try digging around awhile in java.security.cert that just first thing i found but sounds like the place to look +but you will have to read all of webstart to find where x.509 checking or however webstart does it and this sounds to me very much like will run like "DisplayMetrics xdpi and ydpi returning incorrect values" as getting vendors to do all "sanity checks" b4 releasing code (often) results in deeply buried fail points that do not show up in a test- harness
On Oct 28, 4:31 pm, jcpalmer <[email protected]> wrote: > There is a package I found: android.content.pm. The overview starts > with "Contains classes for accessing information about an application > package, including information about its activities, permissions, > services, signatures, and providers." > > I am looking to verify the signature of a file downloaded into a > Context's cach directory before: > - using it in the constructor of DexClassLoader, loader > - & running (loader.loadClass("classNm")).newInstance() > > Think Java Webstart with a stub & impl version of an Activity. I want > the signer of the stub & downloaded impl to match. Everything works, > but I feel I should be adding this check before going to production. > Am I now looking closer to the right place? > > On Oct 28, 4:30 pm, jcpalmer <[email protected]> wrote: > > > > > > > > > Noticed in the java.security.CodeSource java doc online that the class > > overview says: > > "Legacy security code; do not use. " > > > Has something changed? Is not in my aging disk version of the doc > > (should upgrade but that is not the point) -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
