向 jar 文件添加签名可防止其被加载
我遇到的问题是,向 .jar 文件添加第二个签名会导致与只有其中一个签名的代码结合使用时出现问题。
背景:我们有一个使用过期证书签名的应用程序。它有一个启动器,可以通过下载新版本的 .jar 文件并将它们放在类路径中现有文件的前面来更新自身。
我们获得了新的证书,并使用两个密钥对新的启动器和更新进行了签名。不幸的是,旧的应用程序现在拒绝启动:
- 启动器(使用旧证书签名)构建了类路径。
- 然后它从使用两个证书签名的类(“Stendhal”)jar 中调用一个方法,
- 该方法从仅使用旧证书签名的 jar 中加载一个类(“LogUncaughtExceptionHandler”)。
SecurityException:类“games.stendhal.client.LogUncaughtExceptionHandler”的签名者信息与同一包中其他类的签名者信息不匹配
I am having the problem that adding a second signature to a .jar file causes trouble in combination with code that only has one of them.
Background: We have an application that is signed with an expired certificate. It has a starter that can update itself by downloading new versions of .jar files and placing them in front of the existing ones onto the classpath.
We got a new certificate and sign the new starter and the updates with both keys. Unfortunately the old applications is now refusing to startup:
- the starter (signed with the old cert) builds up the classpath.
- then it calls a method from a class ("Stendhal") jar that is signed with both certs
- this method loads a class ("LogUncaughtExceptionHandler") from a jar which is only signed with the old cert.
SecurityException: class "games.stendhal.client.LogUncaughtExceptionHandler"'s signer information does not match signer information of other classes in the same package
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您是否不能安排使用
LogUncaughtExceptionHandler
下载新版本的 jar,并使用新证书进行签名?如果没有,我认为您不会找到解决此问题的合适方法。Could you not arrange to also download a new version of the jar with
LogUncaughtExceptionHandler
, also signed with the new cert? If not, I don't think you're going to find a suitable resolution to this issue.