JAR File Signing : NoClassDefFoundError

Similar Messages

• Custom certificates for JAR file signing

  Hi,
  Can anyone please let me know how to check that we have custom certificates for JAR file signing set up in our instance
  Thanks,
  Praveen

  It depends on the version of your $ADJVAPRG. See the referenced note.
  How to use,create and /or update Digital Certificates for Jinitiator in 11i Applications
  http://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=365735.1

• Question about Java Applet Jar file signing.

  These questions pertain to Java 6 Standard Edition 1.6.0_22-b04 and later.
  I have gone through the Oracle Java Tutorial for generate public and private key information
  to sign a jar file, and how to sign the jar itself, all at
  [http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed.html|http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed.html]
  , and seek some clarification on the following related questions:
  -In order to "escape" the java applet sandbox that exists around the client's
  copy of the applet running in their web browser, ie.
  (something forbidden by default), is verification of the signed applet enough, or is a policy file required
  to stipulate these details?
  -using the policytool policy file generator, what do I need to add under "Principals"
  (if anything) when dealing with a Java applet? Are Codebase and SignedBy simply author information?
  -If I choose to use a java.security.Permission subclass object set up in equivalent fashion within the Applet,
  which class within the Applet jar do I instantiate that object in? Does it need to be mentioned
  in the applet's jar Manifest.MF file?
  -Is the "keystore database" a java language service/process which runs in
  the Server's memory and is simply accessed and started by default
  by the client verifier program (appletview/web browser)?
  -The public key certificate file (*.cer) is put in the webserver directory holding
  the Applet jar file (ie. Apache Tomcat, for example).
  -Presumably, the web browser detects the signed jar
  and certificate file, and provides the browser pop up menu asking the user
  about a new, non recognised certificate (initially).
  Is this so?
  -With this being the case, can the applet now escape
  the sandbox, be it with or without the stipulated
  policy permissions?

  848439 wrote:
  -In order to "escape" the java applet sandbox that exists around the client's
  copy of the applet running in their web browser, ie.
  (something forbidden by default), is verification of the signed applet enough, or is a policy file required
  to stipulate these details?Just sign the applet, the policy file is not necessary.
  -Is the "keystore database" a java language service/process which runs in
  the Server's memory and is simply accessed and started by default
  by the client verifier program (appletview/web browser)?No.
  -The public key certificate file (*.cer) is put in the webserver directory holding
  the Applet jar file (ie. Apache Tomcat, for example).No. For a signed Jar, all the information is contained inside the Jar.
  -Presumably, the web browser detects the signed jar
  and certificate file, and provides the browser pop up menu asking the user
  about a new, non recognised certificate (initially).
  Is this so?No. It is the JVM that determines when to pop the confirmation dialog.
  -With this being the case, can the applet now escape
  the sandbox, ..Assuming the end-user OK's the trust prompt, yes.
  ..be it with or without the stipulated
  policy permissions?Huh?

• Error while generating JAR files during upgrade from 11.5.9 to 11.5.10

  Hi,
  We are getting the following issue after applying 11.5.9 CU2 patch set during the process of upgrade from 11.5.9 to 11.5.10.
  -     3171663: 11.5.9 Oracle E-Business Suite Consolidated Update 2
  Executing: /u01/app/tinst/tinstcomn/util/java/1.6/jdk1.6.0_18/bin/java -Djava.security.egd=file:/dev/urandom sun.security.tools.JarSigner -keystore ******** -storepass ******** -keypass ******** -sigfile CUST -signedjar /u01/app/tinst/tinstcomn/java/oracle/apps/fnd/jar/fnddssgraphgui.jar.sig /u01/app/tinst/tinstcomn/java/oracle/apps/fnd/jar/fnddssgraphgui.jar.uns CUSTOMER
  ERROR: JarSigner subcommand exited with status 1
  No standard output from jarsigner
  JarSigner error output:
  Exception in thread "main" java.lang.NoClassDefFoundError: sun/security/tools/JarSigner
  Caused by: java.lang.ClassNotFoundException: sun.security.tools.JarSigner
  at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
  at java.security.AccessController.doPrivileged(Native Method)
  at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
  at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
  at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
  Could not find the main class: sun.security.tools.JarSigner. Program will exit.
  Can you please advice regarding this issue....????
  Regards,
  Sreenivasulu.

  Please see these docs.
  Generate Jar File causes NoClassDefFoundError sun/security/tools/JarSigner [ID 393306.1]
  Generating Jar Files Fails with a NoClassDefFoundError: sun/security/tools/JarSigner Error [ID 801014.1]
  Thanks,
  Hussein

• Migration from windows to Linux - JAR files not generating under JAVA_TOP

  Hi DBA's
  Jar files not generating under JAVA_TOP after migration from windows to linux.
  I followed workaround but same in result.
  Workaround
  Run this command. It will give the missing file
  adjava -mx512m -nojit oracle.apps.ad.jri.adjcopy -masterArchive $JAVA_TOP -sync -reportfile javatopfiles.lst
  Then run this command
  adjava -mx512m -nojit oracle.apps.ad.jri.adjcopy -masterArchive JAVA_TOP -sync -mode APPLY
  I have checked in google.
  Best Regards,
  Suresh Gelda

  Suresh,
  I can find the following error in the log file:
  JarSigner error output:
  Exception in thread "main" java.lang.NoClassDefFoundError: sun/security/tools/JarSigner
  Caused by: java.lang.ClassNotFoundException: sun.security.tools.JarSigner
       at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
       at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:252)
       at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320)
  Could not find the main class: sun.security.tools.JarSigner.  Program will exit.Please review the following notes for suggested solutions:
  Note: 393306.1 - Generate Jar File causes NoClassDefFoundError sun/security/tools/JarSigner
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=393306.1
  Note: 269054.1 - Running adadmin to Force Regenerate of the Java Files Fails
  https://metalink2.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=269054.1

• Trying to login to software program known as hamspher (vip simulated ham radio,  it downloaded the program but it will not allow me to login with call sign and pin.  it has to be opened with what they call a jar file.  how do i do this?

  trying to login to software program known as hamspher (vip simulated ham radio,  it downloaded the program but it will not allow me to login with call sign and pin.  it has to be opened with what they call a jar file.  how do i do this?

  This is compatible with Mac? Especially Snow Leopard (if that is what you'e running)?
  Have you considered posting your question in their forums?
  Here is some information re. the jar file:
  http://ostermiller.org/opening_jar_files.html

• Problems with signed JAR files in JWS/JRE6 environment.

  Hello All,
  I'm encountering a problem running our desktop application as a Java Web Start deployment in a JRE 6 environment. There were never any problems when running the same application as a JWS deployment in JRE 1.4, or 5, environments. There are also currently no problems in a JRE 6 environment when running the application as a standard desktop application.
  The problem which I am having has nothing to do with launching the application. But for good measure, I verified the JNLP file with JaNeLA. A couple things we out of order, which I addressed to make JaNeLA happy, but my problem still persists. Here is my JNLP file (anonymized to protect the innocent):
  TS: 2010-10-18 17:04:46
  <?xml version="1.0" encoding="UTF-8"?>
  <jnlp codebase="$$codebase" href="$$name">
       <information>
            <title>Acme Desktop</title>
            <vendor>Acme Corporation</vendor>
            <homepage href="http://www.acme.com/"/>
            <description>Acme Client for Acme Server</description>
            <description kind="tooltip">Acme Client for Acme Server</description>
            <icon href="desktop.gif"/>
            <offline-allowed/>
       </information>
       <security>
            <all-permissions/>
       </security>
       <resources>
            <j2se version="1.5+"/>
            <jar href="acmedesktop.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/antlr-2.7.2.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/backport-util-concurrent.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/commons-codec-1.3.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/commons-httpclient.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/commons-logging.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/acmeapi.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/HelpJavaDT.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/HelpJavaDT_es.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/jacorb.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/Multivalent.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/slf4j-api-1.5.6.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/slf4j-jdk14-1.5.6.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/snow.jar" download="lazy" version="8.00.01.00+"/>
            <jar href="lib/AcmeTMClient.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/xercesImpl.jar" download="eager" version="8.00.01.00+"/>
            <jar href="lib/xml-apis.jar" download="eager" version="8.00.01.00+"/>
            <extension name="installer" href="desktopInstaller.jnlp" />
            <extension name="Java Help" href="help.jnlp"/>
            <property name="java.library.path" value="./lib"/>
            <property name="admin" value="false"/>
            <property name="webstart" value="true"/>          
            <!-- The following two lines are for SSO implementation only
            <property name="urladdress" value="http://localhost:8080/AcmeDesktop/servlet/AcmeServlet"/>
            <property name="cookiespec" value="RFC2109"/>
            -->          
       </resources>
       <resources os="Windows">
            <nativelib href="lib/jniWin32.jar" version="8.00.01.00+"/>
       </resources>
       <application-desc main-class="desktop"/>     
  </jnlp>-----
  When running as a JWS deployment, on JRE 6, the application will be functioning normally for a little while, and then suddenly the following exception is thrown, and the current operation fails because the class in question cannot be accessed:
  java.lang.SecurityException: class "acmeapi.communication.CDocImpl"'s signer information does not match signer information of other classes in the same package
       at java.lang.ClassLoader.checkCerts(ClassLoader.java:807)
       at java.lang.ClassLoader.preDefineClass(ClassLoader.java:488)
       at java.lang.ClassLoader.defineClassCond(ClassLoader.java:626)
       at java.lang.ClassLoader.defineClass(ClassLoader.java:616)
       at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
       at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)
       at java.net.URLClassLoader.access$000(URLClassLoader.java:58)
       at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
       at java.security.AccessController.doPrivileged(Native Method)
       at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
       at com.sun.jnlp.JNLPClassLoader.findClass(JNLPClassLoader.java:288)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
       at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
       at acmeapi.common.CDoc.getAnnotationsInfo(CDoc.java:493)
       at acmedesktop.communication.CCommunicationManager.privateGetAnnotations(CCommunicationManager.java:1976)
       at acmedesktop.communication.CCommunicationManager.getAnnotations(CCommunicationManager.java:1828)
       at acmedesktop.annotations.CViewAnnotations.getAnnotations(CViewAnnotations.java:826)
       at acmedesktop.annotations.CViewAnnotations.createView(CViewAnnotations.java:583)
       at acmedesktop.annotations.CViewAnnotations.setData(CViewAnnotations.java:736)
       at acmedesktop.annotations.CViewAnnotations.init(CViewAnnotations.java:205)
       at acmedesktop.hitspanel.CHitsPanel.viewAnnotations(CHitsPanel.java:281)
       at acmedesktop.hitspanel.CHitsTab$3.mousePressed(CHitsTab.java:316)
       at java.awt.AWTEventMulticaster.mousePressed(AWTEventMulticaster.java:263)
       at java.awt.Component.processMouseEvent(Component.java:6260)
       at javax.swing.JComponent.processMouseEvent(JComponent.java:3267)
       at java.awt.Component.processEvent(Component.java:6028)
       at java.awt.Container.processEvent(Container.java:2041)
       at java.awt.Component.dispatchEventImpl(Component.java:4630)
       at java.awt.Container.dispatchEventImpl(Container.java:2099)
       at java.awt.Component.dispatchEvent(Component.java:4460)
       at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4574)
       at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4235)
       at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4168)
       at java.awt.Container.dispatchEventImpl(Container.java:2085)
       at java.awt.Window.dispatchEventImpl(Window.java:2478)
       at java.awt.Component.dispatchEvent(Component.java:4460)
       at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)
       at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:269)
       at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
       at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:174)
       at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
       at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
       at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)-----
  The classes of our desktop product are contained within the 'acmedesktop' and 'acmeapi' packages. It requires access to the hard drive of the workstation, and therefore, all jar files included with the application are signed using the following ANT task when compiled:
  <signjar keystore="resources/codesigning/keystore.pfx" storetype="pkcs12" storepass="myPassword" alias="myAlias">
       <fileset dir="${jws_dist}/app" includes="*.jar"/>
       <fileset dir="${jws_dist}/app/lib" includes="*.jar" excludes="jhall__V${dt_version}.jar"/>
  </signjar>-----
  Therefore, all classes, within all jar files, are signed with the same certificate (with the exception of the JavaHelp libraries, which are already signed by Sun - but the class in question attempting to be loaded here is not contained within the JavaHelp jar file anyway). So, the point being, that the exception message stating that the "signer information of the acmeapi.communication.CDocImpl class doesn't match the signer information of other classes in the same package", is simply not correct. All classes within that jar file were signed using the same certificate.
  I downloaded the JRE 6 source from dev.java.net and picked through this issue with a debugger. The ClassLoader.checkCerts() method compares the certificate used to sign the current class which is attempting to be loaded, with the certificates which signed all other previously loaded classes within the same package. If they don't match, the exception above is thrown. What is causing the issue is when the checkCerts() method attempts to get the certificates which signed the currently loading class, null is returned. And obviously, comparing null, with an array of the certificates which signed the previously loaded classes, isn't going to match; therefore this exception is thrown.
  The checkCerts() method gets the certificates of the currently loading class by calling the java.security.CodeSource.getCertificates() method. Tracing deeper in the debugger, the CodeSource object ultimately gets the certificates from the 'signersRef' member variable of the com.sun.deploy.cache.CachedJarFile class. signerRef is a SoftReference object and can therefore be garbage collected at some point. If it has already been garbage collected, the CachedJarFile class will attempt to retrieve it again from the loaded cache entry by calling com.sun.deploy.cache.MemoryCache.getLoadedResource().
  The MemoryCache class maintains the cache entries to the jar files as MemoryCache.CachedResourceReference objects, which subclass WeakReference, and therefore these objects can be garbage collected as well. If the cache entries have also been garbage collected, this leaves the CachedJarFile class with no ability to repopulate the CachedJarFile.signerRef object. Therefore it is completely out of luck getting the certificates which signed the currently loading class, which ultimately causes the above exception.
  When the com.sun.deploy.cache.Cache class attempts to retrieve a cache entry using its getCacheEntry() method, it will attempt to get the entry from the MemoryCache class, if null is returned, it will recreate the cache entry and add it back to the MemoryCache. In contrast, when the CachedJarFile class attempts to get a cache entry from the MemoryCache class, if null is returned, it just gives up.
  (from com.sun.deploy.cache.CachedJarFile:244)
  private CacheEntry getCacheEntry() {
       /* if it was not created by Cache do not search for entry */
       if (resourceURL == null)
            return null;
       CacheEntry ce = (CacheEntry) MemoryCache.getLoadedResource(resourceURL);
       if (ce == null) {
            //This should not happen because CacheEntry should not get collected
            // before CachedJarFile is collected.
            Trace.println("Missing CacheEntry for " + resourceURL + "\n" + ce,
                 TraceLevel.CACHE);
       return ce;
  When debugging, code execution falls within the code block with the comment stating "This should not happen...", but it is happening in my case.
  On an interesting side note, using the jvisualvm.exe tool included with JDK 6, I was able to tell that it seems as though these objects are collected the first time that the JVM allocates more heap space, and then the issue will occur. If I set the initial heap size very large (using -Xms) this issue won't occur at all. But that is kind of a bad solution which I would rather not do, but it is interesting to note for the sake of troubleshooting this issue. The max heap size (-Xmx) is plenty big enough, so the issue is not that we are running out of memory here.
  Does anyone have any insight as to what could be causing this? I've searched, and found a couple threads with similar problems but with no clear solutions. It is not just one workstation either, it happens everywhere I deploy the app as a Java Web Start application in a JRE 6 environment. I have been using version 1.6.0_18 on XP, but it seems to happen on any update version of 1.6. Is the fact that the CachedJarFile class doesn't attempt to reload the resource when it can't retrieve it from MemoryCache a bug? I've dug as deep as I can on this and I'm at wits end, does anybody have any ideas?
  Thank you
  Jake
  Edited by: jkc532 on Nov 12, 2010 10:35 AM

  jkc532 wrote:
  .. Is the fact that the CachedJarFile class doesn't attempt to reload the resource when it can't retrieve it from MemoryCache a bug? From your comprehensive investigation and report, it seems so to me.
  ..I've dug as deep as I can on this and I'm at wits end, does anybody have any ideas?Just after read the summary I was tired, so I have some understanding of the effort you have already invested in this (the 'wits' you have already spent). I think you should raise a bug report and seek Oracle's response.

• URLClassLoader + dynamically loading signed jar files

  I have an applet that does not know all of the jar files it will need to load at startup.
  I would like to dynamically load these signed jar files using the URLClassLoader, however it does not recognize these jar files as being signed and I get java.security.AccessControlException: access denied errors.
  Any suggestions?
  Thanks!

  Try this classloader for loading the jars, it should to the trick:
  import java.net.URL;
  import java.net.URLClassLoader;
  import java.net.URLStreamHandlerFactory;
  import java.security.AllPermission;
  import java.security.CodeSource;
  import java.security.PermissionCollection;
  import java.security.Permissions;
  public class AllPermissionsClassLoader extends URLClassLoader {
      public AllPermissionsClassLoader (URL[] urls) {
          super(urls);
      public AllPermissionsClassLoader (URL[] urls, ClassLoader parent) {
          super(urls, parent);
          System.out.println(parent);
      public AllPermissionsClassLoader (URL[] urls, ClassLoader parent, URLStreamHandlerFactory factory) {
          super(urls, parent, factory);
      protected PermissionCollection getPermissions (CodeSource codesource) {
          Permissions permissions = new Permissions();
          permissions.add(new AllPermission());
          return permissions;
  }

• NoClassDefFoundError : when I am using MDM jar file

  Hi All,
  In my Webdynpro Java application, I need to acces the MDM Data. i have to use these jars,
  mdm-data.jar
  mdm-protocol.jar
  mdm-admin.jar
  mdm-common.jar
  mdm-core.jar
  MDM4J.jar
  and i getting this Error, while deploying the application to server.
  java.lang.NoClassDefFoundError: com/sap/mdm/net/ConnectionAccessor
  I guess, the reason may be that I dont have these above JARs in the server.
  Please give me a solution as soon as possible.
  Thanks,
  Boopathi.

  Dear Bhoopathi,
  You are getting classnotfound exception because, the external jar file you are using is available only at designtime (ie. Only in NWDS), and not available for runtime (ie. in J2ee server). To make it available in runtime, you have to deploy the jar file to J2ee server, so that the classes available in jar file will be available at runtime also.
  If the project is a simple webdynpro project, then, copy the jar file in to lib folder of the project and add the jar file in build path of the project. When this project is deployed, the jar file will also be available along with project. But, this jar file will be available only for this webdynpro project.
  If the project is a dc project, you have to deploy this jar file as a separate dc, and refer this dc in you dc project.
  Since jar file cannot be deployed directly, we have to bundle this jar to ear file,as a library.Once this library dc is deployed, you can use the same library dc in other dc projects also.
  For deploying external jar to J2ee engine, refer this link
  Bid adieu to bots - using CAPTCHAs
  I prefer this link, because it worked for me.
  If it is not working, refer this..
  A bit of (impractical) scripting for Web Dynpro
  Thanks,
  Fahad Hamsa

• I am getting the following error: Unable to locate class: java.lang.NoClassDefFoundError: on an iPlanet WS. We have ensured that the classpath in jvm12.conf includes the jar file with path. Any ideas?

   

  Well, now I'm pulling my hair out even more because I can't get it to resolve anything in jaxws-rt.jar at runtime. Note: compile-time still works FINE.
  I was messing with classpaths and stuff (and the endorsed dirs option of course) and it was "working" to the extent I had posted before, but then I kept playing with it and at some point I said, this isn't working and I need to reset all this stuff back to the way it was.
  ... so I did that. And now it won't resolve "PolicyException:"
  java.lang.NoClassDefFoundError: com/sun/xml/ws/policy/PolicyException
  This doesn't mean anything to you guys I bet, but that happens when it FIRST gets inside the web service code, which references PolicyException (doesn't even use it at that point.. I'm assuming the import is screwing it up when it's in the constructor). So now it won't resolve at all. Before, it was getting past this point and telling me the "method not found" error on the next line or this same error for WSBindingProvider two lines down, when it's actually being used. AWESOME.
  I downloaded the latest jaxws-rt.jar and all its dependencies, shoved that into my lib folder, and set the endorsed dir to that folder (There's kind of a web of dependencies here. jaxws-rt.jar expects all its dependencies to be in the same folder, it seems, so I don't know how it was "working" before when I just copied jaxws-rt.jar into my separate endorsed dir - but I can't move all of those files to endorsed because I need them in my project (which expects them to be in the lib folder)). What happened? It went back to my original "String" error (first error in the first post), which means it's not getting endorsed at all from that location.
  What a mess.
  Can someone tell me what the heck I'm supposed to do with this jar file?

• Is it possible to digitally sign a jar file that will be used to install CF in WebSphere?

  I am currently working for a contractor for the DoD. We are maintaining a project that uses CF installed as an application through WebSphere. We are currently going through a security checklist and being asked to provide evidence that the CF application has a digital signature. From what we can gather they are looking to see that the jar file installed into WebSphere is digitally signed. We have reached out to IBM, and have received a response that digital signatures are recognized by WebSphere.
  Unfortunately, it seems that those that are looking for the evidence do not know much more than what the checklist requirement states. They cannot provide more details or expand on what they need. Any assistance or advice in this matter would be appreciated.
  Thanks,

  Masterkeedu wrote: !! It worked.
  Congratulations. :-)
  Masterkeedu wrote: So it's not certified, but is signed.
  So as I understand this, it means the end-user has no way to know it was me that truly signed it. But relies on their common sense I suppose.
  That is correct. The CA has verified, and is certifying, that you are who you claim to be. If you or I use a 'self signed' certificate, it does not carry the same level of trust. As you might understand already, the dialogs are different between the two certificate types, and some users cannot accept trusted code from an unverified (self-signed) certificate.
  I have been meaning to write a page on the differences between the two certificates. It is well worth looking into getting a cert. from a CA.
  There was a stage when one of the major CAs were offering 'freemail' certificates that came emblazoned not with your name, but 'free mail' itself. I did not like them because of that, and continue to use a self-signed certificate.

• Path  signing .jar files  in configuring webutil

  In the first section of the sign_webutil.bat file there are some remarks such as :
  'NAME
  REM sign_webutil.bat - Sample script to sign frmwebutil.jar and jacob.jar
  REM USAGE
  REM sign_webutil.bat <jar_file>
  REM jar_file : Path of the jar file to be signed.
  REM NOTES
  REM This script uses keytool and jarsigner utilities, which usually comes
  REM along with JDK in its bin directory. These two utilities must be
  REM available in the PATH for this script to work. Otherwise, signing
  REM will fail even though the script may show a successful signing.'
  Which is the PATH referenced in the remarks above? Is it the forms_path , forms_classpath in registry or somewhere else?
  Please define it .... , because the signing fails.

  You were right!!!
  I'm not sure what to write down in the formsweb.cfg (configuration file) , following the instructions on the on-line help of Developer Forms 10g , in step 9..
  The step 9 says...
  Because in this release the JACOB code is in an external Jar file and not incorporated into frmwebutil.jar, it needs to be downloaded. To do this, change the WebUtilArchive setting to read: webUtilArchive=/forms/webutil/frmwebutil.jar,/forms/webutil/jacob.jar
  The doudt is pointed to the fact that the frmwebutil.jar isn't in the ORACLE_HOME\forms\webutil path but it is ORACLE_HOME\forms\java path.
  Also , these paths referenced in webUtilArchive are physical paths in a Unix system or they are logical paths in a url?
  Simon

• Jar files for Didgital Signing

  Hi All,
  I have a requirement where I need to Access to Keystore for Digital signing an XML payload. I am using the example in the SAP help link - Link: [Using Digital Signatures|http://help.sap.com/saphelp_nw04s/helpdata/en/a4/d0201854fb6a4cb9545892b49d4851/frameset.htm] 
  I have already imported the following jar files (aii_af_cci.jar,aii_af_cpa.jar,aii_af_mp.jar, aii_af_ms_api.jar, aii_af_ms_spi.jar, aii_af_svc.jar, aii_af_trace.jar, aii_security_lib.jar, aii_security_interface.jar, iaik_jce.jar, tc_sec_ssf.jar).
  The code has the following import statements:
  import com.sap.aii.af.mp.module.*;
  import com.sap.aii.af.ra.ms.api.*;
  import com.sap.aii.af.mp.module.*;
  import com.sap.aii.af.ra.ms.api.*;
  import com.sap.aii.af.service.auditlog.*;
  import com.sap.aii.af.service.resource.SAPSecurityResources;
  import com.sap.aii.security.lib.KeyStoreManager;
  import com.sap.aii.security.lib.PermissionMode;
  import com.sap.security.core.server.ssf.SsfProfileKeyStore;
  import com.sap.security.api.ssf.ISsfProfile;
  import java.io.UnsupportedEncodingException;
  But even after the above imports I am still getting errors in resolving the following variables in the code.
    KeystoreManager
    keyStore
  What are import statements or jar files I am missing? and where can i find those jar files for making the example work?
  Thanks and Regards,
  Arunava
  Edited by: Arunava Das on Jun 6, 2008 7:05 PM

  Hi All,
  Im working on code which has
  import com.sap.security.api.ssf.ISsfProfile
  But i couldn't find the jar file for that. I think the the package is "com.sap.security.api.ssf".
  Please help me out, where can i get that jar file...?
  Warm Regards,
  DNK Siddhardha.

• How can i add update signed jar file

  I am developing an applet which requires signing to run in a browser.
  I am developing supporting classes. But these class files have to be added
  to the jar. Isnt it??
  But to test the applet i need to load it in the browser each time i modify the class files. So the jar file need to be updated every time. But an
  IOError
  is being displayed when i try to update the signed jar file.
  How can i update signed jar file?? Or is there any othe way to test the signed applet during development??

  How can i update signed jar file?You can't, the signature is there to make sure the content of the jare hasn't been messed
  with.
  Either recreate the jar and re sign it or set up a policy during testing.

• Unable to get jarsigner to sign jar file using pkcs11 smartcard

  I'm using a JDK jdk1.6.0_14 with a datakey smartcard with the below info in pkcs11.cfg file:
  name = DK330
  library = c:\windows\system32\dkck232.dll
  I have also configured the java.security file to include the security.provider.10=sun.security.pkcs11.SunPKCS11 c:/pkcs11.cfg
  I have my environment set for the below to keep it simple as possible:
  JAVA_HOME=C:\Program Files\Java\jdk1.6.0_14
  CLASSPATH=C:\Program Files\Java\jdk1.6.0_14\lib
  PATH=C:\Program Files\Java\jdk1.6.0_14\bin;c:\windows;c:\windows\system32
  1) I am able to Confirm that the secret key is present in the keystore
  keytool -v -list -keystore NONE -storetype PKCS11 -storepass xxxxxx
  Keystore type: PKCS11
  Keystore provider: SunPKCS11-DK330
  Your keystore contains 1 entry
  Alias name: CS.NOLSC.002's U.S. Government ID
  Entry type: PrivateKeyEntry
  Certificate chain length: 1
  Certificate[1]:
  Owner: CN=CS.NOLSC.002, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US, OU=PKI, OU=DoD, O=U.S. Government, C=US
  Issuer: CN=DOD CA-14, OU=PKI, OU=DoD, O=U.S. Government, C=US
  Serial number: 3e8e
  Valid from: Mon Feb 05 14:53:22 EST 2007 until: Thu Feb 04 14:53:22 EST 2010
  Certificate fingerprints:
  MD5: 9D:34:AF:D8:DE:18:15:78:D6:88:3D:37:83:FA:DC:E8
  SHA1: 8A:BB:39:D5:2B:45:F7:CE:A3:93:C5:71:5C:36:DC:FE:3F:B4:7D:9A
  Signature algorithm name: SHA1withRSA
  Version: 3
  Extensions:
  #1: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature etc
  2) When I try to sign the applet using the below commands I get the same errors:
  command 1:
  jarsigner -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg ${java.home}/lib/security/pkcs11.cfg sfilechooser.jar "CS.NOLSC.002's U.S. Government ID"
  I get this error::
  jarsigner error: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_TYPE_INVALID
  command 2:
  jarsigner -verbose -keystore NONE -storetype PKCS11 -storepass xxxxxx sfilechooser.jar "CS.NOLSC.002's U.S. Government ID"jarsigner error: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_TYPE_INVALID
  I can also confirm the jar file that I'm trying to sign is unsigned using the below command without problem.
  C:\Program Files\Java\jdk1.6.0_14\bin>jarsigner -verify -verbose -certs -keystore NONE -storetype PKCS11 sfilechooser.jar
  Enter Passphrase for keystore:
  0 Wed Jul 08 09:36:06 EDT 2009 META-INF/
  71 Wed Jul 08 09:36:06 EDT 2009 META-INF/MANIFEST.MF
  4227 Tue Jun 09 09:56:20 EDT 2009 DirList.class
  0 Wed Jul 08 09:29:52 EDT 2009 FileChooserPackage/
  4728 Tue Jun 09 09:56:20 EDT 2009 FileChooserPackage/DirUtil.class
  809 Fri May 29 13:05:42 EDT 2009 FileChooserPackage/FileChooserBean$AWTFileDialogThread.class
  765 Fri May 29 13:05:42 EDT 2009 FileChooserPackage/FileChooserBean$AWTSaveDialogThread.class
  819 Tue Jun 09 09:56:20 EDT 2009 FileChooserPackage/FileChooserBean$FileChooserBeanThread.class
  1015 Tue Jun 09 09:56:20 EDT 2009 FileChooserPackage/FileChooserBean$FormsDecoderException.class
  815 Tue Jun 09 09:56:20 EDT 2009 FileChooserPackage/FileChooserBean$SaveFileChooserThread.class
  17198 Tue Jun 09 09:56:20 EDT 2009 FileChooserPackage/FileChooserBean.class
  s = signature was verified
  m = entry is listed in manifest
  k = at least one certificate was found in keystore
  i = at least one certificate was found in identity scope
  jar is unsigned. (signatures missing or not parsable)
  ======================================
  What could be my problem to get my applet signed? I'm at a loss.

  I found the problem.
  I was able to use jarsigner correctly after I backed off on the GemPlus driver version from v4.7.062 file name dkck232.dll to the previous version of dkck201.dll at v4.7.062.