Jarsigner:“此 jar 包含其证书链未经验证的条目。”
我在自签名 jar 上收到以下错误:
jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.
Re-run with the -verbose and -certs options for more details.
我像这样签署了 jar:
"C:\Program Files\Java\jdk1.7.0\bin\jarsigner" -keystore myKeyStore myJar.jar myAlias
我的 jar 有 2 个入口点:一个用于 java web start,一个用于 applet。
- 如果我以 java web start 方式运行 jar,则不会发生这种情况。
- 但是如果我将罐子作为小程序运行。当我尝试访问 jar 中嵌入的位图资源时,有时会收到强烈的安全警告。
使用 -verbose 和 -certs 选项会显示很多行。我对此一无所知。这是输出:output.txt(下面复制了 6307 行的一部分)。
s 157850 Tue Nov 08 12:57:44 CET 2011 META-INF/MANIFEST.MF
X.509, O=keyja.com
[certificate is valid from 17/08/11 17:32 to 24/07/11 17:32]
[CertPath not validated: null]
112909 Tue Nov 08 12:57:44 CET 2011 META-INF/KEYJA_CO.SF
1108 Tue Nov 08 12:57:44 CET 2011 META-INF/KEYJA_CO.RSA
sm 180 Tue Nov 08 12:16:40 CET 2011 com/keyja/client/a/a/a/k.class
X.509, O=keyja.com
[certificate is valid from 17/08/11 17:32 to 24/07/11 17:32]
[CertPath not validated: null]
sm 252 Tue Nov 08 12:16:40 CET 2011 com/keyja/client/a/a/a/r.class
...
(around 6000 lines of other output along the same lines)
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.
如何对 jar 文件进行签名?
I get the following error on a self-signed jar:
jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.
Re-run with the -verbose and -certs options for more details.
I signed the jar like this:
"C:\Program Files\Java\jdk1.7.0\bin\jarsigner" -keystore myKeyStore myJar.jar myAlias
My jar has 2 entry points: One for java web start, and one for an applet.
- If I run the jar in a java web start way, it has no incidence.
- But if I run the jar as an applet. I get a strong security warning at some point when I try to access a bitmap resource embeded in the jar.
Using the -verbose and -certs options shows a lot of lines. And I don't understand anything of this. This is the output: output.txt (part of the 6307 lines reproduced below).
s 157850 Tue Nov 08 12:57:44 CET 2011 META-INF/MANIFEST.MF
X.509, O=keyja.com
[certificate is valid from 17/08/11 17:32 to 24/07/11 17:32]
[CertPath not validated: null]
112909 Tue Nov 08 12:57:44 CET 2011 META-INF/KEYJA_CO.SF
1108 Tue Nov 08 12:57:44 CET 2011 META-INF/KEYJA_CO.RSA
sm 180 Tue Nov 08 12:16:40 CET 2011 com/keyja/client/a/a/a/k.class
X.509, O=keyja.com
[certificate is valid from 17/08/11 17:32 to 24/07/11 17:32]
[CertPath not validated: null]
sm 252 Tue Nov 08 12:16:40 CET 2011 com/keyja/client/a/a/a/r.class
...
(around 6000 lines of other output along the same lines)
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.
How to sign the jar file ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我想只有一行回答了你的问题。如果你仔细观察,你就会看到它。这里是
正如我所希望的,您知道今天不是 7 月 24 日,所以您只需重新签署您的应用程序
Just one line answers you question I guess. And if you look closer you'll see it. Here it is
As I may hope, you know that today is not July 24 so you just have to re-sign your app
谢谢安德鲁·汤普森。我已经取消了我的 jar 文件的签名,并发现了该错误。最好不签名,你是对的,因为签名没有意义,因为我不需要离开沙箱。
根据记录,该错误是 jnlp.jar 库的使用。为了使其工作,我使用 jnlp/applet 代码而不是标准标签启动了小程序。
Thanks Andrew Thompson. I have unsigned my jar file, and found the bug. It's better unsigned you're right about this, because signing makes no point since I don't need to get out of the sandbox.
For the record, the bug was the use of the jnlp.jar library. In order to make it work, I launched the applet using jnlp/applet code instead of a standard tag.
我有完全相同的问题。
新的 Java 7 和 Java 6 版本中的验证发生了变化。
错误 ID 是:6861062 java classes_security 在证书链验证中禁用 MD2。
在签署 Jara 文件时,我收到一些警告消息,并且在执行命令时:
jarsigner MyTools.jar -verify -verbose -certs
我收到消息:
X.509,OU=3 级公共主要证书颁发机构,O="VeriSign, Inc.",C=US
[证书有效期为96年1月29日01:00至28年8月2日01:59]
[CertPath 未验证:算法约束检查失败:MD2withRSA]
我的解决方案是:
- 使用另一个版本的JDK来签名和JRE Plugin。
- 更新您的证书安全性以便不使用此算法。
我希望它能帮助你。
问候
I have exactly the same problem.
There is a change in the validation in the new Java 7 and Java 6 versions.
Bug id is : 6861062 java classes_security Disable MD2 in certificate chain validation.
When signing the Jara file , I had some warning message and when executing the command:
jarsigner MyTools.jar -verify -verbose -certs
I had the message:
X.509, OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
[certificate is valid from 29.01.96 01:00 to 02.08.28 01:59]
[CertPath not validated: Algorithm constraints check failed: MD2withRSA]
My solution is :
- use another version of the JDK to sign and JRE Plugin.
- Update your certificate security in order not to use this algorithm.
I hope it will help you.
Regards