Why can alter signed jar and still verifies?
I always thought that jar signing prevented the alteration of a jar file (in the sense that if you added or altered a file, it would not match the signatures in the Manifest, ".SF" file or ".DSA" file). However, this isn't the case!
When I've signed a jar file and then add a file to it afterwards, it still passed the "jarsigner -verify" test! And if you look at the code (in sun's code) the jar verification never throws any exceptions if a file isn't mentioned (and signed) in the manifest.
What's going on here? Am I missing something?
Also - where does it check that the bytes of a file match the signature in the manifest? And where does it check that the manifest matches the ".SF" file?
Signing applets:
http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
second post and reply 18 for the java class file using doprivileged
http://forum.java.sun.com/thread.jsp?forum=63&thread=409341
4th post explaining how to set up your own policy with your own keystore
Still problems?
A Full trace might help us out:
http://forum.java.sun.com/thread.jspa?threadID=656028
Similar Messages
-
I have tried to re-install Lion, delete different cach folders, etc., nothing is working - I keep getting the same message:
We could not complete your purchase
The product distribution file could not be verified. It may be damaged or was not signed.
Please can anyone be of kind assistance.
Thank you!
Zanjan FromerI have tried to re-install Lion
If you are trying to reinstall Lion, you need to use Lion Recovery
Why can't I purchase and download Mountain Lion? I get the following message: The product distribution file could not be verified. It may be damaged or was not signed.
For that issue, quit the App Store if it's open.
Open the Finder. From the Finder menu bar top of your screen click Go > Go to Folder
Type this exactly as you see it here:
/Library/Preferences/SystemConfiguration
Click Go
Move the NetworkInterfaces.plist file from the SystemConfiguration folder to the Trash.
Relaunch the App Store and try downloading MLion.
***** Your post is rather confusing. There's a difference between reinstalling Lion and downloading Mountain Lion. -
JNLP: Signed jars but still not trusted
I have an applet that has signed jars that were signed by the same key, the applet shows the correct warnings on startup and works fine (allows access to the local file system, etc), however there still exists the 'yellow triangle warning' on one of two popups frames that the applet produces (but not the other one).
The applet does use native code (packaged in a signed jar and referenced in the JNLP). The jars are all signed by the same certificate from a CA. I originally didn't have the JNLP signed (by placing it in the main jar in JNLP-INF/APPLICATION.JNLP) but this didn't help. Also I didn't have the JNLP codebase set to a real URL (and really cant in production because its a solution we deploy to customers servers - its packaged software not hosted) but even after I tested with a codebase to a test server, it still didnt remove the famed yellow triangle. I have all-permissions set in the JNLP.
So two related questions:
1) Other than having not having signed jars (or not signed correctly), what other reasons cause the 'yellow triangle'?
2) The warning only appears on one of the popup Frames. What could be the possible reasons for that? Are there some privileges that show the icon whether the applet is signed or not?
Note: While changing the client policy setting (showWindowWithoutWarningBanner) works, this cant be a solution.
From the Java Console:
...It goes through all the jars (I only included one for brevity - there are 23 of them). Note it says 'have 1 common certificates'.. which I think indicates everything is signed by the same cert.
Is there any indication in the console logs I can use to determine why it is not trusted? It looks (to me) that everything is OK, until it says 'istrusted=false'.
security: Validating cached jar url=http://10.192.252.26/QMDesktop/native.jar ffile=C:\Documents and Settings\bunkowm\Application Data\Sun\Java\Deployment\cache\6.0\34\1df0b62-2c3ce377 com.sun.deploy.cache.CachedJarFile@d964af
cache: Reading Signers from 995 http://10.192.252.26/QMDesktop/native.jar | C:\Documents and Settings\bunkowm\Application Data\Sun\Java\Deployment\cache\6.0\34\1df0b62-2c3ce377.idx
security: Have 1 common certificates after processing http://10.192.252.26/QMDesktop/native.jar
security: Istrusted: null false
security: Loading certificates from Deployment session certificate store
security: Loaded certificates from Deployment session certificate store
security: Validate the certificate chain using CertPath API
security: Obtain certificate collection in Root CA certificate store
security: Obtain certificate collection in Root CA certificate store
security: Start to check whether root CA is replaced
security: The root CA hasnt been replaced
security: No timestamping info available
security: Found jurisdiction list file
security: No need to checking trusted extension for this certificate
security: The CRL support is disabled
security: The OCSP support is disabled
security: This OCSP End Entity validation is disabled
security: Checking if certificate is in Deployment denied certificate store
security: Checking if certificate is in Deployment permanent certificate store
security: Checking if certificate is in Deployment session certificate store
security: Mark trusted: nullAndrew - of course you were correct about the signed cert - I misspoke when the CA signed applet didn't show a warning. (You were also right that I must have checked 'always accept' the certificate on the server I had the CA signed cert on).
I think you guys are on to something about the privileged actions. It would explain where one popup has the icon and the other doesn't. We have Javascript making calls into the applet and we do use JNI (although I don't think there are any calls back). We do wrap these calls in privileged actions but maybe we missed something. What I've seen before is a security exception is thrown if we don't wrap them - but maybe there are areas where we don't and it doesn't throw an exception or it does and we eat it somehow (and for whatever reason doesn't cause anything noticeable).
Now that I know it could likely be the applet code and not necessarily a build issue with signing the jars, I have another place to look...
I'll check it out and let you know what I find. -
I'm running a web application from jetty, which involves an applet on the client-side, JSPs/servlets on the server.
The applet jars needs to be signed during our build proces (by my company's keystore based on our purchased cert) but the customer will need to provider their own cert to run the https pages.
Is there a way to do this? Right now, I"m getting the "signer information does not match signer information of other classes in the same package" when I try to run it in HTTPS. This could be due to my jetty HTTPS settings not being quite ready (pointing at a keystore which is incorrect) - but I want to make sure that I can at least do what I need to do? If so, any suggestions/advice/tips would be most welcome!
thanksI'm trying to use the KeyStore that the applets were signed with on my local build as the KeyStore I'm pointing to when starting up Jetty. This still leads to the 'signer information does not match signer information of other classes in the same package' error when trying to accept one of my signed jars for use. I exported a cert from the keystore used in the build and imported that into my browser as well.
I also tried using a keystore with a self signed certificate for running Jetty and had the same problem.
When not running in HTTPS, I can use all the signed jars and everything works fine. Is the conflict between the signature on the jars and the one jetty's using for SSL? Why didnt using the same keysotreAnd if so, why doesn't accepting all the jars and certs help out? I may need to do something programatically in the code for this, I guess - tho I'm not sure where to start out.
If anyone's had a similar problem, I'd appreciate hearing how you'd worked it out.
thanks,
tOm -
Why can't sign in to the star warefare with my account
I can't sign in and when I press the online button it pops a sentence of word that says opps cannot connect server
I THINK I might have found out a fix. First, I went in and signed into iMessages, but left Facetime logged out. I then went in Settings and turned off FaceTime altoghter. Afterwards I went to ensure iMessages was still signed in (Paranoia perhaps lol). Then I went back in and re-enabled FaceTime. The information was inserted back in, but Caller ID for Facetime was unchecked, so I selected my email address instead of phone. And both have oddly been working fine and stayed signed in since. No password requests at all.
I have zero clue why this works, but it does. I only figured it out thanks to obcessive behavoir and inablilty to accept it was broken lol. Anyone else with the issue want to confirm if it works for them as well? -
Why can't I copy and download web urls or go bake to previously downloaded webpages?
Why can't I copy and post urls or go back to earlier posted links?
Some web pages can set the browser to disable the right click. But
that does not extend to the address bar, or other pages.
Many site issues can be caused by corrupt cookies or cache.
* Clear the Cache and
* Remove Cookies '''''Warning ! ! '' This will log you out of sites you're logged in to.'''
Type '''about:preferences'''<Enter> in the address bar.
* '''Cookies;''' Select '''Privacy.''' Under '''History,''' select Firefox will '''Use Custom Settings.''' Press the button on the right side called '''Show Cookies.''' Use the search bar to look for the site. Note; There may be more than one entry. Remove '''All''' of them.
* '''Cache;''' Select '''Advanced > Network.''' Across from '''Cached Web Content,''' Press '''Clear Now.'''
If there is still a problem,
'''[https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode Start Firefox in Safe Mode]''' {web link}
While you are in safe mode;
Type '''about:preferences'''<Enter> in the address bar
Select '''Advanced > General.'''
Look for and turn off '''Use Hardware Acceleration'''.
Poke around safe web sites. Are there any problems?
Then restart. -
Why can't I click and drag photos anymore?
Why can't I click and drag photos to the desktop to email?
OK--Think I finally discovered the issue. I'm using a trackball and keyboard setup from Euphonix that communicates with the Mac via Ethernet and TCP/IP. Aperture cannot deal with mouse strokes transmitted this way. If I switch to a USB mouse connected directly to the Mac, the brushes work normally. Still a disappointment since the Euphonix is my default keyboard/mouse and I don't really want to keep a separate USB mouse hooked up.....
-
Bought premiere pro cc but it is still asking me for a product key. I have signed in and still wont activate. I havent been given a product key and im on a trial! Why wont it activate?
This doc might help
Creative Cloud applications ask for serial number -
Why can't I cut and paste email addresses when sending documents?
Why can't I cut and paste email addresses when sending files? I have to type them in each time...And it doesn't remember them for the future, as SendNow did.
Also, it seems that the message I type in is not kept, as it was with SendNow?
Thanks!Hi drlaura,
You're correct on both counts--these features work differently Adobe Send than they do in Adobe SendNow.
If you're sending files from Adobe Reader, you can access your local Address Book, which should make entering email addresses easier. Please see: I’m trying to send a file from Adobe Reader, but I can’t access my computer’s address book to find my contacts. Why not?
Please let us know how it goes.
Best,
Sara -
Why can't I drag and drop music from a folder on my PC into my iTunes window?
Why can't I drag and drop music from a folder on my PC into my iTunes window?
I have not found any article that has answered this question. They have come up with things like open the side bar and it will work, or you are using wrong format of music. Now this all happened when I upgraded to iTunes 10 and has not worked since and it worked fine before. Music format is correct, I have even gone as far as copying a file already in iTunes and trying to add it again. As soon as the files enters the frame of iTunes the music files icon the pointer is carrying turns into a circle with a slash through it.
ITunes Ver. is 11.1.5.5 Windows Ver. is Windows 8.1 Pro with Media Center
Files I have tried adding are standard MP3, 256 kbps purchased AAC Audio file, MP3 converted by iTunes into a 256 or 320 kbps AAC Audio file. None can be draged and droped but all can added by going to File/Add File to Library... or File/Add Folder to Library...
Add items from your computer to your iTunes library
Do either of the following:
1. Drag a file or folder from the desktop to the iTunes window.If you add a folder, all the files it contains are added to your library.
2. In iTunes, choose File > Add to Library, locate a file or folder, and click Open.
I can add files and folders by doing number 2 above but can not doing number 1
I have gone as far as uninstalling iTunes and reinstalling per apple procedures below.
Steps
1. Remove iTunes and its related components from the Control Panel
Use the Control Panel to uninstall iTunes and related software components in the following order and restart your computer:
iTunes
Apple Software Update
Apple Mobile Device Support
Bonjour
Apple Application Support (iTunes 9 or later)
Important: Uninstalling these components in a different order or only uninstalling some of these components may have unintended effects.I had this problem on Windows 8.1.1 and iTunes 11.2.2.3
To resolve it from within Itunes I did : Edit, Preferences, Sharing.
I took the tick out of "Share my library on my local network"
Click OK.
Closed iTunes/
Reopened iTunes and I can drag and drop.
I went back into Edit, Preferences, Sharing and put the tick back and clicked OK.
Works fine now. -
Macbook Pro keeps saying connection timeout and it used to connect to the internet fine. What's up, why can't it find and automatically connect to the internet anymore???
Like this: https://discussions.apple.com/thread/2775868?tstart=0 ?
-
On iOS 7 when I try to set a new wallpaper why can't I scale and move my photo? Why does it chop off the heads? Anybody else having this problem?
Hi CollBA,
See More Like This to the right. This issue has been discussed several times on this forum.
Cheers,
GB -
Why can't I open and retrieve my files from iPhoto and my Address Book after importing the files from my Power Mac G5 to my new Mac Pro? I get a warning that says the new OS on my Pro doesn't open files from a Power Mac. Any idea how I can fix this?
For your addressbook, export the files to vCard on the PowerMac, then bring them over to your Mac Pro. For your iPhoto, copy the Users -> yourname -> Pictures folder to your Desktop on the Mac Pro, and open iPhoto on the Mac Pro holding the command and option keys. Select the library file from that Pictures folder and open it. It should import all the pictures into iPhoto as part of the rebuild process. Other PowerPC to Intel migration issues are covered here: https://discussions.apple.com/docs/DOC-2295
-
Why can't I copy and paste portions of the Word document that I just converted from a PDF file?
Why can't I copy and paste portions of the Word document that I just had converted from a PDF file on your site?
Hi,
I am moving your posting to Adobe CreatePDF forum.
Hisami -
I have an iPhone 4S. When I try to print pictures, from my Windows computer, it doesn't work. Open Office also gives me an "unknown graphic" message. These are JPEGs, aren't they? Why can't I print and what is the unknown graphic?
Hi,
"A day after the name change became official my built in skydrive app stopped working"
Did you point that SkyDrive changed to OneDrive?
Did you move your OneDrive to another location or change its name?
Please login OneDrive with web-based to check if you could access it successfully.
Please refer to the following article to try the troubleshooter and check the service status:
SkyDrive: FAQ
http://windows.microsoft.com/en-in/windows-8/skydrive-app-faq
Karen Hu
TechNet Community Support
Maybe you are looking for
-
Have to re-install iTunes everytime I sync iPhone 4
The most annoying thing ever, for ages I couldn't get my computer to recognise my new iPhone, after trying everything I re-installed iTunes and it worked. I then plugged it in the day after and it wouldn't recognise it was plugged in, it didn't come
-
Itunes will no longer see my phone when plugged in... worked fine before update. any clues?
I have tried unplugging, rebooting, etc. anyone have any ideas??
-
How to include all the child OU groups of a master OU group in LDAP authentication
Dear All, I am using Apex 4.2 on windows server 2012 on internet explorer with database 11g R2 all 64 bit. we are using Microsoft Active Directory Authentication in our domain. I have created two protals, Staff Portal and Student Portal I have two gr
-
How can I quickly and easily delete persistent cookies? Is there something special about them?
Yes, I realize you delete cookies by going to Preferences/Privacy/Details if you don't want to mass-delete all of them (which you usually don't want to do). But it seems cookies from some sites take 3, 4, sometimes 5 select/deletes to finally get rid
-
Is there a way to combine (merge) the contents of two directories in Finder?
In Finder, under Favorites, I have two similar directories, one labeled Documents, and the other, with a house icon, labeled with my name. I think I imported the latter from my old Windows computer when I was a Mac neophyte. There are many duplicat