为什么我的 libGDX 小程序会产生此 SecurityException?
我尝试了 这个著名的 libGDX 小程序教程 创建游戏的小程序版本;我得到一个巨大的堆栈跟踪(如下)。我做错了什么?
java.lang.SecurityException: invalid SHA1 signature file digest for org/lwjgl/util/applet/AppletLoader$2.class
at sun.security.util.SignatureFileVerifier.verifySection(Unknown Source)
at sun.security.util.SignatureFileVerifier.processImpl(Unknown Source)
at sun.security.util.SignatureFileVerifier.process(Unknown Source)
at java.util.jar.JarVerifier.processEntry(Unknown Source)
at java.util.jar.JarVerifier.update(Unknown Source)
at java.util.jar.JarFile.initializeVerifier(Unknown Source)
at java.util.jar.JarFile.ensureInitialization(Unknown Source)
at java.util.jar.JarFile.getCodeSources(Unknown Source)
at java.util.jar.JavaUtilJarAccessImpl.getCodeSources(Unknown Source)
at com.sun.deploy.cache.DeployCacheJarAccessImpl.getCodeSources(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.openClassPathElement(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$800(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.SecurityException: invalid SHA1 signature file digest for org/lwjgl/util/applet/AppletLoader$2.class
I tried this famous libGDX applet tutorial to create an applet version of a game; I get a huge stack trace (below). What am I doing wrong?
java.lang.SecurityException: invalid SHA1 signature file digest for org/lwjgl/util/applet/AppletLoader$2.class
at sun.security.util.SignatureFileVerifier.verifySection(Unknown Source)
at sun.security.util.SignatureFileVerifier.processImpl(Unknown Source)
at sun.security.util.SignatureFileVerifier.process(Unknown Source)
at java.util.jar.JarVerifier.processEntry(Unknown Source)
at java.util.jar.JarVerifier.update(Unknown Source)
at java.util.jar.JarFile.initializeVerifier(Unknown Source)
at java.util.jar.JarFile.ensureInitialization(Unknown Source)
at java.util.jar.JarFile.getCodeSources(Unknown Source)
at java.util.jar.JavaUtilJarAccessImpl.getCodeSources(Unknown Source)
at com.sun.deploy.cache.DeployCacheJarAccessImpl.getCodeSources(Unknown Source)
at com.sun.deploy.security.CPCallbackHandler$ParentCallback.openClassPathElement(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$800(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$JarLoader.(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.SecurityException: invalid SHA1 signature file digest for org/lwjgl/util/applet/AppletLoader$2.class
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我也遇到过同样的问题。本教程让您以不同于最初签名的方式签署
lwjgl_util_applet.jar。如果您将 JAR 文件的META-INF/MANIFEST.MF与lwjgl_util_applet.jar进行比较,您会发现它使用 SHA-1,而默认值现在是 SHA-256 。要解决此问题,只需从
lwjgl_util_applet.jar中删除META-INF文件夹,然后再次签名即可。此后您不应该再收到任何错误。您还可以使用
jarsigner -verify验证您的 JAR 文件,而无需上传它们。I have had the same problem. The tutorial gets you to sign
lwjgl_util_applet.jardifferently than it was originally signed. If you comparedMETA-INF/MANIFEST.MFof your JAR files withlwjgl_util_applet.jar, you'll see it uses SHA-1 while the default is now SHA-256.To solve this, simply remove the
META-INFfolder fromlwjgl_util_applet.jarbefore signing it again. You shouldn't get any more errors after this.You can also verify your JAR files without uploading them using
jarsigner -verify.看起来包含 org.lwjgl.util.applet.AppletLoader 的 JAR 文件自签名以来已被篡改。这可能是恶意的(有人可能替换了 AppletLoader),或者可能有人手动更新了文件并忘记重新签署 JAR。或者这可能是教程的一个步骤?我只是扫了一眼。无论如何,Java 通过抛出此异常而不是仅仅执行被篡改的代码来保证安全。
无论哪个 JAR 文件包含 org.lwjgl.util.applet.AppletLoader,请从 LWJGL 主页再次获取该 JAR。
Looks like the JAR file containing
org.lwjgl.util.applet.AppletLoaderhas been tampered with since it was signed. This could be malicious (someone may have replaced the AppletLoader), or maybe someone updated the file by hand and forgot to re-sign the JAR. Or maybe this was a step of the tutorial? I only glanced over it. In any case, Java is being safe by throwing this exception instead of just executing the tampered-with code.Whichever JAR file contains
org.lwjgl.util.applet.AppletLoader, go get that JAR again from the LWJGL homepage.