Signed app + signed jars help

Hello
Is there anywhere that definitively stated how to configure a jnlp to deploy an application that has to be signed and uses jars that are signed by a some other third party? This is routine for applete deployment, and I recognize how jws is an evolution of that engineering, however I am nonplused as to how to do it clearly. Thank you.

Hello (to my self;is that allowed in public. dont they call that...)
I found my answer here:
http://java.sun.com/products/javawebstart/faq.html#72
And I have a test app that uses three signed jars. I have created three extension elements right under the <jar href="myjar1.jar"/> to refer to the three jnlp for the separate signed jars.
The problem is I am getting the wrong error. It is saying my syntax is wrong with on my myjar1.jnlp file with the included extension elements. If I remove the extension elements, it proceeds to load and eventually dies when it calls for classes in one of those jars. I am "sure" the syntax of the extension element is right or at least as indicated in the link above. Even if I remove all but one of the extension elements, assuming some type of dtd nesting, it still fails the same way as when all three (n) are in. Can someone please help on this? I have no more resources or clues. tia.

Similar Messages

  • Why is it that I can't sign in on facetime, but I can sign in on app.store? With facetime,I'm getting an error, invalid username and password eventhough I have typed exactly the same when I'm signing in on the app.store. pls.help, thanks

    Why is it that I can't sign in on facetime, but I can sign in on app.store? With facetime,I'm getting an error, invalid username and password eventhough I have typed exactly the same when I'm signing in on the app.store. pls.help, thanks

    1. Make sure software is up to date
    2. Make sure FaceTime is enabled; Settings>FaceTime
    3. Make sure Date and Time is correctly set; Settings>General>Date and Time>Set Automatically>On
    4. Make sure Push Notification is enabled
    5. Make sure phone number or email address is correct
    6. Hold the Sleep and Home button down (together) until you see the Apple Logo

  • Signed Jar not sending Emails.  PLEASE HELP!

    Hello,
    I'm having problems with my Signed Jar and Emails
    I used the KeyTool and jarsigner to sign my jar, but it still won't send emails.
    Everything works as classes, but as soon as I package it up in a jar and then sign it, it stops working.
    Can anyone help Please!

    I have included the package in my jar.
    I did find something on JGuru that suggested that I'm lacking in Meta-Inf files. I guess the SMTP package looks for additional files in the Meta-inf directory of my JAR. When Packaging it up using JBuilder, JBuildr doesn't include these files. I'm going to give that a whorl.

  • Problems with signed JAR files in JWS/JRE6 environment.

    Hello All,
    I'm encountering a problem running our desktop application as a Java Web Start deployment in a JRE 6 environment. There were never any problems when running the same application as a JWS deployment in JRE 1.4, or 5, environments. There are also currently no problems in a JRE 6 environment when running the application as a standard desktop application.
    The problem which I am having has nothing to do with launching the application. But for good measure, I verified the JNLP file with JaNeLA. A couple things we out of order, which I addressed to make JaNeLA happy, but my problem still persists. Here is my JNLP file (anonymized to protect the innocent):
    TS: 2010-10-18 17:04:46
    <?xml version="1.0" encoding="UTF-8"?>
    <jnlp codebase="$$codebase" href="$$name">
         <information>
              <title>Acme Desktop</title>
              <vendor>Acme Corporation</vendor>
              <homepage href="http://www.acme.com/"/>
              <description>Acme Client for Acme Server</description>
              <description kind="tooltip">Acme Client for Acme Server</description>
              <icon href="desktop.gif"/>
              <offline-allowed/>
         </information>
         <security>
              <all-permissions/>
         </security>
         <resources>
              <j2se version="1.5+"/>
              <jar href="acmedesktop.jar" download="eager" version="8.00.01.00+"/>
              <jar href="lib/antlr-2.7.2.jar" download="eager" version="8.00.01.00+"/>
              <jar href="lib/backport-util-concurrent.jar" download="eager" version="8.00.01.00+"/>
              <jar href="lib/commons-codec-1.3.jar" download="eager" version="8.00.01.00+"/>
              <jar href="lib/commons-httpclient.jar" download="eager" version="8.00.01.00+"/>
              <jar href="lib/commons-logging.jar" download="eager" version="8.00.01.00+"/>
              <jar href="lib/acmeapi.jar" download="eager" version="8.00.01.00+"/>
              <jar href="lib/HelpJavaDT.jar" download="eager" version="8.00.01.00+"/>
              <jar href="lib/HelpJavaDT_es.jar" download="eager" version="8.00.01.00+"/>
              <jar href="lib/jacorb.jar" download="eager" version="8.00.01.00+"/>
              <jar href="lib/Multivalent.jar" download="eager" version="8.00.01.00+"/>
              <jar href="lib/slf4j-api-1.5.6.jar" download="eager" version="8.00.01.00+"/>
              <jar href="lib/slf4j-jdk14-1.5.6.jar" download="eager" version="8.00.01.00+"/>
              <jar href="lib/snow.jar" download="lazy" version="8.00.01.00+"/>
              <jar href="lib/AcmeTMClient.jar" download="eager" version="8.00.01.00+"/>
              <jar href="lib/xercesImpl.jar" download="eager" version="8.00.01.00+"/>
              <jar href="lib/xml-apis.jar" download="eager" version="8.00.01.00+"/>
              <extension name="installer" href="desktopInstaller.jnlp" />
              <extension name="Java Help" href="help.jnlp"/>
              <property name="java.library.path" value="./lib"/>
              <property name="admin" value="false"/>
              <property name="webstart" value="true"/>          
              <!-- The following two lines are for SSO implementation only
              <property name="urladdress" value="http://localhost:8080/AcmeDesktop/servlet/AcmeServlet"/>
              <property name="cookiespec" value="RFC2109"/>
              -->          
         </resources>
         <resources os="Windows">
              <nativelib href="lib/jniWin32.jar" version="8.00.01.00+"/>
         </resources>
         <application-desc main-class="desktop"/>     
    </jnlp>-----
    When running as a JWS deployment, on JRE 6, the application will be functioning normally for a little while, and then suddenly the following exception is thrown, and the current operation fails because the class in question cannot be accessed:
    java.lang.SecurityException: class "acmeapi.communication.CDocImpl"'s signer information does not match signer information of other classes in the same package
         at java.lang.ClassLoader.checkCerts(ClassLoader.java:807)
         at java.lang.ClassLoader.preDefineClass(ClassLoader.java:488)
         at java.lang.ClassLoader.defineClassCond(ClassLoader.java:626)
         at java.lang.ClassLoader.defineClass(ClassLoader.java:616)
         at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141)
         at java.net.URLClassLoader.defineClass(URLClassLoader.java:283)
         at java.net.URLClassLoader.access$000(URLClassLoader.java:58)
         at java.net.URLClassLoader$1.run(URLClassLoader.java:197)
         at java.security.AccessController.doPrivileged(Native Method)
         at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
         at com.sun.jnlp.JNLPClassLoader.findClass(JNLPClassLoader.java:288)
         at java.lang.ClassLoader.loadClass(ClassLoader.java:307)
         at java.lang.ClassLoader.loadClass(ClassLoader.java:248)
         at acmeapi.common.CDoc.getAnnotationsInfo(CDoc.java:493)
         at acmedesktop.communication.CCommunicationManager.privateGetAnnotations(CCommunicationManager.java:1976)
         at acmedesktop.communication.CCommunicationManager.getAnnotations(CCommunicationManager.java:1828)
         at acmedesktop.annotations.CViewAnnotations.getAnnotations(CViewAnnotations.java:826)
         at acmedesktop.annotations.CViewAnnotations.createView(CViewAnnotations.java:583)
         at acmedesktop.annotations.CViewAnnotations.setData(CViewAnnotations.java:736)
         at acmedesktop.annotations.CViewAnnotations.init(CViewAnnotations.java:205)
         at acmedesktop.hitspanel.CHitsPanel.viewAnnotations(CHitsPanel.java:281)
         at acmedesktop.hitspanel.CHitsTab$3.mousePressed(CHitsTab.java:316)
         at java.awt.AWTEventMulticaster.mousePressed(AWTEventMulticaster.java:263)
         at java.awt.Component.processMouseEvent(Component.java:6260)
         at javax.swing.JComponent.processMouseEvent(JComponent.java:3267)
         at java.awt.Component.processEvent(Component.java:6028)
         at java.awt.Container.processEvent(Container.java:2041)
         at java.awt.Component.dispatchEventImpl(Component.java:4630)
         at java.awt.Container.dispatchEventImpl(Container.java:2099)
         at java.awt.Component.dispatchEvent(Component.java:4460)
         at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4574)
         at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4235)
         at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4168)
         at java.awt.Container.dispatchEventImpl(Container.java:2085)
         at java.awt.Window.dispatchEventImpl(Window.java:2478)
         at java.awt.Component.dispatchEvent(Component.java:4460)
         at java.awt.EventQueue.dispatchEvent(EventQueue.java:599)
         at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:269)
         at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:184)
         at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:174)
         at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:169)
         at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:161)
         at java.awt.EventDispatchThread.run(EventDispatchThread.java:122)-----
    The classes of our desktop product are contained within the 'acmedesktop' and 'acmeapi' packages. It requires access to the hard drive of the workstation, and therefore, all jar files included with the application are signed using the following ANT task when compiled:
    <signjar keystore="resources/codesigning/keystore.pfx" storetype="pkcs12" storepass="myPassword" alias="myAlias">
         <fileset dir="${jws_dist}/app" includes="*.jar"/>
         <fileset dir="${jws_dist}/app/lib" includes="*.jar" excludes="jhall__V${dt_version}.jar"/>
    </signjar>-----
    Therefore, all classes, within all jar files, are signed with the same certificate (with the exception of the JavaHelp libraries, which are already signed by Sun - but the class in question attempting to be loaded here is not contained within the JavaHelp jar file anyway). So, the point being, that the exception message stating that the "signer information of the acmeapi.communication.CDocImpl class doesn't match the signer information of other classes in the same package", is simply not correct. All classes within that jar file were signed using the same certificate.
    I downloaded the JRE 6 source from dev.java.net and picked through this issue with a debugger. The ClassLoader.checkCerts() method compares the certificate used to sign the current class which is attempting to be loaded, with the certificates which signed all other previously loaded classes within the same package. If they don't match, the exception above is thrown. What is causing the issue is when the checkCerts() method attempts to get the certificates which signed the currently loading class, null is returned. And obviously, comparing null, with an array of the certificates which signed the previously loaded classes, isn't going to match; therefore this exception is thrown.
    The checkCerts() method gets the certificates of the currently loading class by calling the java.security.CodeSource.getCertificates() method. Tracing deeper in the debugger, the CodeSource object ultimately gets the certificates from the 'signersRef' member variable of the com.sun.deploy.cache.CachedJarFile class. signerRef is a SoftReference object and can therefore be garbage collected at some point. If it has already been garbage collected, the CachedJarFile class will attempt to retrieve it again from the loaded cache entry by calling com.sun.deploy.cache.MemoryCache.getLoadedResource().
    The MemoryCache class maintains the cache entries to the jar files as MemoryCache.CachedResourceReference objects, which subclass WeakReference, and therefore these objects can be garbage collected as well. If the cache entries have also been garbage collected, this leaves the CachedJarFile class with no ability to repopulate the CachedJarFile.signerRef object. Therefore it is completely out of luck getting the certificates which signed the currently loading class, which ultimately causes the above exception.
    When the com.sun.deploy.cache.Cache class attempts to retrieve a cache entry using its getCacheEntry() method, it will attempt to get the entry from the MemoryCache class, if null is returned, it will recreate the cache entry and add it back to the MemoryCache. In contrast, when the CachedJarFile class attempts to get a cache entry from the MemoryCache class, if null is returned, it just gives up.
    (from com.sun.deploy.cache.CachedJarFile:244)
    private CacheEntry getCacheEntry() {
         /* if it was not created by Cache do not search for entry */
         if (resourceURL == null)
              return null;
         CacheEntry ce = (CacheEntry) MemoryCache.getLoadedResource(resourceURL);
         if (ce == null) {
              //This should not happen because CacheEntry should not get collected
              // before CachedJarFile is collected.
              Trace.println("Missing CacheEntry for " + resourceURL + "\n" + ce,
                   TraceLevel.CACHE);
         return ce;
    When debugging, code execution falls within the code block with the comment stating "This should not happen...", but it is happening in my case.
    On an interesting side note, using the jvisualvm.exe tool included with JDK 6, I was able to tell that it seems as though these objects are collected the first time that the JVM allocates more heap space, and then the issue will occur. If I set the initial heap size very large (using -Xms) this issue won't occur at all. But that is kind of a bad solution which I would rather not do, but it is interesting to note for the sake of troubleshooting this issue. The max heap size (-Xmx) is plenty big enough, so the issue is not that we are running out of memory here.
    Does anyone have any insight as to what could be causing this? I've searched, and found a couple threads with similar problems but with no clear solutions. It is not just one workstation either, it happens everywhere I deploy the app as a Java Web Start application in a JRE 6 environment. I have been using version 1.6.0_18 on XP, but it seems to happen on any update version of 1.6. Is the fact that the CachedJarFile class doesn't attempt to reload the resource when it can't retrieve it from MemoryCache a bug? I've dug as deep as I can on this and I'm at wits end, does anybody have any ideas?
    Thank you
    Jake
    Edited by: jkc532 on Nov 12, 2010 10:35 AM

    jkc532 wrote:
    .. Is the fact that the CachedJarFile class doesn't attempt to reload the resource when it can't retrieve it from MemoryCache a bug? From your comprehensive investigation and report, it seems so to me.
    ..I've dug as deep as I can on this and I'm at wits end, does anybody have any ideas?Just after read the summary I was tired, so I have some understanding of the effort you have already invested in this (the 'wits' you have already spent). I think you should raise a bug report and seek Oracle's response.

  • Signed jars + CGLIB = SecurityException

    Good Day!
    I have the following problem:
    My project uses a number of JARs signed with a jarsigner tool from JAVA distribution package including hibernate2.jar (the jar with all the hibernate stuff), spring.jar and cglib.jar (I think, exact names doesn't matter). All this jars are signed off course for security reasons.
    Then, I have my project working with Hibernate, and it uses lazy-initialized ORM-classes, so Hibernate tries to generate a proxy via CGLIB for these classes. But during initialization of Hibernate SessionFactoryImpl I'm getting a java.lang.SecurityException:
    java.lang.SecurityException: class "cern.spsea.hibernatebeans.BeamFileHibernateBean$$EnhancerByCGLIB$$773cc7e9"'s signer information does not match signer information of other classes in the same package
    cern.spsea.hibernatebeans.BeamFileHibernateBean is one of my ORM-classes and all my classes are not signed because they are in development (they are not in jar, so they can not be signed).
    I think it happens because signed code (from hibernate.jar and cglib.jar) tries to generate another signed code (cern.spsea.hibernatebeans.BeamFileHibernateBean$$EnhancerByCGLIB$$773cc7e9) but relate it to my unsigned package (cern.spsea.hibernatebeans).
    So, I have a couple of questions:
    1. Does signed code generates also signed code?
    2. If so, what can I do for development? I really need to avoid this problem only at development, because at release my classes will be also in the signed jars. Can I force CGLIB to generate not signed classes? Is it some options in JVM start command to skip security checking? May be something else?
    Any help is appreciated!
    Thanks a lot in advance!
    Roman

    In my jboss environment I hit the problem because I had a JWS client download war with signed versions of the jar files.
    The fix was to have unsigned versions of the server-side war files (session ejbs with hibernate + pojos inside) FIRST in my application.xml file (jars enter the "classpath" in the order that they are in that file) ahead of the web app .war file for the JWS downloads.

  • Correct way to sign jars...

    oky nobodies helping with my web start app... could enyone maybe tell me the correct way to sign jars and how to test if theyre done right? then i can atleast start finding my problem. :P

    http://weblogs.java.net/blog/kirillcool/archive/2005/05/signing_jars_fo.html

  • SunOne ignores signed jars -- bug?

    This is a follow-up to http://softwareforum.sun.com/NASApp/jive/thread.jsp?forum=69&thread=18672.
    The use of signedBy grant blocks appears to be broken, at least for signed jars that are deployed as part of an ear file. I created and signed a small jar that attemps to do a few normally forbidden things, then added these entries to the server.policy file:
    keystore "file:${/}C:${/}Sun${/}AppServer7${/}codesign.keystore";
    grant signedBy "codesign" {
    permission java.util.PropertyPermission "*", "read,write";
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
    Then I included the jar in a small enterprise app in which an EJB called the "forbidden" methods. In spite of the entires in server.policy, the code still fails due to AccessControlExceptions.
    Running with -Djava.security.debug=policy reveals:
    [04/Apr/2003:09:56:46] WARNING ( 2176): CORE3283: stderr: policy: getPermissions:
    [04/Apr/2003:09:56:46] WARNING ( 2176): CORE3283: stderr:      PD CodeSource: (file:/C:/Sun/AppServer7/domains/domain1/server1/applications/j2ee-apps/cms_3/./lib/SignedJarTest.jar <no certificates>)
    Note the <no certificates>
    Running the class from the command line -- using the exact same jar, and using the SunOne JVM and server.policy file -- is successful.:
    java -cp ./Sun/AppServer7/domains/domain1/server1/applications/j2ee-apps/cms_3/lib/SignedJarTest.jar -Djava.security.manager -Djava.security.policy=C:/Sun/AppServer7/domains/domain1/server1/config/server.policy -Djava.security.debug=policy com.seabase.scratch.crypto.SignedJarTest
    policy: getPermissions:
    PD CodeSource: (file:/C:/Sun/AppServer7/domains/domain1/server1/applicat
    ions/j2ee-apps/cms_3/lib/SignedJarTest.jar [
    Version: V1
    Subject: CN=Patrick Jones, OU=DOE Project, O=SEA, L=New Orleans, ST=Louisiana,
    C=US
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@72ffb
    Validity: [From: Tue Apr 01 12:34:18 CST 2003,
                   To: Sun Jul 20 01:34:18 CDT 2003]
    Issuer: CN=CA, OU=DOE Project, O=SEA, L=New Orleans, ST=Louisiana, C=US
    SerialNumber: [    4a821187 ]
    ... etc
    SunOne evidently ignores the fact that this jar is signed. This appears to be a bug.

    Java Plug-in 1.6.0_26
    Using JRE version 1.6.0_26-b03 Java HotSpot(TM) Client VM
    User home directory = C:\Users\dbladorn
    c:   clear console window
    f:   finalize objects on finalization queue
    g:   garbage collect
    h:   display this help message
    l:   dump classloader list
    m:   print memory usage
    o:   trigger logging
    q:   hide console
    r:   reload policy configuration
    s:   dump system and deployment properties
    t:   dump thread list
    v:   dump thread stack
    x:   clear classloader cache
    0-5: set trace level to <n>
    exception: exit(-1).
    ExitException[ 4]java.lang.RuntimeException: exit(-1)
         at com.sun.javaws.Main.systemExit(Unknown Source)
         at com.sun.javaws.security.AppPolicy.grantUnrestrictedAccess(Unknown Source)
         at com.sun.javaws.LaunchDownload.checkSignedResourcesHelper(Unknown Source)
         at com.sun.javaws.LaunchDownload.checkSignedResources(Unknown Source)
         at sun.plugin2.applet.JNLP2Manager.prepareLaunchFile(Unknown Source)
         at sun.plugin2.applet.JNLP2Manager.loadJarFiles(Unknown Source)
         at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
         at java.lang.Thread.run(Unknown Source)
    Exception: ExitException[ 4]java.lang.RuntimeException: exit(-1)

  • Loading images in a signed jar

    Hi,
    I am trying to run an application using signed jars.
    One of the jars contains gif and jpeg files (icons).
    When I sign icons.jar and try to run the code (from
    the command line), I get the error listed below.
    Any help would be greayly appreciated.
    Thanks
    Charles
    An unexpected exception has been detected in native code outside the VM.
    Unexpected Signal : EXCEPTION_ACCESS_VIOLATION (0xc0000005) occurred at PC=0x76136B9
    Function=JNI_OnLoad+0x24D
    Library=C:\j2sdk1.4.2_02\jre\bin\jpeg.dll
    Current Java thread:
         at sun.awt.image.JPEGImageDecoder.readImage(Native Method)
         at sun.awt.image.JPEGImageDecoder.produceImage(JPEGImageDecoder.java:144)
         at sun.awt.image.InputStreamImageSource.doFetch(InputStreamImageSource.java:254)
         at sun.awt.image.ImageFetcher.fetchloop(ImageFetcher.java:172)
         at sun.awt.image.ImageFetcher.run(ImageFetcher.java:136)
    Dynamic libraries:
    0x00400000 - 0x00407000      C:\j2sdk1.4.2_02\bin\javaw.exe
    0x77F50000 - 0x77FF6000      C:\WINDOWS\System32\ntdll.dll
    0x77E60000 - 0x77F45000      C:\WINDOWS\system32\kernel32.dll
    0x77DD0000 - 0x77E5B000      C:\WINDOWS\system32\ADVAPI32.dll
    0x78000000 - 0x7806E000      C:\WINDOWS\system32\RPCRT4.dll
    0x77D40000 - 0x77DC6000      C:\WINDOWS\system32\USER32.dll
    0x77C70000 - 0x77CB0000      C:\WINDOWS\system32\GDI32.dll
    0x77C10000 - 0x77C63000      C:\WINDOWS\system32\MSVCRT.dll
    0x08000000 - 0x08138000      C:\j2sdk1.4.2_02\jre\bin\client\jvm.dll
    0x76B40000 - 0x76B6C000      C:\WINDOWS\System32\WINMM.dll
    0x10000000 - 0x10007000      C:\j2sdk1.4.2_02\jre\bin\hpi.dll
    0x00820000 - 0x0082E000      C:\j2sdk1.4.2_02\jre\bin\verify.dll
    0x00830000 - 0x00849000      C:\j2sdk1.4.2_02\jre\bin\java.dll
    0x00850000 - 0x0085D000      C:\j2sdk1.4.2_02\jre\bin\zip.dll
    0x03240000 - 0x0334F000      C:\j2sdk1.4.2_02\jre\bin\awt.dll
    0x73000000 - 0x73023000      C:\WINDOWS\System32\WINSPOOL.DRV
    0x76390000 - 0x763AA000      C:\WINDOWS\System32\IMM32.dll
    0x771B0000 - 0x772C0000      C:\WINDOWS\system32\ole32.dll
    0x5AD70000 - 0x5ADA4000      C:\WINDOWS\system32\uxtheme.dll
    0x033C0000 - 0x03410000      C:\j2sdk1.4.2_02\jre\bin\fontmanager.dll
    0x73760000 - 0x737A5000      C:\WINDOWS\System32\ddraw.dll
    0x73BC0000 - 0x73BC6000      C:\WINDOWS\System32\DCIMAN32.dll
    0x73940000 - 0x73A07000      C:\WINDOWS\System32\D3DIM700.DLL
    0x07610000 - 0x0762E000      C:\j2sdk1.4.2_02\jre\bin\jpeg.dll
    0x76C90000 - 0x76CB2000      C:\WINDOWS\system32\imagehlp.dll
    0x6D510000 - 0x6D58C000      C:\WINDOWS\system32\DBGHELP.dll
    0x77C00000 - 0x77C07000      C:\WINDOWS\system32\VERSION.dll
    0x76BF0000 - 0x76BFB000      C:\WINDOWS\System32\PSAPI.DLL
    Heap at VM Abort:
    Heap
    def new generation total 576K, used 571K [0x10010000, 0x100b0000, 0x104f0000)
    eden space 512K, 99% used [0x10010000, 0x1008ecb8, 0x10090000)
    from space 64K, 99% used [0x100a0000, 0x100afff8, 0x100b0000)
    to space 64K, 0% used [0x10090000, 0x10090000, 0x100a0000)
    tenured generation total 1784K, used 1163K [0x104f0000, 0x106ae000, 0x14010000)
    the space 1784K, 65% used [0x104f0000, 0x10612c28, 0x10612e00, 0x106ae000)
    compacting perm gen total 6912K, used 6759K [0x14010000, 0x146d0000, 0x18010000)
    the space 6912K, 97% used [0x14010000, 0x146a9c48, 0x146a9e00, 0x146d0000)
    Local Time = Sun Oct 26 16:26:58 2003
    Elapsed Time = 10
    # The exception above was detected in native code outside the VM
    # Java VM: Java HotSpot(TM) Client VM (1.4.2_02-b03 mixed mode)
    # An error report file has been saved as hs_err_pid3068.log.
    # Please refer to the file for further information.
    Corrupt JPEG data: bad Huffman code

    http://developer.java.sun.com/developer/bugParade/bugs/4675817.html
    You must try using WinZip & not compressing the jpeg's.

  • Peculiar issue with signed .jars and Linux (Debian unstable, 2.4.20-custom)

    BACKGROUND:
    I am a developer working on a Java3D application, which is to be deliverable over
    the Web. Delivery as an applet seemed a natural choice, and so I spent a considerable amount of effort learning (I won't say "mastering") the process of
    creating a self-signed .jar containing java3d-<some_version>.exe. I have in fact
    successfully created a fully-fuctional from-scratch JPI/Java3D/myapp install. By
    this I mean that Windows machine with only stock IE installed could hit my URL,
    get the proper JPI installed, followed by the Java3D runtime I'd chosen, as well
    as a third-party DXF loader, and finally (after much clicking of 'Yes', 'Accept',
    'OK', etc.) see my app in a browser window.
    That was on my old, slow, Windows2000 workstation. Now I have a shiny, new
    workstation upon which my employer has graciously allowed me to run Linux. Sadly,
    the re-creation of the self-signed .jar files under a new JDK has not gone smoothly.
    PROBLEM DESCRIPTION:
    When a user attempts to download the self-signed .jar containing the auto-install
    executable for the Java3D runtime, the normal security warning prompts are displayed (one for granting to install the extension, one to accept the "suspect" certificate from me alone). The plugin happily downloads the .jar file, and then
    a NullPointerException is thrown, with a
    stack trace like:
    NPE!
    at java.util.zip.ZipFile.getInputStream (unknown source)
    at java.util.jar.JarFile.getInputStream (unknown source)
    <something>doPrivileged<something>
    etc.
    I apologize for the lack of a full stack trace; I would essentially have to type it in by hand after printing it out on the remote test box; I hope that I've caught the important details above.
    After this, the pure-java signed .jar is downloaded and installed, and then the applet "loads" with the predictable ClassNotFoundException for javax.media.j3d.SceneGroup.
    Downloading and installing the J3D runtime by hand and then re-visiting the URL results in a fully-functional applet.
    I've tried Blackdown Linux JDKs 1.4 and 1.3.1, as well as Sun's JDKs 1.3.1_07 and 1.3.1_05 for the compiling, jar'ing, and jarsigner'ing of these files, all with the same result. At each new JDK, I re-did the HTML conversion so that he appropriate
    JPI version was required on the client. I did complete uninstallations of all client JPI instances (including Web Start for 1.4.1_x, as well as cleaning the registry on the client).
    When this strategy worked, it was on Sun JDK 1.3.1_05 for Windows runnning on Windows2000, unknown service pack.
    DESIRED BEHAVIOR:
    I would like my clients to be able to go from stock Windows2K/IE (this being an intranet without any other options) to some JPI version running the J3D extension, with only the need to click 'OK', 'Accept', 'Grant This Session', etc. a bunch of times on the part of the user. I want this to happen without my having to resurrect my decrepit old Compaq Deskpro just to play the role of "build host" for my
    Java3D and loader .jar files, if at all possible.
    FILES:
    Here's what gets merged into the "main" applet's mainfest at creation time:
    Manifest-Version: 1.0
    Extension-List: java3d DxfLoader
    java3d-Extension-Name: javax.media.j3d
    java3d-Implementation-Vendor-Id: com.sun
    java3d-Implementation-Version: 1.3
    java3d-Specification-Title: Java 3D API Specification
    java3d-Specification-Version: 1.3
    java3d-Specification-Vendor: Sun Microsystems, Inc
    java3d-Implementation-URL: http://10.1.1.1/heartcad/lib/java3d.jar
    DxfLoader-Extension-Name: eupla.dxfloader
    DxfLoader-Implementation-Title: Eupla DXFLoader
    DXFLoader-Implementation-URL: http://10.1.1.1/heartcad/lib/DxfLoader.jar
    And into the manifest for the J3D .jar:
    Manifest-Version: 1.0
    Implementation-Version: 1.3
    Specification-Version: 1.3
    Extension-Installation: "java3d-1_3-windows-i586-directx-rt.exe"
    Extension-Name: javax.media.j3d
    Implementation-Vendor-Id: com.sun
    Implementation-Vendor: Sun Microsystems, Inc
    Specification-Vendor: Sun Microsystems, Inc

    I have seen that bug, and the problem I'm having seems to be different than it. The extension installer is in the first extension .jar my applet asks for, and it
    never works automatically, regardless of how many times the applet is loaded.
    The second .jar, which doesn't have to run any installer, always works fine, but the first one will never work (a manual install of the Java3D runtime is required). This seems to not be the behavior described in the bug.
    I will continue to search for an answer to this problem, and of course if I should find anything I'll post it here.

  • Different signed jars need to be passed to the client.

    Hi,
    My requirement is that I have a list of my jar files that are signed by me and a set of another jar files that are not signed by me, but a third party. I require that these be signed by the third party only. I need to pass this files on to the client.
    I cannot put the jars with different signatures under the same jnlp.
    I am trying to embed one jnlp (the one that has third party signed jars) inside the main jnlp (the jnlp that will be called from my html). But I am not able to do so,
    Please provide any help. Also is there any other approach that can be used.
    Thaks in advance.

    tcstcs,
    One thing you could do is manually go in and delete the 3rd party's signature from the second JAR file, and re-sign that jar with your own signature. I'm not 100% sure this is what you should be doing, but you could give it a shot. Open up the 3rd party JAR in WinZip and delete the meta-inf path. This contains the signature. Now you can re-sign that jar with your own signature, and they will all match up so you can use them in the same JNLP file. Hope this helps,
    Mark

  • JNLP: Signed jars but still not trusted

    I have an applet that has signed jars that were signed by the same key, the applet shows the correct warnings on startup and works fine (allows access to the local file system, etc), however there still exists the 'yellow triangle warning' on one of two popups frames that the applet produces (but not the other one).
    The applet does use native code (packaged in a signed jar and referenced in the JNLP). The jars are all signed by the same certificate from a CA. I originally didn't have the JNLP signed (by placing it in the main jar in JNLP-INF/APPLICATION.JNLP) but this didn't help. Also I didn't have the JNLP codebase set to a real URL (and really cant in production because its a solution we deploy to customers servers - its packaged software not hosted) but even after I tested with a codebase to a test server, it still didnt remove the famed yellow triangle. I have all-permissions set in the JNLP.
    So two related questions:
    1) Other than having not having signed jars (or not signed correctly), what other reasons cause the 'yellow triangle'?
    2) The warning only appears on one of the popup Frames. What could be the possible reasons for that? Are there some privileges that show the icon whether the applet is signed or not?
    Note: While changing the client policy setting (showWindowWithoutWarningBanner) works, this cant be a solution.
    From the Java Console:
    ...It goes through all the jars (I only included one for brevity - there are 23 of them). Note it says 'have 1 common certificates'.. which I think indicates everything is signed by the same cert.
    Is there any indication in the console logs I can use to determine why it is not trusted? It looks (to me) that everything is OK, until it says 'istrusted=false'.
    security: Validating cached jar url=http://10.192.252.26/QMDesktop/native.jar ffile=C:\Documents and Settings\bunkowm\Application Data\Sun\Java\Deployment\cache\6.0\34\1df0b62-2c3ce377 com.sun.deploy.cache.CachedJarFile@d964af
    cache: Reading Signers from 995 http://10.192.252.26/QMDesktop/native.jar | C:\Documents and Settings\bunkowm\Application Data\Sun\Java\Deployment\cache\6.0\34\1df0b62-2c3ce377.idx
    security: Have 1 common certificates after processing http://10.192.252.26/QMDesktop/native.jar
    security: Istrusted: null false
    security: Loading certificates from Deployment session certificate store
    security: Loaded certificates from Deployment session certificate store
    security: Validate the certificate chain using CertPath API
    security: Obtain certificate collection in Root CA certificate store
    security: Obtain certificate collection in Root CA certificate store
    security: Start to check whether root CA is replaced
    security: The root CA hasnt been replaced
    security: No timestamping info available
    security: Found jurisdiction list file
    security: No need to checking trusted extension for this certificate
    security: The CRL support is disabled
    security: The OCSP support is disabled
    security: This OCSP End Entity validation is disabled
    security: Checking if certificate is in Deployment denied certificate store
    security: Checking if certificate is in Deployment permanent certificate store
    security: Checking if certificate is in Deployment session certificate store
    security: Mark trusted: null

    Andrew - of course you were correct about the signed cert - I misspoke when the CA signed applet didn't show a warning. (You were also right that I must have checked 'always accept' the certificate on the server I had the CA signed cert on).
    I think you guys are on to something about the privileged actions. It would explain where one popup has the icon and the other doesn't. We have Javascript making calls into the applet and we do use JNI (although I don't think there are any calls back). We do wrap these calls in privileged actions but maybe we missed something. What I've seen before is a security exception is thrown if we don't wrap them - but maybe there are areas where we don't and it doesn't throw an exception or it does and we eat it somehow (and for whatever reason doesn't cause anything noticeable).
    Now that I know it could likely be the applet code and not necessarily a build issue with signing the jars, I have another place to look...
    I'll check it out and let you know what I find.

  • Read binary files that are wraped in the downloaded executable signed jar

    Hello, there:
    I have created a Swing application and created a signed jar file and uploaded it to my site. The signed jar includes class packages, and a folder of binary files which are the datasource for my application.
    jws downloads this signed executable jar, it'll automatically run it, but it has problems reading the binary folders wrapped in itself (the app is supposed to read the folder's structure and use the info to create a JTree object, and read the file's content as well). Is it the file path conversion problem? Do we need to use URL instead? I tried it after reading some threads on this forum but didn't make it.
    As an alternatives, I want JWS to unjar the jar file and expand it to exploded files. I manually unjar it and run the app from command line, it works fine.
    Plus, the app is supposed to manipulate the binary files when it's in process, like saving new content back to the files, zip the files and upload them to the remote sql server. therefore, I think it's easy to have it run when it's expanded.
    So here is the question: JWS by default is running the executable jar, is there a way to tell JWS to unzip the jar and find the main class in the exploded files and run it?
    Thanks a lot for your suggestions,
    Sway

    You can get to any resource in a jar file in your classpath. The code below will return InputStream for resource.bin nested two packages down.
    InputStream in = YourClass.class.getResourceAsStream("/com/mypackage/resouce.bin");  //use '/' instead of '.'You can open a FileOutputStream to write that file.
    OutputStream out = new FileOutputStream("myTempResource.bin");
    IOUtil.streamAndClose(in,out);If the resouce is a nested zip or nested jar then you can use the Java Zip utilities to unwrap the stream.

  • Adjava hangs while signing jar files in the middle of patching

    Hi,
    While applying patch 8815204 (11g/11i interoperability patch) "adjava -mx512m -nojit oracle.apps.ad.jri.adjmx @c:\oracle\testappl\admin\TEST\out\genjars.cmd" hangs for hours.
    Even I tried with "adjava -mx512m -nojit oracle.apps.ad.jri.adjmx @c:\oracle\testappl\admin\TEST\out\genjars.cmd" command manually on console. This also behaves the same way. (hangs for more than 2 hours. Since this does not produce detailed log, I'm not sure what's going behind the process.).
    This is a Cloned environment.
    My DB is 10.2.0.4 for x86_64 bit windows Running on MSwindows 2k3 R2 64 bit server. The application tier is on MSWin 2k3 R2 32bit server. Installed with cygwin, MSVC++ 6, gnumake 3.81, jdk1.6.0_24 mixed mode. Perl is 5.005_03
    The patches '7429271', '9535311', '3453499', '9171650', '9874305', '8977646' are applied on my environment.
    The PATH variable's value is :
    C:\MVS\Common\msdev98\BIN;C:\MVS\VC98\BIN;C:\MVS\Common\TOOLS\WINNT;C:\MVS\Common\TOOLS;c:\oracle\testappl\au\11.5.0\bin
    ;c:\oracle\testappl\fnd\11.5.0\bin;c:\oracle\testappl\ad\11.5.0\bin;c:\jdk16\jre\bin;c:\Oracle\testora\iAS_10\Apache\per
    l\5.00503\bin\MSWin32-x86\;c:\oracle\testcomn\util\unzip\unzip;c:\oracle\testora\8.0.6_10\bin;c:\jdk16\bin;c:\cygwin\bin
    ;C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32;c:\windows;c:\windows\system32;c:\mvs\MSDev
    98\Bin;c:\mvs\Tools\WinNT;c:\mvs\Tools\WinNT;c:\mvs\MSDev98\Bin;C:\mvs\Tools;
    The include, lib,MSDevDir Env Variables are also set to correct value.
    Relinking works perfectly. Even I tried the adjava command after relinking all the AD executables. Nothing seems working fine.
    The adjava command hangs when it tries to sign the JAR files. When using "-verbose " parameter, the adjava produces more output and it stops while signing the JAR files.
    Given below the Final page of the log file, which shows the jar signing process is hung
    Done Generating fndnetcharts.jar : Thu Apr 04 2013 18:31:58
    * About to Sign fndnetcharts.jar : Thu Apr 04 2013 18:31:58 *
    [Loaded oracle.apps.ad.latest.util.JarSignUtilsI from file:/C:/Oracle/testappl/ad/11.5.0/java/adjri.zip]
    [Loaded java.lang.InterruptedException from shared objects file]
    [Loaded oracle.apps.ad.latest.util.JarSignerOptionsI from file:/C:/Oracle/testappl/ad/11.5.0/java/adjri.zip]
    [Loaded java.lang.ProcessBuilder from shared objects file]
    [Loaded java.lang.Process from shared objects file]
    [Loaded java.lang.ProcessImpl from shared objects file]
    [Loaded java.lang.ProcessEnvironment from shared objects file]
    [Loaded java.lang.ProcessEnvironment$NameComparator from shared objects file]
    [Loaded java.lang.ProcessEnvironment$EntryComparator from shared objects file]
    [Loaded java.util.Collections$UnmodifiableMap from shared objects file]
    [Loaded java.lang.ProcessEnvironment$CheckedEntrySet from shared objects file]
    [Loaded java.lang.ProcessEnvironment$CheckedEntrySet$1 from shared objects file]
    [Loaded java.util.HashMap$HashIterator from shared objects file]
    [Loaded java.util.HashMap$EntryIterator from shared objects file]
    [Loaded java.lang.ProcessEnvironment$CheckedEntry from shared objects file]
    [Loaded java.lang.ProcessImpl$1 from shared objects file]
    Executing: c:\jdk16\jre\bin\java.exe sun.security.tools.JarSigner -keystore ******** -storepass ******** -keypass ******** -sigfile CUST -signedjar c:\oracle\testcomn\java\oracle\apps\fnd\jar\fndnetcharts.jar.sig c:\oracle\testcomn\java\oracle\apps\fnd\jar\fndnetcharts.jar.uns URC
    And I'm sure there's not much memory and cpu usage on my server. The resources are not utilized more than 40%.
    The problem in my instance is similar to the one descirbed in *Patch 9239090 R12.1.3 Upgrade Driver Hangs At Genjars.cmd [ID 1521006.1]*
    But, my instance is 11i where as the above doc tell about the same in R12. Moreover, the fix given by this doc is to replace the jarsigner.exe under JAVA_HOME/bin directory, with the one from $IAS_ORACLE_HOME/Appsutil/jdk/bin. I'm sure 11i EBS dont have jarsigner under $IAS_ORACLE_HOME/Appsutil/jdk/bin .
    Does anyone knows any fix for this problem ?
    Thank You in Advance.
    Sundar K

    Please log a SR for this issue.
    Thanks,
    Hussein

  • SSL Cert used to sign Jars for distribution via WebStart

    Hi,
    I have an SSL cert (Comodo InstallSSL) for my website and wondered if I can use it to sign jars so, when distributed via webstart, the old "untrusted source" message doesn't get displayed. I've been doing a lot of reading but, to be honest, I can't really find my bearings! I have imported the cert into my keystore but get the message when I try to sign a jar:
    Certificate chain not found for: myalias  myalias must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.I have the following files in relation to my cert:
    xxx.cabundle (this can be imported into keytool easily)
    cert/xxx.crt (looks like a PGP file, cannot be imported (-import) into keytool)
    private/xxx.key
    My questions I suppose are:
    1. Can I use a cert issued for SSL to sign jars for webstart distribution?
    2. If yes to 1; what steps other than importing the cert alone (which generates the message above) do I need to do to achieve this?
    Any help would be appreciated!
    Rich

    Hi,
    yes, the pkcs12 certificate includes the private key, as opposed to pb7 which does not.
    Sent from Cisco Technical Support Android App

  • Is it possible to verify a signed jar-file from a program?

    Is it possible to verify a signed jar-file from a program
    (using some API) likewise jarsigner does?

    Is it possible to verify a signed jar-file from a
    program
    (using some API) likewise jarsigner does?Hi,
    You would have to open the jarfile, read each jar entry and for each of them do a getCertificates() and then in turn verify each certificate with the public key of the enclosed certificates in the jar file.
    An easier solution would be to use the verify flag of the JarFile or JarInputStream.
    Hope it helps..
    Cheers,
    Vijay

Maybe you are looking for