P4
FULL PRODUCT VERSION :
java version "1.6.0_45"
Java(TM) SE Runtime Environment (build 1.6.0_45-b06)
Java HotSpot(TM) Client VM (build 20.45-b01, mixed mode, sharing)
runtime version: 1.7.0_71
ADDITIONAL OS VERSION INFORMATION :
Windows 8
A DESCRIPTION OF THE PROBLEM :
I started noticing since Java 1.70 that one of my jar files is failing signature verification after the following sequence
pack200 --repack a.jar
jarsigner a.jar ... ..
pack200 a.jar.pack.gz a.jar
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
pack200 --repack a.jar
jarsigner a.jar ... ..
pack200 a.jar.pack.gz a.jar
I use the following methods to check for the validity of the signature for the jar file and the pack.gz file:
1.
jarsigner -verify a.jar // this always succeeds
jar verified.
2.
unpack200 a.jar.pack.gz temp.jar
jarsigner -verify temp.jar // this fails for a particular jar file
jarsigner: java.lang.SecurityException: SHA1 digest error for xyz.class
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Signature verification should succeed after the pack.gz file is unpacked.
ACTUAL -
Signature verification fails. This makes the pack.gz file unsuitable for an applet.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
jarsigner: java.lang.SecurityException: SHA1 digest error for xyz.class
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
Please download the jar file to reproduce this bug from: www.subsystems.com/zip/oracle/tej22.jar
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
as a work-around, I am using the segment-limit of 2.
pack200 --segment-limit=2 -r tej22.jar
java version "1.6.0_45"
Java(TM) SE Runtime Environment (build 1.6.0_45-b06)
Java HotSpot(TM) Client VM (build 20.45-b01, mixed mode, sharing)
runtime version: 1.7.0_71
ADDITIONAL OS VERSION INFORMATION :
Windows 8
A DESCRIPTION OF THE PROBLEM :
I started noticing since Java 1.70 that one of my jar files is failing signature verification after the following sequence
pack200 --repack a.jar
jarsigner a.jar ... ..
pack200 a.jar.pack.gz a.jar
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
pack200 --repack a.jar
jarsigner a.jar ... ..
pack200 a.jar.pack.gz a.jar
I use the following methods to check for the validity of the signature for the jar file and the pack.gz file:
1.
jarsigner -verify a.jar // this always succeeds
jar verified.
2.
unpack200 a.jar.pack.gz temp.jar
jarsigner -verify temp.jar // this fails for a particular jar file
jarsigner: java.lang.SecurityException: SHA1 digest error for xyz.class
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Signature verification should succeed after the pack.gz file is unpacked.
ACTUAL -
Signature verification fails. This makes the pack.gz file unsuitable for an applet.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
jarsigner: java.lang.SecurityException: SHA1 digest error for xyz.class
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
Please download the jar file to reproduce this bug from: www.subsystems.com/zip/oracle/tej22.jar
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
as a work-around, I am using the segment-limit of 2.
pack200 --segment-limit=2 -r tej22.jar
- duplicates
-
JDK-8066194 Signature verification failure for the pack.gz file
-
- Closed
-
- relates to
-
-
- Closed
-