JNLP +小程序 +充气城堡
我有一个 JWS(Java Web Start)部署的小程序,它使用以下库
/jar:red5.jar spring-beans.jar spring-context.jar spring-core.jar apache-mina.jar
bcprov-ext-jdk16-145 (Bouncy castle)
我将所有这些库放入小程序中的原因是 red5.jar 要求您还拥有其他库。然而,BouncyCastle 不知何故不会被 ClassLoader 加载,也不会在 WebStart 项目编译期间被 Netbeans 签名。有什么指示我该如何解决这个问题吗?
如果我将 Bouncy Castle 包含在我的档案中,我会得到以下结果:
basic: exception: JAR resources in JNLP file are not signed by same certificate.
exception: JAR resources in JNLP file are not signed by same certificate.
JNLPException[category: Launch File Error : Exception: null : LaunchDesc
这是当我什至不将其包含在项目中时得到的结果:
com.sun.deploy.net.FailedDownloadException: Unable to load resource: file:/C:/JNA/dist/lib/bcprov-ext-jdk16-145.jar
我不知道哪个罐子需要 Bouncy Castle 罐子,因为它无法指示所以在我的IDE中。此外,即使我在我的项目中包含 Bouncy Castle.jar,Netbeans 默认情况下也应该对其进行签名,但事实并非如此,尽管它对我的 Web Start 项目中的所有其他 jar 进行了签名。然而,与 jarsigner 的快速检查表明,包括 Bouncy Castle 在内的所有 jar 都已签名,因此我可以放心地假设它们都已签名,但 Bouncy Castle 是使用另一个证书签名的。
这是我的问题:我应该尝试手动签署所有文件(以便它们都具有相同的证书)还是其他地方有问题(例如 BouncyCastle 无法在小程序中签名或其他)?
任何指针都将受到高度赞赏
编辑:
我基本上有两种方法,到目前为止都失败了:
方法1.提取每个jar的目录树并将它们一起转储到共享目录中,然后制作该目录的jar,因此所有文件都在它由相同的证书签名(一个jar,一个证书,对……)但是,spring仍然期望这些文件 像这样组织:dist\libs\bcProv.jar,而不是 dist\libs\allLibs.jar,其中所有库都转储到 allLibs.jar 中。该方法惨遭失败,因为 spring 在通过 JWS 部署时找不到任何库。
方法 2. 使用相同的证书手动签署所有 jar。在花费 10 分钟手动签署 jar 后,这种方法也失败了,并且厚颜无耻地抛出错误,指出 bcProv.jar 没有使用与其他证书相同的证书进行签名。
我很困惑,很困惑,很迷茫。有什么想法吗?是否有可能将这些罐子放在 JWS 小程序中:
red5.jar
spring-beans.jar
spring-context.jar
spring-core.jar
apache-mina.jar
bcprov-ext-jdk16-145
I have a JWS (Java Web Start) deployed applet, that uses the following libraries/jars:
red5.jar
spring-beans.jar
spring-context.jar
spring-core.jar
apache-mina.jar
bcprov-ext-jdk16-145 (Bouncy castle)
The reason I put all of those libraries in the applet is that the red5.jar requires you also have the others. However, BouncyCastle somehow doesn't get loaded by the ClassLoader, nor gets signed by Netbeans during compilation of the WebStart project. Any pointers how can I resolve that ?
Here is what I get if I include Bouncy Castle in my archive:
basic: exception: JAR resources in JNLP file are not signed by same certificate.
exception: JAR resources in JNLP file are not signed by same certificate.
JNLPException[category: Launch File Error : Exception: null : LaunchDesc
And here is what I get when I even DO NOT INCLUDE IT IN THE PROJECT:
com.sun.deploy.net.FailedDownloadException: Unable to load resource: file:/C:/JNA/dist/lib/bcprov-ext-jdk16-145.jar
I do not know which of the jars requires the Bouncy Castle jar, as it fails to indicate so in my IDE. In addition, even if I include the Bouncy Castle.jar in my project, Netbeans SHOULD sign it by default, but it doesn't, although it signs ALL other jars in my Web Start project. A quick check with jarsigner, however, indicates all jars, including Bouncy Castle, are signed, so I safely assume they are all signed, with the exception that Bouncy Castle is signed with another certificate.
And here is my question: should I try to sign all the files manually (so they all have the same certificate) or is the problem somewhere else (like BouncyCastle can't be signed in an applet, or something)?
Any pointers would be highly appreciated
EDIT:
I basically have TWO approaches, both failed up to now:
Approach 1. Extract each jar's directory tree and dump them together in a shared directory, then make a jar of this directory, so all the files in it are signed by the same certificate ( one jar, one certificate, right..) However, spring STILL expects the files to
be organized like this: dist\libs\bcProv.jar, instead of dist\libs\allLibs.jar, where all libraries are dumped into the allLibs.jar. The approach fails miserably because spring can't find any of the libraries when deployed through JWS.
Approach 2. Sign all jars manually WITH the SAME certificate. After spending 10 minutes manually signing the jars, this approach also fails AND has the audacity to throw an error that bcProv.jar is NOT signed with the same certificate as the others.
I am puzzled, baffled and confused. Any ideas? Is it possible at all to have together in an JWS applet those jars:
red5.jar
spring-beans.jar
spring-context.jar
spring-core.jar
apache-mina.jar
bcprov-ext-jdk16-145
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
好的,答案如下:
首先,正如 Bloodboiler 所建议的,如果您的小程序使用由不同证书签名的 jar,您就会遇到麻烦。因此您的解决方案应该是使用相同的证书对它们进行签名。
您在这里确实有一些可能性:
一个是提取项目的所有 jar,然后将它们组合成一个 jar 并对其进行签名。由于某种原因,这不适用于 Spring-context 和 BouncyCastle。我确信如果我有勇气去摆弄它,它就会起作用。
另一种方法是,就像M.Joanis建议的那样,使用FatJar,但由于某种原因它也不起作用。对于上述的方法,我并没有意愿或倾向去花太多的时间。
第三种方法,即有效的方法,就是验证 dist 目录证书中的 jar 文件。如果它们不同,那么正如 Bloodboiler 所建议的那样,您就有麻烦了。解决方案是取消对 jar 的签名(提取、删除 META-INF ),然后使用相同的证书对它们进行签名(使 jar 成为您的首选方式,然后以您的首选方式对其进行签名,并确保您使用的所有 jar 都由您签名(使用 jarsigner -verify -cert 等...))。那么这整个乱七八糟的事情应该可以解决。
Ok, so here is the answer:
First of all, as Bloodboiler suggested, you are in trouble if your applet uses jars signed by different certificates. So your solution should be to sign them all with the same certificate.
You do have some possibilities here:
one is to extract all your project's jars and then combine them into a single jar and sign it. This doesn't work with Spring-context and BouncyCastle for some reason. I am sure if I had the nerve to fiddle with it, it would have worked.
another way is, like M.Joanis suggested, to use FatJar, but it also did not work for some reason. As for the method described above, I did not have the desire or inclination to spend too much time on it.
the third way, the one that WORKED, is to just verify the jars' in your dist directory's certificates. If they differ, you, as Bloodboiler suggested, are in trouble. The solution is to unsign the jars (extract, delete META-INF ) and then sign them ALL with the SAME certificate ( make jar your preferred way, then sign it your preferred way and make sure all the jars you use are signed by you (using jarsigner -verify -cert, etc...)). Then this whole mess should work.
我也遇到过同样的问题,只是用了不同的罐子。如果我没记错的话,webstart 有一个错误,导致它失败,除非所有 jar 都使用相同的证书/仅使用一个证书进行签名。
一种解决方案是提取库 jar 并将其内容包含在应用程序 jar 中,然后仅对该 jar 进行签名。
I've had exactly the same problem, just with different jars. If I remember correctly, webstart has a bug in it that causes it to fail unless all jars have been signed with the same sertificate/ with only one certificate.
One solution is to extract library jars and include their content in your application jar, then sign just that jar.
也有同样的问题...
如果您曾经使用 Eclipse 作为 IDE,请考虑 FatJar..确实简化了包装过程。我发布了 JWS JAR,其中包含 40 多个 JAR 依赖项。我将它们 FatJar,然后对生成的 JAR 进行签名。就像魅力一样。
Also had the same problem...
If you ever are using Eclipse as IDE, have a thought for FatJar... Really eases the packaging process. I publish JWS JARs with over 40 JAR dependencies included in them. I FatJar them, then sign the resulting JAR. Works like a charm.