we can verify the signature of the signed jar file using the below command
jarsigner -verify -verbose -certs <jar file>
If you dont find jarsigner, please go to the JDK directory/bin and then run from there
Here the verbose option gives the detailed output for all the class files in the jar archive. If you dont specify the -verbose option, you will get only the validation status
Example
jarsigner -verify -verbose -certs fndlist.jar
This should return a number of rows showing the certificate values matching those applicable to your organization, for example:
X.509, CN=Test Ltd, OU=Sales, O=Test Ltd, L=Newyork City, ST=Newyork, C=US[certificate is valid from 7/31/2023 3:26 AM to 7/29/2024 3:26 AM]X.509, CN=Atoz Ltd. (Signing For Code), OU=CA-test, O=test, L=MDC, ST=MIS, C=US[certificate is valid from 5/5/13 12:36 PM to 5/3/23 12:36 PM] etc.....
chs = signature was verifiedm = entry is listed in manifestk = at least one certificate was found in keystorei = at least one certificate was found in identity scope
jar verified.
If the jar file is unsigned, it will report jar unsigned
jarsigner -verify -verbose -certs test.jar
jar is unsigned
We can run the below command to verify the certificates in all the jar in EBS
EBS 12.2
adjarlist=$NE_BASE/EBSapps/log/adadmin/log/jarlist.txt
jars_to_sign=cat $adjarlist | grep '\.jar'
for jar in ${jars_to_sign}
do
jarsigner -verify -verbose -certs ${jar}
done
EBS 11i & 12.1
adjarlist=$APPL_TOP/admin/$TWO_TASK/log/jarlist.txt
jars_to_sign=cat $adjarlist | grep '\.jar'
for jar in ${jars_to_sign}
do
jarsigner -verify -verbose -certs ${jar}
done
Related Article
Signing JAR Files for Oracle E-Business Suite (Doc ID 1591073.1)