Jars can't be signed with different certificates---even by Sun?
I am deploying an application which uses the following jar files:
com.example.application.jar
com.example.support.jar
javax.activation.jar
javax.mail.jar
The latter two are jars signed from Sun, yet JWS complains that the jars have been signed with different certificates. I'm forced to unpack the Sun jars and repackage them,signing them with my own certificate.
Isn't this a little restrictive? Shouldn't jars signed by Sun be exceptions to the "all jars signed by the same certificate" requirement?
Garret
Thanks! The JNLP 1.5 MR specification is a bit opaque about exactly how to do this, but the following site has an example that helped:
http://java.sun.com/j2se/1.5.0/docs/guide/javaws/developersguide/faq.html
The example didn't mention whether I can request all permissions for the component extension, but I suppose I can. Nothing seems to indicate whether I can have component extensions reference other component extensions (JavaMail requires JAF, for example), but it seems to work.
By requesting full permissions for the component extensions, though, I now get two dialogs presented to the user, the first asking if my application should be trusted, and the second asking if Sun Microsystems should be trusted.
If I remove all-permissions from the JavaMail component extension, yet request it for the main application (thereby only presenting the user with one confirmation dialog), will I still be able to perform restricted functionality using JavaMail, such as connecting to remote servers?
Here's what I'm now using, in hopes that it benefits someone else. The main JNLP:
<resources>
<jar href="com.example.jar"/>
<extension name="JavaMail" href="javax.mail.jnlp"/>
</resources>
...javax.mail.jnlp:
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://localhost:8080/" href="javax.mail.jnlp">
<information>
<title>JavaMail</title>
<vendor>Sun Microsystems, Inc.</vendor>
<description>JavaMail API.</description>
<homepage href="http://java.sun.com/products/javamail/"/>
</information>
<security>
<all-permissions/>
</security>
<resources>
<jar href="javax.mail.jar"/>
<extension name="JAF" href="javax.activation.jnlp"/>
</resources>
<component-desc/>
</jnlp>javax.activation.jnlp:
<?xml version="1.0" encoding="UTF-8"?>
<jnlp spec="1.0+" codebase="http://localhost:8080/" href="javax.activation.jnlp">
<information>
<title>JAF</title>
<vendor>Sun Microsystems, Inc.</vendor>
<description>JavaBeans Activation Framework extension.</description>
<homepage href="http://java.sun.com/products/javabeans/glasgow/jaf.html"/>
</information>
<security>
<all-permissions/>
</security>
<resources>
<jar href="lib/javax.activation.jar"/>
</resources>
<component-desc/>
</jnlp>Garret
Similar Messages
-
How can i share documents with different users on the same mac?
How can i share documents with different users on the same mac?
Shared how? The other users can read the documents or you all can read and write the documents?
The first is easy just place the documents in /Users/Shared anyone can access the files there and the other users will be able to read them.
The second is a bit trickier. -
What does this mean and how do I fix it? Error ITMS-9000 "Invalid Code Signing The executable ´viwer.app/ viewer´ must be signed with the certificate that is contained in the provisioning profile"
If you had Firefox save your Yahoo password, first try deleting that here:
orange Firefox button ''or'' classic Tools menu > Options > Security > "Saved Passwords"
The "signed out" message seems to be related to how Yahoo authenticates you. Some users have reported that disabling automatic proxy detection solves the problem, and it also resolves an issue of getting logged out every few minutes, if you have ever experienced that.
To make the change:
orange Firefox button ''or'' classic Tools menu > Options > Advanced
On the "Network" mini-tab, click the "Settings" button, then choose "No Proxy" and OK your way back out.
If your work connection requires you to use a proxy server, try the "Use system settings" option instead.
Does that help? -
Able to install the .ipa signed with distribution certificate using iTunes on MacBook Pro. where as the when tried to install using iTune on PC is causing a problem
The sound input going to the mic is not going to pipe through the speakers like that. It doesn't do it because it would cause a feedback loop on itself. The mic input will take sound and output it to a program or to another pathway (like a VoIP or Facetime call, etc.) but it won't behave like a Karaoke machine if that's what you're thinking.
-
How can restore my ipad with my mac even though I first reset it with another computer
how can restore my ipad with my mac even though I first reset it with another computer
iPad: Basic troubleshooting
http://support.apple.com/kb/TS3274
Update and restore alert messages on iPhone, iPad, and iPod touch
http://www.buybuyla.com/tech/view/012953a0d412000e.shtml
iOS: Resolving update and restore alert messages
http://support.apple.com/kb/TS1275
iPad: Unable to update or restore
http://support.apple.com/kb/ht4097
iTunes: Specific update-and-restore error messages and advanced troubleshooting
http://support.apple.com/kb/TS3694
If you can't update or restore your iOS device
http://support.apple.com/kb/ht1808
Unable to restore from backup of a newer device
http://support.apple.com/kb/ts3682
Cheers, Tom -
Jars not signed with same certificat
Hi,
I have signed my jars with jarsigner and same certificat. I have verify with jarsigner -verify -cert -verbose.
But JWS says than my jars are not signed with the same certificat. I don't undestand why.
Here is the stack :
at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(LaunchDownload.java:1023)
at com.sun.javaws.LaunchDownload.checkSignedResources(LaunchDownload.java:925)
at com.sun.javaws.Launcher.continueLaunch(Launcher.java:814)
at com.sun.javaws.Launcher.handleApplicationDesc(Launcher.java:515)
at com.sun.javaws.Launcher.handleLaunchFile(Launcher.java:218)
at com.sun.javaws.Launcher.run(Launcher.java:165)
at java.lang.Thread.run(Thread.java:595)
How can I know what is the jar with bad certificat ?if you set deployment.property file entry:
deployment.trace.level=all
you should see some debug output in the console and trace file that might help determine what jar it is (I am assuming you are using javaws 5.0)
The problem is probably that although you use the same root certificate chan you purchased for each jar file, the entire certificate chain is not the same.
pleas post the full set of steps you used to sign each jar.
/Andy -
Signing with p12 certificate from client
Hy there
Our client provided us with a p12 format certificate and a password for signing AIR Applications.
When I tried to sign the application in question with the certificate I got the following Error:
Unable to build a valid certificate chain for the signer.
What would google do in this situation?
According to http://www.globalsign.com/support/root-certificate/osroot.php I did the following:
Install the certificate in Internetexplorer
Install the GlobalSign ObjectSign CA in Firefox
Export a new p12 certificate from firefox
Sign the application again with the new p12 certificate
Still getting the same error!
Install the new p12 certificate in Internetexplorer
Again exporting the cert in Firefox
and so on...
No matter what I tried I still got the same error. I am now wondering whether our client needs to sign the application, but this does not seem to make sense since I have a p12 certificate and a password...
I really would appreciate any help on this matter.
Kind regardsAccording to tzengs suggestion I tried to export the certificate again from firefox using "backup all" instead of "backup" with no effect.
One thing which I am still not sure of:
Can my client give me a p12 certificate which I can use as it is to sign my application using the provided password or do I have to process this certificate first?
Depending on the answer to this question I need to take different action:
YES: I need to tell my client to export the certificate in a different manner in order to "create the complete chain"
NO: The certificate from my client is fine but I still need to figure out how to change the certificate so that I don't get the error.
Thanks for your help. -
For FF19 with PDFs, can the yellow "Open With Different Viewer" pop-up bar be disabled?
Hi all, I really like the built in PDF viewer because search as a I type works with, thanks FF devs!
But ... I get this yellow pop-up with many PDFs I view:
This PDF document might not be displayed correctly and a button for Open With Different Viewer
The thing is these PDFs seem fine and I have to close the warning every time.
Is there anyway this pop-up can be disabled or I can set an about:config setting to skip it? I can manually save a PDF or disable FF19's viewer if there's a noticeable problem with the FF19 viewer.Ok, since the pop up bar can't be disabled I'll disable the built in PDF viewer. Too bad, I like the search as you type feature with PDFs but this un-disable-able pop-up bar is not user friendly.
-
Error: java.util.map can not be inherited with different arguments
Hi,
I am getting following error while building the source code.
C:\venus\src\com\martquest\messaging\msgio\MqMessageIOObjectCarrier.java:36: java.util.Map cannot be inherited with different arguments: <> and <java.lang.Object,java.lang.Object>
[javac] public class MqMessageIOObjectCarrier extends Properties implements IMqMessageIOObjectCarrier
What should I do to resolve this issue?
Thanks
PrachiHi,
I am getting following error while building the
source code.whose source code? If it's yours, you'd better look at where you are defining and using Map. The error code tells you exactly what's wrong. -
BT Hub 2.0 - Can I use this with different ISP?
I use TalkTalk as my ISP and have recently had a BT engineer call-out due to my very low BB speed. As my master socket is in the lounge dowstairs and I want the PC upstairs the BT man suggested I switch to wireless.
Bought the BT Hub 2.0 on recommendation, but have now read that it can only be used when BT is the ISP.
Is this correct and is there anyway around it?The BT Homehub can only be used with BT Broadband, it is possible to "flash the firmware" to unlock it to other ISPs, but this is not really a simple task.
Why not contact talk talk and tell them you are thinking of leaving, I am sure they will do you a deal and send you a new wireless router, or you could always get one from that well known on line auction website.
(If I have helped you in any way to say "Thank You" please click on the star next to the message. Thank You)
If I have solved your Issue please click the "Mark as accepted solution" button. -
HP 6730b can I swap screens with different resolutions?
Hi,
Is it possible to swap screens with different resolutions on a HP 6730b?
Mine is 1680x1050 pixels and I want to find a 1280x800 screen to replace it.
(letters are far too small for an old fart like me. ;-)
The resolution list does support 1280x800 but it looks like viewing the screen through dirty glasses.
Just wondering if the interface is the same.
Cheers,
BasUsually people want to go in the other direction. Here is the Service Manual:
Manual link
The parts list shows a panel that is SXGA+ (1400 x 1050) and a WXGA (1280 x 768 or 800) panel.
There are multiple motherboards, but the only difference appaears to be whether there is a slot for a cellular card or not. In other words if you install the WXGA panel the motherboard should work with it and you will get 1280 x 800 resolution looking good. Laptop displays and other digital panels only work at their maximum aka native resolution and you get that muddy look if you try to run them at a lower res. You want to buy the whole panel with the cable designed for the WXGA....sometimes the cables will not work with a different resolution screen. Post back if you need further help finding a screen. You may find it cheaper and easier to sell or trade your laptop for one with the lower resolution screen. -
Can i call signed applet from jsf page in sun studio creator
Hello javites,
I want to know whether i can call signed applet from jsf page in sun studio creator. If possible, how do i go about it.
Thanks.This tutorial may help:
http://developers.sun.com/prodtech/javatools/jscreator/reference/techart/2/applet.html?feed=DSC -
Jars signed with revoked certificate
Hello,
I have a situation here where i have jars and wars which were signed using jarsigner. The certificate used to sign the jars is now revoked.
When java runtime loads these jars, it does not throw any errors/exceptions. Is it the right behavior ?
Is there any way by which I can configure java runtime to contact the CRL and to throw an error while the jar is loaded. The certificate has information
about CRL distribution point and also has authorityinfo access details. I tried configuring OCSP in java.security file. But still no luck.
Any information on this will be helpful.
Thanks in advanceHello EJP,
Thanks for replying.
Yes the certificate was valid when the jar was signed. Please note that, there was no timestamp put in the signature.
So now after the certificate has been revoked, if Java runtime tries to load that jar, isn't it the responsibility of Java runtime to make use of the CRL/OCSP information
of the public key certificate (present in the jar put by the jarsigner when signing) and validate it for revocation ? (Also, in this scenario, what happens if OCSP is enabled in java.security ?) -OR--- Is it the responsibility of the code that makes use of the jar, to verify whether the certificate used for jar signing has been revoked or not ?
PS:- I have enabled the security settings in java control panel for certificate revocation checking.
Please let me know if I am wrong or if I am missing something.
Also i noticed something with jarsigner. In a signed jar, If i delete a few files and then verify its signature using jarsigner, "jar verified" is returned as result. Isn't the jar tampered when I delete a few files from it ? and hence the Hash of its data changes ? and hence verification should fail ?
One more question, in case of signed applets, if the certificate is revoked, as soon as the browser tries loading the applet, it throws an error saying certificate that was used for signing has been revoked. (provided browser settings and java control panel settings are all properly set). Is this check initiated by the browser OR Java runtime ?
Thanks a lot -
Signing with Code Certificate from COMODO ?
Hi,
does anyone have some experience with a Code Signing Certificate from COMODO ?
I exported the certificate from Chrome or IE and tried the signing for a ja file,
but get:
jar signed.
Warning:
The signer's certificate chain is not validated.
Can anyone help me ?
Many thanks.According to tzengs suggestion I tried to export the certificate again from firefox using "backup all" instead of "backup" with no effect.
One thing which I am still not sure of:
Can my client give me a p12 certificate which I can use as it is to sign my application using the provided password or do I have to process this certificate first?
Depending on the answer to this question I need to take different action:
YES: I need to tell my client to export the certificate in a different manner in order to "create the complete chain"
NO: The certificate from my client is fine but I still need to figure out how to change the certificate so that I don't get the error.
Thanks for your help. -
Can't Log In with Different AppleID
I accidentally tried to log in with the wrong AppleID this morning and now I don't even get the option of trying to log in under a different ID.
Every time I try, I click "log in" and the next page that comes up already has the wrong ID listed and offers me the option of signing up for a new account. I click "Log out of this AppleID" and try again, but it ALWAYS auto fills the wrong ID and takes me to the sign-up page. I never get the option to re-write the ID.
I'm using a different browser right now to write this, but I don't want to have to use only one browser to be on this site. Can you tell me how to fix this problem?
Thank you!Well, that worked to a degree - I got to re-choose my login ID, so thank you very much for that. It looks like I can't login using Google Chrome, though. Now, my ID is just blank space. Very, very weird.
Thanks anyway!
Maybe you are looking for
-
Why did some of the filters in Photoshop Elements 11 stopped working?
Hi, I can't use some of the filters (comic, pen and ink) in Photoshop Elements 11 (for Mac) since yesterday. They worked perfectly before... I have tryed to reset the default preferences, but it didn't give any result. Is there anyone who can help me
-
Oracle 8i online docs web pages not working in IE5.5?
Up until about a week ago, I was able to browse the online docs for Oracle 8i, using Internet Explorer 5.5 SP2 on Windows 2000 SP2. Now, I am getting incomplete web page loads and/or pages that repeatedly reload themselves. I do not experience this p
-
Problems with Safari Loading Sites and Photos
For the past week (Feb. 2015) I've experience problems with Safari loading websites on my 2009 20" iMac desktop. Running version OSX Lion 10.7.3 4 GB. Intel Duo Core 2.66 GHz Mac also will frequently not upload photos at websites like Yahoo News o
-
When I click on iTunes the app it goes to it but then closes and goes back to my home scree
My iTunes keeps closing out
-
Folder action kicks in too early
I have a little applescript that is to add all files that are added to a specific folder to an iTunes playlist. I added the script as a folder action to the folder. It seems to work fine with single files. However, when I copy several files (which ta