No check of jar signing

[PhantomYdn]

It will be cool if framework can:

1. Check validity of a license (already done)
2. Check validity of a particular jar by comparison of signature of a jar (from which API was invoked) and a license

Right now it's pretty easy to hack application which use this library...

[decebals]

2. Check validity of a particular jar by comparison of signature of a jar (from which API was invoked) and a license

I need more details. For example I have an application abc that uses this license library. One idea is to create in license template a new property abc.signature=<md5> where md5 is the signature of a jar (from which API was invoked). Make sense?

[PhantomYdn]

Not exactly. There is application with several JARs within it. In every jar there are several invocations for a checking validity of a license. And during every call it will cool to make mentioned calls to prevent any possibility to hack an application:

1. Check license
2. Check that jar from which we have invocation is signed as well be the same key as an license.

I'm asking because I've already did that on my previous project. Without such checking it's comparably easy to hack an application by decompling, removing checks for a license and then packing back. And more over: if library for license checking is not selfsigned - it's sufficient to hack just this particular library.

[decebals]

Maybe someone propose a solution for this feature, via PR.