I'm currently working with an old Java SE project which has got some version of SLF4J as a dependency (e.g. referring to org.slf4j.Logger), but the relevant classes are packaged in a very strange JAR simply called commons.jar, and I couldn't find any matching libraries on the Internet which have contents matching this file; Is there any "intelligent" way of finding code which matches the compiled Java class files found inside this JAR file? The file itself has no metadata of any kind — only compiled *.class files:
commons.jar
├── apache
│ ├── commons
│ ├── http
│ ├── log4j
├── slf4j
As shown in the structure above, the JAR doesn't seem to "belong" to any commonly-available distributor; Even though it contains the terms apache, commons, log*, and slf4j, it doesn't seem to be from Apache Commons or from SLF4J.
At the moment, the best I can think of is to download a bunch of versions of SLF4J, extract them, and then run e.g. cmp on the org/slf4j/Logger.class file from the mystery JAR and the analogous Logger.class file from each version, e.g.
cmp commons/org/slf4j/Logger.class slf4j-1.7.22/slf4j-api-1.7.22/org/slf4j/Logger.class
However, not only does that involve a lot of work, but I believe that equivalent source might be compiled slightly differently depending on the exact compiler used by the distributors of the JARs in question... meaning that they wouldn't be comparable on a byte-per-byte basis. How might I do this kind of search in a more intelligent way?
How about reflecting across all public and private classes and their members, put them in strings, sort the strings and generate a text file for each version.
You will either find exactly one version of the library that matches the mystery version of the library or a smallish range.