2010-01-07 48 views
2

我遇到了一個簽名的Java小程序問題 - 具體而言,它爲什麼沒有使用我的證書籤名。我在Eclipse中使用Maven。 (a)允許用戶選擇本地文件或目錄,(b)加密文件,以及(c)將文件上傳到基於PHP的網頁。這個applet是經過簽名的,大概是使用我的證書 - 即通過Maven代碼,使用maven-jar插件。例如:使用Maven jar插件和Bouncy Castle簽名小程序

<plugin>     
    <groupId>org.apache.maven.plugins</groupId> 
    <artifactId>maven-jar-plugin</artifactId>     
<executions> 

符號

/
/圖像/ 的src /主/資源/ META-INF/MANIFEST.MF 假 [PATH_TO_MY_KEYSTORE] [MY別名】 [******] [******] [PATH_TO_SIGNED_JAR] 真正 真正

(顯然我已經掩蓋了一些,是因爲我爲偏執狂工作而工作!)一切都打包好了,小程序加載到頁面中;然而,有兩件事情是麻煩的:(1)當小程序加載時,它將彈性城堡軍團標識爲用於對小應用程序進行簽名的證書;(2)當小應用程序使用JFileChooser可以訪問文件系統時,拒絕「權限 - 文件 - 在嘗試執行上面的(c)時被拋出,將文件發送到網站。 (我使用Apache HTTP組件來做到這一點。)

我的小應用程序與獨立的罐子分開包裝 - 包括Bouncy Castle罐子。

我的問題是:爲什麼BC是我的小程序的簽名者,而不是我自己的證書,如上所述?這是一個Maven問題嗎?當然,在開發過程中,一切正常,因爲Eclipse爲Applet查看器編寫策略文件。

這裏是在Eclipse中輸出的一個片段 - 它看起來像一切都應該是白鬼,多莉:

[DEBUG] Configuring mojo 'org.apache.maven.plugins:maven-jar-plugin:2.2:sign' with basic configurator --> 
[DEBUG] (s) alias = myalias 
[DEBUG] (s) basedir = C:\..\target 
[DEBUG] (f) finalName = app-0.0.1-SNAPSHOT 
[DEBUG] (s) jarPath = C:\..\app-0.0.1-SNAPSHOT.jar 
[DEBUG] (s) keypass = 1234 
[DEBUG] (s) keystore = C:\..\my.keystore 
[DEBUG] (s) project = MavenProject: App:app:0.0.1-SNAPSHOT @ C:\..\app\pom.xml 
[DEBUG] (f) signedjar = C:\..\signed.jar 
[DEBUG] (f) skip = false 
[DEBUG] (s) storepass = 1234 
[DEBUG] (s) verbose = true 
[DEBUG] (s) verify = true 
[DEBUG] (f) workingDirectory = C:\..\app 
[DEBUG] -- end configuration -- 
[INFO] [jar:sign] 
[DEBUG] Setting context classloader for plugin to: /plugins/org.apache.maven.plugins:maven-jar-plugin:[email protected]/thread:main (instance is: ClassRealm[/plugins/org.apache.maven.plugins:maven-jar-plugin:[email protected]/thread:main, parent: ClassRealm[plexus.core, parent: null]]) 
[DEBUG] jarsigner executable=[C:\Java\jdk1.6.0_16\jre\..\bin\jarsigner.exe] 
[DEBUG] mdkirs: false C:\..\app 
[DEBUG] Executing: cmd.exe /X /C '"C:\Java\jdk1.6.0_16\jre\..\bin\jarsigner.exe -verbose -keystore C:\...\my.keystore -storepass ****** -keypass ****** -signedjar C:\...\signed.jar C:\...\target\app-0.0.1-SNAPSHOT.jar myalias"' 
[INFO] updating: META-INF/MANIFEST.MF 
[INFO] adding: META-INF/APP.SF 
[INFO] adding: META-INF/APP.RSA 
[INFO] adding: com/ 
[INFO] adding: com/applet/ 
    ... 
[INFO] adding: images/ 
[INFO] signing: com/applet/DemoApplet$1.class 
[INFO] signing: log4j.xml 
[INFO] signing: target.classes 
[debug] jarsigner executable=[C:\Java\jdk1.6.0_16\jre\..\bin\jarsigner.exe] 
[debug] Executing: cmd.exe /X /C '"C:\Java\jdk1.6.0_16\jre\..\bin\jarsigner.exe -verify -verbose C:\...\signed.jar"' 

任何幫助將不勝感激。謝謝。順便提一句,這裏是堆棧跟蹤:

General exception: access denied (java.io.FilePermission C:\Documents and Settings\Paul\My Documents\text.txt read) 
java.security.AccessControlException: access denied (java.io.FilePermission C:\Documents and Settings\Paul\My Documents\text.txt read) 
at java.security.AccessControlContext.checkPermission(Unknown Source) 
at java.security.AccessController.checkPermission(Unknown Source) 
at java.lang.SecurityManager.checkPermission(Unknown Source) 
at java.lang.SecurityManager.checkRead(Unknown Source) 
at java.io.File.isFile(Unknown Source) 
at sun.awt.shell.ShellFolder.isFile(Unknown Source) 
at org.apache.commons.httpclient.methods.multipart.FilePartSource.<init>(FilePartSource.java:68) 
at com.securustek.applet.DemoApplet.sendFiles(DemoApplet.java:1098) 
at com.securustek.applet.DemoApplet.actionPerformed(DemoApplet.java:448) 
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source) 
at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) 
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) 
at javax.swing.DefaultButtonModel.setPressed(Unknown Source) 
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) 
at java.awt.AWTEventMulticaster.mouseReleased(Unknown Source) 
at java.awt.Component.processMouseEvent(Unknown Source) 
at javax.swing.JComponent.processMouseEvent(Unknown Source) 
at java.awt.Component.processEvent(Unknown Source) 
at java.awt.Container.processEvent(Unknown Source) 
at java.awt.Component.dispatchEventImpl(Unknown Source) 
at java.awt.Container.dispatchEventImpl(Unknown Source) 
at java.awt.Component.dispatchEvent(Unknown Source) 
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) 
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) 
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) 
at java.awt.Container.dispatchEventImpl(Unknown Source) 
at java.awt.Window.dispatchEventImpl(Unknown Source) 
at java.awt.Component.dispatchEvent(Unknown Source) 
at java.awt.EventQueue.dispatchEvent(Unknown Source) 
at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) 
at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) 
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) 
at java.awt.EventDispatchThread.pumpEvents(Unknown Source) 
at java.awt.EventDispatchThread.pumpEvents(Unknown Source) 
at java.awt.EventDispatchThread.run(Unknown Source) 

再次感謝。

+0

您是否能夠在不使用maven腳本的情況下對jar進行簽名和驗證?即從命令行? – Keibosh 2010-01-09 14:32:09

+0

是的,我可以在maven POM之外簽名和驗證jar,即從命令行。然而,我仍然從名爲:[my app name]和發佈者:彈性城堡軍團的JVM(在瀏覽器中)得到了「應用程序的簽名無法驗證」警告 - 儘管用於簽名的證書是我使用OpenSSL創建的自簽名證書...? – pkriebel 2010-01-11 18:32:06

回答

0

我不確定,但可能是因爲證書本身,因爲安全訪問問題......我的意思是它可能會過期。它是否是新創建的? 但仍然應該有更多的細節來分析...

你檢查了MANIFEST類結構嗎?他們都簽了嗎?

相關問題