Signed CAB and JAR

Similar Messages

• IE - signed cab vs. signed jar problems

  In IE on Windows when I sign an applet that is part of a package in a cab file it works like this; The first time the user hits the applet tag, IE downloads the cab and asks if you trust the applet. When the user clicks yes, it is installed to the downloaded program files system folder. The next time the user hits the applet tag the version in useslibraryversion param is compared to the installed cab and the applet is run without asking the user or attempting to download the cab, even if IE is restarted or the system rebooted.
  When I use my signed jar I get two undesired results, when IE is restarted the jar is downloaded again and the user is asked if they trust it again. Any way to make this work like the cab as far as not downloading the second time and not asking the user again?

  as far as not downloading the second time How about checking the server settings, (last-modified and expires??)
  and not asking the user again?Allways trust?

• How to create and sign CAB files info on Supplement Option

  To all Supplement Option subscribers:
  At the supplement option for iDevelopment Accelerators, I uploaded a zip with detailed info on how to create and sign CAB files (necessary when you are running your application on the Native IE Java Virtual Machine).
  Not all functionality provided to you through JInitiator will work (e.g. WebUtil doesn't) but the way how to make and sign a CAB file will become more easy.
  Cheers,
  Marc Vahsen
  Headstart Team

  This defeats the purpose of trying to centralize SAP-related web resources on the SAP server. Typically IIS/Apache or other non-SAP servers are under the control of IT and not the SAP BASIS group.
  We simply would like to have a centralized location to store static web files so that they are not overwritten during Portal support pack applications.

• Signed applet and HTML parameters

  I've created a signed applet and everything works fine, except for the fact that i can't add parameters to the applet.
  Without the parameters in the HTML the applet inits and starts and can be used without problems. But when I add paramaters, the applet reports a "class not found exception".
  I used HTML-converter to convert the applet tag to object/embed tags.
  Has anyone had the same problem or knows what I'm doing wrong? I'd really appreciate some help.
  Thanks in advance,
  Erik
  My HTML source:
  <OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
  WIDTH = "600" HEIGHT = "400" codebase="http://java.sun.com/products/plugin/1.3/jinstall-13-win32.cab#Version=1,3,0,0">
  <PARAM NAME = CODE VALUE = "TNA" >
  <PARAM NAME = ARCHIVE VALUE = "TNA.jar" >
  <PARAM NAME="type" VALUE="application/x-java-applet;version=1.3.0">
  <PARAM NAME="scriptable" VALUE="false">
  <COMMENT>
  <EMBED type="application/x-java-applet;version=1.3.0" CODE = "TNA" ARCHIVE = "tna.jar" WIDTH = "600" HEIGHT = "400" scriptable=false pluginspage="http://java.sun.com/products/plugin/1.3/plugin-install.html"><NOEMBED></COMMENT>
  </NOEMBED></EMBED>
  </OBJECT>
  <!--
  <APPLET CODE = "TNA" ARCHIVE = "tna.jar" WIDTH = "600" HEIGHT = "400">
  </APPLET>
  -->

  Try this:
  OBJECT classid="clsid:8AD9C840-044E-11D1-B3E9-00805F499D93"
  WIDTH = "600" HEIGHT = "400" codebase="http://java.sun.com/products/plugin/1.3/jinstall-13-win32.cab#Version=1,3,0,0">
  <PARAM NAME = "java_code" VALUE = "TNA.class" >
  <PARAM NAME = "java_archive" VALUE = "TNA.jar" >
  <PARAM NAME = "java_type" VALUE="application/x-java-applet;version=1.3.1">
  <PARAM NAME="scriptable" VALUE="false">
  <COMMENT>
  <EMBED type="application/x-java-applet;version=1.3.0" CODE = "TNA" ARCHIVE = "tna.jar" WIDTH = "600" HEIGHT = "400" scriptable=false pluginspage="http://java.sun.com/products/plugin/1.3/plugin-install.html"><NOEMBED></COMMENT>
  </NOEMBED></EMBED>
  </OBJECT>
  <!--
  <APPLET CODE = "TNA" ARCHIVE = "tna.jar" WIDTH = "600" HEIGHT = "400">
  </APPLET>

• Cannot find embedded third-party .class in my own signed .cab

  Hello,
  This is complicated.
  I'm building an applet that operates a piece of hardware on a PC (think Win32-only.) A third-party provider (henceforth referred to as TPP) provides software drivers that will be installed on client machines.
  ORIGINALLY the TPP provided a <client>.dll and a C/C++ SDK. To make the project work, I followed the article http://www.javaworld.com/javaworld/jw-10-1998/jw-10-apptowin32.html.
  I built <homegrown>.DLL using JNI, made a signed <homegrown>.cab, and the applet works just great on IE. However, I have to ditch the entire thing (see below.)
  Now the TPP is providing a Java SDK in a <client>.JAR. The SDK interfaces with a <client_jni>.dll.
  I can expect that the client machine will have <client>.dll and <client_jni>.dll installed in the \winnt\system32 (or whichever %SYSTEMROOT% directory.)
  So, I ditched the <homegrown>.dll, and built a new .cab. Now, to build the .cab, I took the contents of <client>.jar and dumped them into the same directory structure as the one I use to build <homegrown>.cab. Note that <client>.jar is not signed.
  So in other words, if you look at the exception below, I, in fact, do have a directory structure that contains: "com/IridianTech/PIDresult.class" and "com/panasonic/authenticam/LoginApplet.class"
  When I run the applet, it asks me if I want to run the signed applet. I click Yes. The Java Console responds with the following:
  Error loading class: com.IridianTech.PIDresult
  java.lang.NoClassDefFoundError
  java.lang.ClassNotFoundException: com.IridianTech.PIDresult
       at com/ms/vm/loader/URLClassLoader.loadClass (URLClassLoader.java)
       at java/lang/ClassLoader.loadClassInternal (ClassLoader.java)
       at com/panasonic/authenticam/PIDInterface.<init> (PIDInterface.java:12)
       at com/panasonic/authenticam/LoginApplet.init (LoginApplet.java:52)
       at com/ms/applet/AppletPanel.securedCall0 (AppletPanel.java)
       at com/ms/applet/AppletPanel.securedCall (AppletPanel.java)
       at com/ms/applet/AppletPanel.processSentEvent (AppletPanel.java)
       at com/ms/applet/AppletPanel.processSentEvent (AppletPanel.java)
       at com/ms/applet/AppletPanel.run (AppletPanel.java)
       at java/lang/Thread.run (Thread.java)
  I have looked at the contents of <homegrown>.cab with WinZip, and I can see PIDresult.class in the right place.
  HOW I AM TESTING: I have IBM Websphere running directly on my PC.
  TWO QUESTIONS:
  1. Do I need to sign the applet anymore, just to use a pre-installed client_jni.dll? (Probably)
  2. WHAT DO I DO??

  This is some code i'm using:
  <applet code="upload.class" archive="upload.jar" codebase="." width="500" height="200">
  <!--<param name="codebase" value="."> -->
  <param name="cabbase" value="upload.cab">
  <param name="button_text" value="Upload via HTTP">
  <param name="file_varname" value="filename_value"><!-- where is this for? -->
  <param name="upload_url" value="http://10.2.1.133/upload/recieve.php">
  </applet>

• Could not verify signing in patched jar

  I have encountered a strange bug in JWS verification of the signing of a resource updated via a jardiff patch.
  We have a jar resource where the only change is the contents of a text file, and when the webstart client downloads the patch created by the jnlp-servlet, it reports:
  Could not verify signing in resource: (http://oas-psolis-test.health.wa.gov.au:9002/PSOLIS-SwingApp-TES/PSOLIS-GUI-graphics.jar, 1.2)
  The wrapped exception is:
  java.lang.SecurityException: SHA1 digest error for Themes/DESERT.properties
  at sun.security.util.ManifestEntryVerifier.verify(ManifestEntryVerifier.java:191)
  at java.util.jar.JarVerifier.processEntry(JarVerifier.java:207)
  at java.util.jar.JarVerifier.update(JarVerifier.java:194)
  at java.util.jar.JarVerifier$VerifierStream.read(JarVerifier.java:380)
  at com.sun.javaws.security.SigningInfo.checkSigning(Unknown Source)
  at com.sun.javaws.cache.DownloadProtocol$RetrieveAction.actionDownload(Unknown Source)
  at com.sun.javaws.cache.DownloadProtocol.doDownload(Unknown Source)
  at com.sun.javaws.cache.DownloadProtocol.getResource(Unknown Source)
  at com.sun.javaws.LaunchDownload.downloadJarFiles(Unknown Source)
  at com.sun.javaws.LaunchDownload.downloadEagerorAll(Unknown Source)
  at com.sun.javaws.Launcher.downloadResources(Unknown Source)
  at com.sun.javaws.Launcher.handleApplicationDesc(Unknown Source)
  at com.sun.javaws.Launcher.handleLaunchFile(Unknown Source)
  at com.sun.javaws.Launcher.run(Unknown Source)
  at java.lang.Thread.run(Thread.java:536)
  v1.2 is the new version of the jar in question (PSOLIS-GUI-graphics.jar). DESERT.properties is NOT the changed text file, but rather another text file which has not changed (ie: being used from the v1.1 previously downloaded).
  The patch jar contains an essentially empty index.jd file, with just the line:
  version 1.0
  As you can tell from the above, no resources have been renamed, just one text/properties file has different contents (so this is not immediately obviously <http://developer.java.sun.com/developer/bugParade/bugs/4474211.html> - but regarding 4474211, how does one enable the -nonminimal switch to jardiff from the JNLP servlet?).
  Nor is it obvious that this is an instance of bug 4739089 <http://developer.java.sun.com/developer/bugParade/bugs/4739089.html>
  As you would expect, the patch jar file also contains the modified text file, plus the manifest.mf and the signing data files.
  If I delete the webstart cache first the application downloads and runs fine (which proves there is nothing wrong with the signing in this jar). Another workaround is not to include the base/old version (v1.1) of the jar in the war.
  Both these workarounds are impractical - I can't get all the users to delete their webstart caches on each new version (of which we have many (both users and version releases)), and my build/deploy process automatically creates versioned jars (based on whether any source files have changed), I would need to modify my process to never provide diffs for this very large jar (and perhaps, any of my jars?), and hence lose jardiffing benefits altogether (I just spent a long time developing this build process to automate versioned jars for webstart!)
  These jar files are never altered once created, and the signing is the last stage of creating the jar files (though as I mentioned above, that the signatures are fine is demonstrated by both workarounds, it is only the patching which causes the issue).
  We have reproduced this problem using both JWS v1.4.1 clients and JWS v1.0.1 (from JRE v1.4.0) client - our users use the latter as they require support for Windows 95, sigh.
  While I have a copy of a v1.4.1 cache in a state from which I can reproduce the error, I haven't managed to get a case where I can clear the cache, deploy version A, download it, deploy version B and download it to reproduce the error. This means that I haven't got a process to setup a test of v1.4.2_02 of JWS.
  I am using the jnlp-servlet.jar from the "JNLP Developers Pack v1.2 FCS".
  Has anyone else encountered a similar problem, or know of a solution (which works with the 1.0.1 JWS client for long suffering 95 users)?
  An interesting side-note for OC4J standalone users - when oc4j expands the EAR (and its component WAR files) under the j2ee/home/applications directory, it does not clear out the old contents from any previous deployment of the same application (name) - I modified my deploy to not include previous jar versions, and yet the client was still patching - because the old jar file versions were left there by oc4j, joy!

  Even I am facing a similar kind of problem. When webstart is downloading JRE_1.4.2_02.jar, I am getting the following error the very time itself.
  java.lang.SecurityException: SHA1 digest error for jre.jar
       at sun.security.util.ManifestEntryVerifier.verify(Unknown Source)
       at java.util.jar.JarVerifier.processEntry(Unknown Source)
       at java.util.jar.JarVerifier.update(Unknown Source)
       at java.util.jar.JarVerifier$VerifierStream.read(Unknown Source)
       at com.sun.javaws.security.SigningInfo.checkSigning(Unknown Source)
       at com.sun.javaws.cache.DownloadProtocol$RetrieveAction.actionDownload(Unknown Source)
       at com.sun.javaws.cache.DownloadProtocol.doDownload(Unknown Source)
       at com.sun.javaws.cache.DownloadProtocol.getResource(Unknown Source)
       at com.sun.javaws.LaunchDownload.downloadJarFiles(Unknown Source)
       at com.sun.javaws.LaunchDownload.downloadEagerorAll(Unknown Source)
       at com.sun.javaws.Launcher.downloadResources(Unknown Source)
       at com.sun.javaws.Launcher.handleApplicationDesc(Unknown Source)
       at com.sun.javaws.Launcher.handleLaunchFile(Unknown Source)
       at com.sun.javaws.Launcher.run(Unknown Source)
       at java.lang.Thread.run(Unknown Source)
  JRE_1.4.2_02.jar is a signed and verified jar that contains jre.jar. This is being downloaded on to the client for the first time. Webstart version used is 1.0.1. Can any tell me what may be the problem?

• Signing  a trusted jar for use with forms

  I have not found sufficient documentation on how to sign a new jar for use in conjunction with forms.
  I have read the descriptions in the getCLientInfo bean.
  This doesn't cover the whole subject.
  What must be done in Jinitiator? for instance.
  Can someone direct me to a more exhaustive source of information?
  I've done everything I can think of and /or discover and I'm still getting Security exceptions.
  Mick

  Adrienk wrote:
  is the a tutorial on how to open a .jar file and use it with in eclipse by keeping the same file structure?Is your shift key broken, or are you just too lazy to apply once at the start of each sentence?
  In any case, for Eclipse problems, see [http://www.google.com/#q=eclipse+forum].

• JRE 1.4.x Plugin - Signed Applets and Weird Behaviour (Policy)

  Hello.
  I have recently experienced some strange behaviour related to signed applets and policy files in JRE 1.4.2-b28 ( a friend got the same behaviour in a flavour of 1.4.1-xx as well ). Both tests were on Windows 2000 Professional platforms.
  Initially my unsigned applet, which attempts socket connections to a server different from the download location, fails with security exceptions ( as expected ). Then I did the following to sign the applet jar and configure my environment
  Steps: 1) Import "trusted CA" certificate into ${java.home}/lib/security/cacerts. (JRE home outside the JDK)
  2) Signed the jar using jarsigner and a certificate generated from the "trusted CA" (Entrust CA and certificate).
  3) Imported the signing certificate into the Java plugin using import in the plugin control panel.
  4) Created a new keystore (keytool,jks) and imported the signing certificate into the keystore with alias "developer". The keystore is stored in the user home as .keystore.
  5) Created a .java.policy for the user and attaching the keystore in 4) to it. ( also stored in user home ).
  6) Used the policy tool to grant socketpermissions to the specific codebase ( testing with file:/C:/test/* initially ) signed by "developer"
  After this, when I ran the test page under IE 5.5SP2 and Netscape 7.1 it worked without any security exception. Ditto for using the appletviewer and the policy file I created for the user.
  The weird part occurred when I removed the policy entry from the user policy file. After doing this, Netscape and IE still allow the applet to execute - somehow remembering that it was granted permissions at some point. The appletviewer does not allow it to execute, generating security exceptions.
  It appears the old policy is being cached somewhere, but I cannot find where. If I replace the applet jar with an unsigned version it does fail in IE and Netscape. I tried cleaning the plugin cache and removing the "deployment.certs" files related to the users but still get the same behaviour.
  Does anyone know where the old policy information is being stored ? Does anyone know how to revoke the permissions so that I am restored to my original base environment ( no permissions for "designer" signed applets ) ? Would attempting to utilize the AccessController.doPriveleged( xxxx ) operations in JDK 1.4 avoid all of this confusion with policy files, keystores and certificate storage ? After all the messing about I would like a zero-footprint alternative ( or minimzed footprint anyway ).
  Any ideas would be most welcome.
  Regards,
  James.

  Hello Again.
  I am either enlightened or confused at this point. I found that as long as all of my related Jars are signed ( even by self-signed certificates ) I am granted SocketPermissions for calls outside of the originating server. Unsigned code is refused, but even when the Jars were signed using a self-signed certificate the Socket calls were allowed.
  Am I experiencing the appropriate behaviour in this case ( which would mean not having to utilize policy files to distribute an applet that uses calls to arbitrary servers - e.g. JavaMail ) or am I suffering from something damaged in my environment ?
  It has been a long time since I played with signed applets and I am having difficulty determining what operations require policy file entries/AccessController.doPrivileged() calls and which are granted when a user elects to trust a signed applet without policy.
  Any assistance in clearing up my confusion would be appreciated.
  Regards,
  James.

• Thawte certificate signing error for jar file

  We are running im version 7.2-28 (patch 118786-28). When connecting to im via the web (which we are serving from webserver version 7) user are prompted by certificate error for the im java application -- not to be confused with the web server certificate.
  This seems like one of those things I miss in the release notes, find later and feel stupid, but I've not found it yet.
  The certificate details are:
  L=Palo Alto,
  ST=California,
  C=US,
  OU=Secure Application Development,
  O=Sun Microsystems Inc.,
  CN=Sun Microsystems Inc.
  MD5:0D:62:CF:DA:1F:0F:00:E3:02:2F:B6:3A:A8:36:4B:DC
  With validity:
  [From: Wed Jan 05 15:02:33 GMT 2005,
  To: Mon Jan 15 18:21:35 GMT 2007]
  It is signed by Thawte, but the CA certificates look fine.
  Any advice on what I'm missing would be appreciated.
  Thanks,
  Ethan

  Hi,
  You are facing this issue coz the certificate used to sign im-client jars is expired.This is a known issue and will be fixed in the upcoming release.
  Regards,
  Swetha

• How do I sign my icons.jar file?

  I'm new to this web stuff and learned that I need to sign my icons.jar file. Can anyone explain how I do this? Any help would be greatly appreciated!

  hi
  why do u want to sign the icons.jar?.if you are using webutil utility u just need to sign jacob.jar and frmwebutil.jar.
  and if you want to sign u may try something like this.
  C:\<Developer Home>\jdk\bin C:\<Developer Home>\forms\webutil\sign_webutil.bat C:\<Developer Home>forms\java\frmwebutil.jarsarah

• Signed applet and database connetion...

  Hello,
  Well, I am deploying an applet application which needs to connect with a postgres database.
  I put my application in my hosting then I changed my local java.policy file adding a line as
  permission java.net.SocketPermission "127.0.0.1:5432", "connect,resolve";And my applet works... but I don't want that the user needs to change his policies file.
  I read in somewhere in the forum if the applet is signed the user doesn't need to change anything... then I sign the applet. But it doesn't work. It looks to me that signing the applet is not enough to allows the connection.
  But I don't sure.
  Some body had had the same problem or am I doing some thing wrong?? Other Ideas
  By the way, sorry for my bad english, I hope you can understand what I am saying.
  Bye, and thanks by advance

  4NDR01D3 wrote:
  Thanks for the answer.
  That's a good test, I put some code before the DB connection to create a file:
                File file = new File("tavo.txt");
               boolean success = file.createNewFile();
               if (success) {
                    javax.swing.JOptionPane.showMessageDialog(null, "YES");
                   // File did not exist and was created
               } else {
                    javax.swing.JOptionPane.showMessageDialog(null, "NO");
                   // File already exists
               }And surprisingly it creates the file. but doesn't connect to the database.
  I Sign the applet by command line, like this:
  keytool -genkey -alias signFiles -keystore compstore -keypass pass -dname "cn=salazar" -storepass pass
  jarsigner -keystore compstore -storepass pass -keypass pass -signedjar Sproceso.jar proceso.jar signFiles
  baftos wrote:Or at least one of the classes that are on the stack when you cpnnect to the database does not come from > the signed jar.Out of the Jar are the JDBC files(postgres.jar), it could be the problem??Your JAR is signed OK and this is good.
  DB connections are not prohibited as such.
  What is prohibited are Socket connections, which DB connections use internally.
  Therefore, if any of the classes on the stack, when the Socket connection occurs
  is not from your jar, it will fail. Therefore, the 3rd party files must be all in your jar.
  Technically, this is easy: explode their jar and create your jar in such a way as to contain
  all the files from their jar as well. Do it just as an experiment. If it works, read well
  their licensing terms, which may forbid this. If they forbid it or if in doubt, contact them.

• Signed applets and restrictions ?

  Hello,
  I've a question regarding applets security : in fact I've tried to sign myself a Jar file containing all required classes for an application (using the jarsigner tool from Sun). However I'm still getting security problems even of it was digitally signed ans don't understand exactly the causes : Could somebody explain me them ? I understood that I had to sign the Jar files using an official authority like Verisign to get all permissions, is it true ? Would it mean that we can't get these permissions without paying any submissions ?
  TU a lot...
  PA
  http://wwww.doffoel.com

  I understood that I had to sign the Jar files using an official authority like Verisign to get all permissions, is it true ?
  Its not compulsory to go to verisign for signing your applet. You can also create your own certificates with Java's keytool. Its 200% free of cost. However, if you are inclined to build a commercial application, where you don't know the clients, who download the applet, get certs from verisign , Thales et al.
  Would it mean that we can't get these permissions without paying any submissions ?
  No. Not at all. You can always make a descent application without going to the standard certificates and without paying $$$.
  Post your quetions in http://forum.java.sun.com/forum.jsp?forum=63 for expert answers.
  Have a look at this famous thread for signing applets.
  http://forum.java.sun.com/thread.jsp?forum=63&thread=132769
  good wishes,
  Rajesh

• HT201303 An unknown error has occurred when trying to sign in , and I know I putting in the correct info, this stinks can anyone help? Because apple isn't...

  An unknown error has occurred when trying to sign in , and I know I putting in the correct info, this stinks can anyone help? Because apple isn't...

  urgh... just noticed my previous post said i have mountain lion... i meant that i have snow leopard.  no idea why i messed that up!
  anyway, i just tried reinstalling snow leopard from the usb key that came with the computer. Then, I installed software updates until it told me there were no more updates. After that, I tried the app store again, and it still is giving me the unknown error. really irked by that. may have to take it back to the apple store yet again, to see if i can figure out why the app store won't work.

• I have paid for Creative Cloud - illustrator CC 1 year monthly plan, but it still show "Trial Expired". I have tried to sign in and sign out creative cloud many times, but still can't work. Please help!

  I have paid for Creative Cloud - illustrator CC 1 year monthly plan, but it still show "Trial Expired". I have tried to sign in and sign out creative cloud many times, but still can't work. Please help!

  Does your Cloud subscription show on your account page?
  https://www.adobe.com/account.html for subscriptions on your Adobe page
  Also,
  This is an open forum, not Adobe support... you need Adobe support to help
  Adobe contact information - http://helpx.adobe.com/contact.html
  -Select your product and what you need help with
  -Click on the blue box "Still need help? Contact us"

• Starting single sign-on and directory service

  i am trying to install oracle 9i infrastructure on my clean win2000 box with 2.4 GHz proc and 1GB RAM.
  i am getting falilure messages for the following:
  infrastructure instance configuration assistant: failed
  oracle 9i application server randomize password: failed
  single sign on configuration assistant: failed
  infrastructure mod-osso configuration assistant: failed
  OPMN configuration assistant: failed
  log file says:
  Configuration failed for IAS
  IAS Instance creation failed
  Configuration failed for JAZN
  JAZN configuration failed: unable to establish a directory context.
  Configuration succeeded for IASProperty
  Configuration failed for IAS
  Configuration failed for JAZN
  after which single sign-on and directory service dont start. which means no connectivity :(
  can somebody please guide me about how to avoid this failure in installation or how to manually start these after installation.
  it would be a great help
  ashish

  Hi,
  we're having exactly the same problem.
  Could you tell me what the problem is with the network ?
  You say configure it properly but what do you mean ?
  It's installed on a Windows 2000 Server machine, it's own DNS.
  Thanks,
  Yuri Arts