Details
-
Bug
-
Resolution: Fixed
-
P2
-
1.4.2_01, 5.0
-
04
-
generic
-
generic, solaris_8
-
Verified
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2075373 | 5.0 | Vincent Ryan | P2 | Resolved | Fixed | b28 |
Description
We used to sign jar files with a truested certificate (Root or self signed) to remove the "Java Application Window" banner. This worked fine with JDk 1.3.1_x. But there seems to be some regression in JDK 1.4.2_01 jarsigner. Although, jarsigner verifies the jar files but throws the following error:
warning...
jar verified.
Note: This jar contains unsigned entries which are not integrity-checked. Re-run with -verbose to list unsigned entries.
Attached are two jar files to show the problem. jnlp-unsigned.jar and jnlp-signed.jar are unsigned and signed files respectively.
With Java 1.4.2_01-b06....
1) using jnlp.jar as an example...initial check with jarsigner...
jarsigner -verify jnlp.jar
jarsigner: java.lang.IllegalStateException: zip file closed ?????? Surely should say jar not signed.
2) Sign jar with trusted certificate from Verisign:
jarsigner -keystore \NewPortSrc\make\newport.keyStore -storepass newport jnlp.jar newport.verisign
3) Verify:
jarsigner -verify -verbose jnlp.jar
1293 Wed Oct 01 10:48:14 BST 2003 META-INF/MANIFEST.MF
1346 Wed Oct 01 10:48:14 BST 2003 META-INF/NEWPORT_.SF
2981 Wed Oct 01 10:48:14 BST 2003 META-INF/NEWPORT_.RSA
0 Wed Oct 01 10:43:06 BST 2003 META-INF/
0 Wed Oct 01 10:42:42 BST 2003 javax/
0 Wed Oct 01 10:42:42 BST 2003 javax/jnlp/
sm 283 Thu Jul 12 17:07:36 BST 2001 javax/jnlp/BasicService.class
sm 276 Thu Jul 12 17:07:40 BST 2001 javax/jnlp/ClipboardService.class
sm 1417 Thu Jul 12 17:07:40 BST 2001 javax/jnlp/DownloadService.class
sm 374 Thu Jul 12 17:07:40 BST 2001 javax/jnlp/DownloadServiceListener.class
sm 684 Thu Jul 12 17:07:38 BST 2001 javax/jnlp/ExtensionInstallerService.class
sm 623 Thu Jul 12 17:07:14 BST 2001 javax/jnlp/FileContents.class
sm 395 Thu Jul 12 17:07:36 BST 2001 javax/jnlp/FileOpenService.class
sm 455 Thu Jul 12 17:07:38 BST 2001 javax/jnlp/FileSaveService.class
sm 1476 Thu Jul 12 17:07:50 BST 2001 javax/jnlp/JNLPRandomAccessFile.class
sm 713 Thu Jul 12 17:07:42 BST 2001 javax/jnlp/PersistenceService.class
sm 375 Thu Jul 12 17:07:40 BST 2001 javax/jnlp/PrintService.class
sm 851 Thu Jul 12 17:06:48 BST 2001 javax/jnlp/ServiceManager.class
sm 328 Thu Jul 12 17:07:08 BST 2001 javax/jnlp/ServiceManagerStub.class
sm 328 Thu Jul 12 17:07:08 BST 2001 javax/jnlp/UnavailableServiceException.class
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
Note: This jar contains unsigned entries which are not integrity-checked. Re-run with -verbose to list unsigned entries.
warning...
jar verified.
Note: This jar contains unsigned entries which are not integrity-checked. Re-run with -verbose to list unsigned entries.
Attached are two jar files to show the problem. jnlp-unsigned.jar and jnlp-signed.jar are unsigned and signed files respectively.
With Java 1.4.2_01-b06....
1) using jnlp.jar as an example...initial check with jarsigner...
jarsigner -verify jnlp.jar
jarsigner: java.lang.IllegalStateException: zip file closed ?????? Surely should say jar not signed.
2) Sign jar with trusted certificate from Verisign:
jarsigner -keystore \NewPortSrc\make\newport.keyStore -storepass newport jnlp.jar newport.verisign
3) Verify:
jarsigner -verify -verbose jnlp.jar
1293 Wed Oct 01 10:48:14 BST 2003 META-INF/MANIFEST.MF
1346 Wed Oct 01 10:48:14 BST 2003 META-INF/NEWPORT_.SF
2981 Wed Oct 01 10:48:14 BST 2003 META-INF/NEWPORT_.RSA
0 Wed Oct 01 10:43:06 BST 2003 META-INF/
0 Wed Oct 01 10:42:42 BST 2003 javax/
0 Wed Oct 01 10:42:42 BST 2003 javax/jnlp/
sm 283 Thu Jul 12 17:07:36 BST 2001 javax/jnlp/BasicService.class
sm 276 Thu Jul 12 17:07:40 BST 2001 javax/jnlp/ClipboardService.class
sm 1417 Thu Jul 12 17:07:40 BST 2001 javax/jnlp/DownloadService.class
sm 374 Thu Jul 12 17:07:40 BST 2001 javax/jnlp/DownloadServiceListener.class
sm 684 Thu Jul 12 17:07:38 BST 2001 javax/jnlp/ExtensionInstallerService.class
sm 623 Thu Jul 12 17:07:14 BST 2001 javax/jnlp/FileContents.class
sm 395 Thu Jul 12 17:07:36 BST 2001 javax/jnlp/FileOpenService.class
sm 455 Thu Jul 12 17:07:38 BST 2001 javax/jnlp/FileSaveService.class
sm 1476 Thu Jul 12 17:07:50 BST 2001 javax/jnlp/JNLPRandomAccessFile.class
sm 713 Thu Jul 12 17:07:42 BST 2001 javax/jnlp/PersistenceService.class
sm 375 Thu Jul 12 17:07:40 BST 2001 javax/jnlp/PrintService.class
sm 851 Thu Jul 12 17:06:48 BST 2001 javax/jnlp/ServiceManager.class
sm 328 Thu Jul 12 17:07:08 BST 2001 javax/jnlp/ServiceManagerStub.class
sm 328 Thu Jul 12 17:07:08 BST 2001 javax/jnlp/UnavailableServiceException.class
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
Note: This jar contains unsigned entries which are not integrity-checked. Re-run with -verbose to list unsigned entries.
Attachments
Issue Links
- backported by
-
JDK-2075373 Regression: jarsigner fails to verify the jar files
-
- Resolved
-
- duplicates
-
-
- Closed
-