I am writing a piece of software that is distributed as a JAR file. Currently, this JAR file can be modified to extract and save another file that our server transfers using URLClassLoader, decompile and find various things in our code that should remain confidential for the security of clients using it. Basically, I want to implement a way to check if the original JAR is damaged. I know this is paradoxically impossible by performing a validation checkSignedObjectin the source class due to the fact that the Java character can be decompiled, but is there any other way I can determine if the code in the source file has been modified? This verification can occur through an intermediary class that is loaded to verify the validity or any other means that are guaranteed to work. I’ve been sitting here all day trying to come up with a solution to this problem. Any help is appreciated.
source
share