signature JAR - - SSAMPLE.JAR. The Jarsigner tool can also verify a signature JAR file. This operation is much simpler than the signature JAR file. Just do the following command: jarsigner -verify ssample.jar If the signature JAR file is not tampered, then the Jarsigner tool will Tell you JAR through verification. Otherwise, it will throw a securityException, indicating which files are not verified. You can also use Java.util.jar and Java.Security API to programmab to sign JAR (see Referring to References). You can also use tools like Netscape Object Signing Tool. JAR Index If an application or applet bundles into multiple JAR files, then the class loader uses a simple linear search algorithm to search each element in the path in the path, which enables the class loader might to download and open many JAR File until you find the class or resource you want. If the class loader tries to find a non-existing resource, all JAR files in the application or applet will download. For large web applications and applets, this will cause slow start and respond slowly and wasted bandwidth. After JDK 1.3, JAR file format starts support indexing to optimize search procedures in the network application, especially applets. The JARINDEX mechanism collects the contents of all JAR files defined in Applets or applications, and stores this information into the index file in the first JAR file. After downloading the first JAR file, the Applet class loader uses the collected content information to efficiently load the JAR file. This directory information is stored in a simple text file named Index.list in the meta-INF directory of the root JAR file. Creating a JARINDEX can create a JARINDEX by specifying the -i option in the JAR command.
