Solr distribution can keep a set of sha512 hashes of already trusted jars. This helps loading first party jars without signing.
The file may look as follows and this is placed at <solr-home>/server/resources/artifacts.json
- if the sha512 of a certain file is trusted, it does not have to be signed with any keys.
- There is no API to create or modify this. The Solr build scripts create this file at build time and add this to the distro
see the document for more details