Path: csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder3.hal-mli.net!nx02.iad01.newshosting.com!newshosting.com!69.16.185.16.MISMATCH!npeer02.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!postnews.google.com!s33g2000prg.googlegroups.com!not-for-mail
From: lewbloch <lewbloch@gmail.com>
Newsgroups: comp.lang.java.programmer
Subject: Re: Unsealing a jar file at runtime
Date: Fri, 29 Jul 2011 13:42:31 -0700 (PDT)
Organization: http://groups.google.com
Lines: 23
Message-ID: <20195ac2-49bf-4f5e-9b56-f059fa9ae2e7@s33g2000prg.googlegroups.com>
References: <f0b4a955-9046-4f5d-9fe1-1fc8feea535d@p31g2000vbs.googlegroups.com> <slrnj32hi4.6gl.avl@gamma.logic.tuwien.ac.at>
NNTP-Posting-Host: 216.239.45.22
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Trace: posting.google.com 1311972539 13488 127.0.0.1 (29 Jul 2011 20:48:59 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Fri, 29 Jul 2011 20:48:59 +0000 (UTC)
Complaints-To: groups-abuse@google.com
Injection-Info: s33g2000prg.googlegroups.com; posting-host=216.239.45.22; posting-account=CP-lKQoAAAAGtB5diOuGlDQk0jIwmH0T
User-Agent: G2/1.0
X-Google-Web-Client: true
X-Google-Header-Order: ASELCHRU
X-HTTP-UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.99 Safari/535.1,gzip(gfe)
Xref: x330-a1.tempe.blueboxinc.net comp.lang.java.programmer:6665

On Jul 28, 4:21=A0am, Andreas Leitgeb <a...@gamma.logic.tuwien.ac.at>
wrote:
> raph...@gmail.com <raph...@gmail.com> wrote:
> > I don't suppose that this is possible, perhaps with reflection?
> > The idea is for a plugin to extend a class, but the class is not a
> > public class, so can only be extended from within the same package.
> > If the jar file was unsealed, then a class could be created within the
> > plugin that is in the same package, is public and extends the non-
> > public class.
>
> Breaking open a seal is typically easily done.
> Reinstating someone else's seal on the changed
> content is "believed" to be much harder. I also
> believe that it is, but I'm no crypto-expert.

Even were you to succeed in extending the package-private class and
making it public, there are gotchas.  The parent class (the one
already in the JAR) could make assumptions of package-private
visibility that a public subclass would break, e.g., exposure of
package-private methods or attributes for use by its putative friends.

--
Lew